exceptionfactory commented on code in PR #10524:
URL: https://github.com/apache/nifi/pull/10524#discussion_r2558532396
##########
nifi-extension-bundles/nifi-extension-utils/nifi-dbcp-base/src/main/java/org/apache/nifi/dbcp/utils/DBCPProperties.java:
##########
@@ -64,15 +66,31 @@ private DBCPProperties() {
.expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT)
.build();
+ public static final PropertyDescriptor PASSWORD_SOURCE = new
PropertyDescriptor.Builder()
+ .name("Password Source")
+ .description("Specifies whether to supply the database password
directly or obtain it from a Database Password Provider.")
+ .allowableValues(PasswordSource.class)
+ .defaultValue(PasswordSource.PASSWORD.getValue())
Review Comment:
The `getValue()` call is not needed:
```suggestion
.defaultValue(PasswordSource.PASSWORD)
```
##########
nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/rds/AwsRdsIamDatabasePasswordProviderTest.java:
##########
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.aws.rds;
+
+import org.apache.nifi.dbcp.api.DatabasePasswordProvider;
+import org.apache.nifi.dbcp.api.DatabasePasswordRequestContext;
+import
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService;
+import org.apache.nifi.processors.aws.s3.FetchS3Object;
+import org.apache.nifi.processor.exception.ProcessException;
+import org.apache.nifi.util.TestRunner;
+import org.apache.nifi.util.TestRunners;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import software.amazon.awssdk.regions.Region;
+
+import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ACCESS_KEY_ID;
+import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.SECRET_KEY;
+import static
org.apache.nifi.processors.aws.rds.AwsRdsIamDatabasePasswordProvider.AWS_CREDENTIALS_PROVIDER_SERVICE;
+import static org.apache.nifi.processors.aws.region.RegionUtil.REGION;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class AwsRdsIamDatabasePasswordProviderTest {
+
+ private TestRunner runner;
+ private AWSCredentialsProviderControllerService credentialsService;
+ private AwsRdsIamDatabasePasswordProvider passwordProvider;
+
+ @BeforeEach
+ void setUp() throws Exception {
+ runner = TestRunners.newTestRunner(FetchS3Object.class);
+
+ credentialsService = new AWSCredentialsProviderControllerService();
+ runner.addControllerService("awsCredentials", credentialsService);
+ runner.setProperty(credentialsService, ACCESS_KEY_ID, "accessKey");
+ runner.setProperty(credentialsService, SECRET_KEY, "secretKey");
+ runner.enableControllerService(credentialsService);
+
+ passwordProvider = new AwsRdsIamDatabasePasswordProvider();
+ runner.addControllerService("iamProvider", passwordProvider);
+ runner.setProperty(passwordProvider, AWS_CREDENTIALS_PROVIDER_SERVICE,
"awsCredentials");
+ runner.setProperty(passwordProvider, REGION, Region.US_WEST_2.id());
+ runner.enableControllerService(passwordProvider);
+ }
+
+ @Test
+ void testGeneratesTokenUsingRequestContext() {
+ final DatabasePasswordProvider service = getService();
+ final DatabasePasswordRequestContext context =
DatabasePasswordRequestContext.builder()
+
.jdbcUrl("jdbc:postgresql://example.us-west-2.rds.amazonaws.com:5432/dev")
+ .databaseUser("dbuser")
+ .driverClassName("org.postgresql.Driver")
+ .build();
+
+ final String token = new String(service.getPassword(context));
+
assertTrue(token.startsWith("example.us-west-2.rds.amazonaws.com:5432/"));
+ assertTrue(token.contains("DBUser=dbuser"));
+ }
+
+ @Test
+ void testGeneratesTokenWithDefaultPort() {
+ final DatabasePasswordProvider service = getService();
+ final DatabasePasswordRequestContext context =
DatabasePasswordRequestContext.builder()
+
.jdbcUrl("jdbc:postgresql://example.us-west-2.rds.amazonaws.com/db")
+ .databaseUser("dbuser")
+ .driverClassName("org.postgresql.Driver")
+ .build();
+
+ final String token = new String(service.getPassword(context));
+
assertTrue(token.startsWith("example.us-west-2.rds.amazonaws.com:5432/"));
+ assertTrue(token.contains("DBUser=dbuser"));
+ }
+
+ @Test
+ void testMissingHostnameThrowsProcessException() {
+ final DatabasePasswordProvider service = getService();
+ final DatabasePasswordRequestContext context =
DatabasePasswordRequestContext.builder()
+ .jdbcUrl("jdbc:postgresql:///dbname")
+ .databaseUser("dbuser")
+ .driverClassName("org.postgresql.Driver")
Review Comment:
It looks like this reference also needs to be updated.
##########
nifi-extension-bundles/nifi-extension-utils/nifi-dbcp-base/src/main/java/org/apache/nifi/dbcp/utils/DBCPProperties.java:
##########
@@ -64,15 +66,31 @@ private DBCPProperties() {
.expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT)
.build();
+ public static final PropertyDescriptor PASSWORD_SOURCE = new
PropertyDescriptor.Builder()
+ .name("Password Source")
+ .description("Specifies whether to supply the database password
directly or obtain it from a Database Password Provider.")
+ .allowableValues(PasswordSource.class)
+ .defaultValue(PasswordSource.PASSWORD.getValue())
+ .required(true)
+ .build();
+
public static final PropertyDescriptor DB_PASSWORD = new
PropertyDescriptor.Builder()
.name("Password")
.description("The password for the database user")
.required(false)
.sensitive(true)
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT)
+ .dependsOn(PASSWORD_SOURCE, PasswordSource.PASSWORD.getValue())
.build();
+ public static final PropertyDescriptor DB_PASSWORD_PROVIDER = new
PropertyDescriptor.Builder()
+ .name("Database Password Provider")
+ .description("Controller Service that supplies database passwords
on demand. When configured, the Password property is ignored.")
+ .required(true)
+ .identifiesControllerService(DatabasePasswordProvider.class)
+ .dependsOn(PASSWORD_SOURCE,
PasswordSource.PASSWORD_PROVIDER.getValue())
Review Comment:
```suggestion
.dependsOn(PASSWORD_SOURCE, PasswordSource.PASSWORD_PROVIDER)
```
##########
nifi-extension-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/rds/AwsRdsIamDatabasePasswordProviderTest.java:
##########
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.aws.rds;
+
+import org.apache.nifi.dbcp.api.DatabasePasswordProvider;
+import org.apache.nifi.dbcp.api.DatabasePasswordRequestContext;
+import
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService;
+import org.apache.nifi.processors.aws.s3.FetchS3Object;
+import org.apache.nifi.processor.exception.ProcessException;
+import org.apache.nifi.util.TestRunner;
+import org.apache.nifi.util.TestRunners;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import software.amazon.awssdk.regions.Region;
+
+import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.ACCESS_KEY_ID;
+import static
org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService.SECRET_KEY;
+import static
org.apache.nifi.processors.aws.rds.AwsRdsIamDatabasePasswordProvider.AWS_CREDENTIALS_PROVIDER_SERVICE;
+import static org.apache.nifi.processors.aws.region.RegionUtil.REGION;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class AwsRdsIamDatabasePasswordProviderTest {
+
+ private TestRunner runner;
+ private AWSCredentialsProviderControllerService credentialsService;
+ private AwsRdsIamDatabasePasswordProvider passwordProvider;
+
+ private static final String POSTGRES_DRIVER_CLASS =
"org.postgresql.Driver";
+ private static final String DB_USER = "dbuser";
+ private static final String HOSTNAME =
"example.us-west-2.rds.amazonaws.com";
+ private static final String JDBC_PREFIX = "jdbc:postgresql://";
+ private static final String DATABASE = "dev";
+ private static final int PORT = 5432;
+
+ @BeforeEach
+ void setUp() throws Exception {
+ runner = TestRunners.newTestRunner(FetchS3Object.class);
Review Comment:
It looks like the `NoOpProcessor` should be used here instead of
`FetchS3Object`.
##########
nifi-extension-bundles/nifi-extension-utils/nifi-dbcp-base/src/main/java/org/apache/nifi/dbcp/utils/DBCPProperties.java:
##########
@@ -123,6 +141,34 @@ private DBCPProperties() {
.expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT)
.build();
+ public enum PasswordSource implements DescribedValue {
+ PASSWORD("Password", "Use the configured Password property for
database authentication."),
+ PASSWORD_PROVIDER("Password Provider", "Obtain database passwords from
a configured Database Password Provider controller service.");
Review Comment:
```suggestion
PASSWORD_PROVIDER("Password Provider", "Obtain database passwords
from a configured Database Password Provider.");
```
##########
nifi-extension-bundles/nifi-extension-utils/nifi-dbcp-base/src/main/java/org/apache/nifi/dbcp/utils/DBCPProperties.java:
##########
@@ -123,6 +141,34 @@ private DBCPProperties() {
.expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT)
.build();
+ public enum PasswordSource implements DescribedValue {
+ PASSWORD("Password", "Use the configured Password property for
database authentication."),
+ PASSWORD_PROVIDER("Password Provider", "Obtain database passwords from
a configured Database Password Provider controller service.");
+
+ private final String displayName;
+ private final String description;
+
+ PasswordSource(final String displayName, final String description) {
+ this.displayName = displayName;
+ this.description = description;
+ }
+
+ @Override
+ public String getDisplayName() {
+ return displayName;
+ }
+
+ @Override
+ public String getValue() {
+ return displayName;
Review Comment:
```suggestion
return name();
```
##########
nifi-extension-bundles/nifi-extension-utils/nifi-dbcp-base/src/main/java/org/apache/nifi/dbcp/utils/DBCPProperties.java:
##########
@@ -64,15 +66,31 @@ private DBCPProperties() {
.expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT)
.build();
+ public static final PropertyDescriptor PASSWORD_SOURCE = new
PropertyDescriptor.Builder()
+ .name("Password Source")
+ .description("Specifies whether to supply the database password
directly or obtain it from a Database Password Provider.")
+ .allowableValues(PasswordSource.class)
+ .defaultValue(PasswordSource.PASSWORD.getValue())
+ .required(true)
+ .build();
+
public static final PropertyDescriptor DB_PASSWORD = new
PropertyDescriptor.Builder()
.name("Password")
.description("The password for the database user")
.required(false)
.sensitive(true)
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT)
+ .dependsOn(PASSWORD_SOURCE, PasswordSource.PASSWORD.getValue())
Review Comment:
```suggestion
.dependsOn(PASSWORD_SOURCE, PasswordSource.PASSWORD)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
