From 39b16c3617d5b2a199cad8811b5e6c82ed6fa361 Mon Sep 17 00:00:00 2001 From: Chris Sampson Date: Thu, 23 Jan 2025 20:57:25 +0000 Subject: [PATCH] Update ElasticsearchClientService property descriptor dependencies --- .../ElasticSearchClientService.java | 30 ++++++------- .../ElasticSearchClientServiceImpl.java | 45 ------------------- .../ElasticSearchClientServiceImplTest.java | 33 ++++---------- 3 files changed, 24 insertions(+), 84 deletions(-) diff --git a/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java b/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java index 899e977a45..b1c64cc12d 100644 --- a/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java +++ b/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java @@ -69,11 +69,21 @@ public interface ElasticSearchClientService extends ControllerService, Verifiabl .displayName("OAuth2 Access Token Provider") .description("The OAuth2 Access Token Provider used to provide JWTs for Bearer Token Authorization with Elasticsearch.") .dependsOn(AUTHORIZATION_SCHEME, AuthorizationScheme.JWT) - .required(false) + .required(true) .identifiesControllerService(OAuth2AccessTokenProvider.class) .addValidator(Validator.VALID) .build(); + PropertyDescriptor JWT_SHARED_SECRET = new PropertyDescriptor.Builder() + .name("jwt-shared-secret") + .displayName("JWT Shared Secret") + .description("JWT realm Shared Secret.") + .dependsOn(AUTHORIZATION_SCHEME, AuthorizationScheme.JWT) + .required(true) + .sensitive(true) + .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) + .build(); + PropertyDescriptor RUN_AS_USER = new PropertyDescriptor.Builder() .name("el-cs-run-as-user") .displayName("Run As User") @@ -88,7 +98,7 @@ public interface ElasticSearchClientService extends ControllerService, Verifiabl .displayName("Username") .description("The username to use with XPack security.") .dependsOn(AUTHORIZATION_SCHEME, AuthorizationScheme.BASIC) - .required(false) + .required(true) .expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT) .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) .build(); @@ -98,7 +108,7 @@ public interface ElasticSearchClientService extends ControllerService, Verifiabl .displayName("Password") .description("The password to use with XPack security.") .dependsOn(AUTHORIZATION_SCHEME, AuthorizationScheme.BASIC) - .required(false) + .required(true) .sensitive(true) .expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT) .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) @@ -109,7 +119,7 @@ public interface ElasticSearchClientService extends ControllerService, Verifiabl .displayName("API Key ID") .description("Unique identifier of the API key.") .dependsOn(AUTHORIZATION_SCHEME, AuthorizationScheme.API_KEY) - .required(false) + .required(true) .sensitive(false) .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) .build(); @@ -119,17 +129,7 @@ public interface ElasticSearchClientService extends ControllerService, Verifiabl .displayName("API Key") .description("Encoded API key.") .dependsOn(AUTHORIZATION_SCHEME, AuthorizationScheme.API_KEY) - .required(false) - .sensitive(true) - .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) - .build(); - - PropertyDescriptor JWT_SHARED_SECRET = new PropertyDescriptor.Builder() - .name("jwt-shared-secret") - .displayName("JWT Shared Secret") - .description("JWT realm Shared Secret.") - .dependsOn(AUTHORIZATION_SCHEME, AuthorizationScheme.JWT) - .required(false) + .required(true) .sensitive(true) .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) .build(); diff --git a/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java b/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java index 413bcc0c07..9bb3414733 100644 --- a/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java +++ b/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java @@ -164,17 +164,8 @@ public class ElasticSearchClientServiceImpl extends AbstractControllerService im final AuthorizationScheme authorizationScheme = validationContext.getProperty(AUTHORIZATION_SCHEME).asAllowableValue(AuthorizationScheme.class); - final boolean usernameSet = validationContext.getProperty(USERNAME).isSet(); - final boolean passwordSet = validationContext.getProperty(PASSWORD).isSet(); - - final boolean apiKeyIdSet = validationContext.getProperty(API_KEY_ID).isSet(); - final boolean apiKeySet = validationContext.getProperty(API_KEY).isSet(); - final SSLContextProvider sslContextProvider = validationContext.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextProvider.class); - final boolean jwtSharedSecretSet = validationContext.getProperty(JWT_SHARED_SECRET).isSet(); - final OAuth2AccessTokenProvider oAuth2Provider = validationContext.getProperty(OAUTH2_ACCESS_TOKEN_PROVIDER).asControllerService(OAuth2AccessTokenProvider.class); - if (authorizationScheme == AuthorizationScheme.PKI && (sslContextProvider == null)) { results.add(new ValidationResult.Builder().subject(PROP_SSL_CONTEXT_SERVICE.getName()).valid(false) .explanation(String.format("if '%s' is '%s' then '%s' must be set and specify a Keystore for mutual TLS encryption.", @@ -183,35 +174,6 @@ public class ElasticSearchClientServiceImpl extends AbstractControllerService im ); } - if (authorizationScheme == AuthorizationScheme.JWT) { - if (oAuth2Provider == null) { - results.add(new ValidationResult.Builder().subject(OAUTH2_ACCESS_TOKEN_PROVIDER.getName()).valid(false) - .explanation(String.format("if '%s' is '%s' then '%s' must be set.", - AUTHORIZATION_SCHEME.getDisplayName(), authorizationScheme.getDisplayName(), OAUTH2_ACCESS_TOKEN_PROVIDER.getDisplayName()) - ).build() - ); - } - if (!jwtSharedSecretSet) { - results.add(new ValidationResult.Builder().subject(JWT_SHARED_SECRET.getName()).valid(false) - .explanation(String.format("if '%s' is '%s' then '%s' must be set.", - AUTHORIZATION_SCHEME.getDisplayName(), authorizationScheme.getDisplayName(), JWT_SHARED_SECRET.getDisplayName()) - ).build() - ); - } - } - - if (usernameSet && !passwordSet) { - addAuthorizationPropertiesValidationIssue(results, USERNAME, PASSWORD); - } else if (passwordSet && !usernameSet) { - addAuthorizationPropertiesValidationIssue(results, PASSWORD, USERNAME); - } - - if (apiKeyIdSet && !apiKeySet) { - addAuthorizationPropertiesValidationIssue(results, API_KEY_ID, API_KEY); - } else if (apiKeySet && !apiKeyIdSet) { - addAuthorizationPropertiesValidationIssue(results, API_KEY, API_KEY_ID); - } - final boolean sniffClusterNodes = validationContext.getProperty(SNIFF_CLUSTER_NODES).asBoolean(); final boolean sniffOnFailure = validationContext.getProperty(SNIFF_ON_FAILURE).asBoolean(); if (sniffOnFailure && !sniffClusterNodes) { @@ -222,13 +184,6 @@ public class ElasticSearchClientServiceImpl extends AbstractControllerService im return results; } - private void addAuthorizationPropertiesValidationIssue(final List results, final PropertyDescriptor presentProperty, final PropertyDescriptor missingProperty) { - results.add(new ValidationResult.Builder().subject(missingProperty.getName()).valid(false) - .explanation(String.format("if '%s' is set, then '%s' must be set.", presentProperty.getDisplayName(), missingProperty.getDisplayName())) - .build() - ); - } - @OnEnabled public void onEnabled(final ConfigurationContext context) throws InitializationException { try { diff --git a/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java b/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java index 594f711b3e..98fc5cd674 100644 --- a/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java +++ b/nifi-extension-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java @@ -73,14 +73,11 @@ class ElasticSearchClientServiceImplTest { runner.assertValid(service); runner.removeProperty(service, ElasticSearchClientService.PASSWORD); - assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.USERNAME, ElasticSearchClientService.PASSWORD); - - runner.removeProperty(service, ElasticSearchClientService.USERNAME); - runner.assertValid(service); + assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.PASSWORD); runner.setProperty(service, ElasticSearchClientService.PASSWORD, "password"); runner.removeProperty(service, ElasticSearchClientService.USERNAME); - assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.PASSWORD, ElasticSearchClientService.USERNAME); + assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.USERNAME); } @Test @@ -91,14 +88,11 @@ class ElasticSearchClientServiceImplTest { runner.assertValid(service); runner.removeProperty(service, ElasticSearchClientService.API_KEY_ID); - assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.API_KEY, ElasticSearchClientService.API_KEY_ID); - - runner.removeProperty(service, ElasticSearchClientService.API_KEY); - runner.assertValid(service); + assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.API_KEY_ID); runner.setProperty(service, ElasticSearchClientService.API_KEY_ID, "api-key-id"); runner.removeProperty(service, ElasticSearchClientService.API_KEY); - assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.API_KEY_ID, ElasticSearchClientService.API_KEY); + assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.API_KEY); } @Test @@ -119,7 +113,7 @@ class ElasticSearchClientServiceImplTest { void testValidateJwtAuth() throws InitializationException { runner.setProperty(service, ElasticSearchClientService.AUTHORIZATION_SCHEME, AuthorizationScheme.JWT); runner.setProperty(service, ElasticSearchClientService.JWT_SHARED_SECRET, "jwt-shared-secret"); - assertJWTAuthorizationValidationErrorMessage(ElasticSearchClientService.OAUTH2_ACCESS_TOKEN_PROVIDER); + assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.OAUTH2_ACCESS_TOKEN_PROVIDER); final OAuth2AccessTokenProvider oAuth2AccessTokenProvider = mock(OAuth2AccessTokenProvider.class); when(oAuth2AccessTokenProvider.getIdentifier()).thenReturn("oauth2-access-token-provider"); @@ -128,12 +122,13 @@ class ElasticSearchClientServiceImplTest { runner.assertValid(service); runner.removeProperty(service, ElasticSearchClientService.JWT_SHARED_SECRET); - assertJWTAuthorizationValidationErrorMessage(ElasticSearchClientService.JWT_SHARED_SECRET); + assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.JWT_SHARED_SECRET); } - private void assertAuthorizationPropertyValidationErrorMessage(final PropertyDescriptor presentProperty, final PropertyDescriptor missingProperty) { + private void assertAuthorizationPropertyValidationErrorMessage(final PropertyDescriptor missingProperty) { final AssertionFailedError afe = assertThrows(AssertionFailedError.class, () -> runner.assertValid(service)); - assertTrue(afe.getMessage().contains(String.format("if '%s' is set, then '%s' must be set.", presentProperty.getDisplayName(), missingProperty.getDisplayName()))); + final String expectedMessage = String.format("%s is required", missingProperty.getDisplayName()); + assertTrue(afe.getMessage().contains(expectedMessage), String.format("Validation error message \"%s\" does not contain \"%s\"", afe.getMessage(), expectedMessage)); } private void assertPKIAuthorizationValidationErrorMessage() { @@ -145,14 +140,4 @@ class ElasticSearchClientServiceImplTest { ElasticSearchClientService.PROP_SSL_CONTEXT_SERVICE.getDisplayName() ))); } - - private void assertJWTAuthorizationValidationErrorMessage(final PropertyDescriptor expectedMissingProperty) { - final AssertionFailedError afe = assertThrows(AssertionFailedError.class, () -> runner.assertValid(service)); - assertTrue(afe.getMessage().contains(String.format( - "if '%s' is '%s' then '%s' must be set.", - ElasticSearchClientService.AUTHORIZATION_SCHEME.getDisplayName(), - AuthorizationScheme.JWT.getDisplayName(), - expectedMissingProperty.getDisplayName() - ))); - } }