exceptionfactory commented on a change in pull request #5154:
URL: https://github.com/apache/nifi/pull/5154#discussion_r658138996
##########
File path:
nifi-commons/nifi-vault-utils/src/main/java/org/apache/nifi/vault/hashicorp/config/HashiCorpVaultConfiguration.java
##########
@@ -16,31 +16,124 @@
*/
package org.apache.nifi.vault.hashicorp.config;
+import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.vault.hashicorp.HashiCorpVaultConfigurationException;
import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.core.env.PropertySource;
import org.springframework.core.env.StandardEnvironment;
import org.springframework.core.io.FileSystemResource;
import org.springframework.core.io.support.ResourcePropertySource;
+import org.springframework.vault.client.RestTemplateFactory;
import org.springframework.vault.config.EnvironmentVaultConfiguration;
+import org.springframework.vault.support.ClientOptions;
+import org.springframework.vault.support.SslConfiguration;
import java.io.IOException;
import java.nio.file.Paths;
+import java.time.Duration;
+import java.util.concurrent.TimeUnit;
/**
* A Vault configuration that uses the NiFiVaultEnvironment.
*/
public class HashiCorpVaultConfiguration extends EnvironmentVaultConfiguration
{
+ public enum VaultConfigurationKey {
+ AUTH_PROPERTIES_FILENAME("vault.authPropertiesFilename"),
Review comment:
Following the convention of some other NiFi properties, what do you
think about renaming this to `vault.authentication.properties.file`?
```suggestion
AUTHENTICATION_PROPERTIES_FILE("vault.authentication.properties.file"),
```
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/bootstrap-hashicorp-vault.conf
##########
@@ -0,0 +1,52 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# HashiCorp Vault Sensitive Property Providers (not enabled if the vault.uri
is not set)
+vault.uri=
+
+# Location of a properties file with authentication properties as seen in
+# Spring Vault:
https://docs.spring.io/spring-vault/docs/2.3.x/reference/html/#vault.core.environment-vault-configuration
+# If not set, all Spring Vault authentication properties must be included in
bootstrap-hashicorp-vault.conf
+# If authentication properties are provided in both locations, the ones in
bootstrap-hashicorp-vault.conf take precedence.
+# Note that if vault.authentication is not set in either location, its default
value is 'token'.
+vault.authPropertiesFilename=
+
+## Example vault authentication properties
+## Certification authentication (also requires ssl properties to be configured)
+# vault.authentication=CERT
+
+## Token authentication (default)
+# vault.token=<token value>
+
+## Token authentication (the default)
+# vault.token
Review comment:
The `vault.token` property example appears to be duplicated. Perhaps
changing this example to just use token authentication would be more
straightforward?
```suggestion
# Example Token Authentication
# vault.authentication=TOKEN
# vault.token=<token value>
```
##########
File path:
nifi-registry/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/bootstrap-hashicorp-vault.conf
##########
@@ -0,0 +1,52 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# HashiCorp Vault Sensitive Property Providers (not enabled if the vault.uri
is not set)
+vault.uri=
+
+# Location of a properties file with authentication properties as seen in
+# Spring Vault:
https://docs.spring.io/spring-vault/docs/2.3.x/reference/html/#vault.core.environment-vault-configuration
+# If not set, all Spring Vault authentication properties must be included in
bootstrap-hashicorp-vault.conf
+# If authentication properties are provided in both locations, the ones in
bootstrap-hashicorp-vault.conf take precedence.
+# Note that if vault.authentication is not set in either location, its default
value is 'token'.
+vault.authPropertiesFilename=
+
+## Example vault authentication properties
+## Certification authentication (also requires ssl properties to be configured)
+# vault.authentication=CERT
+
+## Token authentication (default)
+# vault.token=<token value>
+
+## Token authentication (the default)
+# vault.token
Review comment:
See related comment on example properties.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
