You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/12/10 14:05:26 UTC
[GitHub] [nifi] exceptionfactory commented on a change in pull request #4508: NIFI-6576 add basic auth to confluent schema registry service
exceptionfactory commented on a change in pull request #4508:
URL: https://github.com/apache/nifi/pull/4508#discussion_r540181191
##########
File path: nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
##########
@@ -112,6 +114,32 @@
.required(true)
.build();
+ static final PropertyDescriptor PROP_BASIC_AUTH_USERNAME = new PropertyDescriptor.Builder()
Review comment:
Recommend renaming this variable to PROP_USERNAME for simplicity and more generalized implementation.
##########
File path: nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
##########
@@ -112,6 +114,32 @@
.required(true)
.build();
+ static final PropertyDescriptor PROP_BASIC_AUTH_USERNAME = new PropertyDescriptor.Builder()
+ .name("Authentication Username")
+ .displayName("Authentication Username")
Review comment:
Recommend shortening the property name and display name to _Username_ since _Authentication_ is already implied.
##########
File path: nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
##########
@@ -112,6 +114,32 @@
.required(true)
.build();
+ static final PropertyDescriptor PROP_BASIC_AUTH_USERNAME = new PropertyDescriptor.Builder()
+ .name("Authentication Username")
+ .displayName("Authentication Username")
+ .description("The username to be used by the client to authenticate against the Remote URL. Cannot include control characters (0-31), ':', or DEL (127).")
+ .required(false)
+ .addValidator(StandardValidators.createRegexMatchingValidator(Pattern.compile("^[\\x20-\\x39\\x3b-\\x7e\\x80-\\xff]+$")))
+ .build();
+
+ static final PropertyDescriptor PROP_BASIC_AUTH_PASSWORD = new PropertyDescriptor.Builder()
Review comment:
Recommend renaming this variable to PROP_PASSWORD.
##########
File path: nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
##########
@@ -112,6 +114,32 @@
.required(true)
.build();
+ static final PropertyDescriptor PROP_BASIC_AUTH_USERNAME = new PropertyDescriptor.Builder()
+ .name("Authentication Username")
+ .displayName("Authentication Username")
+ .description("The username to be used by the client to authenticate against the Remote URL. Cannot include control characters (0-31), ':', or DEL (127).")
+ .required(false)
+ .addValidator(StandardValidators.createRegexMatchingValidator(Pattern.compile("^[\\x20-\\x39\\x3b-\\x7e\\x80-\\xff]+$")))
+ .build();
+
+ static final PropertyDescriptor PROP_BASIC_AUTH_PASSWORD = new PropertyDescriptor.Builder()
+ .name("Authentication Password")
+ .displayName("Authentication Password")
+ .description("The password to be used by the client to authenticate against the Remote URL.")
+ .required(false)
+ .sensitive(true)
+ .addValidator(StandardValidators.createRegexMatchingValidator(Pattern.compile("^[\\x20-\\x7e\\x80-\\xff]+$")))
+ .build();
+
+ static final PropertyDescriptor PROP_AUTH_TYPE = new PropertyDescriptor.Builder()
+ .name("Authentication Type")
+ .displayName("Authentication Type")
+ .description("Basic authentication will use the 'Authentication Username' " +
+ "and 'Authentication Password' property values. See Confluent Schema Registry documentation for more details.")
Review comment:
Recommend reviewing the recent addition of the dependsOn property support and implementing if needed, as opposed to repeating the other property names in the description.
##########
File path: nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/client/RestSchemaRegistryClient.java
##########
@@ -68,14 +69,21 @@
private static final String SCHEMA_REGISTRY_CONTENT_TYPE = "application/vnd.schemaregistry.v1+json";
- public RestSchemaRegistryClient(final List<String> baseUrls, final int timeoutMillis, final SSLContext sslContext, final ComponentLog logger) {
+ public RestSchemaRegistryClient(final List<String> baseUrls, final String authType, final String authUser,
+ final String authPass, final int timeoutMillis, final SSLContext sslContext, final ComponentLog logger) {
this.baseUrls = new ArrayList<>(baseUrls);
final ClientConfig clientConfig = new ClientConfig();
clientConfig.property(ClientProperties.CONNECT_TIMEOUT, timeoutMillis);
clientConfig.property(ClientProperties.READ_TIMEOUT, timeoutMillis);
client = WebUtils.createClient(clientConfig, sslContext);
+ if (!authUser.isEmpty() && !authType.isEmpty()) {
Review comment:
Recommend changing these checks to use StringUtils.isNotEmpty() to include null checking and improve readability.
##########
File path: nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
##########
@@ -112,6 +114,32 @@
.required(true)
.build();
+ static final PropertyDescriptor PROP_BASIC_AUTH_USERNAME = new PropertyDescriptor.Builder()
+ .name("Authentication Username")
+ .displayName("Authentication Username")
+ .description("The username to be used by the client to authenticate against the Remote URL. Cannot include control characters (0-31), ':', or DEL (127).")
+ .required(false)
+ .addValidator(StandardValidators.createRegexMatchingValidator(Pattern.compile("^[\\x20-\\x39\\x3b-\\x7e\\x80-\\xff]+$")))
+ .build();
+
+ static final PropertyDescriptor PROP_BASIC_AUTH_PASSWORD = new PropertyDescriptor.Builder()
+ .name("Authentication Password")
+ .displayName("Authentication Password")
+ .description("The password to be used by the client to authenticate against the Remote URL.")
+ .required(false)
+ .sensitive(true)
+ .addValidator(StandardValidators.createRegexMatchingValidator(Pattern.compile("^[\\x20-\\x7e\\x80-\\xff]+$")))
+ .build();
+
+ static final PropertyDescriptor PROP_AUTH_TYPE = new PropertyDescriptor.Builder()
Review comment:
Based on the current implementation of the Confluent Service supporting only HTTP Basic authentication, should this property be removed? Presence of the Username and Password properties could indicate the intention to configure authentication. Alternatively, if the purpose is to use this property as an indicator of the intention to configure authentication, having an alternative value of _NONE_ or _DISABLED_ seems more explicit than having an unset property.
##########
File path: nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
##########
@@ -166,6 +202,21 @@ public void onEnabled(final ConfigurationContext context) {
}
}
+ final boolean authTypeSet = validationContext.getProperty(PROP_AUTH_TYPE).isSet();
+ final boolean authUsernameSet = validationContext.getProperty(PROP_BASIC_AUTH_USERNAME).isSet();
+ final boolean authPasswordSet = validationContext.getProperty(PROP_BASIC_AUTH_PASSWORD).isSet();
+ if (authTypeSet) {
+ if (!authUsernameSet || !authPasswordSet) {
Review comment:
See comments on the Authentication Type property and recommend reviewing and integrating dependsOn property support if needed, which might remove the need for some of this custom validation.
##########
File path: nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
##########
@@ -112,6 +114,32 @@
.required(true)
.build();
+ static final PropertyDescriptor PROP_BASIC_AUTH_USERNAME = new PropertyDescriptor.Builder()
+ .name("Authentication Username")
+ .displayName("Authentication Username")
+ .description("The username to be used by the client to authenticate against the Remote URL. Cannot include control characters (0-31), ':', or DEL (127).")
+ .required(false)
+ .addValidator(StandardValidators.createRegexMatchingValidator(Pattern.compile("^[\\x20-\\x39\\x3b-\\x7e\\x80-\\xff]+$")))
+ .build();
+
+ static final PropertyDescriptor PROP_BASIC_AUTH_PASSWORD = new PropertyDescriptor.Builder()
+ .name("Authentication Password")
+ .displayName("Authentication Password")
Review comment:
Similar to the _Username_ property, recommend renaming to _Password_ since that appears to be the approach used in other Processors and Controller Services.
##########
File path: nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/client/RestSchemaRegistryClient.java
##########
@@ -68,14 +69,21 @@
private static final String SCHEMA_REGISTRY_CONTENT_TYPE = "application/vnd.schemaregistry.v1+json";
- public RestSchemaRegistryClient(final List<String> baseUrls, final int timeoutMillis, final SSLContext sslContext, final ComponentLog logger) {
+ public RestSchemaRegistryClient(final List<String> baseUrls, final String authType, final String authUser,
+ final String authPass, final int timeoutMillis, final SSLContext sslContext, final ComponentLog logger) {
this.baseUrls = new ArrayList<>(baseUrls);
final ClientConfig clientConfig = new ClientConfig();
clientConfig.property(ClientProperties.CONNECT_TIMEOUT, timeoutMillis);
clientConfig.property(ClientProperties.READ_TIMEOUT, timeoutMillis);
client = WebUtils.createClient(clientConfig, sslContext);
+ if (!authUser.isEmpty() && !authType.isEmpty()) {
+ if (authType.equals("BASIC")) {
Review comment:
If HTTP Basic is the only type of authentication supported, then recommend removing authType as a parameter and passing just the username and password.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org