[GitHub] [nifi] Lehel44 commented on a change in pull request #5028: NIFI-8325: Complete SNMP refactor: SNMP GET and SET processors rework, unit tests added

Tue, 27 Apr 2021 11:24:11 -0700 


Lehel44 commented on a change in pull request #5028:
URL: https://github.com/apache/nifi/pull/5028#discussion_r621485029



##########
File path: 
nifi-nar-bundles/nifi-snmp-bundle/nifi-snmp-processors/src/main/java/org/apache/nifi/snmp/processors/AbstractSNMPProcessor.java
##########
@@ -16,413 +16,248 @@
  */
 package org.apache.nifi.snmp.processors;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
+import org.apache.nifi.annotation.lifecycle.OnScheduled;
 import org.apache.nifi.annotation.lifecycle.OnStopped;
+import org.apache.nifi.components.AllowableValue;
 import org.apache.nifi.components.PropertyDescriptor;
-import org.apache.nifi.components.ValidationContext;
-import org.apache.nifi.components.ValidationResult;
+import org.apache.nifi.flowfile.FlowFile;
 import org.apache.nifi.processor.AbstractProcessor;
 import org.apache.nifi.processor.ProcessContext;
 import org.apache.nifi.processor.ProcessSession;
-import org.apache.nifi.processor.Processor;
-import org.apache.nifi.processor.exception.ProcessException;
 import org.apache.nifi.processor.util.StandardValidators;
-import org.snmp4j.AbstractTarget;
-import org.snmp4j.CommunityTarget;
-import org.snmp4j.Snmp;
-import org.snmp4j.TransportMapping;
-import org.snmp4j.UserTarget;
-import org.snmp4j.mp.MPv3;
-import org.snmp4j.mp.SnmpConstants;
-import org.snmp4j.security.SecurityModels;
-import org.snmp4j.security.SecurityProtocols;
-import org.snmp4j.security.USM;
-import org.snmp4j.security.UsmUser;
-import org.snmp4j.smi.OctetString;
-import org.snmp4j.smi.UdpAddress;
-import org.snmp4j.transport.DefaultUdpTransportMapping;
+import org.apache.nifi.reporting.InitializationException;
+import org.apache.nifi.snmp.configuration.SNMPConfiguration;
+import org.apache.nifi.snmp.configuration.SNMPConfigurationBuilder;
+import org.apache.nifi.snmp.logging.SLF4JLogFactory;
+import org.apache.nifi.snmp.operations.SNMPRequestHandler;
+import org.apache.nifi.snmp.operations.SNMPRequestHandlerFactory;
+import org.apache.nifi.snmp.utils.SNMPUtils;
+import org.snmp4j.log.LogFactory;
+
+import java.util.HashMap;
+import java.util.Map;
 
 /**
- * Base processor that uses SNMP4J client API
+ * Base processor that uses SNMP4J client API.
  * (http://www.snmp4j.org/)
- *
- * @param <T> the type of {@link SNMPWorker}. Please see {@link SNMPSetter}
- *            and {@link SNMPGetter}
  */
-abstract class AbstractSNMPProcessor<T extends SNMPWorker> extends 
AbstractProcessor {
+abstract class AbstractSNMPProcessor extends AbstractProcessor {
+
+    static {
+        LogFactory.setLogFactory(new SLF4JLogFactory());
+    }
 
-    /** property to define host of the SNMP agent */
-    public static final PropertyDescriptor HOST = new 
PropertyDescriptor.Builder()
+    // SNMP versions
+    public static final AllowableValue SNMP_V1 = new AllowableValue("SNMPv1", 
"v1", "SNMP version 1");
+    public static final AllowableValue SNMP_V2C = new 
AllowableValue("SNMPv2c", "v2c", "SNMP version 2c");
+    public static final AllowableValue SNMP_V3 = new AllowableValue("SNMPv3", 
"v3", "SNMP version 3 with improved security");
+
+    // SNMPv3 privacy protocols
+    public static final AllowableValue NO_AUTH_NO_PRIV = new 
AllowableValue("noAuthNoPriv", "No authentication or encryption",
+            "No authentication or encryption.");
+    public static final AllowableValue AUTH_NO_PRIV = new 
AllowableValue("authNoPriv", "Authentication without encryption",
+            "Authentication without encryption.");
+    public static final AllowableValue AUTH_PRIV = new 
AllowableValue("authPriv", "Authentication and encryption",
+            "Authentication and encryption.");
+
+    // SNMPv3 authentication protocols
+    public static final AllowableValue MD5 = new AllowableValue("MD5", "MD5 
based authentication",
+            "Provides authentication based on the HMAC-MD5 algorithm.");
+    public static final AllowableValue SHA = new AllowableValue("SHA", "SHA 
based authentication",
+            "Provides authentication based on the HMAC-SHA algorithm.");
+    public static final AllowableValue NO_AUTHENTICATION = new 
AllowableValue("", "None",
+            "Sends SNMP requests without authentication.");
+
+    // SNMPv3 encryption
+    public static final AllowableValue DES = new AllowableValue("DES", "DES",

Review comment:
       It depends on the user settings. If the agents' user security model 
(USM) is configured with DES, I think we should allow this option. I'm thinking 
of extending the option with a warning about DES vulnerability. What do you 
think?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to