exceptionfactory commented on a change in pull request #5206:
URL: https://github.com/apache/nifi/pull/5206#discussion_r677436433
##########
File path:
nifi-commons/nifi-property-utils/src/main/java/org/apache/nifi/properties/BootstrapProperties.java
##########
@@ -33,13 +34,22 @@
public enum BootstrapPropertyKey {
SENSITIVE_KEY("bootstrap.sensitive.key"),
HASHICORP_VAULT_SENSITIVE_PROPERTY_PROVIDER_CONF("bootstrap.protection.hashicorp.vault.conf"),
-
AWS_KMS_SENSITIVE_PROPERTY_PROVIDER_CONF("bootstrap.protection.aws.kms.conf");
+
AWS_KMS_SENSITIVE_PROPERTY_PROVIDER_CONF("bootstrap.protection.aws.kms.conf"),
+ CONTEXT_LOCATION_MAPPING("bootstrap.protection.context.mapping.");
Review comment:
Adjusting the name to indicate that it is a prefix would help clarify
the reason for the trailing period:
```suggestion
CONTEXT_MAPPING_PREFIX("bootstrap.protection.context.mapping.");
```
##########
File path:
nifi-commons/nifi-sensitive-property-provider/src/main/java/org/apache/nifi/properties/StandardSensitivePropertyProviderFactory.java
##########
@@ -74,6 +77,18 @@ private StandardSensitivePropertyProviderFactory(final
String keyHex, final Supp
this.keyHex = Optional.ofNullable(keyHex);
this.bootstrapPropertiesSupplier = bootstrapPropertiesSupplier == null
? () -> null : bootstrapPropertiesSupplier;
this.providerMap = new HashMap<>();
+ this.customPropertyContextLocationMap = null;
+ }
+
+ private void populateCustomPropertyContextLocationMap() {
+ final BootstrapProperties bootstrapProperties =
getBootstrapProperties();
+ customPropertyContextLocationMap = new HashMap<>();
+ final String xmlContextLocationMappingKeyPrefix =
BootstrapPropertyKey.CONTEXT_LOCATION_MAPPING.getKey();
Review comment:
Recommend renaming the variable to avoid the XML reference.
```suggestion
final String contextMappingPrefixKey =
BootstrapPropertyKey.CONTEXT_LOCATION_MAPPING.getKey();
```
##########
File path:
nifi-registry/nifi-registry-core/nifi-registry-resources/src/main/resources/conf/bootstrap.conf
##########
@@ -59,4 +59,18 @@ nifi.registry.bootstrap.sensitive.key=
nifi.registry.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.conf
# AWS KMS Sensitive Property Providers
-nifi.registry.bootstrap.protection.aws.kms.conf=./conf/bootstrap-aws.conf
\ No newline at end of file
+nifi.registry.bootstrap.protection.aws.kms.conf=./conf/bootstrap-aws.conf
+
+# Note: the following mapping properties only apply if a Sensitive Property
Provider that uses property contexts
+# is configured. Otherwise, these values are ignored.
+#
+# If no nifi.bootstrap.protection.context.mapping.* properties are provided,
the context for protected
+# properties uses a 'default' context, as in "default/Manager Password".
Properties in nifi.properties are always
+# assigned this context, but there is a possibility of naming conflicts among
the .xml configuration files.
+#
+# To create separate contexts for XML properties, you may provide context
mappings in the format:
Review comment:
Same note as above regarding XML references.
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/bootstrap.conf
##########
@@ -66,6 +66,20 @@
nifi.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.
# AWS KMS Sensitive Property Providers
nifi.bootstrap.protection.aws.kms.conf=./conf/bootstrap-aws.conf
+# Note: the following mapping properties only apply if a Sensitive Property
Provider that uses property contexts
+# is configured. Otherwise, these values are ignored.
+#
+# If no nifi.bootstrap.protection.context.mapping.* properties are provided,
the context for protected
+# properties uses a 'default' context, as in "default/Manager Password".
Properties in nifi.properties are always
+# assigned this context, but there is a possibility of naming conflicts among
the .xml configuration files.
+#
+# To create separate contexts for XML properties, you may provide context
mappings in the format:
Review comment:
Although the most common use case relates to XML-based configuration
files, recommend rewording to avoid referencing the storage format since it
shouldn't be specific to the implementation.
##########
File path:
nifi-commons/nifi-sensitive-property-provider/src/test/java/org/apache/nifi/properties/AWSSensitivePropertyProviderIT.java
##########
@@ -121,9 +121,9 @@ public void testEncryptDecrypt() {
private static void runEncryptDecryptTest() {
logger.info("Plaintext: " + SAMPLE_PLAINTEXT);
- String protectedValue = spp.protect(SAMPLE_PLAINTEXT);
+ String protectedValue = spp.protect(SAMPLE_PLAINTEXT, null);
logger.info("Protected Value: " + protectedValue);
- String unprotectedValue = spp.unprotect(protectedValue);
+ String unprotectedValue = spp.unprotect(protectedValue, null);
Review comment:
Although this particular implementation does not use the
PropertyContext, it looks like other tests use an actual value as opposed to
`null`. It seems that it would be better to use a static PropertyContext in the
test class to avoid implying that the PropertyContext can be null.
##########
File path:
nifi-commons/nifi-sensitive-property-provider/src/main/java/org/apache/nifi/properties/SensitivePropertyProviderFactory.java
##########
@@ -33,4 +33,14 @@
*/
Collection<SensitivePropertyProvider>
getSupportedSensitivePropertyProviders();
+ /**
+ * Given the <identifier> value providing a group context for an XML
configuration file property,
+ * returns the matching property context, or the default context if no
mappings match.
+ * @param groupIdentifier The value of <identifier> from the
enclosing XML block of a property in
+ * one of the XML configuration files.
+ * @param propertyName An XML property name
Review comment:
The description references to XML seem specific to the implementation,
can this be adjusted?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
