You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/11/21 19:53:00 UTC

[jira] [Commented] (NIFI-10776) Add support for PKI Authentication in ElasticSearchClientServiceImpl

    [ https://issues.apache.org/jira/browse/NIFI-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17636858#comment-17636858 ] 

ASF subversion and git services commented on NIFI-10776:
--------------------------------------------------------

Commit d23e50168f23d051a9ed866eb067362ca7e9df79 in nifi's branch refs/heads/main from Chris Sampson
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=d23e50168f ]

NIFI-10776 Added NONE and PKI AuthorizationSchemes for ElasticSearchClientService

This closes #6662

Signed-off-by: David Handermann <ex...@apache.org>


> Add support for PKI Authentication in ElasticSearchClientServiceImpl
> --------------------------------------------------------------------
>
>                 Key: NIFI-10776
>                 URL: https://issues.apache.org/jira/browse/NIFI-10776
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: Nandor Soma Abonyi
>            Assignee: Chris Sampson
>            Priority: Major
>              Labels: elasticsearch
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Also add NONE as an AuthenticationScheme option.
> By [~Chris S]:
> I'd probably stick with {{BASIC}} being the default as that would mean {{{}Username{}}}/{{{}Password{}}} remain available by default when adding the Processor to the canvas, which matches the current behaviour and therefore is backwards compatible.
> If the user selects {{NONE}} then I guess we'd be hiding the existing Username/Password and new {{{}API Key{}}}property inputs (via {{{}dependsOn{}}}).
> If the user selected {{PKI}} then it would be great if the {{SSLContext Controller}} become mandatory, but I don't think that's currently possible, so in effect this would have the same effect as {{NONE}} on the available processor properties (we don't want to hide {{SSL Context}} if something other than {{PKI}} is selected here, as {{{}https{}}}/{{{}TLS{}}}might very well still be needed even if it's not used for Auth in Elasticsearch).
> One option might be to use some {{customerValidation}} for this though - if the user has selected {{{}PKI{}}}, they {*}must{*}also specify an {{SSL Context}} in their processor configuration. Similarly, if {{NONE}} is selected, then we could validate that none of the Username/Password/API Key fields are provided?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)