[
https://issues.apache.org/jira/browse/NIFI-13057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17837840#comment-17837840
]
Daniel Stieglitz commented on NIFI-13057:
-----------------------------------------
[~joewitt] Thanks for that explanation. After further analysis, I noticed this
issue has really nothing to do with sensitive at all but rather with required
when it is set to true (I probably need to change the title of the ticket).
The same behavior is exhibited for example in InvokeHttp with the url setting.
If a user enters a url, clicks apply, tries to backspace to remove the url and
clicks apply, the original url remains. This at least to me is not intuitive.
I would have thought if I completely removed my entry it would revert to not
being set. I would like to see when a user removes the contents of a property
either by setting it to blank string or removing all the text then the property
should revert to not being set.
> When a property is both required and sensitive, setting it blank does not
> remove the "Sensitive value set" message.
> -------------------------------------------------------------------------------------------------------------------
>
> Key: NIFI-13057
> URL: https://issues.apache.org/jira/browse/NIFI-13057
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Daniel Stieglitz
> Priority: Major
> Attachments: image-2024-04-16-13-13-24-650.png
>
>
> When testing [NIIFI-12960|https://issues.apache.org/jira/browse/NIFI-12960],
> I noticed when a property had the combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> and after a user entered a value and then attempts to remove the value it
> does not work and the message "Sensitive value set" still remains in the text
> box. This is even when the user checks the "Set empty string" checkbox.
> Attached is a screenshot of a DecryptContent processor after an attempt to
> remove the set password.
> !image-2024-04-16-13-13-24-650.png!
> The combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> is prevalent in the code base. I found it ~40 times in the following files.
> # QueryAirtableTable
> # StandardAsanaClientProviderService
> # ClientSideEncryptionSupport
> # AzureStorageUtils
> # StandardKustoIngestService
> # AbstractAzureLogAnalyticsReportingTask
> # DecryptContent
> # DecryptContentAge
> # DecryptContentCompatibility
> # EncryptContentAge
> # VerifyContentMAC
> # StandardDropboxCredentialService
> # AbstractEmailProcessor
> # GhostFlowRegistryClient
> # GhostControllerService
> # GhostFlowAnalysisRule
> # GhostParameterProvider
> # GhostProcessor
> # GhostReportingTask
> # Neo4JCypherClientService
> # GetHubSpot
> # AbstractIoTDB
> # StandardPGPPrivateKeyService
> # GetShopify
> # ListenSlack
> # ConsumeSlack
> # PublishSlack
> # SlackRecordSink
> # BasicProperties
> # V3SecurityProperties
> # ConsumeTwitter
> # OnePasswordParameterProvider
> # KerberosPasswordUserService
> # StandardOauth2AccessTokenProvider
> # GetWorkdayReport
> # ZendeskProperties
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
