turcsanyip commented on a change in pull request #4348: URL: https://github.com/apache/nifi/pull/4348#discussion_r444390888
########## File path: nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-reporting-task/src/main/java/org/apache/nifi/atlas/reporting/ReportLineageToAtlas.java ########## @@ -385,31 +401,50 @@ protected PropertyDescriptor getSupportedDynamicPropertyDescriptor(String proper protected Collection<ValidationResult> customValidate(ValidationContext context) { final Collection<ValidationResult> results = new ArrayList<>(); - final boolean isSSLContextServiceSet = context.getProperty(KAFKA_SSL_CONTEXT_SERVICE).isSet(); + final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class); final ValidationResult.Builder invalidSSLService = new ValidationResult.Builder() - .subject(KAFKA_SSL_CONTEXT_SERVICE.getDisplayName()).valid(false); + .subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false); + AtomicBoolean isAtlasApiSecure = new AtomicBoolean(false); String atlasUrls = context.getProperty(ATLAS_URLS).evaluateAttributeExpressions().getValue(); if (!StringUtils.isEmpty(atlasUrls)) { Arrays.stream(atlasUrls.split(ATLAS_URL_DELIMITER)) .map(String::trim) .forEach(input -> { - final ValidationResult.Builder builder = new ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input); try { - new URL(input); - results.add(builder.explanation("Valid URI").valid(true).build()); + final URL url = new URL(input); + if ("https".equalsIgnoreCase(url.getProtocol())) { + isAtlasApiSecure.set(true); + } } catch (Exception e) { - results.add(builder.explanation("Contains invalid URI: " + e).valid(false).build()); + results.add(new ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input) + .explanation("contains invalid URI: " + e).valid(false).build()); } }); } + if (isAtlasApiSecure.get()) { + if (sslContextService == null) { + results.add(invalidSSLService.explanation("required for connecting to Atlas via HTTPS.").build()); Review comment: Removed the checks from customValidate(). Tested the fallback mechanism to the system truststore with -Djavax.net.ssl.trustStore* system properties and also with a custom jssecacerts. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org