Chris Sampson created NIFI-15306:
------------------------------------
Summary: Property migration does not happen when creating
Reporting Tasks and global Controller Services via NiFi Toolkit
Key: NIFI-15306
URL: https://issues.apache.org/jira/browse/NIFI-15306
Project: Apache NiFi
Issue Type: Bug
Affects Versions: 2.7.0
Reporter: Chris Sampson
Several properties in Site-to-Site Reporting Tasks and Controller Services
(e.g. {{StandardSSLControllerService}}) have recently been renamed as part of
an effort to harminise property descriptor names with their display names.
A set of property migrations have been included as part of this using the
{{migrateProperties}} framework method. However, it seems that these methods
are not being called for global-level components such as Reporting Tasks and
Controller Services when they are created via the NiFi API (e.g. using
Toolkit's {{create-reporting-task}} method) with a JSON definition that has not
been updated to match the renamed properties.
For example:
{code:json}
{
"component": {
"name": "Registry Client SSL Context Service",
"type": "org.apache.nifi.ssl.StandardSSLContextService",
"properties": {
"Keystore Filename": "keystore.p12",
"Keystore Password": "my password",
"key-password": "my password",
"Keystore Type": "PKCS12",
"Truststore Filename": "trust.p12",
"Truststore Password": "another password",
"Truststore Type": "PKCS12",
"SSL Protocol": "TLS"
}
}
}
{code}
Results in 2 unknown properties of {{key-password}} and {{SSL Protocol}} being
present in the created Controller Service, with the component being invalid and
throwing errors such as:
{quote}
'key-password' not valid with value 'my password', property does not exist
{quote}
Similarly, for:
{code:json}
{
"component": {
"name": "s2s Bulletin Report",
"type": "org.apache.nifi.reporting.SiteToSiteBulletinReportingTask",
"properties": {
"Destination URL": "https://nifi:8443/nifi";,
"Input Port Name": "BulletinData",
"SSL Context Service": "{uuid}",
"Instance URL": "https://${hostname(true)}:8443/nifi",
"record-writer": "{uuid}"
}
}
}
{code}
Creates an invalid Reporting Task due to:
{quote}
'record-writer' not valid with value '{uuid}', property does not exist
{quote}
This makes the changes to these properties a breaking change for anyone with
existing component definitions to be installed into a NiFi cluster.
Additionally, the reporting of the property values has the potential to leak
sensitive details, such as key passwords (NiFi doesn't recognise
{{key-password}} any longer, so doesn't realise it's a sensitive value, and so
reports the value in the component validation error).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
