You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/09/01 11:02:28 UTC
[GitHub] [nifi] gresockj commented on a diff in pull request #6304: NIFI-9401: HashiCorpVaultParameterProvider

gresockj commented on code in PR #6304:
URL: https://github.com/apache/nifi/pull/6304#discussion_r960509908


##########
nifi-nar-bundles/nifi-hashicorp-vault-bundle/nifi-hashicorp-vault-parameter-provider/src/main/java/org/apache/nifi/vault/hashicorp/HashiCorpVaultParameterProvider.java:
##########
@@ -0,0 +1,168 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.vault.hashicorp;
+
+import org.apache.nifi.annotation.documentation.CapabilityDescription;
+import org.apache.nifi.annotation.documentation.Tags;
+import org.apache.nifi.components.ConfigVerificationResult;
+import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.Validator;
+import org.apache.nifi.controller.ConfigurationContext;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.parameter.AbstractParameterProvider;
+import org.apache.nifi.parameter.Parameter;
+import org.apache.nifi.parameter.ParameterDescriptor;
+import org.apache.nifi.parameter.ParameterGroup;
+import org.apache.nifi.parameter.ParameterProvider;
+import org.apache.nifi.parameter.ParameterProviderInitializationContext;
+import org.apache.nifi.parameter.VerifiableParameterProvider;
+import org.apache.nifi.processor.util.StandardValidators;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+@CapabilityDescription("Provides parameters from HashiCorp Vault Key/Value Secrets.  Each Secret represents a parameter group, " +
+        "which will map to a Parameter Context.  The keys and values in the Secret map to Parameters.")
+@Tags({"hashicorp", "vault", "secret"})
+public class HashiCorpVaultParameterProvider extends AbstractParameterProvider implements ParameterProvider, VerifiableParameterProvider {
+
+    public static final PropertyDescriptor VAULT_CLIENT_SERVICE = new PropertyDescriptor.Builder()
+            .name("vault-client-service")
+            .displayName("HashiCorp Vault Client Service")
+            .description("The service used to interact with HashiCorp Vault")
+            .identifiesControllerService(HashiCorpVaultClientService.class)
+            .addValidator(Validator.VALID)
+            .required(true)
+            .build();
+    public static final PropertyDescriptor KV_PATH = new PropertyDescriptor.Builder()
+            .name("kv-path")
+            .displayName("K/V Path")
+            .description("The HashiCorp Vault path to the K/V Secrets Engine")
+            .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+            .required(true)
+            .defaultValue("kv")
+            .build();
+    public static final PropertyDescriptor SECRET_NAME_REGEX = new PropertyDescriptor.Builder()
+            .name("secret-name-regex")
+            .displayName("Secret Name Regex")
+            .description("A Regular Expression indicating which Secrets to include as parameter groups to map to Parameter Contexts by name.")
+            .addValidator(StandardValidators.REGULAR_EXPRESSION_VALIDATOR)
+            .required(true)
+            .defaultValue(".*")
+            .build();
+
+    private List<PropertyDescriptor> supportedProperties;
+    private HashiCorpVaultCommunicationService vaultCommunicationService;
+
+    @Override
+    protected void init(final ParameterProviderInitializationContext config) {
+        supportedProperties = Collections.unmodifiableList(Arrays.asList(
+                VAULT_CLIENT_SERVICE,
+                KV_PATH,
+                SECRET_NAME_REGEX));
+    }
+
+    @Override
+    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
+        return supportedProperties;
+    }
+
+    @Override
+    public List<ParameterGroup> fetchParameters(final ConfigurationContext context) {
+        if (vaultCommunicationService == null) {
+            vaultCommunicationService = getVaultCommunicationService(context);
+        }
+
+        final List<ParameterGroup> parameterGroups = getParameterGroups(vaultCommunicationService, context);
+        return parameterGroups;
+    }
+
+    private List<ParameterGroup> getParameterGroups(final HashiCorpVaultCommunicationService vaultCommunicationService,
+                                                            final ConfigurationContext context) {
+        final String kvPath = context.getProperty(KV_PATH).getValue();
+        final String secretIncludeRegex = context.getProperty(SECRET_NAME_REGEX).getValue();
+        final List<String> allSecretNames = vaultCommunicationService.listKeyValueSecrets(kvPath);
+        final List<String> secretNames = allSecretNames.stream()
+                .filter(name -> name.matches(secretIncludeRegex))
+                .collect(Collectors.toList());
+
+        final List<ParameterGroup> parameterGroups = new ArrayList<>();
+        for (final String secretName : secretNames) {
+            final Map<String, String> keyValues = vaultCommunicationService.readKeyValueSecretMap(kvPath, secretName);
+            final List<Parameter> parameters = new ArrayList<>();
+            keyValues.forEach( (key, value) -> {
+                final ParameterDescriptor parameterDescriptor = new ParameterDescriptor.Builder().name(key).build();
+                parameters.add(new Parameter(parameterDescriptor, value, null, true));
+            });

Review Comment:
   I have been preferring `forEach` on maps, since it is supposed to be more performant than converting the Map into a stream.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org