From 3a35bc1f19a7a9033aede9bfa9a77cee7d903a68 Mon Sep 17 00:00:00 2001 From: Chris Sampson Date: Mon, 28 Nov 2022 10:25:19 +0000 Subject: [PATCH 1/2] NIFI-10882 prevent setting of both BASIC and API_KEY Authorization Scheme properties in ElasticSearchClientService --- .../ElasticSearchClientServiceImpl.java | 9 +++++++++ .../unit/ElasticSearchClientServiceImplTest.java | 16 ++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java index 4809b85fd206..688f11173350 100644 --- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java +++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java @@ -144,6 +144,15 @@ protected Collection customValidate(final ValidationContext va addAuthorizationPropertiesValidationIssue(results, API_KEY, API_KEY_ID); } + if ((usernameSet || passwordSet) && (apiKeyIdSet || apiKeySet)) { + results.add(new ValidationResult.Builder().subject(AuthorizationScheme.API_KEY == authorizationScheme ? USERNAME.getName() : API_KEY_ID.getName()).valid(false) + .explanation(String.format("cannot specify '%s'/'%s' and '%s'/'%s' together.", + USERNAME.getDisplayName(), PASSWORD.getDisplayName(), + API_KEY_ID.getDisplayName(), API_KEY.getDisplayName()) + ).build() + ); + } + return results; } diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java index ae2f0bbc9b02..9c953640ae0f 100644 --- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java +++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java @@ -103,6 +103,22 @@ void testValidateApiKeyAuth() { assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.API_KEY_ID, ElasticSearchClientService.API_KEY); } + @Test + void testValidateBasicAndApiKeyAuth() { + runner.setProperty(service, ElasticSearchClientService.AUTHORIZATION_SCHEME, AuthorizationScheme.API_KEY.getValue()); + runner.setProperty(service, ElasticSearchClientService.USERNAME, "username"); + runner.setProperty(service, ElasticSearchClientService.PASSWORD, "password"); + runner.setProperty(service, ElasticSearchClientService.API_KEY_ID, "api-key-id"); + runner.setProperty(service, ElasticSearchClientService.API_KEY, "api-key"); + runner.assertNotValid(service); + + final AssertionFailedError afe = assertThrows(AssertionFailedError.class, () -> runner.assertValid(service)); + assertTrue(afe.getMessage().contains(String.format("cannot specify '%s'/'%s' and '%s'/'%s' together.", + ElasticSearchClientService.USERNAME.getDisplayName(), ElasticSearchClientService.PASSWORD.getDisplayName(), + ElasticSearchClientService.API_KEY_ID.getDisplayName(), ElasticSearchClientService.API_KEY.getDisplayName())) + ); + } + @Test void testValidatePkiAuth() throws InitializationException { runner.setProperty(service, ElasticSearchClientService.AUTHORIZATION_SCHEME, AuthorizationScheme.PKI.getValue()); From 2bd239063546d8793836f9822c5dc4c9a5437165 Mon Sep 17 00:00:00 2001 From: Chris Sampson Date: Mon, 28 Nov 2022 19:57:36 +0000 Subject: [PATCH 2/2] NIFI-10882 set auth properties for ElasticSearchClientService requests based on selected AuthorizationScheme --- .../ElasticSearchClientServiceImpl.java | 19 ++++++------------- .../ElasticSearchClientServiceImplTest.java | 16 ---------------- 2 files changed, 6 insertions(+), 29 deletions(-) diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java index 688f11173350..ca7c2d306fdc 100644 --- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java +++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java @@ -144,15 +144,6 @@ protected Collection customValidate(final ValidationContext va addAuthorizationPropertiesValidationIssue(results, API_KEY, API_KEY_ID); } - if ((usernameSet || passwordSet) && (apiKeyIdSet || apiKeySet)) { - results.add(new ValidationResult.Builder().subject(AuthorizationScheme.API_KEY == authorizationScheme ? USERNAME.getName() : API_KEY_ID.getName()).valid(false) - .explanation(String.format("cannot specify '%s'/'%s' and '%s'/'%s' together.", - USERNAME.getDisplayName(), PASSWORD.getDisplayName(), - API_KEY_ID.getDisplayName(), API_KEY.getDisplayName()) - ).build() - ); - } - return results; } @@ -258,6 +249,8 @@ private void verifyRootConnection(final RestClient verifyClient, final ConfigVer } private RestClient setupClient(final ConfigurationContext context) throws MalformedURLException, InitializationException { + final AuthorizationScheme authorizationScheme = AuthorizationScheme.valueOf(context.getProperty(AUTHORIZATION_SCHEME).getValue()); + final String hosts = context.getProperty(HTTP_HOSTS).evaluateAttributeExpressions().getValue(); final String[] hostsSplit = hosts.split(",\\s*"); this.url = hostsSplit[0]; @@ -270,7 +263,7 @@ private RestClient setupClient(final ConfigurationContext context) throws Malfor final String apiKey = context.getProperty(API_KEY).getValue(); final Integer connectTimeout = context.getProperty(CONNECT_TIMEOUT).asInteger(); - final Integer readTimeout = context.getProperty(SOCKET_TIMEOUT).asInteger(); + final Integer socketTimeout = context.getProperty(SOCKET_TIMEOUT).asInteger(); final ProxyConfigurationService proxyConfigurationService = context.getProperty(PROXY_CONFIGURATION_SERVICE).asControllerService(ProxyConfigurationService.class); @@ -296,11 +289,11 @@ private RestClient setupClient(final ConfigurationContext context) throws Malfor } CredentialsProvider credentialsProvider = null; - if (username != null && password != null) { + if (AuthorizationScheme.BASIC == authorizationScheme && username != null && password != null) { credentialsProvider = addCredentials(null, AuthScope.ANY, username, password); } - if (apiKeyId != null && apiKey != null) { + if (AuthorizationScheme.API_KEY == authorizationScheme && apiKeyId != null && apiKey != null) { httpClientBuilder.setDefaultHeaders(Collections.singletonList(createApiKeyAuthorizationHeader(apiKeyId, apiKey))); } @@ -322,7 +315,7 @@ private RestClient setupClient(final ConfigurationContext context) throws Malfor }) .setRequestConfigCallback(requestConfigBuilder -> { requestConfigBuilder.setConnectTimeout(connectTimeout); - requestConfigBuilder.setSocketTimeout(readTimeout); + requestConfigBuilder.setSocketTimeout(socketTimeout); return requestConfigBuilder; }); diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java index 9c953640ae0f..ae2f0bbc9b02 100644 --- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java +++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/java/org/apache/nifi/elasticsearch/unit/ElasticSearchClientServiceImplTest.java @@ -103,22 +103,6 @@ void testValidateApiKeyAuth() { assertAuthorizationPropertyValidationErrorMessage(ElasticSearchClientService.API_KEY_ID, ElasticSearchClientService.API_KEY); } - @Test - void testValidateBasicAndApiKeyAuth() { - runner.setProperty(service, ElasticSearchClientService.AUTHORIZATION_SCHEME, AuthorizationScheme.API_KEY.getValue()); - runner.setProperty(service, ElasticSearchClientService.USERNAME, "username"); - runner.setProperty(service, ElasticSearchClientService.PASSWORD, "password"); - runner.setProperty(service, ElasticSearchClientService.API_KEY_ID, "api-key-id"); - runner.setProperty(service, ElasticSearchClientService.API_KEY, "api-key"); - runner.assertNotValid(service); - - final AssertionFailedError afe = assertThrows(AssertionFailedError.class, () -> runner.assertValid(service)); - assertTrue(afe.getMessage().contains(String.format("cannot specify '%s'/'%s' and '%s'/'%s' together.", - ElasticSearchClientService.USERNAME.getDisplayName(), ElasticSearchClientService.PASSWORD.getDisplayName(), - ElasticSearchClientService.API_KEY_ID.getDisplayName(), ElasticSearchClientService.API_KEY.getDisplayName())) - ); - } - @Test void testValidatePkiAuth() throws InitializationException { runner.setProperty(service, ElasticSearchClientService.AUTHORIZATION_SCHEME, AuthorizationScheme.PKI.getValue());