lordgamez commented on code in PR #1806:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1806#discussion_r1675952374
##########
encrypt-config/EncryptConfigMain.cpp:
##########
@@ -48,6 +48,15 @@ int main(int argc, char* argv[]) try {
argument_parser.add_argument("--property-value")
.metavar("VALUE")
.help(minifi::utils::string::join_pack("The new value of the sensitive
property (", OPERATION_FLOW_CONFIG, " only)"));
+ argument_parser.add_argument("--parameter-context-id")
+ .metavar("PARAMETER_CONTEXT_ID")
+ .help(minifi::utils::string::join_pack("Parameter context id (",
OPERATION_FLOW_CONFIG, " only)"));
Review Comment:
Good point, updated in 887357fa01a2aafb3269d29f9c52c682cdede37b
##########
encrypt-config/FlowConfigEncryptor.cpp:
##########
@@ -82,58 +100,59 @@ std::vector<SensitiveProperty>
listSensitiveProperties(const minifi::core::Proce
gsl_Expects(controller_service_node);
const auto* controller_service =
controller_service_node->getControllerServiceImplementation();
gsl_Expects(controller_service);
+ auto props = controller_service->getProperties();
if (processed_controller_services.contains(controller_service->getUUID()))
{
continue;
}
processed_controller_services.insert(controller_service->getUUID());
- for (const auto& [_, property] : controller_service->getProperties()) {
+ for (const auto& [_, property] : props) {
Review Comment:
Probably just changed for debugging purposes, fixed in
887357fa01a2aafb3269d29f9c52c682cdede37b
##########
encrypt-config/FlowConfigEncryptor.cpp:
##########
@@ -82,58 +100,59 @@ std::vector<SensitiveProperty>
listSensitiveProperties(const minifi::core::Proce
gsl_Expects(controller_service_node);
const auto* controller_service =
controller_service_node->getControllerServiceImplementation();
gsl_Expects(controller_service);
+ auto props = controller_service->getProperties();
if (processed_controller_services.contains(controller_service->getUUID()))
{
continue;
}
processed_controller_services.insert(controller_service->getUUID());
- for (const auto& [_, property] : controller_service->getProperties()) {
+ for (const auto& [_, property] : props) {
if (property.isSensitive()) {
- sensitive_properties.push_back(SensitiveProperty{
+ sensitive_items.push_back(SensitiveItem{
.component_type = ComponentType::ControllerService,
.component_id = controller_service->getUUID(),
.component_name = controller_service->getName(),
- .property_name = property.getName(),
- .property_display_name = property.getDisplayName(),
- .property_value = property.getValue().to_string()});
+ .item_name = property.getName(),
+ .item_display_name = property.getDisplayName(),
+ .item_value = property.getValue().to_string()});
}
}
}
- return sensitive_properties;
+ return sensitive_items;
}
-std::unordered_map<minifi::utils::Identifier, minifi::core::flow::Overrides>
createOverridesInteractively(const std::vector<SensitiveProperty>&
sensitive_properties) {
+std::unordered_map<minifi::utils::Identifier, minifi::core::flow::Overrides>
createOverridesInteractively(const std::vector<SensitiveItem>& sensitive_items)
{
std::unordered_map<minifi::utils::Identifier, minifi::core::flow::Overrides>
overrides;
std::cout << '\n';
- for (const auto& sensitive_property : sensitive_properties) {
- std::cout << magic_enum::enum_name(sensitive_property.component_type) << "
" << sensitive_property.component_name << " (" <<
sensitive_property.component_id.to_string() << ") "
- << "has sensitive property " <<
sensitive_property.property_display_name << "\n enter a new value or press
Enter to keep the current value unchanged: ";
+ for (const auto& sensitive_item : sensitive_items) {
+ std::cout << magic_enum::enum_name(sensitive_item.component_type) << " "
<< sensitive_item.component_name << " (" <<
sensitive_item.component_id.to_string() << ") "
+ << "has sensitive item " << sensitive_item.item_display_name <<
"\n enter a new value or press Enter to keep the current value unchanged: ";
std::cout.flush();
std::string new_value;
std::getline(std::cin, new_value);
if (!new_value.empty()) {
-
overrides[sensitive_property.component_id].add(sensitive_property.property_name,
new_value);
+ overrides[sensitive_item.component_id].add(sensitive_item.item_name,
new_value);
}
}
return overrides;
}
-std::unordered_map<minifi::utils::Identifier, minifi::core::flow::Overrides>
createOverridesForSingleProperty(
- const std::vector<SensitiveProperty>& sensitive_properties, const
std::string& component_id, const std::string& property_name, const std::string&
property_value) {
- const auto sensitive_property_it =
std::ranges::find_if(sensitive_properties, [&](const auto& sensitive_property) {
- return sensitive_property.component_id.to_string().view() == component_id
&& (sensitive_property.property_name == property_name ||
sensitive_property.property_display_name == property_name);
+std::unordered_map<minifi::utils::Identifier, minifi::core::flow::Overrides>
createOverridesForSingleItem(
+ const std::vector<SensitiveItem>& sensitive_items, const std::string&
component_id, const std::string& item_name, const std::string& item_value) {
+ const auto sensitive_item_it = std::ranges::find_if(sensitive_items,
[&](const auto& sensitive_item) {
+ return sensitive_item.component_id.to_string().view() == component_id &&
(sensitive_item.item_name == item_name || sensitive_item.item_display_name ==
item_name);
});
- if (sensitive_property_it == sensitive_properties.end()) {
- std::cout << "No sensitive property found with this component ID and
property name.\n";
+ if (sensitive_item_it == sensitive_items.end()) {
+ std::cout << "No sensitive item found with this component ID and item
name.\n";
Review Comment:
Good idea, updated in 887357fa01a2aafb3269d29f9c52c682cdede37b
##########
libminifi/include/core/ParameterTokenParser.h:
##########
@@ -131,5 +138,27 @@ class ParameterTokenParser {
std::vector<std::unique_ptr<ParameterToken>> tokens_;
};
+class NonSensitiveParameterTokenParser : public ParameterTokenParser {
+ public:
+ using ParameterTokenParser::ParameterTokenParser;
+
+ protected:
+ std::string getRawParameterValue(const Parameter& parameter) const override;
+};
+
+class SensitiveParameterTokenParser : public ParameterTokenParser {
+ public:
+ SensitiveParameterTokenParser(std::string input,
utils::crypto::EncryptionProvider& sensitive_values_encryptor)
+ : ParameterTokenParser(std::move(input)),
+ sensitive_values_encryptor_(sensitive_values_encryptor) {
+ }
+
+ protected:
+ std::string getRawParameterValue(const Parameter& parameter) const override;
+
+ private:
+ utils::crypto::EncryptionProvider& sensitive_values_encryptor_;
Review Comment:
Yes it can be, updated in 887357fa01a2aafb3269d29f9c52c682cdede37b
##########
libminifi/src/core/json/JsonFlowSerializer.cpp:
##########
@@ -68,18 +68,42 @@ void
JsonFlowSerializer::encryptSensitiveProperties(rapidjson::Value& property_j
}
}
-std::string JsonFlowSerializer::serialize(const core::ProcessGroup&
process_group, const core::flow::FlowSchema& schema, const
utils::crypto::EncryptionProvider& encryption_provider,
- const std::unordered_map<utils::Identifier, core::flow::Overrides>&
overrides) const {
- gsl_Expects(schema.root_group.size() == 1 && schema.identifier.size() == 1 &&
- schema.processors.size() == 1 && schema.processor_properties.size() == 1
&&
- schema.controller_services.size() == 1 &&
schema.controller_service_properties.size() == 1);
+void JsonFlowSerializer::encryptSensitiveParameters(rapidjson::Value&
flow_definition_json, rapidjson::Document::AllocatorType& alloc, const
core::flow::FlowSchema& schema,
+ const utils::crypto::EncryptionProvider& encryption_provider, const
std::unordered_map<utils::Identifier, core::flow::Overrides>& overrides) const {
+ if (!flow_definition_json.HasMember(schema.parameter_contexts[0])) {
+ return;
+ }
- rapidjson::Document doc;
- auto alloc = doc.GetAllocator();
- rapidjson::Value flow_definition_json;
- flow_definition_json.CopyFrom(flow_definition_json_, alloc);
- auto& root_group = getMember(flow_definition_json, schema.root_group[0]);
+ auto parameter_contexts = getMember(flow_definition_json,
schema.parameter_contexts[0]).GetArray();
+ for (auto& parameter_context : parameter_contexts) {
+ for (auto& parameter : getMember(parameter_context,
schema.parameters[0]).GetArray()) {
+ bool is_sensitive = getMember(parameter, schema.sensitive[0]).GetBool();
+ if (!is_sensitive) {
+ continue;
+ }
+ const std::string parameter_context_id_str{getMember(parameter_context,
schema.identifier[0]).GetString(), getMember(parameter_context,
schema.identifier[0]).GetStringLength()};
+ const auto parameter_context_id =
utils::Identifier::parse(parameter_context_id_str);
+ if (!parameter_context_id) {
+ logger_->log_warn("Invalid parameter context ID found in the flow
definition: {}", parameter_context_id_str);
+ continue;
+ }
+
+ std::string parameter_value{getMember(parameter,
schema.value[0]).GetString(), getMember(parameter,
schema.value[0]).GetStringLength()};
+ if (overrides.contains(*parameter_context_id)) {
+ const auto& override_values = overrides.at(*parameter_context_id);
+ const auto parameter_name = getMember(parameter,
schema.name[0]).GetString();
Review Comment:
Good point, updated in 887357fa01a2aafb3269d29f9c52c682cdede37b
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
