Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NIFI-12061: allow using AWS Secrets Manager without ListSecrets permi… #9483

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

NIFI-12061: allow using AWS Secrets Manager without ListSecrets permi… #9483

wants to merge 4 commits into from

Conversation

grishick
Copy link
Contributor

@grishick grishick commented Nov 4, 2024

Summary

NIFI-12061
Add Secret Name parameter to AwsSecretsManagerParameterProvider to allow the provider to work without ListSecrets permission. Original behavior where the provider lists all secrets and matches them to Secret Name Pattern is preserved by leaving Secret Name parameter undefined. The new behavior will skip listing secrets and ignore Secret Name Pattern only if Secret Name is provided. I made this change in Anetac's Nifi fork months ago and we are using it in production.

Corresponding PR for 1.x branch: #9386

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

Pull Request Tracking

  • Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-12061
  • Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-12061

Pull Request Formatting

  • Pull Request based on current revision of the support/nifi-1.x branch
  • Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

  • Build completed using mvn clean install -P contrib-check
    • JDK 21

Licensing

  • New dependencies are compatible with the Apache License 2.0 according to the License Policy
  • New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

  • Documentation formatting appears as expected in rendered files

@grishick grishick mentioned this pull request Nov 4, 2024
Open
10 tasks
exceptionfactory
exceptionfactory requested changes Nov 5, 2024
View reviewed changes
Copy link
Contributor

@exceptionfactory exceptionfactory left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for putting together these changes for the main branch @grishick. The general approach looks good, I noted several stylistic recommendations.

...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated Show resolved Hide resolved
...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated Show resolved Hide resolved
...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated Show resolved Hide resolved
...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated Show resolved Hide resolved
...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated Show resolved Hide resolved
...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated Show resolved Hide resolved
...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated Show resolved Hide resolved
...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated Show resolved Hide resolved
...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated Show resolved Hide resolved
EndzeitBegins
EndzeitBegins suggested changes Nov 5, 2024
View reviewed changes
Copy link
Contributor

@EndzeitBegins EndzeitBegins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides David's useful review, I've just found one minor change that's not needed when targeting main.

When those pending comments are addressed, the overall PR looks good to me. Thank you for working on this @grishick.

...roviders/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java Outdated
@@ -117,13 +178,15 @@ public class AwsSecretsManagerParameterProvider extends AbstractParameterProvide

private static final String DEFAULT_USER_AGENT = "NiFi";
private static final Protocol DEFAULT_PROTOCOL = Protocol.HTTPS;
private static final List<PropertyDescriptor> PROPERTIES = List.of(
private static final List<PropertyDescriptor> PROPERTIES = Collections.unmodifiableList(Arrays.asList(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the main branch the declaration of PROPERTIES can remain to use List.of.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. I switched it back to List.of

@grishick
Copy link
Contributor Author

grishick commented Nov 5, 2024

Thanks a lot for the reviews and suggestions and apologies for the messy commits! I've addressed the comments and pushed the update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EndzeitBegins EndzeitBegins Awaiting requested review from EndzeitBegins

@exceptionfactory exceptionfactory Awaiting requested review from exceptionfactory

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@grishick @EndzeitBegins @exceptionfactory @greg-anetac