adamdebreceni commented on a change in pull request #1090:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1090#discussion_r663937231
##########
File path: extensions/rocksdb-repos/FlowFileRepository.cpp
##########
@@ -220,17 +240,21 @@ void FlowFileRepository::initialize_repository() {
logger_->log_trace("Do not need checkpoint");
return;
}
- rocksdb::Checkpoint *checkpoint;
// delete any previous copy
- if (utils::file::FileUtils::delete_dir(checkpoint_dir_) >= 0 &&
opendb->NewCheckpoint(&checkpoint).ok()) {
- if (checkpoint->CreateCheckpoint(checkpoint_dir_).ok()) {
+ if (utils::file::FileUtils::delete_dir(checkpoint_dir_) >= 0) {
+ rocksdb::Checkpoint* checkpoint = nullptr;
+ rocksdb::Status checkpoint_status = opendb->NewCheckpoint(&checkpoint);
+ if (checkpoint_status.ok()) {
+ checkpoint_status = checkpoint->CreateCheckpoint(checkpoint_dir_);
Review comment:
done
##########
File path: libminifi/test/TestBase.h
##########
@@ -445,6 +445,13 @@ class TestController {
return dir;
}
+ template<size_t N>
+ utils::Path createTempDirectory(const char (&format)[N]) {
Review comment:
if only there wasn't now three different ways to create a temporary
directory (now 2 in TestController, and 1 standalone in TestUtils.h) but I felt
like removing all the single-use `format` variables in all the tests deserves
its own PR
##########
File path: libminifi/test/TestBase.h
##########
@@ -445,6 +445,13 @@ class TestController {
return dir;
}
+ template<size_t N>
+ utils::Path createTempDirectory(const char (&format)[N]) {
Review comment:
https://issues.apache.org/jira/browse/MINIFICPP-1600
##########
File path: extensions/rocksdb-repos/FlowFileRepository.cpp
##########
@@ -220,17 +240,21 @@ void FlowFileRepository::initialize_repository() {
logger_->log_trace("Do not need checkpoint");
return;
}
- rocksdb::Checkpoint *checkpoint;
// delete any previous copy
- if (utils::file::FileUtils::delete_dir(checkpoint_dir_) >= 0 &&
opendb->NewCheckpoint(&checkpoint).ok()) {
- if (checkpoint->CreateCheckpoint(checkpoint_dir_).ok()) {
+ if (utils::file::FileUtils::delete_dir(checkpoint_dir_) >= 0) {
+ rocksdb::Checkpoint* checkpoint = nullptr;
+ rocksdb::Status checkpoint_status = opendb->NewCheckpoint(&checkpoint);
+ if (checkpoint_status.ok()) {
+ checkpoint_status = checkpoint->CreateCheckpoint(checkpoint_dir_);
+ }
+ if (checkpoint_status.ok()) {
checkpoint_ = std::unique_ptr<rocksdb::Checkpoint>(checkpoint);
- logger_->log_trace("Created checkpoint directory");
+ logger_->log_trace("Created checkpoint in directory '%s'",
checkpoint_dir_);
} else {
- logger_->log_trace("Could not create checkpoint. Corrupt?");
+ logger_->log_error("Could not create checkpoint: %s",
checkpoint_status.ToString());
}
} else
- logger_->log_trace("Could not create checkpoint directory. Not properly
deleted?");
+ logger_->log_error("Could not delete existing checkpoint directory '%s'",
checkpoint_dir_);
Review comment:
@lordgamez had the same concern, done in commit
[3db64f](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/3db64f47d25f9067fd23ade4e1100a666c542efa)
##########
File path: extensions/rocksdb-repos/DatabaseContentRepository.cpp
##########
@@ -42,14 +43,31 @@ bool DatabaseContentRepository::initialize(const
std::shared_ptr<minifi::Configu
} else {
directory_ = configuration->getHome() + "/dbcontentrepository";
}
- auto set_db_opts = [] (internal::Writable<rocksdb::DBOptions>& db_opts) {
+ std::shared_ptr<rocksdb::Env> encrypted_env = [&] {
+ DbEncryptionOptions encryption_opts;
+ encryption_opts.database = directory_;
+ encryption_opts.encryption_key_name = ENCRYPTION_KEY_NAME;
+ auto env =
createEncryptingEnv(utils::crypto::EncryptionManager{configuration->getHome()},
encryption_opts);
+ if (env) {
+ logger_->log_info("Using encrypted DatabaseContentRepository");
+ } else {
+ logger_->log_info("Using plaintext DatabaseContentRepository");
+ }
+ return env;
+ }();
Review comment:
done in
[9d07c8e](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/9d07c8e9c534a87ab31acd5d7dbf843ce047da04)
(also for other applicable occurrences)
##########
File path: extensions/rocksdb-repos/encryption/RocksDbEncryptionProvider.cpp
##########
@@ -0,0 +1,123 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "RocksDbEncryptionProvider.h"
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace core {
+namespace repository {
+
+using utils::crypto::Bytes;
+using utils::crypto::Aes256EcbCipher;
+
+namespace {
+
+class AES256BlockCipher final : public rocksdb::BlockCipher {
+ static std::shared_ptr<logging::Logger> logger_;
+ public:
+ AES256BlockCipher(std::string database, Aes256EcbCipher cipher_impl)
+ : database_(std::move(database)),
+ cipher_impl_(std::move(cipher_impl)) {}
+
+ const char *Name() const override {
+ return "AES256BlockCipher";
+ }
+
+ size_t BlockSize() override {
+ return Aes256EcbCipher::BLOCK_SIZE;
+ }
+
+ bool equals(const AES256BlockCipher& other) const {
+ return cipher_impl_.equals(other.cipher_impl_);
+ }
Review comment:
I forgot to rename it, renamed it to `hasEqualKey` in
[7793d6f](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/7793d6faf7460f37f69cd2576c8ad2979ac16bd3)
##########
File path: libminifi/test/rocksdb-tests/EncryptionTests.cpp
##########
@@ -0,0 +1,108 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "../TestBase.h"
+#include "utils/TestUtils.h"
+#include "FlowFileRepository.h"
+#include "utils/IntegrationTestUtils.h"
+
+using utils::Path;
+using core::repository::FlowFileRepository;
+
+class FFRepoFixture : public TestController {
+ public:
+ FFRepoFixture() {
+ LogTestController::getInstance().setDebug<minifi::FlowFileRecord>();
+ LogTestController::getInstance().setDebug<minifi::Connection>();
+ LogTestController::getInstance().setTrace<FlowFileRepository>();
+ home_ = createTempDirectory("/var/tmp/testRepo.XXXXXX");
+ repo_dir_ = home_ / "flowfile_repo";
+ checkpoint_dir_ = home_ / "checkpoint_dir";
+ config_ = std::make_shared<minifi::Configure>();
+ config_->setHome(home_.str());
+ container_ = std::make_shared<minifi::Connection>(nullptr, nullptr,
"container");
+ content_repo_ =
std::make_shared<core::repository::VolatileContentRepository>();
+ content_repo_->initialize(config_);
+ }
+
+ static void putFlowFile(const std::shared_ptr<minifi::FlowFileRecord>&
flowfile, const std::shared_ptr<core::repository::FlowFileRepository>& repo) {
+ minifi::io::BufferStream buffer;
+ flowfile->Serialize(buffer);
+ REQUIRE(repo->Put(flowfile->getUUIDStr(), buffer.getBuffer(),
buffer.size()));
+ }
+
+ template<typename Fn>
+ void runWithNewRepository(Fn&& fn) {
+ auto repository = std::make_shared<FlowFileRepository>("ff",
checkpoint_dir_.str(), repo_dir_.str());
+ repository->initialize(config_);
+ std::map<std::string, std::shared_ptr<core::Connectable>> container_map;
+ container_map[container_->getUUIDStr()] = container_;
+ repository->setContainers(container_map);
+ repository->loadComponent(content_repo_);
+ repository->start();
+ std::forward<Fn>(fn)(repository);
+ repository->stop();
+ }
+
+ protected:
+ std::shared_ptr<minifi::Connection> container_;
+ Path home_;
+ Path repo_dir_;
+ Path checkpoint_dir_;
+ std::shared_ptr<minifi::Configure> config_;
+ std::shared_ptr<core::repository::VolatileContentRepository> content_repo_;
+};
+
+TEST_CASE_METHOD(FFRepoFixture, "FlowFileRepository creates checkpoint and
loads flowfiles") {
+ SECTION("Without encryption") {
+ // pass
+ }
+ SECTION("With encryption") {
+ utils::file::FileUtils::create_dir((home_ / "conf").str());
+ std::ofstream{(home_ / "conf" / "bootstrap.conf").str()}
+ << static_cast<const char*>(FlowFileRepository::ENCRYPTION_KEY_NAME) <<
"="
+ << "805D7B95EF44DC27C87FFBC4DFDE376DAE604D55DB2C5496DEEF5236362DE62E"
+ << "\n";
+ }
+
+
+ runWithNewRepository([&] (const
std::shared_ptr<core::repository::FlowFileRepository>& repo) {
+ auto flowfile = std::make_shared<minifi::FlowFileRecord>();
+ flowfile->setAttribute("my little pony", "my horse is amazing");
+ flowfile->setConnection(container_);
+ putFlowFile(flowfile, repo);
+ });
+
+ REQUIRE(container_->isEmpty());
+
+ runWithNewRepository([&] (const
std::shared_ptr<core::repository::FlowFileRepository>& /*repo*/) {
+ // wait for the flowfiles to be loaded from the checkpoint
+ bool success =
utils::verifyEventHappenedInPollTime(std::chrono::seconds{5}, [&] {
+ return !container_->isEmpty();
+ });
+ REQUIRE(success);
+ REQUIRE(utils::verifyLogLinePresenceInPollTime(
+ std::chrono::seconds{5},
+ "Successfully opened checkpoint database at '" + checkpoint_dir_.str()
+ "'"));
+ std::set<std::shared_ptr<core::FlowFile>> expired;
+ auto flowfile = container_->poll(expired);
+ REQUIRE(expired.empty());
+ REQUIRE(flowfile);
+ REQUIRE(flowfile->getAttribute("my little pony") == "my horse is amazing");
Review comment:
as I understand encryption does not happen on the key-value pair level,
but on the file level, so there is no way to get the encrypted value (or key)
##########
File path: extensions/rocksdb-repos/encryption/RocksDbEncryptionProvider.cpp
##########
@@ -0,0 +1,123 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "RocksDbEncryptionProvider.h"
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace core {
+namespace repository {
+
+using utils::crypto::Bytes;
+using utils::crypto::Aes256EcbCipher;
+
+namespace {
+
+class AES256BlockCipher final : public rocksdb::BlockCipher {
+ static std::shared_ptr<logging::Logger> logger_;
+ public:
+ AES256BlockCipher(std::string database, Aes256EcbCipher cipher_impl)
+ : database_(std::move(database)),
+ cipher_impl_(std::move(cipher_impl)) {}
+
+ const char *Name() const override {
+ return "AES256BlockCipher";
+ }
+
+ size_t BlockSize() override {
+ return Aes256EcbCipher::BLOCK_SIZE;
+ }
+
+ bool equals(const AES256BlockCipher& other) const {
+ return cipher_impl_.equals(other.cipher_impl_);
+ }
+
+ rocksdb::Status Encrypt(char *data) override;
+
+ rocksdb::Status Decrypt(char *data) override;
Review comment:
the interface is not my design, `rocksdb::BlockCipher` is the base class
for this cipher, and there both `Encrypt` and `Decrypt` have the comment:
`"Length of data is equal to BlockSize()."`
##########
File path: libminifi/include/utils/crypto/ciphers/Aes256Ecb.h
##########
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <memory>
+#include <utility>
+
+#include "utils/crypto/EncryptionUtils.h"
+#include "Exception.h"
+#include "core/logging/Logger.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+class CipherError : public Exception {
+ public:
+ explicit CipherError(const std::string& error_msg) :
Exception(ExceptionType::GENERAL_EXCEPTION, error_msg) {}
+};
+
+class Aes256EcbCipher {
+ static std::shared_ptr<core::logging::Logger> logger_;
+ public:
+ static constexpr size_t BLOCK_SIZE = 16;
+ static constexpr size_t KEY_SIZE = 32;
+
+ explicit Aes256EcbCipher(Bytes encryption_key);
+ void encrypt(unsigned char* data) const;
+ void decrypt(unsigned char* data) const;
+
+ static Bytes generateKey();
+
+ bool equals(const Aes256EcbCipher& other) const;
+
+ private:
+ template<typename ...Args>
+ static void handleError(Args&& ...args) {
+ std::string error_msg = core::logging::format_string(-1, "%s",
std::forward<Args>(args)...);
+ logger_->log_error("%s", error_msg);
+ throw CipherError(error_msg);
+ }
Review comment:
indeed this would have misbehaved, fixed in
[09e2a1e0](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/09e2a1e0686a320b4e29264b5ff830b0cc74d471)
##########
File path: extensions/rocksdb-repos/encryption/RocksDbEncryptionProvider.cpp
##########
@@ -0,0 +1,123 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "RocksDbEncryptionProvider.h"
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace core {
+namespace repository {
+
+using utils::crypto::Bytes;
+using utils::crypto::Aes256EcbCipher;
+
+namespace {
+
+class AES256BlockCipher final : public rocksdb::BlockCipher {
Review comment:
done, for future reference do you remember which debugger struggled?
##########
File path: extensions/rocksdb-repos/encryption/RocksDbEncryptionProvider.cpp
##########
@@ -0,0 +1,123 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "RocksDbEncryptionProvider.h"
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace core {
+namespace repository {
+
+using utils::crypto::Bytes;
+using utils::crypto::Aes256EcbCipher;
+
+namespace {
+
+class AES256BlockCipher final : public rocksdb::BlockCipher {
Review comment:
done in
[09e2a1e0](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/09e2a1e0686a320b4e29264b5ff830b0cc74d471)
for future reference do you remember which debugger struggled?
##########
File path: extensions/rocksdb-repos/encryption/RocksDbEncryptionProvider.cpp
##########
@@ -0,0 +1,123 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "RocksDbEncryptionProvider.h"
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace core {
+namespace repository {
+
+using utils::crypto::Bytes;
+using utils::crypto::Aes256EcbCipher;
+
+namespace {
+
+class AES256BlockCipher final : public rocksdb::BlockCipher {
Review comment:
done in
[09e2a1e0](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/09e2a1e0686a320b4e29264b5ff830b0cc74d471),
for future reference do you remember which debugger struggled?
##########
File path: extensions/rocksdb-repos/FlowFileRepository.cpp
##########
@@ -220,17 +231,24 @@ void FlowFileRepository::initialize_repository() {
logger_->log_trace("Do not need checkpoint");
return;
}
- rocksdb::Checkpoint *checkpoint;
// delete any previous copy
- if (utils::file::FileUtils::delete_dir(checkpoint_dir_) >= 0 &&
opendb->NewCheckpoint(&checkpoint).ok()) {
- if (checkpoint->CreateCheckpoint(checkpoint_dir_).ok()) {
- checkpoint_ = std::unique_ptr<rocksdb::Checkpoint>(checkpoint);
- logger_->log_trace("Created checkpoint directory");
- } else {
- logger_->log_trace("Could not create checkpoint. Corrupt?");
- }
- } else
- logger_->log_trace("Could not create checkpoint directory. Not properly
deleted?");
+ if (utils::file::FileUtils::delete_dir(checkpoint_dir_) < 0) {
+ logger_->log_error("Could not delete existing checkpoint directory '%s'",
checkpoint_dir_);
+ return;
+ }
+ rocksdb::Checkpoint* checkpoint = nullptr;
+ rocksdb::Status checkpoint_status = opendb->NewCheckpoint(&checkpoint);
+ if (!checkpoint_status.ok()) {
+ logger_->log_error("Could not create checkpoint object: %s",
checkpoint_status.ToString());
+ return;
+ }
+ checkpoint_status = checkpoint->CreateCheckpoint(checkpoint_dir_);
+ if (!checkpoint_status.ok()) {
+ logger_->log_error("Could not initialize checkpoint: %s",
checkpoint_status.ToString());
+ return;
+ }
Review comment:
done in
[0e20dfe8](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/0e20dfe88485cade5969d1e42769d3c3ea02c0ea)
##########
File path: libminifi/src/utils/crypto/ciphers/Aes256Ecb.cpp
##########
@@ -0,0 +1,122 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "openssl/conf.h"
+#include "openssl/evp.h"
+#include "openssl/err.h"
+#include "openssl/rand.h"
+#include "core/logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+using EVP_CIPHER_CTX_ptr = std::unique_ptr<EVP_CIPHER_CTX,
decltype(&EVP_CIPHER_CTX_free)>;
+
+std::shared_ptr<core::logging::Logger>
Aes256EcbCipher::logger_{core::logging::LoggerFactory<Aes256EcbCipher>::getLogger()};
+
+Aes256EcbCipher::Aes256EcbCipher(Bytes encryption_key) :
encryption_key_(std::move(encryption_key)) {
+ if (encryption_key_.size() != KEY_SIZE) {
+ handleError("Invalid key length %zu bytes, expected %zu bytes",
encryption_key_.size(), static_cast<size_t>(KEY_SIZE));
+ }
+}
+
+Bytes Aes256EcbCipher::generateKey() {
+ unsigned char key[KEY_SIZE];
+ if (1 != RAND_bytes(key, KEY_SIZE)) {
+ handleError("Couldn't generate key");
+ }
+ return Bytes(key, key + KEY_SIZE);
Review comment:
there is no `RAND_priv_bytes` neither on my machine nor on libressl's
main, added error handling in
[cfa43ced6](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/cfa43ced6793e2f7be94f8d92c92f84d712a8989)
##########
File path: libminifi/src/utils/crypto/ciphers/Aes256Ecb.cpp
##########
@@ -0,0 +1,122 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "openssl/conf.h"
+#include "openssl/evp.h"
+#include "openssl/err.h"
+#include "openssl/rand.h"
+#include "core/logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+using EVP_CIPHER_CTX_ptr = std::unique_ptr<EVP_CIPHER_CTX,
decltype(&EVP_CIPHER_CTX_free)>;
+
+std::shared_ptr<core::logging::Logger>
Aes256EcbCipher::logger_{core::logging::LoggerFactory<Aes256EcbCipher>::getLogger()};
+
+Aes256EcbCipher::Aes256EcbCipher(Bytes encryption_key) :
encryption_key_(std::move(encryption_key)) {
+ if (encryption_key_.size() != KEY_SIZE) {
+ handleError("Invalid key length %zu bytes, expected %zu bytes",
encryption_key_.size(), static_cast<size_t>(KEY_SIZE));
+ }
+}
+
+Bytes Aes256EcbCipher::generateKey() {
+ unsigned char key[KEY_SIZE];
+ if (1 != RAND_bytes(key, KEY_SIZE)) {
+ handleError("Couldn't generate key");
+ }
+ return Bytes(key, key + KEY_SIZE);
+}
+
+void Aes256EcbCipher::encrypt(unsigned char *data) const {
+ EVP_CIPHER_CTX_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+ if (!ctx) {
+ handleError("Could not create cipher context");
+ }
+
+ if (1 != EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_ecb(), nullptr,
encryption_key_.data(), nullptr)) {
Review comment:
we are using the `CTREncryptionProvider`, which wraps our block cipher
and provides the appropriate iv and counter per block
##########
File path: libminifi/src/utils/crypto/ciphers/Aes256Ecb.cpp
##########
@@ -0,0 +1,122 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "openssl/conf.h"
+#include "openssl/evp.h"
+#include "openssl/err.h"
+#include "openssl/rand.h"
+#include "core/logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+using EVP_CIPHER_CTX_ptr = std::unique_ptr<EVP_CIPHER_CTX,
decltype(&EVP_CIPHER_CTX_free)>;
+
+std::shared_ptr<core::logging::Logger>
Aes256EcbCipher::logger_{core::logging::LoggerFactory<Aes256EcbCipher>::getLogger()};
+
+Aes256EcbCipher::Aes256EcbCipher(Bytes encryption_key) :
encryption_key_(std::move(encryption_key)) {
+ if (encryption_key_.size() != KEY_SIZE) {
+ handleError("Invalid key length %zu bytes, expected %zu bytes",
encryption_key_.size(), static_cast<size_t>(KEY_SIZE));
+ }
+}
+
+Bytes Aes256EcbCipher::generateKey() {
+ unsigned char key[KEY_SIZE];
+ if (1 != RAND_bytes(key, KEY_SIZE)) {
+ handleError("Couldn't generate key");
+ }
+ return Bytes(key, key + KEY_SIZE);
+}
+
+void Aes256EcbCipher::encrypt(unsigned char *data) const {
+ EVP_CIPHER_CTX_ptr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+ if (!ctx) {
+ handleError("Could not create cipher context");
+ }
+
+ if (1 != EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_ecb(), nullptr,
encryption_key_.data(), nullptr)) {
+ handleError("Could not initialize encryption cipher context");
+ }
+
+ if (1 != EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) {
+ handleError("Could not disable padding for cipher");
+ }
Review comment:
in theory yes, in practice I found that on BLOCK_SIZE input we get
2*BLOCK_SIZE output because `EVP_EncryptFinal_ex` interprets 'no more data' as
'please pad this to a block' for some reason, `EVP_EncryptUpdate` provides no
guarantees of full encryption of all incoming data, so unfortunately we cannot
drop the `EVP_EncryptFinal_ex` call
##########
File path: libminifi/include/utils/crypto/ciphers/Aes256Ecb.h
##########
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <memory>
+#include <utility>
+
+#include "utils/crypto/EncryptionUtils.h"
+#include "Exception.h"
+#include "core/logging/Logger.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+class CipherError : public Exception {
+ public:
+ explicit CipherError(const std::string& error_msg) :
Exception(ExceptionType::GENERAL_EXCEPTION, error_msg) {}
+};
+
+class Aes256EcbCipher {
+ static std::shared_ptr<core::logging::Logger> logger_;
+ public:
+ static constexpr size_t BLOCK_SIZE = 16;
+ static constexpr size_t KEY_SIZE = 32;
+
+ explicit Aes256EcbCipher(Bytes encryption_key);
+ void encrypt(unsigned char* data) const;
+ void decrypt(unsigned char* data) const;
Review comment:
done in
[cfa43ced](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/cfa43ced6793e2f7be94f8d92c92f84d712a8989)
##########
File path: extensions/rocksdb-repos/encryption/RocksDbEncryptionProvider.cpp
##########
@@ -0,0 +1,119 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "RocksDbEncryptionProvider.h"
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace core {
+namespace repository {
+
+using utils::crypto::Bytes;
+using utils::crypto::Aes256EcbCipher;
+
+class AES256BlockCipher final : public rocksdb::BlockCipher {
+ static std::shared_ptr<logging::Logger> logger_;
+ public:
+ AES256BlockCipher(std::string database, Aes256EcbCipher cipher_impl)
+ : database_(std::move(database)),
+ cipher_impl_(std::move(cipher_impl)) {}
+
+ const char *Name() const override {
+ return "AES256BlockCipher";
+ }
+
+ size_t BlockSize() override {
+ return Aes256EcbCipher::BLOCK_SIZE;
+ }
+
+ bool hasEqualKey(const AES256BlockCipher& other) const {
+ return cipher_impl_.hasEqualKey(other.cipher_impl_);
+ }
+
+ rocksdb::Status Encrypt(char *data) override;
+
+ rocksdb::Status Decrypt(char *data) override;
+
+ private:
+ const std::string database_;
+ const Aes256EcbCipher cipher_impl_;
+};
+
+class EncryptingEnv : public rocksdb::EnvWrapper {
+ public:
+ EncryptingEnv(Env* target, std::shared_ptr<AES256BlockCipher> cipher) :
EnvWrapper(target), env_(target), cipher_(std::move(cipher)) {}
+
+ bool hasEqualKey(const EncryptingEnv& other) const {
+ return cipher_->hasEqualKey(*other.cipher_);
+ }
+
+ private:
+ std::unique_ptr<Env> env_;
+ std::shared_ptr<AES256BlockCipher> cipher_;
+};
+
+std::shared_ptr<logging::Logger> AES256BlockCipher::logger_ =
logging::LoggerFactory<AES256BlockCipher>::getLogger();
+
+std::shared_ptr<rocksdb::Env> createEncryptingEnv(const
utils::crypto::EncryptionManager& manager, const DbEncryptionOptions& options) {
+ auto cipher_impl =
manager.createAes256EcbCipher(options.encryption_key_name);
Review comment:
based on the interface of `BlockAccessCipherStream` (which an
`EncryptionProvider` should produce) I am under the impression that
authenticated encryption is not yet supported by `rocksdb`
```
// Encrypt one or more (partial) blocks of data at the file offset.
// Length of data is given in dataSize.
virtual Status Encrypt(uint64_t fileOffset, char* data, size_t dataSize);
// Decrypt one or more (partial) blocks of data at the file offset.
// Length of data is given in dataSize.
virtual Status Decrypt(uint64_t fileOffset, char* data, size_t dataSize);
```
##########
File path: extensions/rocksdb-repos/database/RocksDbInstance.cpp
##########
@@ -99,6 +112,7 @@ utils::optional<OpenRocksDb> RocksDbInstance::open(const
std::string& column, co
return utils::nullopt;
}
gsl_Expects(db_instance);
+ db_options_patch_ = db_options_patch;
Review comment:
added comment why we must store this object in
[b13b5b7d](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/b13b5b7d24b681c15e15850d36ce2922b5f2b9e9)
##########
File path: extensions/rocksdb-repos/database/RocksDbUtils.h
##########
@@ -38,19 +38,14 @@ class Writable {
public:
explicit Writable(T& target) : target_(target) {}
- template<typename F>
- void set(F T::* member, typename utils::type_identity<F>::type value) {
- if (!(target_.*member == value)) {
+ template<typename F, typename Comparator = std::equal_to<F>>
+ void set(F T::* member, typename utils::type_identity<F>::type value, const
Comparator& comparator = Comparator{}) {
+ if (!comparator(target_.*member, value)) {
target_.*member = value;
is_modified_ = true;
}
}
- template<typename Transformer, typename F>
- void transform(F T::* member) {
- set(member, Transformer::transform(target_.*member));
- }
Review comment:
yes, removed in
[b13b5b7](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/b13b5b7d24b681c15e15850d36ce2922b5f2b9e9)
##########
File path: libminifi/src/utils/crypto/ciphers/Aes256Ecb.cpp
##########
@@ -0,0 +1,122 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "utils/crypto/ciphers/Aes256Ecb.h"
+#include "openssl/conf.h"
+#include "openssl/evp.h"
+#include "openssl/err.h"
+#include "openssl/rand.h"
+#include "core/logging/LoggerConfiguration.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace utils {
+namespace crypto {
+
+using EVP_CIPHER_CTX_ptr = std::unique_ptr<EVP_CIPHER_CTX,
decltype(&EVP_CIPHER_CTX_free)>;
+
+std::shared_ptr<core::logging::Logger>
Aes256EcbCipher::logger_{core::logging::LoggerFactory<Aes256EcbCipher>::getLogger()};
+
+Aes256EcbCipher::Aes256EcbCipher(Bytes encryption_key) :
encryption_key_(std::move(encryption_key)) {
+ if (encryption_key_.size() != KEY_SIZE) {
+ handleError("Invalid key length %zu bytes, expected %zu bytes",
encryption_key_.size(), static_cast<size_t>(KEY_SIZE));
+ }
+}
+
+Bytes Aes256EcbCipher::generateKey() {
Review comment:
changed it to use `utils::crypto::randomBytes` in
[b13b5b7d](https://github.com/apache/nifi-minifi-cpp/pull/1090/commits/b13b5b7d24b681c15e15850d36ce2922b5f2b9e9)
##########
File path: libminifi/test/rocksdb-tests/EncryptionTests.cpp
##########
@@ -0,0 +1,108 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "../TestBase.h"
+#include "utils/TestUtils.h"
+#include "FlowFileRepository.h"
+#include "utils/IntegrationTestUtils.h"
+
+using utils::Path;
+using core::repository::FlowFileRepository;
+
+class FFRepoFixture : public TestController {
+ public:
+ FFRepoFixture() {
+ LogTestController::getInstance().setDebug<minifi::FlowFileRecord>();
+ LogTestController::getInstance().setDebug<minifi::Connection>();
+ LogTestController::getInstance().setTrace<FlowFileRepository>();
+ home_ = createTempDirectory("/var/tmp/testRepo.XXXXXX");
+ repo_dir_ = home_ / "flowfile_repo";
+ checkpoint_dir_ = home_ / "checkpoint_dir";
+ config_ = std::make_shared<minifi::Configure>();
+ config_->setHome(home_.str());
+ container_ = std::make_shared<minifi::Connection>(nullptr, nullptr,
"container");
+ content_repo_ =
std::make_shared<core::repository::VolatileContentRepository>();
+ content_repo_->initialize(config_);
+ }
+
+ static void putFlowFile(const std::shared_ptr<minifi::FlowFileRecord>&
flowfile, const std::shared_ptr<core::repository::FlowFileRepository>& repo) {
+ minifi::io::BufferStream buffer;
+ flowfile->Serialize(buffer);
+ REQUIRE(repo->Put(flowfile->getUUIDStr(), buffer.getBuffer(),
buffer.size()));
+ }
+
+ template<typename Fn>
+ void runWithNewRepository(Fn&& fn) {
+ auto repository = std::make_shared<FlowFileRepository>("ff",
checkpoint_dir_.str(), repo_dir_.str());
+ repository->initialize(config_);
+ std::map<std::string, std::shared_ptr<core::Connectable>> container_map;
+ container_map[container_->getUUIDStr()] = container_;
+ repository->setContainers(container_map);
+ repository->loadComponent(content_repo_);
+ repository->start();
+ std::forward<Fn>(fn)(repository);
+ repository->stop();
+ }
+
+ protected:
+ std::shared_ptr<minifi::Connection> container_;
+ Path home_;
+ Path repo_dir_;
+ Path checkpoint_dir_;
+ std::shared_ptr<minifi::Configure> config_;
+ std::shared_ptr<core::repository::VolatileContentRepository> content_repo_;
+};
+
+TEST_CASE_METHOD(FFRepoFixture, "FlowFileRepository creates checkpoint and
loads flowfiles") {
+ SECTION("Without encryption") {
+ // pass
+ }
+ SECTION("With encryption") {
+ utils::file::FileUtils::create_dir((home_ / "conf").str());
+ std::ofstream{(home_ / "conf" / "bootstrap.conf").str()}
+ << static_cast<const char*>(FlowFileRepository::ENCRYPTION_KEY_NAME) <<
"="
Review comment:
since we have an rvalue ref stream `operator<<` will resolve to a
forwarding template function
```
template <class _Stream, class _Tp>
inline _LIBCPP_INLINE_VISIBILITY
typename enable_if
<
!is_lvalue_reference<_Stream>::value &&
is_base_of<ios_base, _Stream>::value,
_Stream&&
>::type
operator<<(_Stream&& __os, const _Tp& __x)
{
__os << __x;
return _VSTD::move(__os);
}
```
which takes the argument by reference, which makes the static member
[odr-used](https://en.cppreference.com/w/cpp/language/definition#ODR-use),
adding a `static_cast` makes an lvalue-to-rvalue conversion which evaluates to
a constant expression, and no longer odr-used, from `c++17` we won't need this
cast
##########
File path: libminifi/test/rocksdb-tests/EncryptionTests.cpp
##########
@@ -0,0 +1,108 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "../TestBase.h"
+#include "utils/TestUtils.h"
+#include "FlowFileRepository.h"
+#include "utils/IntegrationTestUtils.h"
+
+using utils::Path;
+using core::repository::FlowFileRepository;
+
+class FFRepoFixture : public TestController {
+ public:
+ FFRepoFixture() {
+ LogTestController::getInstance().setDebug<minifi::FlowFileRecord>();
+ LogTestController::getInstance().setDebug<minifi::Connection>();
+ LogTestController::getInstance().setTrace<FlowFileRepository>();
+ home_ = createTempDirectory("/var/tmp/testRepo.XXXXXX");
+ repo_dir_ = home_ / "flowfile_repo";
+ checkpoint_dir_ = home_ / "checkpoint_dir";
+ config_ = std::make_shared<minifi::Configure>();
+ config_->setHome(home_.str());
+ container_ = std::make_shared<minifi::Connection>(nullptr, nullptr,
"container");
+ content_repo_ =
std::make_shared<core::repository::VolatileContentRepository>();
+ content_repo_->initialize(config_);
+ }
+
+ static void putFlowFile(const std::shared_ptr<minifi::FlowFileRecord>&
flowfile, const std::shared_ptr<core::repository::FlowFileRepository>& repo) {
+ minifi::io::BufferStream buffer;
+ flowfile->Serialize(buffer);
+ REQUIRE(repo->Put(flowfile->getUUIDStr(), buffer.getBuffer(),
buffer.size()));
+ }
+
+ template<typename Fn>
+ void runWithNewRepository(Fn&& fn) {
+ auto repository = std::make_shared<FlowFileRepository>("ff",
checkpoint_dir_.str(), repo_dir_.str());
+ repository->initialize(config_);
+ std::map<std::string, std::shared_ptr<core::Connectable>> container_map;
+ container_map[container_->getUUIDStr()] = container_;
+ repository->setContainers(container_map);
+ repository->loadComponent(content_repo_);
+ repository->start();
+ std::forward<Fn>(fn)(repository);
+ repository->stop();
+ }
+
+ protected:
+ std::shared_ptr<minifi::Connection> container_;
+ Path home_;
+ Path repo_dir_;
+ Path checkpoint_dir_;
+ std::shared_ptr<minifi::Configure> config_;
+ std::shared_ptr<core::repository::VolatileContentRepository> content_repo_;
+};
+
+TEST_CASE_METHOD(FFRepoFixture, "FlowFileRepository creates checkpoint and
loads flowfiles") {
+ SECTION("Without encryption") {
+ // pass
+ }
+ SECTION("With encryption") {
+ utils::file::FileUtils::create_dir((home_ / "conf").str());
+ std::ofstream{(home_ / "conf" / "bootstrap.conf").str()}
+ << static_cast<const char*>(FlowFileRepository::ENCRYPTION_KEY_NAME) <<
"="
Review comment:
since we have an rvalue ref stream, `operator<<` will resolve to a
forwarding template function
```
template <class _Stream, class _Tp>
inline _LIBCPP_INLINE_VISIBILITY
typename enable_if
<
!is_lvalue_reference<_Stream>::value &&
is_base_of<ios_base, _Stream>::value,
_Stream&&
>::type
operator<<(_Stream&& __os, const _Tp& __x)
{
__os << __x;
return _VSTD::move(__os);
}
```
which takes the argument by reference, which makes the static member
[odr-used](https://en.cppreference.com/w/cpp/language/definition#ODR-use),
adding a `static_cast` makes an lvalue-to-rvalue conversion which evaluates to
a constant expression, and no longer odr-used, from `c++17` we won't need this
cast
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
