You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2023/03/27 15:55:00 UTC
[jira] [Commented] (NIFI-11331) InvokeHTTP: Add a property for the HTTP Body that can be marked sensitive
[ https://issues.apache.org/jira/browse/NIFI-11331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17705423#comment-17705423 ]
David Handermann commented on NIFI-11331:
-----------------------------------------
Thanks for describing the issue [~v1d3o], can you provide a bit more detail on the expected behavior? What should sensitive mean in the context of request body content for InvokeHTTP?
The FlowFile content is never considered sensitive at a framework level. Permission to view FlowFile content is controlled through configurable policies.
This request does make sense in the context of NIFI-9894, if support were implemented to configure the request body from attributes. In that case, being able to reference sensitive parameters in the request body formatting could support such a use case. From that perspective, is this particular improvement dependent on implementing NIFI-9894?
> InvokeHTTP: Add a property for the HTTP Body that can be marked sensitive
> -------------------------------------------------------------------------
>
> Key: NIFI-11331
> URL: https://issues.apache.org/jira/browse/NIFI-11331
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.20.0
> Reporter: Vince Lombardo
> Priority: Major
>
> This request is for adding a property in the InvokeHTTP processor that can be marked as sensitive.
> The use case for this is that some APIs require username and password credentials to be sent as part of the body. Since the only current way to populate the body is through the flowfile, this means that there is no way to have the values be treated as sensitive by NiFi.
> I envision a new property, Body Content, with the default being that if no value is set, then it uses the flowfile as the processor currently does. If possible, then this property will be allowed to optionally be made sensitive. Not sure if that is possible to make a built in property optionally sensitive. Otherwise there may need to be two properties, one for body content that is sensitive and a plain body content that can have EL in it. Either can be set independently, but if they are both set, they are appended together. Lastly a third property would be a dropdown that lets you indicate whether those values are used instead of or append to the flowfile. So that dropdown is only considered when there is data within either of the body contents.
> I am aware of the fact that there are other related requests that have been closed in favor of issue NIFI-9894, but I created this issue separately because I believe the whole sensitivity issue is a large need and I did not see any of the other issues address that. So this issue could be consolidated into NIFI-9894, with hopefully a final solution that can capture the needs from this issue allong with the others.
> Actually, the only reason I included having both a non-sensitive and sensitive property is to help with those needs of the other issues. If for some reason, NIFI-9894 cannot be done because of the stated problem of potential memory consumption issues, my need is really only for having a Sensitive Body Content attribute that, if populated, is used instead of the flowfile. For once I am able to log in using that, the rest of my uses for InvokeHTTP are met by the current implementation of the processor.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)