turcsanyip commented on a change in pull request #4348: URL: https://github.com/apache/nifi/pull/4348#discussion_r444392671
########## File path: nifi-nar-bundles/nifi-atlas-bundle/nifi-atlas-reporting-task/src/main/java/org/apache/nifi/atlas/reporting/ReportLineageToAtlas.java ########## @@ -385,31 +401,50 @@ protected PropertyDescriptor getSupportedDynamicPropertyDescriptor(String proper protected Collection<ValidationResult> customValidate(ValidationContext context) { final Collection<ValidationResult> results = new ArrayList<>(); - final boolean isSSLContextServiceSet = context.getProperty(KAFKA_SSL_CONTEXT_SERVICE).isSet(); + final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class); final ValidationResult.Builder invalidSSLService = new ValidationResult.Builder() - .subject(KAFKA_SSL_CONTEXT_SERVICE.getDisplayName()).valid(false); + .subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false); + AtomicBoolean isAtlasApiSecure = new AtomicBoolean(false); String atlasUrls = context.getProperty(ATLAS_URLS).evaluateAttributeExpressions().getValue(); if (!StringUtils.isEmpty(atlasUrls)) { Arrays.stream(atlasUrls.split(ATLAS_URL_DELIMITER)) .map(String::trim) .forEach(input -> { - final ValidationResult.Builder builder = new ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input); try { - new URL(input); - results.add(builder.explanation("Valid URI").valid(true).build()); + final URL url = new URL(input); + if ("https".equalsIgnoreCase(url.getProtocol())) { + isAtlasApiSecure.set(true); + } } catch (Exception e) { - results.add(builder.explanation("Contains invalid URI: " + e).valid(false).build()); + results.add(new ValidationResult.Builder().subject(ATLAS_URLS.getDisplayName()).input(input) + .explanation("contains invalid URI: " + e).valid(false).build()); } }); } + if (isAtlasApiSecure.get()) { + if (sslContextService == null) { + results.add(invalidSSLService.explanation("required for connecting to Atlas via HTTPS.").build()); + } else if (context.getControllerServiceLookup().isControllerServiceEnabled(sslContextService)) { + if (!sslContextService.isTrustStoreConfigured()) { + results.add(invalidSSLService.explanation("no truststore configured which is required for connecting to Atlas via HTTPS.").build()); + } else if (!KEYSTORE_TYPE_JKS.equalsIgnoreCase(sslContextService.getTrustStoreType())) { + results.add(invalidSSLService.explanation("truststore type is not JKS. Atlas client supports JKS truststores only.").build()); + } + } + } + final String atlasAuthNMethod = context.getProperty(ATLAS_AUTHN_METHOD).getValue(); final AtlasAuthN atlasAuthN = getAtlasAuthN(atlasAuthNMethod); results.addAll(atlasAuthN.validate(context)); - - namespaceResolverLoader.forEach(resolver -> results.addAll(resolver.validate(context))); + synchronized (namespaceResolverLoader) { Review comment: `customValidate()` runs before `@OnScheduled` gets called so that point is to late. I tried `init()` but ran into classloader issues with NamespaceResolver interface and its implementations. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org