You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nifi.apache.org by Gahan Rakholia <ga...@gmail.com> on 2016/11/28 10:56:54 UTC

NIFI-2961 Create EncryptAttribute processor

Hey guys,
I'm currently developing the processor for JIRA ID:NIFI-2961 Create
EncryptAttribute processor <https://issues.apache.org/jira/browse/NIFI-2961>.
I've completed fair amount of development and testing task. Currently
preparing
doc.
Github fork:
https://github.com/HandOfGod94/nifi/tree/NIFI-2961_Create-EncryptAttribute-processor

One thing I didn't understand is the last part, specifically the last two
line which has two parts:
1. dangerous processor annotation
2. attribute protection.
If anyone can explain me a bit about above two points, it'll be of much
help.

Thanks,

Regards
Gahan Rakholia
gahan94rakh@gmail.com

Re: NIFI-2961 Create EncryptAttribute processor

Posted by Andy LoPresto <al...@apache.org>.

Hi Gahan,

Thank you for contributing code and effort to Apache NiFi. I’m happy to take a look at your contributions for EncryptAttribute processor. If you feel comfortable, you can create a “work in progress” PR against apache/nifi master with the string “[WIP]” in the title so reviewers know it is not ready to be merged. Having the PR open makes it easier to provide comments and feedback using the standard tools.

Some very useful resources are the Contributor Guide [1] and the Developer Guide [2]. These documents will help you configure your development environment to ensure that any code you submit meets the Apache contribution guidelines for acceptance. For example, modifying the .travis.yml and README.md files is unnecessary and can be avoided by using a feature branch for development [3]. You can see all of your current changes against the upstream master here [4].

The “Dangerous Processor Annotation” was at the time just a future feature we had thrown on the security roadmap [5]. It has since been implemented as NIFI-3050 [6]. However, further discussion determined that Encrypt* processors should not be considered “dangerous”, so you do not need to integrate that annotation on this processor.

"Attribute protection” is another feature listed in the security roadmap to provide granular access controls to individual attributes throughout the life of a flowfile. This is because a sensitive attribute value will still be accessible via the flowfile provenance even after the attribute itself is encrypted using a later processor. At this time, the feature is not implemented, so I would not worry about handling it in your contribution.

Please let me know if you have any other questions and I look forward to getting your work into NiFi.

[1] https://cwiki.apache.org/confluence/display/NIFI/Contributor+Guide <https://cwiki.apache.org/confluence/display/NIFI/Contributor+Guide>
[2] https://nifi.apache.org/docs/nifi-docs/html/developer-guide.html
[3] https://bocoup.com/weblog/git-workflow-walkthrough-feature-branches <https://bocoup.com/weblog/git-workflow-walkthrough-feature-branches>
[4] https://github.com/apache/nifi/compare/master...HandOfGod94:NIFI-2961_Create-EncryptAttribute-processor <https://github.com/apache/nifi/compare/master...HandOfGod94:NIFI-2961_Create-EncryptAttribute-processor>
[5] https://cwiki.apache.org/confluence/display/NIFI/Security+Feature+Roadmap
[6] https://issues.apache.org/jira/browse/NIFI-3050 <https://issues.apache.org/jira/browse/NIFI-3050>

Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Nov 28, 2016, at 2:56 AM, Gahan Rakholia <ga...@gmail.com> wrote:
> 
> Hey guys,
> I'm currently developing the processor for JIRA ID:NIFI-2961 Create
> EncryptAttribute processor <https://issues.apache.org/jira/browse/NIFI-2961>.
> I've completed fair amount of development and testing task. Currently
> preparing
> doc.
> Github fork:
> https://github.com/HandOfGod94/nifi/tree/NIFI-2961_Create-EncryptAttribute-processor
> 
> One thing I didn't understand is the last part, specifically the last two
> line which has two parts:
> 1. dangerous processor annotation
> 2. attribute protection.
> If anyone can explain me a bit about above two points, it'll be of much
> help.
> 
> Thanks,
> 
> Regards
> Gahan Rakholia
> gahan94rakh@gmail.com