turcsanyip commented on a change in pull request #4348:
URL: https://github.com/apache/nifi/pull/4348#discussion_r443739026
##########
File path:
nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-reporting-task/src/main/java/org/apache/nifi/atlas/reporting/ReportLineageToAtlas.java
##########
@@ -385,31 +401,50 @@ protected PropertyDescriptor
getSupportedDynamicPropertyDescriptor(String proper
protected Collection<ValidationResult> customValidate(ValidationContext
context) {
final Collection<ValidationResult> results = new ArrayList<>();
- final boolean isSSLContextServiceSet =
context.getProperty(KAFKA_SSL_CONTEXT_SERVICE).isSet();
+ final SSLContextService sslContextService =
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final ValidationResult.Builder invalidSSLService = new
ValidationResult.Builder()
-
.subject(KAFKA_SSL_CONTEXT_SERVICE.getDisplayName()).valid(false);
+ .subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false);
+ AtomicBoolean isAtlasApiSecure = new AtomicBoolean(false);
String atlasUrls =
context.getProperty(ATLAS_URLS).evaluateAttributeExpressions().getValue();
if (!StringUtils.isEmpty(atlasUrls)) {
Arrays.stream(atlasUrls.split(ATLAS_URL_DELIMITER))
.map(String::trim)
.forEach(input -> {
- final ValidationResult.Builder builder = new
ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input);
try {
- new URL(input);
- results.add(builder.explanation("Valid
URI").valid(true).build());
+ final URL url = new URL(input);
+ if ("https".equalsIgnoreCase(url.getProtocol())) {
+ isAtlasApiSecure.set(true);
+ }
} catch (Exception e) {
- results.add(builder.explanation("Contains invalid URI:
" + e).valid(false).build());
+ results.add(new
ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input)
+ .explanation("contains invalid URI: " +
e).valid(false).build());
}
});
}
+ if (isAtlasApiSecure.get()) {
+ if (sslContextService == null) {
+ results.add(invalidSSLService.explanation("required for
connecting to Atlas via HTTPS.").build());
Review comment:
I'll remove these checks from customValidate().
There are also runtime checks with warning messages and fallback to system
truststore in setAtlasSSLConfig(). These were used only when the Atlas URL was
configured in the Atlas property file (not on the reporting task) and
customValidate() did not check the SSL config.
However, it is more consistent if there is only one check (with system
truststore fallback) for all cases, regardless where the Atlas url has been
configured.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
