joewitt commented on code in PR #8853:
URL: https://github.com/apache/nifi/pull/8853#discussion_r1607116899
##########
nifi-api/src/main/java/org/apache/nifi/components/PropertyDescriptor.java:
##########
@@ -719,6 +720,15 @@ public boolean isSensitive() {
return sensitive;
}
+ // Pattern to match a parameter reference i.e. "#{anything}"
+ private static final Pattern PARAMETER_REFERENCE =
Pattern.compile("^#\\{.*}$");
+
+ public static boolean isSensitiveValueSafeToDisplay(String value) {
+ // If the value is a parameter reference, then it is safe to display
the parameter name.
+ // A parameter name is safe to display to users because the sensitive
info is stored in the parameter value.
+ return value != null && PARAMETER_REFERENCE.matcher(value).matches();
+ }
Review Comment:
as David notes the concept of a 'sensitive value safe to display' does not
belong in the nifi-api. We have mechanisms already to know whether a property
is sensitive. We have mechanisms to know whether the value contains a
parameter reference. We need to leverage these existing capabilities to
determine what to render.
When the value is anything other than a parameter reference the existing
behavior should remain which is a visual indication that a 'sensitive value is
set'.
Things to test with this PR:
- what happens if a sensitive value was both a parameter reference and some
additional string data. Is that possible?
- what happens for a user that does not have permissions to read/write a
given parameter reference.
- what happens for a user that does have permissions to both read/write a
given parameter reference.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
