ChrisSamo632 commented on PR #6995:
URL: https://github.com/apache/nifi/pull/6995#issuecomment-1448750600
@exceptionfactory I agree that there's utility in discussing some of the
changes being made herein, it was the main driver for raising a Draft PR
(rather than pushing through with more updates), so glad you noticed and thanks
for commenting.
I agree that an instance-based loading mechanism would make more sense and
I'd been considering that as I took forward the (Docker Image-focussed, but not
strictly limited) current env var approach, however I didn't want to go through
making such changes without some discussion as I think there needs to be
agreement on a common approach of how to load properties and what order of
precedence is to be used (i.e. properties file vs. env var vs. defaults in
property loader code, etc.) - this seems like it's worth a ticket in its own
right (whether that's NIFI-7060 that's re-shaped *or* a new ticket to be
raised).
Other things that have been covered in this PR so far that we may/not want
to retain:
- [ ] address `shellcheck` errors/warnings in the Docker Image start scripts
- [ ] load (sensitive) properties from files
- do we keep this as a Docker Image-focussed approach or look to
generalise this for other deployments too (I'm not sure how much sense it makes
as likely any such files are just as readable as the
`nifi/-registry.properties` files themselves on such systems, but in Docker/k8s
the injection of a sensitive value as a file does make things a little more
secure as the values can't be seen by a simple inspection of the running
container's env)
- [ ] update `maven-antrun-plugin` for `dockermaven` builds
- [ ] refactor the Docker Image start scripts for `nifi-registry`
- this fixed a few bugs/inconsistencies between the current `dockermaven`
and `dockerhub` scripts currently on `main`, including:
- missing `needClientAuth` settings
- inability to configure the `database` for the Registry Flow Provider
- missing LDAP `Referral Strategy` config
- invalid OIDC properties (copied from `nifi`, so missing the
`.registry` part of the property name *and* some properties are missing/present
when unused)
I'm not precious about keeping this PR open (after the discussion) and/or
linking it to a different Jira ticket in future to cover the points we want to
keep from this existing work vs. raising/reshaping remaining changes in
NIFI-7060/a new ticket
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
