[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296976#comment-16296976
 ] 

ASF subversion and git services commented on NIFI-4005:
---

Commit 1ee8d16a211c247d1d3d7f1189be36a866d0ee98 in nifi's branch 
refs/heads/master from [~ijokarumawak]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=1ee8d16 ]

NIFI-4005: Azure Blob Storage SAS support, incorporating review comments. This 
closes #2353

- Renamed Azure to AzureStorageUtils.
- Fixed whitespacing in property description.
- Renamed SAS String to SAS Token.


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296978#comment-16296978
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user mcgilman commented on the issue:

https://github.com/apache/nifi/pull/2353
  
Thanks @ijokarumawak @aperepel! This has been merged to master.


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296979#comment-16296979
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/2353


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296975#comment-16296975
 ] 

ASF subversion and git services commented on NIFI-4005:
---

Commit 17ddaf6be0d4c75aa8b0d86f84f1f90757f8368f in nifi's branch 
refs/heads/master from [~aperepel]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=17ddaf6 ]

NIFI-4005 Add support for Azure Shared Access Signature (SAS) Tokens. Upgraded 
the client library from 5.0.0 to 5.2.0


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296966#comment-16296966
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user mcgilman commented on the issue:

https://github.com/apache/nifi/pull/2353
  
Will review...


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296736#comment-16296736
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user aperepel closed the pull request at:

https://github.com/apache/nifi/pull/1886


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296735#comment-16296735
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user aperepel commented on the issue:

https://github.com/apache/nifi/pull/1886
  
Thank you, Koji!


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296231#comment-16296231
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user ijokarumawak commented on the issue:

https://github.com/apache/nifi/pull/1886
  
@aperepel I took over updating the PR. The new one #2353 is submitted based 
on your commit. Would you close this PR? Thanks!


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16296206#comment-16296206
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

GitHub user ijokarumawak opened a pull request:

https://github.com/apache/nifi/pull/2353

NIFI-4005: Add support for Azure Shared Access Signature (SAS) Tokens

This PR incorporated review comments based on #1886.

Thank you for submitting a contribution to Apache NiFi.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced 
 in the commit message?

- [x] Does your PR title start with NIFI- where  is the JIRA number 
you are trying to resolve? Pay particular attention to the hyphen "-" character.

- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?

- [ ] Is your initial contribution a single, squashed commit?

### For code changes:
- [ ] Have you ensured that the full suite of tests is executed via mvn 
-Pcontrib-check clean install at the root nifi folder?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] If applicable, have you updated the LICENSE file, including the main 
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main 
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to 
.name (programmatic access) for each of the new properties?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered?

### Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/ijokarumawak/nifi nifi-4005

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/2353.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2353


commit 87d09faac5a11e5a34edcd1bbf2be20ce9ffe880
Author: Andrew Grande 
Date:   2017-05-31T20:45:26Z

NIFI-4005 Add support for Azure Shared Access Signature (SAS) Tokens. 
Upgraded the client library from 5.0.0 to 5.2.0

commit 4f69235019901dac4bd0e38a541498c877ab273d
Author: Koji Kawamura 
Date:   2017-12-19T02:35:00Z

NIFI-4005: Azure Blob Storage SAS support, incorporating review comments

- Renamed Azure to AzureStorageUtils.
- Fixed whitespacing in property description.
- Renamed SAS String to SAS Token.




> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[Koji Kawamura (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16295959#comment-16295959
 ] 

Koji Kawamura commented on NIFI-4005:
-

[~aperepel] I got it, I will submit another PR based on your branch. Thanks!

> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Assignee: Koji Kawamura
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[Andrew Grande (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292853#comment-16292853
 ] 

Andrew Grande commented on NIFI-4005:
-

Hi Koji, you can proceed with all suggested changes and take it over, thank you.

> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292181#comment-16292181
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user ijokarumawak commented on a diff in the pull request:

https://github.com/apache/nifi/pull/1886#discussion_r157141180
  
--- Diff: 
nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/src/main/java/org/apache/nifi/processors/azure/storage/utils/Azure.java
 ---
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.azure.storage.utils;
+
+import com.microsoft.azure.storage.CloudStorageAccount;
+import com.microsoft.azure.storage.StorageCredentials;
+import com.microsoft.azure.storage.StorageCredentialsSharedAccessSignature;
+import com.microsoft.azure.storage.blob.CloudBlobClient;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.ValidationContext;
+import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.processor.ProcessContext;
+import org.apache.nifi.processor.util.StandardValidators;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+public final class Azure {
+public static final String BLOCK = "Block";
+public static final String PAGE = "Page";
+
+public static final PropertyDescriptor ACCOUNT_KEY = new 
PropertyDescriptor.Builder().name("storage-account-key").displayName("Storage 
Account Key")
+.description("The storage account key. This is an admin-like 
password providing access to every container in this account. It is recommended 
" +
+"one uses Shared Access Signature (SAS) token instead 
for fine-grained control with policies. " +
+"There are certain risks in allowing the account key 
to be stored as a flowfile" +
+"attribute. While it does provide for a more flexible 
flow by allowing the account key to " +
+"be fetched dynamically from a flow file attribute, 
care must be taken to restrict access to " +
+"the event provenance data (e.g. by strictly 
controlling the policies governing provenance for this Processor). " +
+"In addition, the provenance repositories may be put 
on encrypted disk partitions.")
+
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(true).required(false).sensitive(true).build();
+
+public static final PropertyDescriptor ACCOUNT_NAME = new 
PropertyDescriptor.Builder().name("storage-account-name").displayName("Storage 
Account Name")
+.description("The storage account name.  There are certain 
risks in allowing the account name to be stored as a flowfile" +
--- End diff --

A whitespace is needed after the 'as a flowfile'. It's displayed as 'as a 
flowfileattribute.'


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This 

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292180#comment-16292180
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user ijokarumawak commented on a diff in the pull request:

https://github.com/apache/nifi/pull/1886#discussion_r157141861
  
--- Diff: 
nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/src/main/java/org/apache/nifi/processors/azure/storage/utils/Azure.java
 ---
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.azure.storage.utils;
+
+import com.microsoft.azure.storage.CloudStorageAccount;
+import com.microsoft.azure.storage.StorageCredentials;
+import com.microsoft.azure.storage.StorageCredentialsSharedAccessSignature;
+import com.microsoft.azure.storage.blob.CloudBlobClient;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.ValidationContext;
+import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.processor.ProcessContext;
+import org.apache.nifi.processor.util.StandardValidators;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+public final class Azure {
--- End diff --

The class name may be too broad IMHO. Probably `AzureStorageUtils` if it 
envisions to cover other storage services such as File, Queue or Table. Or 
`AzureBlobUtils` to be more specific. Thoughts?


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292182#comment-16292182
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user ijokarumawak commented on a diff in the pull request:

https://github.com/apache/nifi/pull/1886#discussion_r157142645
  
--- Diff: 
nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/src/main/java/org/apache/nifi/processors/azure/storage/utils/Azure.java
 ---
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.azure.storage.utils;
+
+import com.microsoft.azure.storage.CloudStorageAccount;
+import com.microsoft.azure.storage.StorageCredentials;
+import com.microsoft.azure.storage.StorageCredentialsSharedAccessSignature;
+import com.microsoft.azure.storage.blob.CloudBlobClient;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.ValidationContext;
+import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.processor.ProcessContext;
+import org.apache.nifi.processor.util.StandardValidators;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+public final class Azure {
+public static final String BLOCK = "Block";
+public static final String PAGE = "Page";
+
+public static final PropertyDescriptor ACCOUNT_KEY = new 
PropertyDescriptor.Builder().name("storage-account-key").displayName("Storage 
Account Key")
+.description("The storage account key. This is an admin-like 
password providing access to every container in this account. It is recommended 
" +
+"one uses Shared Access Signature (SAS) token instead 
for fine-grained control with policies. " +
+"There are certain risks in allowing the account key 
to be stored as a flowfile" +
+"attribute. While it does provide for a more flexible 
flow by allowing the account key to " +
+"be fetched dynamically from a flow file attribute, 
care must be taken to restrict access to " +
+"the event provenance data (e.g. by strictly 
controlling the policies governing provenance for this Processor). " +
+"In addition, the provenance repositories may be put 
on encrypted disk partitions.")
+
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(true).required(false).sensitive(true).build();
+
+public static final PropertyDescriptor ACCOUNT_NAME = new 
PropertyDescriptor.Builder().name("storage-account-name").displayName("Storage 
Account Name")
+.description("The storage account name.  There are certain 
risks in allowing the account name to be stored as a flowfile" +
+"attribute. While it does provide for a more flexible 
flow by allowing the account name to " +
+"be fetched dynamically from a flow file attribute, 
care must be taken to restrict access to " +
+"the event provenance data (e.g. by strictly 
controlling the policies governing provenance for this Processor). " +
+"In addition, the provenance repositories may be put 
on encrypted disk partitions.")
+
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(true).required(true).sensitive(true).build();
+
+public static final PropertyDescriptor CONTAINER = new 
PropertyDescriptor.Builder().name("container-name").displayName("Container 
Name")
+.description("Name of the Azure storage 

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16035338#comment-16035338
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

Github user jtstorck commented on the issue:

https://github.com/apache/nifi/pull/1886
  
Reviewing...


> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (NIFI-4005) Add support for Azure Shared Access Signature (SAS) Tokens

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4005?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16035328#comment-16035328
 ] 

ASF GitHub Bot commented on NIFI-4005:
--

GitHub user aperepel opened a pull request:

https://github.com/apache/nifi/pull/1886

NIFI-4005 Add support for Azure Shared Access Signature (SAS) Tokens

- Refactoring and cleanup
- Upgraded the client library from 5.0.0 to 5.2.0

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/aperepel/nifi NIFI-4005

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/1886.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1886


commit 0ae8b2ffdf169724850a583668d3702af5516345
Author: Andrew Grande 
Date:   2017-05-31T20:45:26Z

NIFI-4005 Add support for Azure Shared Access Signature (SAS) Tokens. 
Upgraded the client library from 5.0.0 to 5.2.0




> Add support for Azure Shared Access Signature (SAS) Tokens
> --
>
> Key: NIFI-4005
> URL: https://issues.apache.org/jira/browse/NIFI-4005
> Project: Apache NiFi
>  Issue Type: Improvement
>  Components: Extensions
>Affects Versions: 1.2.0
>Reporter: Andrew Grande
>Priority: Minor
>
> Azure's account name and key are treated as admin, 'root' access credentials. 
> If one has those, every container under this account is fully accessible. An 
> MSFT-recommended approach is to use SAS policies, which provide for a fine 
> grained permission and object control, as well as defined expiration.
> I already have working code, filing this ticket to formally track and submit 
> PR against next.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)