[GitHub] [nifi] Lehel44 commented on a diff in pull request #6985: NIFI-11215: Add custom validation for KerberosUserService in PutIceberg

Mon, 20 Mar 2023 13:50:37 -0700 


Lehel44 commented on code in PR #6985:
URL: https://github.com/apache/nifi/pull/6985#discussion_r1142662090


##########
nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/src/main/java/org/apache/nifi/processors/iceberg/PutIceberg.java:
##########
@@ -148,6 +153,28 @@ public Set<Relationship> getRelationships() {
         return RELATIONSHIPS;
     }
 
+    @Override
+    protected Collection<ValidationResult> customValidate(ValidationContext 
context) {
+        final List<ValidationResult> problems = new ArrayList<>();
+        final IcebergCatalogService catalogService = 
context.getProperty(CATALOG).asControllerService(IcebergCatalogService.class);
+        boolean catalogServiceEnabled = 
context.getControllerServiceLookup().isControllerServiceEnabled(catalogService);
+
+        if (catalogServiceEnabled) {
+            final boolean kerberosUserServiceIsSet = 
context.getProperty(KERBEROS_USER_SERVICE).isSet();
+            final boolean securityEnabled = 
SecurityUtil.isSecurityEnabled(catalogService.getConfiguration());
+
+            if (securityEnabled && !kerberosUserServiceIsSet) {
+                problems.add(new ValidationResult.Builder()
+                        .subject(KERBEROS_USER_SERVICE.getDisplayName())
+                        .valid(false)
+                        .explanation("Security authentication is set to 
'kerberos' in the configuration files but no KerberosUserService is 
configured.")
+                        .build());
+            }
+        }

Review Comment:
   Optional: I recommend combining the if statements for better readability.
   
   ```suggestion
           if (catalogServiceEnabled && 
SecurityUtil.isSecurityEnabled(catalogService.getConfiguration())) {
               boolean kerberosUserServiceIsSet = 
context.getProperty(KERBEROS_USER_SERVICE).isSet();
               if (!kerberosUserServiceIsSet) {
                   problems.add(new ValidationResult.Builder()
                           .subject(KERBEROS_USER_SERVICE.getDisplayName())
                           .valid(false)
                           .explanation("Security authentication is set to 
'kerberos' in the configuration files but no KerberosUserService is 
configured.")
                           .build());
               }
           }
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to