exceptionfactory commented on code in PR #6273: URL: https://github.com/apache/nifi/pull/6273#discussion_r958730858
########## nifi-toolkit/nifi-property-encryptor-tool/pom.xml: ########## @@ -0,0 +1,135 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <parent> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-toolkit</artifactId> + <version>1.18.0-SNAPSHOT</version> + </parent> + <modelVersion>4.0.0</modelVersion> + + <artifactId>nifi-property-encryptor-tool</artifactId> + + <dependencies> + <dependency> + <groupId>info.picocli</groupId> + <artifactId>picocli</artifactId> + <version>4.6.3</version> + </dependency> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-property-protection-factory</artifactId> + <version>1.18.0-SNAPSHOT</version> + </dependency> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-properties-loader</artifactId> + <version>1.18.0-SNAPSHOT</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.nifi.registry</groupId> + <artifactId>nifi-registry-properties</artifactId> + <version>1.18.0-SNAPSHOT</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.nifi.registry</groupId> + <artifactId>nifi-registry-properties-loader</artifactId> + <version>1.18.0-SNAPSHOT</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>${org.slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-simple</artifactId> + <version>${org.slf4j.version}</version> + </dependency> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-security-utils</artifactId> + <version>1.18.0-SNAPSHOT</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.nifi</groupId> + <artifactId>nifi-xml-processing</artifactId> + <version>1.18.0-SNAPSHOT</version> + <scope>compile</scope> Review Comment: The `compile` scope can be removed in general, since it the default setting. ########## nifi-commons/nifi-property-protection-factory/src/main/java/org/apache/nifi/properties/scheme/PropertyProtectionScheme.java: ########## @@ -19,7 +19,7 @@ /** * Property Protection Schemes supported as arguments for encryption commands should not have direct references */ -enum PropertyProtectionScheme implements ProtectionScheme { +public enum PropertyProtectionScheme implements ProtectionScheme { Review Comment: Recommend revisiting the implementation approach, this enum should remain package-private and references to a `ProtectionScheme` should be accessed using the associated Resolver. ########## nifi-toolkit/nifi-property-encryptor-tool/src/main/java/org/apache/nifi/util/console/ConfigSubcommand.java: ########## @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.util.console; + +import org.apache.nifi.PropertyEncryptorCommand; +import org.apache.nifi.properties.scheme.ProtectionScheme; +import org.apache.nifi.util.console.utils.BaseCommandParameters; +import org.apache.nifi.util.console.utils.SchemeCandidates; +import org.apache.nifi.util.console.utils.SchemeConverter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import picocli.CommandLine; + +import java.io.IOException; + +@CommandLine.Command(name = "config", + description = "Operate on application configs", + usageHelpWidth=140 +) +class ConfigSubcommand extends BaseCommandParameters implements Runnable { + + private static final Logger logger = LoggerFactory.getLogger(ConfigSubcommand.class); + private static final String runMessage = "The property encryptor is running to [{}] configuration files in [{}]"; + + @CommandLine.ParentCommand + private BaseCLICommand parent; + + @CommandLine.Parameters( + completionCandidates = SchemeCandidates.class, + converter = SchemeConverter.class, + description="The encryption scheme to use, from one of the following schemes: [@|bold ${COMPLETION-CANDIDATES}|@]") + ProtectionScheme scheme; + + @Override + public void run() { + final PropertyEncryptorCommand propertyEncryptorCommand = new PropertyEncryptorCommand(baseDirectory, passphrase); + if (parent instanceof PropertyEncryptorEncrypt) { + encryptConfiguration(propertyEncryptorCommand); + } else if (parent instanceof PropertyEncryptorDecrypt) { + logger.info(runMessage, "decrypt", baseDirectory); + } else if (parent instanceof PropertyEncryptorMigrate) { + logger.info(runMessage, "migrate", baseDirectory); + } + } + + private void encryptConfiguration(final PropertyEncryptorCommand propertyEncryptorCommand) { + logger.info(runMessage, "encrypt", baseDirectory); + propertyEncryptorCommand.encryptXmlConfigurationFiles(baseDirectory, scheme); + try { + propertyEncryptorCommand.encryptPropertiesFile(scheme); + propertyEncryptorCommand.outputKeyToBootstrap(); + } catch (IOException e) { + e.printStackTrace(); Review Comment: It looks like this should be replaced with `logger.error()` ########## nifi-toolkit/nifi-property-encryptor-tool/src/main/java/org/apache/nifi/serde/StandardPropertiesWriter.java: ########## @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.serde; + +import org.apache.nifi.properties.ReadableProperties; + +import java.io.BufferedReader; +import java.io.BufferedWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.util.Set; + +public class StandardPropertiesWriter implements PropertiesWriter { + + private static final String DELIMITER = "="; + private static final String PROPERTY_FORMAT = "%s=%s"; + + public void writePropertiesFile(final InputStream inputStream, final OutputStream outputStream, final ReadableProperties properties) throws IOException { + try (BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream)); + BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(outputStream))) { + String line; + while ((line = reader.readLine()) != null) { + Set<String> keys = properties.getPropertyKeys(); + for (final String key : keys) { + if (line.split(DELIMITER)[0].matches(key)) { Review Comment: Instead of calling `line.split()` and then `matches`, this could be adjusted to compile a run a regular expression pattern using the `key`, which seems like it would be a bit more straightforward. ########## nifi-toolkit/nifi-property-encryptor-tool/src/main/java/org/apache/nifi/util/console/ConfigSubcommand.java: ########## @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.util.console; + +import org.apache.nifi.PropertyEncryptorCommand; +import org.apache.nifi.properties.scheme.ProtectionScheme; +import org.apache.nifi.util.console.utils.BaseCommandParameters; +import org.apache.nifi.util.console.utils.SchemeCandidates; +import org.apache.nifi.util.console.utils.SchemeConverter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import picocli.CommandLine; + +import java.io.IOException; + +@CommandLine.Command(name = "config", + description = "Operate on application configs", + usageHelpWidth=140 +) +class ConfigSubcommand extends BaseCommandParameters implements Runnable { + + private static final Logger logger = LoggerFactory.getLogger(ConfigSubcommand.class); + private static final String runMessage = "The property encryptor is running to [{}] configuration files in [{}]"; Review Comment: This should be uppercased to follow standard conventions. ```suggestion private static final String RUN_LOG_MESSAGE = "The property encryptor is running to [{}] configuration files in [{}]"; ``` ########## nifi-toolkit/nifi-property-encryptor-tool/src/main/java/org/apache/nifi/util/file/ConfigurationFileUtils.java: ########## @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.util.file; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Path; +import java.util.Arrays; + +public class ConfigurationFileUtils { + + public static String DEFAULT_CONF_DIR = "conf"; + public static String NIFI_PROPERTIES_DEFAULT_NAME = "nifi.properties"; + public static String NIFI_REGISTRY_DEFAULT_PROPERTIES_NAME = "nifi-registry.properties"; + + public static File getTemporaryOutputFile(final String prefix, final File siblingFile) throws IOException { + if (siblingFile != null && siblingFile.isFile()) { + return File.createTempFile(prefix, siblingFile.getName(), siblingFile.getParentFile()); Review Comment: The documentation for `java.io.File.createTempFile()` recommends using `java.nio.Files.createTempFile()` because it has more restrictive default permissions, so recommend changing the implementation to use `java.nio.Files.createTempFile()`. ########## nifi-toolkit/nifi-property-encryptor-tool/src/main/java/org/apache/nifi/util/console/utils/BaseCommandParameters.java: ########## @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.util.console.utils; + +import picocli.CommandLine; + +import java.nio.file.Path; + +public class BaseCommandParameters { + @CommandLine.Parameters(description="The base directory of NiFi/NiFi Registry/MiNiFi which contains the 'conf' directory (eg. /var/lib/nifi)") + protected Path baseDirectory; + + @CommandLine.Parameters(description="The passphrase used to derive a key and encrypt files (12 characters minimum)") + protected String passphrase; Review Comment: The parameter and description do not make the purpose clear. Is this for the Bootstrap Root Key? If so, recommend naming it `rootPassphrase` and updating the description. ########## nifi-toolkit/nifi-property-encryptor-tool/src/main/java/org/apache/nifi/util/file/ConfigurationFileUtils.java: ########## @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.util.file; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Path; +import java.util.Arrays; + +public class ConfigurationFileUtils { + + public static String DEFAULT_CONF_DIR = "conf"; + public static String NIFI_PROPERTIES_DEFAULT_NAME = "nifi.properties"; + public static String NIFI_REGISTRY_DEFAULT_PROPERTIES_NAME = "nifi-registry.properties"; + + public static File getTemporaryOutputFile(final String prefix, final File siblingFile) throws IOException { + if (siblingFile != null && siblingFile.isFile()) { + return File.createTempFile(prefix, siblingFile.getName(), siblingFile.getParentFile()); + } else { + throw new IOException("Failed to create temporary output file because sibling file is null or is not a file"); + } + } + + public static boolean isSafeToWrite(final File fileToWrite) { + assert(fileToWrite != null); + return (!fileToWrite.exists() && fileToWrite.getParentFile().canWrite() || (fileToWrite.exists() && fileToWrite.canWrite())); + } + + public static boolean isNiFiConfDirectory(final Path baseDirectory) { + return directoryContainsFilename(baseDirectory, NIFI_PROPERTIES_DEFAULT_NAME); + } + + public static boolean isNiFiRegistryConfDirectory(final Path baseDirectory) { + return directoryContainsFilename(baseDirectory, NIFI_REGISTRY_DEFAULT_PROPERTIES_NAME); + } + + /** + * If the baseDirectory given is ./nifi/conf, return the parent directory ./nifi + * @param baseDirectory A given base directory to locate configuration files + * @return The ./nifi directory + */ + public static Path resolveAbsoluteConfDirectory(final Path baseDirectory) { + if (!baseDirectory.toFile().isDirectory()) { + throw new IllegalArgumentException(String.format("The base directory given [%s] does not exist or is not a directory", baseDirectory)); + } + + if (isNiFiConfDirectory(baseDirectory) || isNiFiRegistryConfDirectory(baseDirectory)) { + return getAbsolutePath(baseDirectory); + } else if (directoryContainsFilename(baseDirectory, DEFAULT_CONF_DIR)) { + return getAbsolutePath(getDefaultConfDirectory(baseDirectory).toPath()); + } else { + throw new IllegalArgumentException( + String.format("The configuration directory [%s]/ could not be found within [%s] or it did not contain a properties file", DEFAULT_CONF_DIR, baseDirectory)); Review Comment: Should the forward slash be removed? ```suggestion String.format("The configuration directory [%s] could not be found within [%s] or it did not contain a properties file", DEFAULT_CONF_DIR, baseDirectory)); ``` ########## nifi-toolkit/nifi-property-encryptor-tool/src/main/java/org/apache/nifi/util/file/ConfigurationFileUtils.java: ########## @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.util.file; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Path; +import java.util.Arrays; + +public class ConfigurationFileUtils { + + public static String DEFAULT_CONF_DIR = "conf"; + public static String NIFI_PROPERTIES_DEFAULT_NAME = "nifi.properties"; + public static String NIFI_REGISTRY_DEFAULT_PROPERTIES_NAME = "nifi-registry.properties"; + + public static File getTemporaryOutputFile(final String prefix, final File siblingFile) throws IOException { + if (siblingFile != null && siblingFile.isFile()) { + return File.createTempFile(prefix, siblingFile.getName(), siblingFile.getParentFile()); + } else { + throw new IOException("Failed to create temporary output file because sibling file is null or is not a file"); Review Comment: It would be helpful to include the prefix and sibling file parameters in the message. ########## nifi-toolkit/nifi-property-encryptor-tool/src/main/java/org/apache/nifi/util/file/ConfigurationFileUtils.java: ########## @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.util.file; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Path; +import java.util.Arrays; + +public class ConfigurationFileUtils { + + public static String DEFAULT_CONF_DIR = "conf"; + public static String NIFI_PROPERTIES_DEFAULT_NAME = "nifi.properties"; + public static String NIFI_REGISTRY_DEFAULT_PROPERTIES_NAME = "nifi-registry.properties"; + + public static File getTemporaryOutputFile(final String prefix, final File siblingFile) throws IOException { + if (siblingFile != null && siblingFile.isFile()) { + return File.createTempFile(prefix, siblingFile.getName(), siblingFile.getParentFile()); + } else { + throw new IOException("Failed to create temporary output file because sibling file is null or is not a file"); + } + } + + public static boolean isSafeToWrite(final File fileToWrite) { + assert(fileToWrite != null); + return (!fileToWrite.exists() && fileToWrite.getParentFile().canWrite() || (fileToWrite.exists() && fileToWrite.canWrite())); + } + + public static boolean isNiFiConfDirectory(final Path baseDirectory) { + return directoryContainsFilename(baseDirectory, NIFI_PROPERTIES_DEFAULT_NAME); + } + + public static boolean isNiFiRegistryConfDirectory(final Path baseDirectory) { + return directoryContainsFilename(baseDirectory, NIFI_REGISTRY_DEFAULT_PROPERTIES_NAME); + } + + /** + * If the baseDirectory given is ./nifi/conf, return the parent directory ./nifi + * @param baseDirectory A given base directory to locate configuration files + * @return The ./nifi directory + */ + public static Path resolveAbsoluteConfDirectory(final Path baseDirectory) { + if (!baseDirectory.toFile().isDirectory()) { + throw new IllegalArgumentException(String.format("The base directory given [%s] does not exist or is not a directory", baseDirectory)); + } + + if (isNiFiConfDirectory(baseDirectory) || isNiFiRegistryConfDirectory(baseDirectory)) { + return getAbsolutePath(baseDirectory); + } else if (directoryContainsFilename(baseDirectory, DEFAULT_CONF_DIR)) { + return getAbsolutePath(getDefaultConfDirectory(baseDirectory).toPath()); + } else { + throw new IllegalArgumentException( + String.format("The configuration directory [%s]/ could not be found within [%s] or it did not contain a properties file", DEFAULT_CONF_DIR, baseDirectory)); + } + } + + /** + * Get the properties file either NiFi or NiFi Registry from within the configuration directory + * @param confDirectory The ./conf directory + * @return The NiFi or NiFi Registry properties file (eg. nifi.properties or nifi-registry.properties) + */ + public static File resolvePropertiesFile(final Path confDirectory) { + if (directoryContainsFilename(confDirectory, NIFI_PROPERTIES_DEFAULT_NAME)) { + return getAbsolutePath(confDirectory.resolve(NIFI_PROPERTIES_DEFAULT_NAME)).toFile(); + } else if (directoryContainsFilename(confDirectory, NIFI_REGISTRY_DEFAULT_PROPERTIES_NAME)) { + return getAbsolutePath(confDirectory.resolve(NIFI_REGISTRY_DEFAULT_PROPERTIES_NAME)).toFile(); + } else { + throw new IllegalArgumentException(String.format("Could not find a properties file in [%s]", confDirectory)); + } + } + + private static Path getAbsolutePath(final Path relativeFile) { + final Path absolutePath = relativeFile.toAbsolutePath(); + if (absolutePath.toFile().exists() && absolutePath.toFile().canRead()) { + return absolutePath; + } else { + throw new IllegalArgumentException(String.format("The file or directory [%s] does not exist", absolutePath)); + } + } + + private static boolean directoryContainsFilename(final Path directory, final String filename) { + return Arrays.stream(directory.toFile().listFiles()).anyMatch(file -> file.getName().equals(filename)); + } + + private static File getDefaultConfDirectory(final Path baseDirectory) { + return baseDirectory.resolve(DEFAULT_CONF_DIR).toFile(); + } + + /** + * Return a configuration file absolute path based on the confDirectory rather than Java's working path + */ + public static File getAbsoluteFile(final File confDirectory, final File relativeFile) { Review Comment: This method should be moved up in the file before other `private` methods. ########## nifi-commons/nifi-property-protection-factory/src/main/java/org/apache/nifi/properties/scheme/PropertyProtectionScheme.java: ########## @@ -19,7 +19,7 @@ /** * Property Protection Schemes supported as arguments for encryption commands should not have direct references */ -enum PropertyProtectionScheme implements ProtectionScheme { +public enum PropertyProtectionScheme implements ProtectionScheme { Review Comment: Thanks for the update @thenatog, that looks like a good solution. I will take a closer look at the other changes soon. ########## nifi-toolkit/nifi-property-encryptor-tool/src/main/java/org/apache/nifi/util/file/NiFiRegistryConfigurationFileResolver.java: ########## @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.util.file; + +import org.apache.nifi.registry.properties.NiFiRegistryProperties; + +import java.io.File; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.List; + +/** + * Resolve configuration files that need to be encrypted from a given ApplicationProperties + */ +public class NiFiRegistryConfigurationFileResolver implements ConfigurationFileResolver<NiFiRegistryProperties> { + + private Path confDirectory; + + public NiFiRegistryConfigurationFileResolver(final Path confDirectory) { + this.confDirectory = confDirectory; + } + + /** + * Use the nifi.properties file to locate configuration files referenced by properties in the file + * + * @return List of application configuration files + */ + @Override + public List<File> resolveConfigurationFilesFromApplicationProperties(NiFiRegistryProperties properties) throws ConfigurationFileResolverException { + ArrayList<File> configurationFiles = new ArrayList<>(); + configurationFiles.add(ConfigurationFileUtils.getAbsoluteFile(confDirectory.toFile(), properties.getAuthorizersConfigurationFile())); + configurationFiles.add(ConfigurationFileUtils.getAbsoluteFile(confDirectory.toFile(), properties.getProvidersConfigurationFile())); + configurationFiles.add(ConfigurationFileUtils.getAbsoluteFile(confDirectory.toFile(), properties.getIdentityProviderConfigurationFile())); + configurationFiles.add(ConfigurationFileUtils.getAbsoluteFile(confDirectory.toFile(), properties.getRegistryAliasConfigurationFile())); + + for (final File configFile : configurationFiles) { + if (!isValidConfigurationFile(configFile)) { + throw new ConfigurationFileResolverException(String.format("Failed to resolve configuration file [%s].", configFile.getName())); Review Comment: Recommend moving the period character from the message: ```suggestion throw new ConfigurationFileResolverException(String.format("Failed to resolve configuration file [%s]", configFile.getName())); ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org