[jira] [Commented] (NIFI-5296) Add EL Support with Variable Registry scope on SSL context service

Mon, 20 Aug 2018 11:13:14 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-5296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16586337#comment-16586337
 ] 

Andy LoPresto commented on NIFI-5296:
-------------------------------------

[~snagafritz] setting environment variables and allowing them to be used via 
Expression Language would avoid the issue that a NiFi user (not to be confused 
with someone who has access to the OS {{nifi}} user) could examine the variable 
values through the *Variable Registry*. However, right now the scoping of those 
variables is not discrete -- any component property that supports Expression 
Language supports three sources of *variables*: 
{quote}
* User defined properties (custom properties)
* System properties

* Operating System environment variables
{quote}

To implement what you are looking for while maintaining a solid security 
posture may require scoping the source of variables similar to the way 
Expression Language evaluation was formerly *on* or *off* and is now *flowfile 
attributes*, *variables*, or *none* (see 
[NIFI-4149|https://issues.apache.org/jira/browse/NIFI-4149] | [PR 
2205|https://github.com/apache/nifi/pull/2205] for details). System properties 
and environment variables are protected by the OS-level controls, while VR 
variables are controlled by NiFi-specific permissions, and it may not be 
possible to allow a user to reference them in a processor property without 
exposing their value. I am open to this if you can submit a PR (similar to 
Pierre's previous) alongside a {{flow.xml.gz}} demonstrating a controller 
service referencing these variables and components on the canvas referencing 
the controller service, and multiple users defined where at least one can 
create and link the components, while other users cannot view the values. 

> Add EL Support with Variable Registry scope on SSL context service
> ------------------------------------------------------------------
>
>                 Key: NIFI-5296
>                 URL: https://issues.apache.org/jira/browse/NIFI-5296
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: Pierre Villard
>            Assignee: Pierre Villard
>            Priority: Major
>
> Add EL support on Truststore and Keystore filename properties with Variable 
> Registry scope.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to