[jira] [Commented] (NIFI-12061) AwsSecretsManagerParameterProvider should not require listSecrets permission

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/NIFI-12061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17898116#comment-17898116
 ] 

ASF subversion and git services commented on NIFI-12061:
--------------------------------------------------------

Commit 6fb208807e0c93aaec52b7ade8ee03d4bcde1465 in nifi's branch 
refs/heads/main from Greg Solovyev
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=6fb208807e ]

NIFI-12061 Added Listing Strategy to AWS Secrets Manager Provider

- Enumerate Secret Names allows using AWS Secrets Manager without ListSecrets 
permission

This closes #9483

Signed-off-by: David Handermann <exceptionfact...@apache.org>


> AwsSecretsManagerParameterProvider should not require listSecrets permission
> ----------------------------------------------------------------------------
>
>                 Key: NIFI-12061
>                 URL: https://issues.apache.org/jira/browse/NIFI-12061
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.23.2
>            Reporter: Greg Solovyev
>            Assignee: Greg Solovyev
>            Priority: Minor
>          Time Spent: 3h 50m
>  Remaining Estimate: 0h
>
> `AwsSecretsManagerParameterProvider` currently requires listSecrets 
> permission in AWS, which is unnecessary in my use case. In our environment, 
> we run one `AwsSecretsManagerParameterProvider` per customer instance of Nifi 
> and need `AwsSecretsManagerParameterProvider` to have access only to the 
> secret that is dedicated to that customer. Unfortunately, 
> `AwsSecretsManagerParameterProvider` tries to list all account's secrets and 
> match them to name pattern, even when name pattern is a single name.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)