[
https://issues.apache.org/jira/browse/NIFI-15306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18043643#comment-18043643
]
Chris Sampson commented on NIFI-15306:
--------------------------------------
After [discussion in
Slack|https://apachenifi.slack.com/archives/C0L9S92JY/p1765138020254559] and
the [Dev mailing
list|https://lists.apache.org/thread/vwb26wmqnwtrg7ocx487w0gyk9vq16ht], it was
clarified that this lack of property migration is by design - migration happens
during an "upgrade" of an existing Flow Definition between NiFi versions, but
is not expected when creating components via the API. Rather, users are
expected to ensure their component definitions are up-to-date before sending
them to the NiFi API.
Options discussed for changing this in the future if the community desires
include:
* migrating properties for components being created (would address the original
ticket description, but potentially hide the compoennt differences from the
user, which could cause other problems)
* rejecting component definitions at the NiFi API level if they're not valid,
e.g. contain unknown properties (would need to be able to handle components
that allow dynamic properties)
> Property migration does not happen when creating Reporting Tasks and global
> Controller Services via NiFi Toolkit
> ----------------------------------------------------------------------------------------------------------------
>
> Key: NIFI-15306
> URL: https://issues.apache.org/jira/browse/NIFI-15306
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 2.7.0
> Reporter: Chris Sampson
> Priority: Major
>
> Several properties in Site-to-Site Reporting Tasks and Controller Services
> (e.g. {{StandardSSLControllerService}}) have recently been renamed as part of
> an effort to harminise property descriptor names with their display names.
> A set of property migrations have been included as part of this using the
> {{migrateProperties}} framework method. However, it seems that these methods
> are not being called for global-level components such as Reporting Tasks and
> Controller Services when they are created via the NiFi API (e.g. using
> Toolkit's {{create-reporting-task}} method) with a JSON definition that has
> not been updated to match the renamed properties.
> For example:
> {code:json}
> {
> "component": {
> "name": "Registry Client SSL Context Service",
> "type": "org.apache.nifi.ssl.StandardSSLContextService",
> "properties": {
> "Keystore Filename": "keystore.p12",
> "Keystore Password": "my password",
> "key-password": "my password",
> "Keystore Type": "PKCS12",
> "Truststore Filename": "trust.p12",
> "Truststore Password": "another password",
> "Truststore Type": "PKCS12",
> "SSL Protocol": "TLS"
> }
> }
> }
> {code}
> Results in 2 unknown properties of {{key-password}} and {{SSL Protocol}}
> being present in the created Controller Service, with the component being
> invalid and throwing errors such as:
> {quote}
> 'key-password' not valid with value 'my password', property does not exist
> {quote}
> Similarly, for:
> {code:json}
> {
> "component": {
> "name": "s2s Bulletin Report",
> "type": "org.apache.nifi.reporting.SiteToSiteBulletinReportingTask",
> "properties": {
> "Destination URL": "https://nifi:8443/nifi";,
> "Input Port Name": "BulletinData",
> "SSL Context Service": "{uuid}",
> "Instance URL": "https://${hostname(true)}:8443/nifi",
> "record-writer": "{uuid}"
> }
> }
> }
> {code}
> Creates an invalid Reporting Task due to:
> {quote}
> 'record-writer' not valid with value '{uuid}', property does not exist
> {quote}
> This makes the changes to these properties a breaking change for anyone with
> existing component definitions to be installed into a NiFi cluster.
> Additionally, the reporting of the property values has the potential to leak
> sensitive details, such as key passwords (NiFi doesn't recognise
> {{key-password}} any longer, so doesn't realise it's a sensitive value, and
> so reports the value in the component validation error).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
