You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/04/08 14:51:44 UTC

[GitHub] [nifi-minifi-cpp] lordgamez commented on a diff in pull request #1296: MINIFICPP-1794 Remove sensitive properties from agent manifest

lordgamez commented on code in PR #1296:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1296#discussion_r846193723


##########
libminifi/src/core/state/nodes/SupportedOperations.cpp:
##########
@@ -62,11 +63,27 @@ void SupportedOperations::addProperty(SerializedResponseNode& properties, const
   properties.children.push_back(operand_node);
 }
 
+std::vector<std::string> SupportedOperations::getSensitiveProperties() const {
+  std::vector<std::string> sensitive_properties;
+  sensitive_properties.assign(Configuration::DEFAULT_SENSITIVE_PROPERTIES.begin(), Configuration::DEFAULT_SENSITIVE_PROPERTIES.end());
+  if (configuration_reader_) {
+    const auto additional_sensitive_props_list = configuration_reader_(Configuration::nifi_sensitive_props_additional_keys);
+    if (additional_sensitive_props_list) {
+      std::vector<std::string> additional_sensitive_properties = utils::StringUtils::split(*additional_sensitive_props_list, ",");
+      return Configuration::mergeProperties(sensitive_properties, additional_sensitive_properties);
+    }
+  }
+  return sensitive_properties;
+}

Review Comment:
   I was thinking about this, when I checked how these properties are used in the encrypt-config. There was one major difference though that the encrypt-config reads these properties from a ConfigFile object which is a PropertiesFile representation and not from a whereas we only have a function object available to read a single property from a Configuration object in the SupportedProperties.
   
   As for the tests we also have a similar problem where we only pass a function object to the SupportedOperations to reach the configuration properties while in the tests we have the actual Configuration object available, so it's not that easy to generalize it, but I was also worried about to use the same code that we are testing in the test as well.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org