[jira] [Commented] (NIFI-13057) When a property is both required and sensitive, setting it blank does not remove the "Sensitive value set" message.
[
https://issues.apache.org/jira/browse/NIFI-13057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17837848#comment-17837848
]
Joe Witt commented on NIFI-13057:
-
I'm not sure but I think that is the crux of the confusion and i'd be lying if
it didn't trip me up sometimes too :)
Best UX way to help the user there - open for suggestions!
> When a property is both required and sensitive, setting it blank does not
> remove the "Sensitive value set" message.
> ---
>
> Key: NIFI-13057
> URL: https://issues.apache.org/jira/browse/NIFI-13057
> Project: Apache NiFi
> Issue Type: Bug
>Reporter: Daniel Stieglitz
>Priority: Major
> Attachments: image-2024-04-16-13-13-24-650.png
>
>
> When testing [NIIFI-12960|https://issues.apache.org/jira/browse/NIFI-12960],
> I noticed when a property had the combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> and after a user entered a value and then attempts to remove the value it
> does not work and the message "Sensitive value set" still remains in the text
> box. This is even when the user checks the "Set empty string" checkbox.
> Attached is a screenshot of a DecryptContent processor after an attempt to
> remove the set password.
> !image-2024-04-16-13-13-24-650.png!
> The combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> is prevalent in the code base. I found it ~40 times in the following files.
> # QueryAirtableTable
> # StandardAsanaClientProviderService
> # ClientSideEncryptionSupport
> # AzureStorageUtils
> # StandardKustoIngestService
> # AbstractAzureLogAnalyticsReportingTask
> # DecryptContent
> # DecryptContentAge
> # DecryptContentCompatibility
> # EncryptContentAge
> # VerifyContentMAC
> # StandardDropboxCredentialService
> # AbstractEmailProcessor
> # GhostFlowRegistryClient
> # GhostControllerService
> # GhostFlowAnalysisRule
> # GhostParameterProvider
> # GhostProcessor
> # GhostReportingTask
> # Neo4JCypherClientService
> # GetHubSpot
> # AbstractIoTDB
> # StandardPGPPrivateKeyService
> # GetShopify
> # ListenSlack
> # ConsumeSlack
> # PublishSlack
> # SlackRecordSink
> # BasicProperties
> # V3SecurityProperties
> # ConsumeTwitter
> # OnePasswordParameterProvider
> # KerberosPasswordUserService
> # StandardOauth2AccessTokenProvider
> # GetWorkdayReport
> # ZendeskProperties
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-13057) When a property is both required and sensitive, setting it blank does not remove the "Sensitive value set" message.
[
https://issues.apache.org/jira/browse/NIFI-13057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17837847#comment-17837847
]
Daniel Stieglitz commented on NIFI-13057:
-
[~joewitt] Yes this clarifies a lot. Thank you! Are you suggesting a tool tip
be added for required fields which would have some sort of blurb that this
field can only be changed and not unset?
> When a property is both required and sensitive, setting it blank does not
> remove the "Sensitive value set" message.
> ---
>
> Key: NIFI-13057
> URL: https://issues.apache.org/jira/browse/NIFI-13057
> Project: Apache NiFi
> Issue Type: Bug
>Reporter: Daniel Stieglitz
>Priority: Major
> Attachments: image-2024-04-16-13-13-24-650.png
>
>
> When testing [NIIFI-12960|https://issues.apache.org/jira/browse/NIFI-12960],
> I noticed when a property had the combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> and after a user entered a value and then attempts to remove the value it
> does not work and the message "Sensitive value set" still remains in the text
> box. This is even when the user checks the "Set empty string" checkbox.
> Attached is a screenshot of a DecryptContent processor after an attempt to
> remove the set password.
> !image-2024-04-16-13-13-24-650.png!
> The combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> is prevalent in the code base. I found it ~40 times in the following files.
> # QueryAirtableTable
> # StandardAsanaClientProviderService
> # ClientSideEncryptionSupport
> # AzureStorageUtils
> # StandardKustoIngestService
> # AbstractAzureLogAnalyticsReportingTask
> # DecryptContent
> # DecryptContentAge
> # DecryptContentCompatibility
> # EncryptContentAge
> # VerifyContentMAC
> # StandardDropboxCredentialService
> # AbstractEmailProcessor
> # GhostFlowRegistryClient
> # GhostControllerService
> # GhostFlowAnalysisRule
> # GhostParameterProvider
> # GhostProcessor
> # GhostReportingTask
> # Neo4JCypherClientService
> # GetHubSpot
> # AbstractIoTDB
> # StandardPGPPrivateKeyService
> # GetShopify
> # ListenSlack
> # ConsumeSlack
> # PublishSlack
> # SlackRecordSink
> # BasicProperties
> # V3SecurityProperties
> # ConsumeTwitter
> # OnePasswordParameterProvider
> # KerberosPasswordUserService
> # StandardOauth2AccessTokenProvider
> # GetWorkdayReport
> # ZendeskProperties
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-13057) When a property is both required and sensitive, setting it blank does not remove the "Sensitive value set" message.
[
https://issues.apache.org/jira/browse/NIFI-13057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17837844#comment-17837844
]
Joe Witt commented on NIFI-13057:
-
Ok so let's separate a few things to get to the key details and next steps.
Terminology wise:
- A property is either set or not set.
- A property which has an 'empty string' is set (set to simply be a string of
no text but this is different than not set).*
- Properties which are required are always required to be set. They can never
be unset. Once a value is set there will always be a value. They can be
changed but never unset.
- Properties which are sensitive can be set or unset. Once set they will
always show 'sensitive value..' but not the actual values because of their
stated sensitivity.
In your example you have a required property which was set. And you wanted to
backspace and unset it. But since it is required it can never be unset. You
need to change it to another value which should work. You should be able to
select 'empty string' as well which should work.
* why would a user 'set' a value of 'empty string'? It happens all the time.
Imagine wanting to supply a replace value in a find/replace logic.
Hopefully this helps clarify. I think the confusion stems from the fact that
as a user when you delete a value and apply having it show right back up is
confusing. We should perhaps signal that you cannot unset a required field but
can only change it.
> When a property is both required and sensitive, setting it blank does not
> remove the "Sensitive value set" message.
> ---
>
> Key: NIFI-13057
> URL: https://issues.apache.org/jira/browse/NIFI-13057
> Project: Apache NiFi
> Issue Type: Bug
>Reporter: Daniel Stieglitz
>Priority: Major
> Attachments: image-2024-04-16-13-13-24-650.png
>
>
> When testing [NIIFI-12960|https://issues.apache.org/jira/browse/NIFI-12960],
> I noticed when a property had the combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> and after a user entered a value and then attempts to remove the value it
> does not work and the message "Sensitive value set" still remains in the text
> box. This is even when the user checks the "Set empty string" checkbox.
> Attached is a screenshot of a DecryptContent processor after an attempt to
> remove the set password.
> !image-2024-04-16-13-13-24-650.png!
> The combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> is prevalent in the code base. I found it ~40 times in the following files.
> # QueryAirtableTable
> # StandardAsanaClientProviderService
> # ClientSideEncryptionSupport
> # AzureStorageUtils
> # StandardKustoIngestService
> # AbstractAzureLogAnalyticsReportingTask
> # DecryptContent
> # DecryptContentAge
> # DecryptContentCompatibility
> # EncryptContentAge
> # VerifyContentMAC
> # StandardDropboxCredentialService
> # AbstractEmailProcessor
> # GhostFlowRegistryClient
> # GhostControllerService
> # GhostFlowAnalysisRule
> # GhostParameterProvider
> # GhostProcessor
> # GhostReportingTask
> # Neo4JCypherClientService
> # GetHubSpot
> # AbstractIoTDB
> # StandardPGPPrivateKeyService
> # GetShopify
> # ListenSlack
> # ConsumeSlack
> # PublishSlack
> # SlackRecordSink
> # BasicProperties
> # V3SecurityProperties
> # ConsumeTwitter
> # OnePasswordParameterProvider
> # KerberosPasswordUserService
> # StandardOauth2AccessTokenProvider
> # GetWorkdayReport
> # ZendeskProperties
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-13057) When a property is both required and sensitive, setting it blank does not remove the "Sensitive value set" message.
[
https://issues.apache.org/jira/browse/NIFI-13057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17837840#comment-17837840
]
Daniel Stieglitz commented on NIFI-13057:
-
[~joewitt] Thanks for that explanation. After further analysis, I noticed this
issue has really nothing to do with sensitive at all but rather with required
when it is set to true (I probably need to change the title of the ticket).
The same behavior is exhibited for example in InvokeHttp with the url setting.
If a user enters a url, clicks apply, tries to backspace to remove the url and
clicks apply, the original url remains. This at least to me is not intuitive.
I would have thought if I completely removed my entry it would revert to not
being set. I would like to see when a user removes the contents of a property
either by setting it to blank string or removing all the text then the property
should revert to not being set.
> When a property is both required and sensitive, setting it blank does not
> remove the "Sensitive value set" message.
> ---
>
> Key: NIFI-13057
> URL: https://issues.apache.org/jira/browse/NIFI-13057
> Project: Apache NiFi
> Issue Type: Bug
>Reporter: Daniel Stieglitz
>Priority: Major
> Attachments: image-2024-04-16-13-13-24-650.png
>
>
> When testing [NIIFI-12960|https://issues.apache.org/jira/browse/NIFI-12960],
> I noticed when a property had the combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> and after a user entered a value and then attempts to remove the value it
> does not work and the message "Sensitive value set" still remains in the text
> box. This is even when the user checks the "Set empty string" checkbox.
> Attached is a screenshot of a DecryptContent processor after an attempt to
> remove the set password.
> !image-2024-04-16-13-13-24-650.png!
> The combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> is prevalent in the code base. I found it ~40 times in the following files.
> # QueryAirtableTable
> # StandardAsanaClientProviderService
> # ClientSideEncryptionSupport
> # AzureStorageUtils
> # StandardKustoIngestService
> # AbstractAzureLogAnalyticsReportingTask
> # DecryptContent
> # DecryptContentAge
> # DecryptContentCompatibility
> # EncryptContentAge
> # VerifyContentMAC
> # StandardDropboxCredentialService
> # AbstractEmailProcessor
> # GhostFlowRegistryClient
> # GhostControllerService
> # GhostFlowAnalysisRule
> # GhostParameterProvider
> # GhostProcessor
> # GhostReportingTask
> # Neo4JCypherClientService
> # GetHubSpot
> # AbstractIoTDB
> # StandardPGPPrivateKeyService
> # GetShopify
> # ListenSlack
> # ConsumeSlack
> # PublishSlack
> # SlackRecordSink
> # BasicProperties
> # V3SecurityProperties
> # ConsumeTwitter
> # OnePasswordParameterProvider
> # KerberosPasswordUserService
> # StandardOauth2AccessTokenProvider
> # GetWorkdayReport
> # ZendeskProperties
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-13057) When a property is both required and sensitive, setting it blank does not remove the "Sensitive value set" message.
[
https://issues.apache.org/jira/browse/NIFI-13057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17837801#comment-17837801
]
Joe Witt commented on NIFI-13057:
-
[~dstiegli1] Reading the description this sounds like it is working as it
should. The 'empty string' is a valid input or in general is a valid input
(obviously a non empty string validator would change that). But when it comes
to sensitive values once they're entered (even if that is an empty string) this
is still an entry and we're showing that it is set but as always with sensitive
we're not showing what it is set to. Given that it is required you can never
unset the value. You can only change it.
With that in mind what are you proposing?
> When a property is both required and sensitive, setting it blank does not
> remove the "Sensitive value set" message.
> ---
>
> Key: NIFI-13057
> URL: https://issues.apache.org/jira/browse/NIFI-13057
> Project: Apache NiFi
> Issue Type: Bug
>Reporter: Daniel Stieglitz
>Priority: Major
> Attachments: image-2024-04-16-13-13-24-650.png
>
>
> When testing [NIIFI-12960|https://issues.apache.org/jira/browse/NIFI-12960],
> I noticed when a property had the combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> and after a user entered a value and then attempts to remove the value it
> does not work and the message "Sensitive value set" still remains in the text
> box. This is even when the user checks the "Set empty string" checkbox.
> Attached is a screenshot of a DecryptContent processor after an attempt to
> remove the set password.
> !image-2024-04-16-13-13-24-650.png!
> The combination
> {code:java}
> .required(true)
> .sensitive(true)
> {code}
> is prevalent in the code base. I found it ~40 times in the following files.
> # QueryAirtableTable
> # StandardAsanaClientProviderService
> # ClientSideEncryptionSupport
> # AzureStorageUtils
> # StandardKustoIngestService
> # AbstractAzureLogAnalyticsReportingTask
> # DecryptContent
> # DecryptContentAge
> # DecryptContentCompatibility
> # EncryptContentAge
> # VerifyContentMAC
> # StandardDropboxCredentialService
> # AbstractEmailProcessor
> # GhostFlowRegistryClient
> # GhostControllerService
> # GhostFlowAnalysisRule
> # GhostParameterProvider
> # GhostProcessor
> # GhostReportingTask
> # Neo4JCypherClientService
> # GetHubSpot
> # AbstractIoTDB
> # StandardPGPPrivateKeyService
> # GetShopify
> # ListenSlack
> # ConsumeSlack
> # PublishSlack
> # SlackRecordSink
> # BasicProperties
> # V3SecurityProperties
> # ConsumeTwitter
> # OnePasswordParameterProvider
> # KerberosPasswordUserService
> # StandardOauth2AccessTokenProvider
> # GetWorkdayReport
> # ZendeskProperties
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
