[GitHub] [nifi] alopresto commented on a change in pull request #3542: NIFI-6363 Integrates AWS KMS SPP. Refactors SSPP.

Fri, 21 Jun 2019 11:38:41 -0700 

alopresto commented on a change in pull request #3542: NIFI-6363 Integrates AWS 
KMS SPP.  Refactors SSPP.
URL: https://github.com/apache/nifi/pull/3542#discussion_r296350601
 
 

 ##########
 File path: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/main/java/org/apache/nifi/properties/sensitive/ProtectedNiFiProperties.java
 ##########
 @@ -510,22 +448,21 @@ private boolean isProviderAvailable(String 
protectionScheme) {
      */
     private String unprotectValue(String key, String retrievedValue) {
         // Checks if the key is sensitive and marked as protected
-        if (isPropertyProtected(key)) {
-            final String protectionScheme = getProperty(getProtectionKey(key));
+        if (!isPropertyProtected(key)) {
+            return retrievedValue;
+        }
+        final String protectionScheme = getProperty(getProtectionKey(key));
 
-            // No provider registered for this scheme, so just return the value
-            if (!isProviderAvailable(protectionScheme)) {
-                logger.warn("No provider available for {} so passing the 
protected {} value back", protectionScheme, key);
-                return retrievedValue;
-            }
+        if (protectionScheme.equals("unknown")) {
+            return retrievedValue;
+        }
 
-            try {
-                SensitivePropertyProvider sensitivePropertyProvider = 
getSensitivePropertyProvider(protectionScheme);
-                return sensitivePropertyProvider.unprotect(retrievedValue);
-            } catch (SensitivePropertyProtectionException e) {
-                throw new SensitivePropertyProtectionException("Error 
unprotecting value for " + key, e.getCause());
-            }
+        // try and make one to unprotect, and if that fails...
 
 Review comment:
   Please add the guard check using 
`StandardSensitivePropertyProvider.handlesProtectionScheme()` or similar to log 
warning message and return protected value without attempting (and failing) to 
create a provider implementation for a protection scheme we can't handle. 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to