[GitHub] nifi issue #2044: NIFI-4139 Extract key provider to framework-level service
Github user alopresto commented on the issue: https://github.com/apache/nifi/pull/2044 Closing per @mcgilman. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2044: NIFI-4139 Extract key provider to framework-level service
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2044 Thanks @alopresto! This has been merged to master. I accidentally forgot to add the 'This closes...' text to the commit message. Would you mind closing this PR out? Thanks! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2044: NIFI-4139 Extract key provider to framework-level service
Github user alopresto commented on the issue: https://github.com/apache/nifi/pull/2044 I also considered passing a supplier rather than the master key to the `KeyProviderFactory`, but the `EncryptedWriteAheadProvenanceRepository` already has access to the master key retrieval code, so I didn't yet. I also considered making a DTO for the `KeyProvider` configuration values used in the factory, as the parameter list is getting a little long, but the only place they are currently used is in the EWAPR. When I implement NIFI-3888 subtasks for content and flowfile repository, I may refactor this to be more concise. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2044: NIFI-4139 Extract key provider to framework-level service
Github user alopresto commented on the issue: https://github.com/apache/nifi/pull/2044 Thanks @mcgilman. I have moved the master key extraction out to `EncryptedWriteAheadProvenanceRepository` and removed the `nifi-security-utils` dependency on `nifi-properties-loader`. That module is now included in 16 production modules and 4 test modules (I believe this is down from 39 previously). Let me know if you feel this is sufficient. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2044: NIFI-4139 Extract key provider to framework-level service
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2044 @alopresto These refactorings look good. The backward compatibility support for legacy configurations is also solid. One minor thing I'd like to investigate further if we can remove the dependency between the nifi-security-utils and the nifi-properties-loader. The nifi-security-utils are referenced and pulled into many NARs and the additional dependency would introduce further duplication of the nifi-properties-loader jar (and it's transitive dependencies not already included). This dependency is only used to load the master key from the bootstrap.conf. While it's not a showstopper, it would be nice if we didn't need this additional dependency and instead allowed the client of the nifi-security-utils provide the master key when necessary. Thanks --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] nifi issue #2044: NIFI-4139 Extract key provider to framework-level service
Github user mcgilman commented on the issue: https://github.com/apache/nifi/pull/2044 Will review... --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---