From d5206b1ddd6ab9be80c24fce3d9fb7ca8db7f26b Mon Sep 17 00:00:00 2001
From: Peter Turcsanyi <turcsanyi@apache.org>
Date: Fri, 2 Feb 2024 21:10:59 +0100
Subject: [PATCH] NIFI-12736 Fixed migration of credential properties in AWS
 processors

This closes #8353

Signed-off-by: David Handermann <exceptionfactory@apache.org>
---
 ...stractAWSCredentialsProviderProcessor.java | 30 ++++++++++---------
 .../aws/v2/AbstractAwsProcessor.java          | 30 ++++++++++---------
 2 files changed, 32 insertions(+), 28 deletions(-)

diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSCredentialsProviderProcessor.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSCredentialsProviderProcessor.java
index a286f754b8..f9a81ad208 100644
--- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSCredentialsProviderProcessor.java
+++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSCredentialsProviderProcessor.java
@@ -83,7 +83,7 @@ public abstract class AbstractAWSCredentialsProviderProcessor<ClientType extends
     private static final String AUTH_SERVICE_ACCESS_KEY = "Access Key";
     private static final String AUTH_SERVICE_SECRET_KEY = "Secret Key";
     private static final String AUTH_SERVICE_CREDENTIALS_FILE = "Credentials File";
-    private static final String AUTH_SERVICE_DEFAULT_CREDENTIALS = "default-credentials";
+    private static final String AUTH_SERVICE_ANONYMOUS_CREDENTIALS = "anonymous-credentials";
     private static final String PROXY_SERVICE_HOST = "proxy-server-host";
     private static final String PROXY_SERVICE_PORT = "proxy-server-port";
     private static final String PROXY_SERVICE_USERNAME = "proxy-user-name";
@@ -197,21 +197,23 @@ public abstract class AbstractAWSCredentialsProviderProcessor<ClientType extends
     }
 
     private void migrateAuthenticationProperties(final PropertyConfiguration config) {
-        if (config.isPropertySet(OBSOLETE_ACCESS_KEY) && config.isPropertySet(OBSOLETE_SECRET_KEY)) {
-            final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
-                AUTH_SERVICE_ACCESS_KEY, config.getRawPropertyValue(OBSOLETE_ACCESS_KEY).get(),
-                AUTH_SERVICE_SECRET_KEY, config.getRawPropertyValue(OBSOLETE_SECRET_KEY).get()));
+        if (!config.isPropertySet(AWS_CREDENTIALS_PROVIDER_SERVICE)) {
+            if (config.isPropertySet(OBSOLETE_ACCESS_KEY) && config.isPropertySet(OBSOLETE_SECRET_KEY)) {
+                final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
+                        AUTH_SERVICE_ACCESS_KEY, config.getRawPropertyValue(OBSOLETE_ACCESS_KEY).get(),
+                        AUTH_SERVICE_SECRET_KEY, config.getRawPropertyValue(OBSOLETE_SECRET_KEY).get()));
 
-            config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE.getName(), serviceId);
-        } else if (config.isPropertySet(OBSOLETE_CREDENTIALS_FILE)) {
-            final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
-                AUTH_SERVICE_CREDENTIALS_FILE, config.getRawPropertyValue(OBSOLETE_CREDENTIALS_FILE).get()));
+                config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE.getName(), serviceId);
+            } else if (config.isPropertySet(OBSOLETE_CREDENTIALS_FILE)) {
+                final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
+                        AUTH_SERVICE_CREDENTIALS_FILE, config.getRawPropertyValue(OBSOLETE_CREDENTIALS_FILE).get()));
 
-            config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, serviceId);
-        } else if (!config.isPropertySet(AWS_CREDENTIALS_PROVIDER_SERVICE)) {
-            final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
-                AUTH_SERVICE_DEFAULT_CREDENTIALS, "true"));
-            config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, serviceId);
+                config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, serviceId);
+            } else {
+                final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
+                        AUTH_SERVICE_ANONYMOUS_CREDENTIALS, "true"));
+                config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, serviceId);
+            }
         }
 
         config.removeProperty(OBSOLETE_ACCESS_KEY);
diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
index f29989caf0..a6a2a29bb1 100644
--- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
+++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
@@ -86,7 +86,7 @@ public abstract class AbstractAwsProcessor<T extends SdkClient> extends Abstract
     private static final String AUTH_SERVICE_ACCESS_KEY = "Access Key";
     private static final String AUTH_SERVICE_SECRET_KEY = "Secret Key";
     private static final String AUTH_SERVICE_CREDENTIALS_FILE = "Credentials File";
-    private static final String AUTH_SERVICE_DEFAULT_CREDENTIALS = "default-credentials";
+    private static final String AUTH_SERVICE_ANONYMOUS_CREDENTIALS = "anonymous-credentials";
     private static final String PROXY_SERVICE_HOST = "proxy-server-host";
     private static final String PROXY_SERVICE_PORT = "proxy-server-port";
     private static final String PROXY_SERVICE_USERNAME = "proxy-user-name";
@@ -200,21 +200,23 @@ public abstract class AbstractAwsProcessor<T extends SdkClient> extends Abstract
     }
 
     private void migrateAuthenticationProperties(final PropertyConfiguration config) {
-        if (config.isPropertySet(OBSOLETE_ACCESS_KEY) && config.isPropertySet(OBSOLETE_SECRET_KEY)) {
-            final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
-                AUTH_SERVICE_ACCESS_KEY, config.getRawPropertyValue(OBSOLETE_ACCESS_KEY).get(),
-                AUTH_SERVICE_SECRET_KEY, config.getRawPropertyValue(OBSOLETE_SECRET_KEY).get()));
+        if (!config.isPropertySet(AWS_CREDENTIALS_PROVIDER_SERVICE)) {
+            if (config.isPropertySet(OBSOLETE_ACCESS_KEY) && config.isPropertySet(OBSOLETE_SECRET_KEY)) {
+                final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
+                        AUTH_SERVICE_ACCESS_KEY, config.getRawPropertyValue(OBSOLETE_ACCESS_KEY).get(),
+                        AUTH_SERVICE_SECRET_KEY, config.getRawPropertyValue(OBSOLETE_SECRET_KEY).get()));
 
-            config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE.getName(), serviceId);
-        } else if (config.isPropertySet(OBSOLETE_CREDENTIALS_FILE)) {
-            final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
-                AUTH_SERVICE_CREDENTIALS_FILE, config.getRawPropertyValue(OBSOLETE_CREDENTIALS_FILE).get()));
+                config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE.getName(), serviceId);
+            } else if (config.isPropertySet(OBSOLETE_CREDENTIALS_FILE)) {
+                final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
+                        AUTH_SERVICE_CREDENTIALS_FILE, config.getRawPropertyValue(OBSOLETE_CREDENTIALS_FILE).get()));
 
-            config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, serviceId);
-        } else if (!config.isPropertySet(AWS_CREDENTIALS_PROVIDER_SERVICE)) {
-            final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
-                AUTH_SERVICE_DEFAULT_CREDENTIALS, "true"));
-            config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, serviceId);
+                config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, serviceId);
+            } else {
+                final String serviceId = config.createControllerService(CREDENTIALS_SERVICE_CLASSNAME, Map.of(
+                        AUTH_SERVICE_ANONYMOUS_CREDENTIALS, "true"));
+                config.setProperty(AWS_CREDENTIALS_PROVIDER_SERVICE, serviceId);
+            }
         }
 
         config.removeProperty(OBSOLETE_ACCESS_KEY);