You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/09/20 15:55:46 UTC
[GitHub] [nifi] markap14 commented on a diff in pull request #6433: NIFI-10497 Making RegistryClient an extension point
markap14 commented on code in PR #6433:
URL: https://github.com/apache/nifi/pull/6433#discussion_r975551031
##########
nifi-nar-bundles/nifi-flow-registry-client-bundle/nifi-flow-registry-client-services/src/main/java/org/apache/nifi/registry/flow/NifiRegistryFlowRegistryClient.java:
##########
@@ -0,0 +1,376 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.registry.flow;
+
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.ValidationContext;
+import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.processor.util.StandardValidators;
+import org.apache.nifi.registry.bucket.Bucket;
+import org.apache.nifi.registry.client.BucketClient;
+import org.apache.nifi.registry.client.FlowClient;
+import org.apache.nifi.registry.client.FlowSnapshotClient;
+import org.apache.nifi.registry.client.NiFiRegistryClient;
+import org.apache.nifi.registry.client.NiFiRegistryClientConfig;
+import org.apache.nifi.registry.client.NiFiRegistryException;
+import org.apache.nifi.registry.client.impl.JerseyNiFiRegistryClient;
+import org.apache.nifi.registry.client.impl.request.ProxiedEntityRequestConfig;
+import org.apache.nifi.security.util.KeystoreType;
+import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
+import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.TlsException;
+
+import javax.net.ssl.SSLContext;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+public class NifiRegistryFlowRegistryClient extends AbstractFlowRegistryClient {
+
+ public final static PropertyDescriptor PROPERTY_URL = new PropertyDescriptor.Builder()
+ .name("url")
+ .displayName("URL")
+ .description("URL of the NiFi Registry")
+ .addValidator(StandardValidators.URL_VALIDATOR)
+ .required(true)
+ .build();
+ public final static PropertyDescriptor PROPERTY_KEYSTORE_PATH = new PropertyDescriptor.Builder()
+ .name("keystorePath")
+ .displayName("Keystore Path")
+ .description("The fully-qualified filename of the Keystore")
+ .addValidator(StandardValidators.FILE_EXISTS_VALIDATOR)
+ .required(false)
+ .build();
+ public final static PropertyDescriptor PROPERTY_KEYSTORE_PASSWORD = new PropertyDescriptor.Builder()
+ .name("keystorePassword")
+ .displayName("Keystore Password")
+ .description("The password for the Keystore")
+ .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+ .sensitive(true)
+ .required(false)
+ .build();
+ public final static PropertyDescriptor PROPERTY_KEY_PASSWORD = new PropertyDescriptor.Builder()
+ .name("keyPassword")
+ .displayName("Key Password")
+ .description("The password for the key. If this is not specified, but the Keystore Filename, Password, and Type are specified, "
+ + "then the Keystore Password will be assumed to be the same as the Key Password.")
+ .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+ .sensitive(true)
+ .required(false)
+ .build();
+ public final static PropertyDescriptor PROPERTY_KEYSTORE_TYPE = new PropertyDescriptor.Builder()
+ .name("keystoreType")
+ .displayName("Keystore Type")
+ .description("The Type of the Keystore")
+ .allowableValues(KeystoreType.values())
+ .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+ .required(false)
+ .build();
+ public final static PropertyDescriptor PROPERTY_TRUSTSTORE_PATH = new PropertyDescriptor.Builder()
+ .name("truststorePath")
+ .displayName("Truststore Path")
+ .description("The fully-qualified filename of the Truststore")
+ .addValidator(StandardValidators.FILE_EXISTS_VALIDATOR)
+ .required(false)
+ .build();
+ public final static PropertyDescriptor PROPERTY_TRUSTSTORE_PASSWORD = new PropertyDescriptor.Builder()
+ .name("truststorePassword")
+ .displayName("Truststore Password")
+ .description("The password for the Truststore")
+ .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+ .sensitive(true)
+ .required(false)
+ .build();
+ public final static PropertyDescriptor PROPERTY_TRUSTSTORE_TYPE = new PropertyDescriptor.Builder()
+ .name("truststoreType")
+ .displayName("Truststore Type")
+ .description("The Type of the Truststore")
+ .allowableValues(KeystoreType.values())
+ .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+ .required(false)
+ .build();
+
+ private volatile String registryUrl;
+ private volatile NiFiRegistryClient registryClient;
+
+ private synchronized NiFiRegistryClient getRegistryClient(final FlowRegistryClientConfigurationContext context) {
+ final String configuredUrl = context.getProperty(PROPERTY_URL).evaluateAttributeExpressions().getValue();
+
+ final URI uri;
+
+ try {
+ // Handles case where the URI entered has a trailing slash, or includes the trailing /nifi-registry-api
+ uri = new URIBuilder(configuredUrl).setPath("").removeQuery().build();
+ } catch (URISyntaxException e) {
+ throw new IllegalArgumentException("The given Registry URL is not valid: " + configuredUrl);
+ }
+
+ final String uriScheme = uri.getScheme();
+ if (uriScheme == null) {
+ throw new IllegalArgumentException("The given Registry URL is not valid: " + configuredUrl);
+ }
+
+ final String proposedUrl = uri.toString();;
+
+ if (!proposedUrl.equals(registryUrl)) {
+ registryUrl = proposedUrl;
+ invalidateClient();
+ }
+
+ if (registryClient != null) {
+ return registryClient;
+ }
+
+ final NiFiRegistryClientConfig config = new NiFiRegistryClientConfig.Builder()
+ .connectTimeout(30000)
+ .readTimeout(30000)
+ .sslContext(extractSSLContext(context))
+ .baseUrl(registryUrl)
+ .build();
+ registryClient = new JerseyNiFiRegistryClient.Builder()
+ .config(config)
+ .build();
+
+ return registryClient;
+ }
+
+ @Override
+ protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
+ return Arrays.asList(
+ PROPERTY_URL,
+ PROPERTY_KEYSTORE_PATH,
+ PROPERTY_KEYSTORE_TYPE,
+ PROPERTY_KEYSTORE_PASSWORD,
+ PROPERTY_KEY_PASSWORD,
+ PROPERTY_TRUSTSTORE_PATH,
+ PROPERTY_TRUSTSTORE_TYPE,
+ PROPERTY_TRUSTSTORE_PASSWORD
Review Comment:
We shouldn't need keystore/truststore properties. Instead we should just take an SSLContext Service.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org