turcsanyip commented on a change in pull request #4348:
URL: https://github.com/apache/nifi/pull/4348#discussion_r444392671
##########
File path:
nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-reporting-task/src/main/java/org/apache/nifi/atlas/reporting/ReportLineageToAtlas.java
##########
@@ -385,31 +401,50 @@ protected PropertyDescriptor
getSupportedDynamicPropertyDescriptor(String proper
protected Collection<ValidationResult> customValidate(ValidationContext
context) {
final Collection<ValidationResult> results = new ArrayList<>();
- final boolean isSSLContextServiceSet =
context.getProperty(KAFKA_SSL_CONTEXT_SERVICE).isSet();
+ final SSLContextService sslContextService =
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final ValidationResult.Builder invalidSSLService = new
ValidationResult.Builder()
-
.subject(KAFKA_SSL_CONTEXT_SERVICE.getDisplayName()).valid(false);
+ .subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false);
+ AtomicBoolean isAtlasApiSecure = new AtomicBoolean(false);
String atlasUrls =
context.getProperty(ATLAS_URLS).evaluateAttributeExpressions().getValue();
if (!StringUtils.isEmpty(atlasUrls)) {
Arrays.stream(atlasUrls.split(ATLAS_URL_DELIMITER))
.map(String::trim)
.forEach(input -> {
- final ValidationResult.Builder builder = new
ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input);
try {
- new URL(input);
- results.add(builder.explanation("Valid
URI").valid(true).build());
+ final URL url = new URL(input);
+ if ("https".equalsIgnoreCase(url.getProtocol())) {
+ isAtlasApiSecure.set(true);
+ }
} catch (Exception e) {
- results.add(builder.explanation("Contains invalid URI:
" + e).valid(false).build());
+ results.add(new
ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input)
+ .explanation("contains invalid URI: " +
e).valid(false).build());
}
});
}
+ if (isAtlasApiSecure.get()) {
+ if (sslContextService == null) {
+ results.add(invalidSSLService.explanation("required for
connecting to Atlas via HTTPS.").build());
+ } else if
(context.getControllerServiceLookup().isControllerServiceEnabled(sslContextService))
{
+ if (!sslContextService.isTrustStoreConfigured()) {
+ results.add(invalidSSLService.explanation("no truststore
configured which is required for connecting to Atlas via HTTPS.").build());
+ } else if
(!KEYSTORE_TYPE_JKS.equalsIgnoreCase(sslContextService.getTrustStoreType())) {
+ results.add(invalidSSLService.explanation("truststore type
is not JKS. Atlas client supports JKS truststores only.").build());
+ }
+ }
+ }
+
final String atlasAuthNMethod =
context.getProperty(ATLAS_AUTHN_METHOD).getValue();
final AtlasAuthN atlasAuthN = getAtlasAuthN(atlasAuthNMethod);
results.addAll(atlasAuthN.validate(context));
-
- namespaceResolverLoader.forEach(resolver ->
results.addAll(resolver.validate(context)));
+ synchronized (namespaceResolverLoader) {
Review comment:
`customValidate()` runs before `@OnScheduled` gets called so that point
is to late.
I tried `init()` but ran into classloader issues with NamespaceResolver
interface and its implementations.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
