Github user jvwing commented on a diff in the pull request: https://github.com/apache/nifi/pull/2291#discussion_r153398470 --- Diff: nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/s3/encryption/EncryptedS3PutEnrichmentService.java --- @@ -0,0 +1,181 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.processors.aws.s3.encryption; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest; +import com.amazonaws.services.s3.model.ObjectMetadata; +import com.amazonaws.services.s3.model.PutObjectRequest; +import com.amazonaws.services.s3.model.SSEAwsKeyManagementParams; +import com.amazonaws.services.s3.model.SSECustomerKey; +import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.annotation.documentation.CapabilityDescription; +import org.apache.nifi.annotation.documentation.Tags; +import org.apache.nifi.annotation.lifecycle.OnEnabled; +import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.controller.AbstractControllerService; +import org.apache.nifi.controller.ConfigurationContext; +import org.apache.nifi.processor.util.StandardValidators; +import org.apache.nifi.processors.aws.s3.service.S3PutEnrichmentService; +import org.apache.nifi.reporting.InitializationException; + +@Tags({"aws", "s3", "encryption", "server", "kms", "key"}) +@CapabilityDescription("Provides the ability to configure S3 Server Side Encryption once and reuse " + + "that configuration throughout the application") +public class EncryptedS3PutEnrichmentService extends AbstractControllerService implements S3PutEnrichmentService { + + public static final String METHOD_SSE_S3 = "SSE-S3"; + public static final String METHOD_SSE_KMS = "SSE-KMS"; + public static final String METHOD_SSE_C = "SSE-C"; + + public static final String ALGORITHM_AES256 = "AES256"; + public static final String CUSTOMER_ALGORITHM_AES256 = "AES256"; + + + public static final PropertyDescriptor ENCRYPTION_METHOD = new PropertyDescriptor.Builder() + .name("encryption-method") + .displayName("Encryption Method") + .required(true) + .allowableValues(METHOD_SSE_S3, METHOD_SSE_KMS, METHOD_SSE_C) + .defaultValue(METHOD_SSE_S3) + .description("Method by which the S3 object will be encrypted server-side.") + .build(); + + public static final PropertyDescriptor ALGORITHM = new PropertyDescriptor.Builder() + .name("sse-algorithm") + .displayName("Algorithm") + .allowableValues(ALGORITHM_AES256) + .defaultValue(ALGORITHM_AES256) + .description("Encryption algorithm to use (only AES256 currently supported)") + .build(); + + public static final PropertyDescriptor KMS_KEY_ID = new PropertyDescriptor.Builder() + .name("sse-kme-key-id") + .displayName("KMS Key Id") + .required(false) + .expressionLanguageSupported(true) + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) + .description("Custom KMS key identifier. Supports key or alias ARN.") + .build(); + + public static final PropertyDescriptor CUSTOMER_KEY = new PropertyDescriptor.Builder() + .name("sse-customer-key") + .displayName("Customer Key") + .required(false) + .expressionLanguageSupported(true) + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) + .description("Customer provided 256-bit, base64-encoded encryption key.") + .build(); + + public static final PropertyDescriptor CUSTOMER_ALGORITHM = new PropertyDescriptor.Builder() + .name("sse-customer-algorithm") + .displayName("Customer Algorithm") + .allowableValues(CUSTOMER_ALGORITHM_AES256) + .defaultValue(CUSTOMER_ALGORITHM_AES256) + .description("Customer encryption algorithm to use (only AES256 currently supported)") + .build(); + + private static final List<PropertyDescriptor> properties; + private String encryptionMethod; + private String algorithm; + private String kmsKeyId; + private String customerKey; + private String customerAlgorithm; + + + static { + final List<PropertyDescriptor> props = new ArrayList<>(); + props.add(ENCRYPTION_METHOD); + props.add(ALGORITHM); + props.add(KMS_KEY_ID); + props.add(CUSTOMER_KEY); + props.add(CUSTOMER_ALGORITHM); + properties = Collections.unmodifiableList(props); + } + + @Override + protected List<PropertyDescriptor> getSupportedPropertyDescriptors() { + return properties; + } + + @OnEnabled + public void onConfigured(final ConfigurationContext context) throws InitializationException { + encryptionMethod = context.getProperty(ENCRYPTION_METHOD).getValue(); + algorithm = context.getProperty(ALGORITHM).getValue(); + kmsKeyId = context.getProperty(KMS_KEY_ID).getValue(); --- End diff -- Should this evaluate expression language like `context.getProperty(KMS_KEY_ID).evaluateAttributeExpressions().getValue()`?
---