[GitHub] [nifi] exceptionfactory commented on a change in pull request #5206: NIFI-8695: Adding context to sensitive property providers

Tue, 27 Jul 2021 09:17:24 -0700 


exceptionfactory commented on a change in pull request #5206:
URL: https://github.com/apache/nifi/pull/5206#discussion_r677604916



##########
File path: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/bootstrap.conf
##########
@@ -66,6 +66,20 @@ 
nifi.bootstrap.protection.hashicorp.vault.conf=./conf/bootstrap-hashicorp-vault.
 # AWS KMS Sensitive Property Providers
 nifi.bootstrap.protection.aws.kms.conf=./conf/bootstrap-aws.conf
 
+# Note: the following mapping properties only apply if a Sensitive Property 
Provider that uses property contexts
+# is configured.  Otherwise, these values are ignored.
+#
+# If no nifi.bootstrap.protection.context.mapping.* properties are provided, 
the context for protected
+# properties uses a 'default' context, as in "default/Manager Password".  
Properties in nifi.properties are always
+# assigned this context, but there is a possibility of naming conflicts among 
the other configuration files.
+#
+# To create separate contexts for properties, you may provide context mappings 
in the format:
+# nifi.bootstrap.protection.context.mapping.<contextName>=<identifier matching 
regex>
+# With the following configuration, for example, any property named "Manager 
Password" located inside
+# a block whose <identifier> starts with "ldap-" will be mapped to the context 
named "ldap/Manager Password",
+# regardless of whether it resides in authorizers.xml or 
login-identity-providers.xml.
+nifi.bootstrap.protection.context.mapping.ldap=ldap-.*

Review comment:
       Although this example is helpful, it seems better to leave it commented 
out in the default configuration.
   
   On further consideration, since none of the current SPP implementations 
support handling PropertyContexts, it seems better to remove this section 
completely. When the first SPP introduces leverages PropertyContexts, that 
seems like a better opportunity to update the project documentation and include 
one or two lines of comments in bootstrap.conf




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to