Github user ijokarumawak commented on a diff in the pull request:
https://github.com/apache/nifi/pull/3109#discussion_r228061483
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/StandardLoadBalanceProtocol.java
---
@@ -130,17 +130,14 @@ public void receiveFlowFiles(final Socket socket)
throws IOException {
final Set<String> certIdentities;
try {
certIdentities = getCertificateIdentities(sslSession);
-
- final String dn =
CertificateUtils.extractPeerDNFromSSLSocket(socket);
- peerDescription = CertificateUtils.extractUsername(dn);
} catch (final CertificateException e) {
throw new IOException("Failed to extract Client
Certificate", e);
}
logger.debug("Connection received from peer {}. Will perform
authorization against Client Identities '{}'",
peerDescription, certIdentities);
- authorizer.authorize(certIdentities);
+ peerDescription = authorizer.authorize(certIdentities);
--- End diff --
Although the commit message says "Use Node Identifier's node address
instead of getting from socket for RECEIVE prov events", we still uses the
`nodename` for RECEIVE provenance events [1] that is derived from
`socket.getInetAddress().getHostName()` [2].
I wonder if you intended to use this peerDescription instead. Thoughts?
1.
https://github.com/apache/nifi/blob/c5e79da4449db81119ab898f15ab7c2aa64b9c91/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/StandardLoadBalanceProtocol.java#L343
2.
https://github.com/apache/nifi/blob/c5e79da4449db81119ab898f15ab7c2aa64b9c91/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/StandardLoadBalanceProtocol.java#L155
---
