[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296976#comment-16296976 ] ASF subversion and git services commented on NIFI-4005: --- Commit 1ee8d16a211c247d1d3d7f1189be36a866d0ee98 in nifi's branch refs/heads/master from [~ijokarumawak] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=1ee8d16 ] NIFI-4005: Azure Blob Storage SAS support, incorporating review comments. This closes #2353 - Renamed Azure to AzureStorageUtils. - Fixed whitespacing in property description. - Renamed SAS String to SAS Token. > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296978#comment-16296978 ] ASF GitHub Bot commented on NIFI-4005: -- Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2353 Thanks @ijokarumawak @aperepel! This has been merged to master. > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296979#comment-16296979 ] ASF GitHub Bot commented on NIFI-4005: -- Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/2353 > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296975#comment-16296975 ] ASF subversion and git services commented on NIFI-4005: --- Commit 17ddaf6be0d4c75aa8b0d86f84f1f90757f8368f in nifi's branch refs/heads/master from [~aperepel] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=17ddaf6 ] NIFI-4005 Add support for Azure Shared Access Signature (SAS) Tokens. Upgraded the client library from 5.0.0 to 5.2.0 > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296966#comment-16296966 ] ASF GitHub Bot commented on NIFI-4005: -- Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2353 Will review... > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296736#comment-16296736 ] ASF GitHub Bot commented on NIFI-4005: -- Github user aperepel closed the pull request at: https://github.com/apache/nifi/pull/1886 > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296735#comment-16296735 ] ASF GitHub Bot commented on NIFI-4005: -- Github user aperepel commented on the issue: https://github.com/apache/nifi/pull/1886 Thank you, Koji! > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296231#comment-16296231 ] ASF GitHub Bot commented on NIFI-4005: -- Github user ijokarumawak commented on the issue: https://github.com/apache/nifi/pull/1886 @aperepel I took over updating the PR. The new one #2353 is submitted based on your commit. Would you close this PR? Thanks! > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296206#comment-16296206 ] ASF GitHub Bot commented on NIFI-4005: -- GitHub user ijokarumawak opened a pull request: https://github.com/apache/nifi/pull/2353 NIFI-4005: Add support for Azure Shared Access Signature (SAS) Tokens This PR incorporated review comments based on #1886. Thank you for submitting a contribution to Apache NiFi. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Does your PR title start with NIFI- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically master)? - [ ] Is your initial contribution a single, squashed commit? ### For code changes: - [ ] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly? - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly? - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. You can merge this pull request into a Git repository by running: $ git pull https://github.com/ijokarumawak/nifi nifi-4005 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2353.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2353 commit 87d09faac5a11e5a34edcd1bbf2be20ce9ffe880 Author: Andrew GrandeDate: 2017-05-31T20:45:26Z NIFI-4005 Add support for Azure Shared Access Signature (SAS) Tokens. Upgraded the client library from 5.0.0 to 5.2.0 commit 4f69235019901dac4bd0e38a541498c877ab273d Author: Koji Kawamura Date: 2017-12-19T02:35:00Z NIFI-4005: Azure Blob Storage SAS support, incorporating review comments - Renamed Azure to AzureStorageUtils. - Fixed whitespacing in property description. - Renamed SAS String to SAS Token. > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16295959#comment-16295959 ] Koji Kawamura commented on NIFI-4005: - [~aperepel] I got it, I will submit another PR based on your branch. Thanks! > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Assignee: Koji Kawamura >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292853#comment-16292853 ] Andrew Grande commented on NIFI-4005: - Hi Koji, you can proceed with all suggested changes and take it over, thank you. > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292181#comment-16292181 ] ASF GitHub Bot commented on NIFI-4005: -- Github user ijokarumawak commented on a diff in the pull request: https://github.com/apache/nifi/pull/1886#discussion_r157141180 --- Diff: nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/src/main/java/org/apache/nifi/processors/azure/storage/utils/Azure.java --- @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.processors.azure.storage.utils; + +import com.microsoft.azure.storage.CloudStorageAccount; +import com.microsoft.azure.storage.StorageCredentials; +import com.microsoft.azure.storage.StorageCredentialsSharedAccessSignature; +import com.microsoft.azure.storage.blob.CloudBlobClient; +import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.ValidationContext; +import org.apache.nifi.components.ValidationResult; +import org.apache.nifi.logging.ComponentLog; +import org.apache.nifi.processor.ProcessContext; +import org.apache.nifi.processor.util.StandardValidators; + +import java.net.URI; +import java.net.URISyntaxException; +import java.security.InvalidKeyException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +public final class Azure { +public static final String BLOCK = "Block"; +public static final String PAGE = "Page"; + +public static final PropertyDescriptor ACCOUNT_KEY = new PropertyDescriptor.Builder().name("storage-account-key").displayName("Storage Account Key") +.description("The storage account key. This is an admin-like password providing access to every container in this account. It is recommended " + +"one uses Shared Access Signature (SAS) token instead for fine-grained control with policies. " + +"There are certain risks in allowing the account key to be stored as a flowfile" + +"attribute. While it does provide for a more flexible flow by allowing the account key to " + +"be fetched dynamically from a flow file attribute, care must be taken to restrict access to " + +"the event provenance data (e.g. by strictly controlling the policies governing provenance for this Processor). " + +"In addition, the provenance repositories may be put on encrypted disk partitions.") + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(true).required(false).sensitive(true).build(); + +public static final PropertyDescriptor ACCOUNT_NAME = new PropertyDescriptor.Builder().name("storage-account-name").displayName("Storage Account Name") +.description("The storage account name. There are certain risks in allowing the account name to be stored as a flowfile" + --- End diff -- A whitespace is needed after the 'as a flowfile'. It's displayed as 'as a flowfileattribute.' > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292180#comment-16292180 ] ASF GitHub Bot commented on NIFI-4005: -- Github user ijokarumawak commented on a diff in the pull request: https://github.com/apache/nifi/pull/1886#discussion_r157141861 --- Diff: nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/src/main/java/org/apache/nifi/processors/azure/storage/utils/Azure.java --- @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.processors.azure.storage.utils; + +import com.microsoft.azure.storage.CloudStorageAccount; +import com.microsoft.azure.storage.StorageCredentials; +import com.microsoft.azure.storage.StorageCredentialsSharedAccessSignature; +import com.microsoft.azure.storage.blob.CloudBlobClient; +import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.ValidationContext; +import org.apache.nifi.components.ValidationResult; +import org.apache.nifi.logging.ComponentLog; +import org.apache.nifi.processor.ProcessContext; +import org.apache.nifi.processor.util.StandardValidators; + +import java.net.URI; +import java.net.URISyntaxException; +import java.security.InvalidKeyException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +public final class Azure { --- End diff -- The class name may be too broad IMHO. Probably `AzureStorageUtils` if it envisions to cover other storage services such as File, Queue or Table. Or `AzureBlobUtils` to be more specific. Thoughts? > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292182#comment-16292182 ] ASF GitHub Bot commented on NIFI-4005: -- Github user ijokarumawak commented on a diff in the pull request: https://github.com/apache/nifi/pull/1886#discussion_r157142645 --- Diff: nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/src/main/java/org/apache/nifi/processors/azure/storage/utils/Azure.java --- @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.processors.azure.storage.utils; + +import com.microsoft.azure.storage.CloudStorageAccount; +import com.microsoft.azure.storage.StorageCredentials; +import com.microsoft.azure.storage.StorageCredentialsSharedAccessSignature; +import com.microsoft.azure.storage.blob.CloudBlobClient; +import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.ValidationContext; +import org.apache.nifi.components.ValidationResult; +import org.apache.nifi.logging.ComponentLog; +import org.apache.nifi.processor.ProcessContext; +import org.apache.nifi.processor.util.StandardValidators; + +import java.net.URI; +import java.net.URISyntaxException; +import java.security.InvalidKeyException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +public final class Azure { +public static final String BLOCK = "Block"; +public static final String PAGE = "Page"; + +public static final PropertyDescriptor ACCOUNT_KEY = new PropertyDescriptor.Builder().name("storage-account-key").displayName("Storage Account Key") +.description("The storage account key. This is an admin-like password providing access to every container in this account. It is recommended " + +"one uses Shared Access Signature (SAS) token instead for fine-grained control with policies. " + +"There are certain risks in allowing the account key to be stored as a flowfile" + +"attribute. While it does provide for a more flexible flow by allowing the account key to " + +"be fetched dynamically from a flow file attribute, care must be taken to restrict access to " + +"the event provenance data (e.g. by strictly controlling the policies governing provenance for this Processor). " + +"In addition, the provenance repositories may be put on encrypted disk partitions.") + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(true).required(false).sensitive(true).build(); + +public static final PropertyDescriptor ACCOUNT_NAME = new PropertyDescriptor.Builder().name("storage-account-name").displayName("Storage Account Name") +.description("The storage account name. There are certain risks in allowing the account name to be stored as a flowfile" + +"attribute. While it does provide for a more flexible flow by allowing the account name to " + +"be fetched dynamically from a flow file attribute, care must be taken to restrict access to " + +"the event provenance data (e.g. by strictly controlling the policies governing provenance for this Processor). " + +"In addition, the provenance repositories may be put on encrypted disk partitions.") + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(true).required(true).sensitive(true).build(); + +public static final PropertyDescriptor CONTAINER = new PropertyDescriptor.Builder().name("container-name").displayName("Container Name") +.description("Name of the Azure storage
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16035338#comment-16035338 ] ASF GitHub Bot commented on NIFI-4005: -- Github user jtstorck commented on the issue: https://github.com/apache/nifi/pull/1886 Reviewing... > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens
[ https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16035328#comment-16035328 ] ASF GitHub Bot commented on NIFI-4005: -- GitHub user aperepel opened a pull request: https://github.com/apache/nifi/pull/1886 NIFI-4005 Add support for Azure Shared Access Signature (SAS) Tokens - Refactoring and cleanup - Upgraded the client library from 5.0.0 to 5.2.0 You can merge this pull request into a Git repository by running: $ git pull https://github.com/aperepel/nifi NIFI-4005 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1886.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1886 commit 0ae8b2ffdf169724850a583668d3702af5516345 Author: Andrew GrandeDate: 2017-05-31T20:45:26Z NIFI-4005 Add support for Azure Shared Access Signature (SAS) Tokens. Upgraded the client library from 5.0.0 to 5.2.0 > Add support for Azure Shared Access Signature (SAS) Tokens > -- > > Key: NIFI-4005 > URL: https://issues.apache.org/jira/browse/NIFI-4005 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.2.0 >Reporter: Andrew Grande >Priority: Minor > > Azure's account name and key are treated as admin, 'root' access credentials. > If one has those, every container under this account is fully accessible. An > MSFT-recommended approach is to use SAS policies, which provide for a fine > grained permission and object control, as well as defined expiration. > I already have working code, filing this ticket to formally track and submit > PR against next. -- This message was sent by Atlassian JIRA (v6.3.15#6346)