You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/12/01 16:26:03 UTC
[GitHub] [nifi-minifi-cpp] lordgamez commented on a change in pull request #937: MINIFICPP-1402 - Encrypt flow configuration and change encryption key

lordgamez commented on a change in pull request #937:
URL: https://github.com/apache/nifi-minifi-cpp/pull/937#discussion_r533408675



##########
File path: encrypt-config/ArgParser.cpp
##########
@@ -0,0 +1,178 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <string>
+#include <set>
+#include <iostream>
+#include <algorithm>
+#include "ArgParser.h"
+#include "utils/OptionalUtils.h"
+#include "utils/StringUtils.h"
+#include "CommandException.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace encrypt_config {
+
+const std::vector<Argument> Arguments::registered_args_{
+    {std::set<std::string>{"--minifi-home", "-m"},
+     true,
+     "minifi home",
+     "Specifies the home directory used by the minifi agent"}
+};
+
+const std::vector<Flag> Arguments::registered_flags_{
+    {std::set<std::string>{"--help", "-h"},
+     "Prints this help message"},
+    {std::set<std::string>{"--encrypt-flow-config"},
+     "If set, the flow configuration file (as specified in minifi.properties) is also encrypted."}
+};
+
+bool haveCommonItem(const std::set<std::string>& a, const std::set<std::string>& b) {

Review comment:
       This could be moved to utils, also could be generalized as a template.

##########
File path: libminifi/src/c2/C2Client.cpp
##########
@@ -0,0 +1,318 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <memory>
+#include <map>
+#include "c2/C2Client.h"
+#include "core/state/nodes/MetricsBase.h"
+#include "core/state/nodes/QueueMetrics.h"
+#include "core/state/nodes/AgentInformation.h"
+#include "core/state/nodes/RepositoryMetrics.h"
+#include "properties/Configure.h"
+#include "core/state/UpdateController.h"
+#include "core/controller/ControllerServiceProvider.h"
+#include "c2/C2Agent.h"
+#include "core/state/nodes/FlowInformation.h"
+#include "utils/file/FileSystem.h"
+
+namespace org {
+namespace apache {
+namespace nifi {
+namespace minifi {
+namespace c2 {
+
+C2Client::C2Client(
+    std::shared_ptr<Configure> configuration, std::shared_ptr<core::Repository> provenance_repo,
+    std::shared_ptr<core::Repository> flow_file_repo, std::shared_ptr<core::ContentRepository> content_repo,
+    std::unique_ptr<core::FlowConfiguration> flow_configuration, std::shared_ptr<utils::file::FileSystem> filesystem,
+    std::shared_ptr<logging::Logger> logger)
+    : core::Flow(std::move(provenance_repo), std::move(flow_file_repo), std::move(content_repo), std::move(flow_configuration)),
+      configuration_(std::move(configuration)),
+      filesystem_(std::move(filesystem)),
+      logger_(std::move(logger)) {}
+
+void C2Client::stopC2() {
+  if (c2_agent_) {
+    c2_agent_->stop();
+  }
+}
+
+bool C2Client::isC2Enabled() const {
+  std::string c2_enable_str;
+  configuration_->get(Configure::nifi_c2_enable, "c2.enable", c2_enable_str);
+  return utils::StringUtils::toBool(c2_enable_str).value_or(false);
+}
+
+void C2Client::initialize(core::controller::ControllerServiceProvider *controller, const std::shared_ptr<state::StateMonitor> &update_sink) {
+  std::string class_str;
+  configuration_->get("nifi.c2.agent.class", "c2.agent.class", class_str);
+  configuration_->setAgentClass(class_str);
+
+  if (!isC2Enabled()) {
+    return;
+  }
+
+  if (class_str.empty()) {
+    logger_->log_error("Class name must be defined when C2 is enabled");
+    throw std::runtime_error("Class name must be defined when C2 is enabled");
+  }
+
+  std::string identifier_str;
+  if (!configuration_->get("nifi.c2.agent.identifier", "c2.agent.identifier", identifier_str) || identifier_str.empty()) {
+    // set to the flow controller's identifier
+    identifier_str = getControllerUUID().to_string();
+  }
+  configuration_->setAgentIdentifier(identifier_str);
+
+  if (initialized_ && !flow_update_) {
+    return;
+  }
+
+  {
+    std::lock_guard<std::mutex> guard(metrics_mutex_);
+    component_metrics_.clear();
+    // root_response_nodes_ was not cleared before, it is unclear if that was intentional
+  }
+
+  std::map<std::string, std::shared_ptr<Connection>> connections;
+  if (root_ != nullptr) {
+    root_->getConnections(connections);
+  }
+
+  std::string class_csv;
+  if (configuration_->get("nifi.c2.root.classes", class_csv)) {
+    std::vector<std::string> classes = utils::StringUtils::split(class_csv, ",");
+
+    for (const std::string& clazz : classes) {
+      auto processor = std::dynamic_pointer_cast<state::response::ResponseNode>(core::ClassLoader::getDefaultClassLoader().instantiate(clazz, clazz));
+      if (nullptr == processor) {
+        logger_->log_error("No metric defined for %s", clazz);
+        continue;
+      }
+      auto identifier = std::dynamic_pointer_cast<state::response::AgentIdentifier>(processor);
+      if (identifier != nullptr) {
+        identifier->setIdentifier(identifier_str);
+        identifier->setAgentClass(class_str);
+      }
+      auto monitor = std::dynamic_pointer_cast<state::response::AgentMonitor>(processor);
+      if (monitor != nullptr) {
+        monitor->addRepository(provenance_repo_);
+        monitor->addRepository(flow_file_repo_);
+        monitor->setStateMonitor(update_sink);
+      }
+      auto flowMonitor = std::dynamic_pointer_cast<state::response::FlowMonitor>(processor);
+      if (flowMonitor != nullptr) {
+        for (auto &con : connections) {
+          flowMonitor->addConnection(con.second);
+        }
+        flowMonitor->setStateMonitor(update_sink);
+        flowMonitor->setFlowVersion(flow_configuration_->getFlowVersion());
+      }
+      std::lock_guard<std::mutex> guard(metrics_mutex_);
+      root_response_nodes_[processor->getName()] = processor;
+    }
+  }
+
+  // get all component metrics
+  if (root_ != nullptr) {
+    std::vector<std::shared_ptr<core::Processor>> processors;
+    root_->getAllProcessors(processors);
+    for (const auto &processor : processors) {
+      auto rep = std::dynamic_pointer_cast<state::response::ResponseNodeSource>(processor);
+      // we have a metrics source.
+      if (nullptr != rep) {
+        std::vector<std::shared_ptr<state::response::ResponseNode>> metric_vector;
+        rep->getResponseNodes(metric_vector);
+        std::lock_guard<std::mutex> guard(metrics_mutex_);
+        for (auto& metric : metric_vector) {
+          component_metrics_[metric->getName()] = metric;
+        }
+      }
+    }
+  }

Review comment:
       Could be a separate function

##########
File path: libminifi/include/utils/StringUtils.h
##########
@@ -23,7 +23,7 @@
 #include <cstring>
 #include <functional>
 #ifdef WIN32
-  #include <cwctype>
+#include <cwctype>

Review comment:
       I suppose this is an unnecessary change

##########
File path: libminifi/include/utils/StringUtils.h
##########
@@ -143,6 +146,12 @@ class StringUtils {
     return std::equal(endString.rbegin(), endString.rend(), value.rbegin(), [](unsigned char lc, unsigned char rc) {return tolower(lc) == tolower(rc);});
   }
 
+  inline static bool startsWith(const std::string &value, const std::string & startString) {

Review comment:
       `startString` parameter should be snake_case and reference marker should be together with the typename or variable https://google.github.io/styleguide/cppguide.html#Pointer_and_Reference_Expressions

##########
File path: libminifi/src/utils/StringUtils.cpp
##########
@@ -31,7 +31,18 @@ bool StringUtils::StringToBool(std::string input, bool &output) {
   return output;
 }
 
-std::string StringUtils::trim(std::string s) {
+utils::optional<bool> StringUtils::toBool(const std::string& str) {

Review comment:
       Will this replace the old StringToBool function? I think the same unit tests should be added for this one as well.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org