[
https://issues.apache.org/jira/browse/NIFI-11331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17705423#comment-17705423
]
David Handermann commented on NIFI-11331:
-----------------------------------------
Thanks for describing the issue [~v1d3o], can you provide a bit more detail on
the expected behavior? What should sensitive mean in the context of request
body content for InvokeHTTP?
The FlowFile content is never considered sensitive at a framework level.
Permission to view FlowFile content is controlled through configurable policies.
This request does make sense in the context of NIFI-9894, if support were
implemented to configure the request body from attributes. In that case, being
able to reference sensitive parameters in the request body formatting could
support such a use case. From that perspective, is this particular improvement
dependent on implementing NIFI-9894?
> InvokeHTTP: Add a property for the HTTP Body that can be marked sensitive
> -------------------------------------------------------------------------
>
> Key: NIFI-11331
> URL: https://issues.apache.org/jira/browse/NIFI-11331
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.20.0
> Reporter: Vince Lombardo
> Priority: Major
>
> This request is for adding a property in the InvokeHTTP processor that can be
> marked as sensitive.
> The use case for this is that some APIs require username and password
> credentials to be sent as part of the body. Since the only current way to
> populate the body is through the flowfile, this means that there is no way to
> have the values be treated as sensitive by NiFi.
> I envision a new property, Body Content, with the default being that if no
> value is set, then it uses the flowfile as the processor currently does. If
> possible, then this property will be allowed to optionally be made sensitive.
> Not sure if that is possible to make a built in property optionally
> sensitive. Otherwise there may need to be two properties, one for body
> content that is sensitive and a plain body content that can have EL in it.
> Either can be set independently, but if they are both set, they are appended
> together. Lastly a third property would be a dropdown that lets you indicate
> whether those values are used instead of or append to the flowfile. So that
> dropdown is only considered when there is data within either of the body
> contents.
> I am aware of the fact that there are other related requests that have been
> closed in favor of issue NIFI-9894, but I created this issue separately
> because I believe the whole sensitivity issue is a large need and I did not
> see any of the other issues address that. So this issue could be
> consolidated into NIFI-9894, with hopefully a final solution that can capture
> the needs from this issue allong with the others.
> Actually, the only reason I included having both a non-sensitive and
> sensitive property is to help with those needs of the other issues. If for
> some reason, NIFI-9894 cannot be done because of the stated problem of
> potential memory consumption issues, my need is really only for having a
> Sensitive Body Content attribute that, if populated, is used instead of the
> flowfile. For once I am able to log in using that, the rest of my uses for
> InvokeHTTP are met by the current implementation of the processor.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
