[GitHub] [nifi] turcsanyip commented on a change in pull request #4348: NIFI-7523: Use SSL Context Service for Atlas HTTPS connection in Atla…

Tue, 23 Jun 2020 10:31:04 -0700 


turcsanyip commented on a change in pull request #4348:
URL: https://github.com/apache/nifi/pull/4348#discussion_r444390888



##########
File path: 
nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-reporting-task/src/main/java/org/apache/nifi/atlas/reporting/ReportLineageToAtlas.java
##########
@@ -385,31 +401,50 @@ protected PropertyDescriptor 
getSupportedDynamicPropertyDescriptor(String proper
     protected Collection<ValidationResult> customValidate(ValidationContext 
context) {
         final Collection<ValidationResult> results = new ArrayList<>();
 
-        final boolean isSSLContextServiceSet = 
context.getProperty(KAFKA_SSL_CONTEXT_SERVICE).isSet();
+        final SSLContextService sslContextService = 
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
         final ValidationResult.Builder invalidSSLService = new 
ValidationResult.Builder()
-                
.subject(KAFKA_SSL_CONTEXT_SERVICE.getDisplayName()).valid(false);
+                .subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false);
 
+        AtomicBoolean isAtlasApiSecure = new AtomicBoolean(false);
         String atlasUrls = 
context.getProperty(ATLAS_URLS).evaluateAttributeExpressions().getValue();
         if (!StringUtils.isEmpty(atlasUrls)) {
             Arrays.stream(atlasUrls.split(ATLAS_URL_DELIMITER))
                 .map(String::trim)
                 .forEach(input -> {
-                    final ValidationResult.Builder builder = new 
ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input);
                     try {
-                        new URL(input);
-                        results.add(builder.explanation("Valid 
URI").valid(true).build());
+                        final URL url = new URL(input);
+                        if ("https".equalsIgnoreCase(url.getProtocol())) {
+                            isAtlasApiSecure.set(true);
+                        }
                     } catch (Exception e) {
-                        results.add(builder.explanation("Contains invalid URI: 
" + e).valid(false).build());
+                        results.add(new 
ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input)
+                                .explanation("contains invalid URI: " + 
e).valid(false).build());
                     }
                 });
         }
 
+        if (isAtlasApiSecure.get()) {
+            if (sslContextService == null) {
+                results.add(invalidSSLService.explanation("required for 
connecting to Atlas via HTTPS.").build());

Review comment:
       Removed the checks from customValidate(). Tested the fallback mechanism 
to the system truststore with -Djavax.net.ssl.trustStore* system properties and 
also with a custom jssecacerts.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to