fgerlits commented on code in PR #2063: URL: https://github.com/apache/nifi-minifi-cpp/pull/2063#discussion_r2533961401
########## libminifi/test/unit/VariableRegistryTests.cpp: ########## @@ -0,0 +1,73 @@ +/** + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "properties/Configure.h" +#include "core/VariableRegistry.h" +#include "unit/Catch.h" + +TEST_CASE("VariableRegistry default test") { + namespace minifi = org::apache::nifi::minifi; + const std::shared_ptr<minifi::Configure> configuration = std::make_shared<minifi::ConfigureImpl>(); + configuration->set("foo", "foo_val"); + configuration->set("bar", "bar_val"); + configuration->set("foo_password", "secret password"); + const auto variable_registry = minifi::core::VariableRegistryImpl(configuration); + CHECK(variable_registry.getConfigurationProperty("foo") == "foo_val"); + CHECK(variable_registry.getConfigurationProperty("bar") == "bar_val"); + CHECK_FALSE(variable_registry.getConfigurationProperty("foo_password")); // passwords are blacklisted +} + +TEST_CASE("VariableRegistry whitelist test") { + namespace minifi = org::apache::nifi::minifi; + const std::shared_ptr<minifi::Configure> configuration = std::make_shared<minifi::ConfigureImpl>(); + configuration->set("foo", "foo_val"); + configuration->set("minifi.variable.registry.whitelist", "foo,foo_password"); + configuration->set("bar", "bar_val"); + configuration->set("foo_password", "secret password"); + const auto variable_registry = minifi::core::VariableRegistryImpl(configuration); + CHECK(variable_registry.getConfigurationProperty("foo") == "foo_val"); + CHECK_FALSE(variable_registry.getConfigurationProperty("bar")); // not whitelisted + CHECK_FALSE(variable_registry.getConfigurationProperty("foo_password")); // passwords are blacklisted +} + +TEST_CASE("VariableRegistry blacklist test") { + namespace minifi = org::apache::nifi::minifi; + const std::shared_ptr<minifi::Configure> configuration = std::make_shared<minifi::ConfigureImpl>(); + configuration->set("foo", "foo_val"); + configuration->set("minifi.variable.registry.blacklist", "foo,foo_password"); + configuration->set("bar", "bar_val"); + configuration->set("foo_password", "secret password"); + const auto variable_registry = minifi::core::VariableRegistryImpl(configuration); + CHECK(variable_registry.getConfigurationProperty("bar") == "bar_val"); + CHECK_FALSE(variable_registry.getConfigurationProperty("foo")); // blacklisted + CHECK_FALSE(variable_registry.getConfigurationProperty("foo_password")); // passwords are blacklisted +} + +TEST_CASE("VariableRegistry whitelist and blacklist test") { + namespace minifi = org::apache::nifi::minifi; + const std::shared_ptr<minifi::Configure> configuration = std::make_shared<minifi::ConfigureImpl>(); + configuration->set("foo", "foo_val"); + configuration->set("minifi.variable.registry.whitelist", "foo,foo_password"); + configuration->set("minifi.variable.registry.blacklist", "foo"); + configuration->set("bar", "bar_val"); + configuration->set("foo_password", "secret password"); + const auto variable_registry = minifi::core::VariableRegistryImpl(configuration); + CHECK_FALSE(variable_registry.getConfigurationProperty("foo")); // whitelisted but also blacklisted + CHECK_FALSE(variable_registry.getConfigurationProperty("bar")); // not whitelisted + CHECK_FALSE(variable_registry.getConfigurationProperty("foo_password")); // passwords are blacklisted +} Review Comment: For completeness, can you add one more option which is whitelisted but not blacklisted, please? ########## core-framework/include/core/VariableRegistry.h: ########## @@ -40,53 +44,37 @@ class VariableRegistryImpl : public virtual VariableRegistry { ~VariableRegistryImpl() override = default; - bool getConfigurationProperty(const std::string &property, std::string &value) const override { - auto prop = variable_registry_.find(property); - if (prop != variable_registry_.end()) { - value = prop->second; - return true; + [[nodiscard]] std::optional<std::string> getConfigurationProperty(const std::string_view key) const override { + const auto it = variable_registry_.find(key); + if (it == variable_registry_.end()) { + return std::nullopt; } - return false; + return it->second; } protected: void loadVariableRegistry() { - std::string registry_values; - - auto options = configuration_->getConfiguredKeys(); - std::string white_list_opt = "minifi.variable.registry.whitelist", white_list; - std::string black_list_opt = "minifi.variable.registry.blacklist", black_list; + gsl_Assert(configuration_); + auto options = configuration_->get(Configuration::minifi_variable_registry_whitelist) + .transform([](std::string&& list) { return utils::string::split(std::move(list), ","); }) + .value_or(configuration_->getConfiguredKeys()); - // only allow those in the white liset - if (configuration_->get(white_list_opt, white_list)) { - options = utils::string::split(white_list, ","); - } - - for (const auto &opt : options) { - if (opt.find("password") != std::string::npos) - options.erase(std::remove(options.begin(), options.end(), opt), options.end()); - } + const auto black_listed_options = configuration_->get(Configuration::minifi_variable_registry_blacklist) + .transform([](std::string&& list) { return utils::string::split(std::move(list), ","); }); - // even if a white list is configured, remove the black listed fields - - if (configuration_->get(black_list_opt, black_list)) { - auto bl_opts = utils::string::split(black_list, ","); - for (const auto &opt : bl_opts) { - options.erase(std::remove(options.begin(), options.end(), opt), options.end()); - } - } + auto not_password = [](const std::string& s) { return !s.contains("password"); }; + auto not_blacklisted = [&black_listed_options](const std::string& s) { return !(black_listed_options && ranges::contains(*black_listed_options, s)); }; Review Comment: `std::ranges::contains` exists in `<algorithm>` since C++23, too. Does one of our target compilers not support it? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
