fgerlits commented on code in PR #1739:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1739#discussion_r1512504892
##########
encrypt-config/FlowConfigEncryptor.cpp:
##########
@@ -61,114 +62,150 @@ std::vector<SensitiveProperty>
listSensitiveProperties(const minifi::core::Proce
std::vector<minifi::core::Processor *> processors;
process_group.getAllProcessors(processors);
- for (const auto *processor : processors) {
+ for (const auto* processor : processors) {
gsl_Expects(processor);
for (const auto& [_, property] : processor->getProperties()) {
if (property.isSensitive()) {
sensitive_properties.push_back(SensitiveProperty{
- .type = Type::Processor,
+ .component_type = ComponentType::Processor,
.component_id = processor->getUUID(),
.component_name = processor->getName(),
.property_name = property.getName(),
- .property_display_name = property.getDisplayName()});
+ .property_display_name = property.getDisplayName(),
+ .property_value = property.getValue().to_string()});
}
}
}
- for (const auto &controller_service_node :
process_group.getAllControllerServices()) {
+ for (const auto& controller_service_node :
process_group.getAllControllerServices()) {
gsl_Expects(controller_service_node);
const auto controller_service =
controller_service_node->getControllerServiceImplementation();
gsl_Expects(controller_service);
for (const auto& [_, property] : controller_service->getProperties()) {
if (property.isSensitive()) {
sensitive_properties.push_back(SensitiveProperty{
- .type = Type::ControllerService,
+ .component_type = ComponentType::ControllerService,
.component_id = controller_service->getUUID(),
.component_name = controller_service->getName(),
.property_name = property.getName(),
- .property_display_name = property.getDisplayName()});
+ .property_display_name = property.getDisplayName(),
+ .property_value = property.getValue().to_string()});
}
}
}
return sensitive_properties;
}
-template<typename Func>
-void encryptSensitiveValuesInFlowConfigImpl(
- const minifi::encrypt_config::EncryptionKeys& keys, const
std::filesystem::path& minifi_home, const std::filesystem::path&
flow_config_path, Func create_overrides) {
- const auto configure = std::make_shared<minifi::Configure>();
+std::unordered_map<minifi::utils::Identifier, std::unordered_map<std::string,
std::string>> createOverridesInteractively(const
std::vector<SensitiveProperty>& sensitive_properties) {
+ std::unordered_map<minifi::utils::Identifier,
std::unordered_map<std::string, std::string>> overrides;
+ std::cout << '\n';
+ for (const auto& sensitive_property : sensitive_properties) {
+ std::cout << magic_enum::enum_name(sensitive_property.component_type) << "
" << sensitive_property.component_name << " (" <<
sensitive_property.component_id.to_string() << ") "
+ << "has sensitive property " <<
sensitive_property.property_display_name << "\n enter a new value or press
Enter to keep the current value unchanged: ";
+ std::cout.flush();
+ std::string new_value;
+ std::getline(std::cin, new_value);
+ if (!new_value.empty()) {
+
overrides[sensitive_property.component_id].emplace(sensitive_property.property_name,
new_value);
+ }
+ }
+ return overrides;
+}
+
+std::unordered_map<minifi::utils::Identifier, std::unordered_map<std::string,
std::string>> createOverridesForSingleProperty(
+ const std::vector<SensitiveProperty>& sensitive_properties, const
std::string& component_id, const std::string& property_name, const std::string&
property_value) {
+ const auto sensitive_property_it =
std::ranges::find_if(sensitive_properties, [&](const auto& sensitive_property) {
+ return sensitive_property.component_id.to_string().view() == component_id
&& (sensitive_property.property_name == property_name ||
sensitive_property.property_display_name == property_name);
+ });
+ if (sensitive_property_it == sensitive_properties.end()) {
+ std::cout << "No sensitive property found with this component ID and
property name.\n";
+ return {};
+ }
+ return {{sensitive_property_it->component_id,
{{sensitive_property_it->property_name, property_value}}}};
+}
+
+std::unordered_map<minifi::utils::Identifier, std::unordered_map<std::string,
std::string>> createOverridesForReEncryption(const
std::vector<SensitiveProperty>& sensitive_properties) {
+ std::unordered_map<minifi::utils::Identifier,
std::unordered_map<std::string, std::string>> overrides;
+ for (const auto& sensitive_property : sensitive_properties) {
+
overrides[sensitive_property.component_id].emplace(sensitive_property.property_name,
sensitive_property.property_value);
+ }
+ return overrides;
+}
+
+} // namespace
+
+namespace org::apache::nifi::minifi::encrypt_config::flow_config_encryptor {
+
+EncryptionRequest::EncryptionRequest(EncryptionType type) : type{type} {
+ gsl_Expects(type == EncryptionType::Interactive || type ==
EncryptionType::ReEncrypt);
+}
+
+EncryptionRequest::EncryptionRequest(std::string_view component_id,
std::string_view property_name, std::string_view property_value)
+ : type{EncryptionType::SingleProperty},
+ component_id{component_id},
+ property_name{property_name},
+ property_value{property_value} {}
+
+void encryptSensitiveValuesInFlowConfig(const EncryptionKeys& keys, const
std::filesystem::path& minifi_home, const std::filesystem::path&
flow_config_path, const EncryptionRequest& request) {
+ const bool is_re_encrypting = keys.old_key.has_value();
+ if (is_re_encrypting && request.type != EncryptionType::ReEncrypt) {
+ throw std::runtime_error("Error: found .old key; please run --re-encrypt
and then remove the .old key");
+ }
+ if (!is_re_encrypting && request.type == EncryptionType::ReEncrypt) {
+ throw std::runtime_error("Error: cannot re-encrypt without an .old key!");
+ }
+
+ const auto configure = std::make_shared<Configure>();
configure->setHome(minifi_home);
configure->loadConfigureFile(DEFAULT_NIFI_PROPERTIES_FILE);
- bool encrypt_whole_flow_config_file =
(configure->get(minifi::Configure::nifi_flow_configuration_encrypt) |
minifi::utils::andThen(minifi::utils::string::toBool)).value_or(false);
- auto encryptor = encrypt_whole_flow_config_file ?
minifi::utils::crypto::EncryptionProvider::create(minifi_home) : std::nullopt;
- auto filesystem =
std::make_shared<minifi::utils::file::FileSystem>(encrypt_whole_flow_config_file,
encryptor);
+ bool encrypt_whole_flow_config_file =
(configure->get(Configure::nifi_flow_configuration_encrypt) |
utils::andThen(utils::string::toBool)).value_or(false);
+ auto whole_file_encryptor = encrypt_whole_flow_config_file ?
utils::crypto::EncryptionProvider::create(minifi_home) : std::nullopt;
+ auto filesystem =
std::make_shared<utils::file::FileSystem>(encrypt_whole_flow_config_file,
whole_file_encryptor);
+
+ auto sensitive_properties_encryptor = is_re_encrypting ?
Review Comment:
makes sense, changed in 762c4dfbaca0d4f7c9a40b3799017d8dfe48161b (although
line 179 is going to look a bit weird now)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
