From bf24d575b34bfd6a8b31bfd6ea3662863b59b492 Mon Sep 17 00:00:00 2001 From: Emilio Setiadarma Date: Mon, 12 Dec 2022 19:07:21 -0800 Subject: [PATCH] NIFI-10971: improved edge case handling while fetching objects using Azure Key Vault Client and added unit tests Signed-off-by: Pierre Villard This closes #6780. --- ...AzureKeyVaultSecretsParameterProvider.java | 13 +++-- ...AzureKeyVaultSecretsParameterProvider.java | 54 +++++++++++++++++++ 2 files changed, 64 insertions(+), 3 deletions(-) diff --git a/nifi-nar-bundles/nifi-azure-bundle/nifi-azure-parameter-providers/src/main/java/org/apache/nifi/parameter/azure/AzureKeyVaultSecretsParameterProvider.java b/nifi-nar-bundles/nifi-azure-bundle/nifi-azure-parameter-providers/src/main/java/org/apache/nifi/parameter/azure/AzureKeyVaultSecretsParameterProvider.java index 82f202533c..568dc49384 100644 --- a/nifi-nar-bundles/nifi-azure-bundle/nifi-azure-parameter-providers/src/main/java/org/apache/nifi/parameter/azure/AzureKeyVaultSecretsParameterProvider.java +++ b/nifi-nar-bundles/nifi-azure-bundle/nifi-azure-parameter-providers/src/main/java/org/apache/nifi/parameter/azure/AzureKeyVaultSecretsParameterProvider.java @@ -132,8 +132,10 @@ public class AzureKeyVaultSecretsParameterProvider extends AbstractParameterProv final List secrets = new ArrayList<>(); for (final SecretProperties secretProperties : secretClient.listPropertiesOfSecrets()) { - KeyVaultSecret secretWithValue = secretClient.getSecret(secretProperties.getName(), secretProperties.getVersion()); - secrets.add(secretWithValue); + if (secretProperties.isEnabled()) { + KeyVaultSecret secretWithValue = secretClient.getSecret(secretProperties.getName(), secretProperties.getVersion()); + secrets.add(secretWithValue); + } } return secrets; @@ -145,7 +147,12 @@ public class AzureKeyVaultSecretsParameterProvider extends AbstractParameterProv final String parameterName = secret.getName(); final String parameterValue = secret.getValue(); - final String parameterGroupName = secret.getProperties().getTags().get(GROUP_NAME_TAG); + final Map tags = secret.getProperties().getTags(); + if (tags == null) { + getLogger().debug("Secret with parameter name [{}] not recognized as a valid parameter since it does not have tags"); + continue; + } + final String parameterGroupName = tags.get(GROUP_NAME_TAG); if (parameterGroupName == null) { getLogger().debug("Secret with parameter name [{}] not recognized as a valid parameter since it " + "does not have the [{}] tag", parameterName, GROUP_NAME_TAG); diff --git a/nifi-nar-bundles/nifi-azure-bundle/nifi-azure-parameter-providers/src/test/java/org/apache/nifi/parameter/azure/TestAzureKeyVaultSecretsParameterProvider.java b/nifi-nar-bundles/nifi-azure-bundle/nifi-azure-parameter-providers/src/test/java/org/apache/nifi/parameter/azure/TestAzureKeyVaultSecretsParameterProvider.java index 92c3f2eaae..95e52e85dc 100644 --- a/nifi-nar-bundles/nifi-azure-bundle/nifi-azure-parameter-providers/src/test/java/org/apache/nifi/parameter/azure/TestAzureKeyVaultSecretsParameterProvider.java +++ b/nifi-nar-bundles/nifi-azure-bundle/nifi-azure-parameter-providers/src/test/java/org/apache/nifi/parameter/azure/TestAzureKeyVaultSecretsParameterProvider.java @@ -96,6 +96,59 @@ public class TestAzureKeyVaultSecretsParameterProvider { runProviderTest( 8, ConfigVerificationResult.Outcome.SUCCESSFUL); } + @Test + public void testFetchDisabledParameters() throws IOException, InitializationException { + final List secretPropertiesList = new ArrayList<>(); + for (final ParameterGroup group : mockParameterGroups) { + for (final Parameter parameter : group.getParameters()) { + final SecretProperties secretProperties = mock(SecretProperties.class); + + when(secretProperties.isEnabled()).thenReturn(false); + + secretPropertiesList.add(secretProperties); + } + + } + + final PagedIterable mockIterable = mock(PagedIterable.class); + when(secretClient.listPropertiesOfSecrets()).thenReturn(mockIterable); + when(mockIterable.iterator()).thenReturn(secretPropertiesList.iterator()); + runProviderTest( 0, ConfigVerificationResult.Outcome.SUCCESSFUL); + } + + @Test + public void testFetchParametersWithNullTagsShouldNotThrowError() throws IOException, InitializationException { + final List secretPropertiesList = new ArrayList<>(); + for (final ParameterGroup group : mockParameterGroups) { + for (final Parameter parameter : group.getParameters()) { + final String parameterName = parameter.getDescriptor().getName(); + final String parameterValue = parameter.getValue(); + final KeyVaultSecret secret = mock(KeyVaultSecret.class); + when(secret.getName()).thenReturn(parameterName); + when(secret.getValue()).thenReturn(parameterValue); + + final SecretProperties secretProperties = mock(SecretProperties.class); + when(secret.getProperties()).thenReturn(secretProperties); + + final Map tags = null; + when(secretProperties.getTags()).thenReturn(tags); + + when(secretProperties.getName()).thenReturn(parameterName); + when(secretProperties.getVersion()).thenReturn(null); + when(secretProperties.isEnabled()).thenReturn(true); + when(secretClient.getSecret(eq(parameterName), any())).thenReturn(secret); + + secretPropertiesList.add(secretProperties); + } + + } + + final PagedIterable mockIterable = mock(PagedIterable.class); + when(secretClient.listPropertiesOfSecrets()).thenReturn(mockIterable); + when(mockIterable.iterator()).thenReturn(secretPropertiesList.iterator()); + runProviderTest( 0, ConfigVerificationResult.Outcome.SUCCESSFUL); + } + @Test public void testFetchParametersListFailure() throws IOException, InitializationException { when(secretClient.listPropertiesOfSecrets()).thenThrow(new RuntimeException("Fake RuntimeException")); @@ -129,6 +182,7 @@ public class TestAzureKeyVaultSecretsParameterProvider { when(secretProperties.getName()).thenReturn(parameterName); when(secretProperties.getVersion()).thenReturn(null); + when(secretProperties.isEnabled()).thenReturn(true); when(secretClient.getSecret(eq(parameterName), any())).thenReturn(secret); secretPropertiesList.add(secretProperties);