[GitHub] [nifi] gresockj commented on a change in pull request #5206: NIFI-8695: Adding context to sensitive property providers

Fri, 16 Jul 2021 15:28:29 -0700 


gresockj commented on a change in pull request #5206:
URL: https://github.com/apache/nifi/pull/5206#discussion_r671553772



##########
File path: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/bootstrap.conf
##########
@@ -63,6 +63,20 @@ nifi.bootstrap.sensitive.key=
 # HashiCorp Vault Sensitive Property Providers
 
nifi.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.conf
 
+# Note: the following mapping properties only apply if a Sensitive Property 
Provider that uses property contexts
+# is configured.  Otherwise, these values are ignored.
+#
+# If no nifi.bootstrap.protection.xml.context.location.mapping.* properties 
are provided, the context for protected
+# properties uses their filename as a location prefix, e.g. 
"authorizers.xml||Manager Password".
+# This creates a separate context for each unique property name in each XML 
configuration file.
+#
+# However, to reuse the same context in a more logical fashion, context 
mappings may be provided, in the format:
+# 
nifi.bootstrap.protection.xml.context.location.mapping.<contextLocation>=<identifier
 matching regex>
+# With the following configuration, for example, any XML property named 
"Manager Password" located inside
+# an XML block whose <identifier> starts with "ldap-" will be mapped to the 
context named "ldap||Manager Password",
+# regardless of whether it resides in authorizers.xml or 
login-identity-providers.xml.
+nifi.bootstrap.protection.xml.context.location.mapping.ldap=ldap-.*

Review comment:
       That's a good point, there probably isn't much property name 
duplication, and letting them provide a mapping would take care of any that 
needed disambiguation without hard-coding anything.  I'll mull this over.  
Thanks!




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to