Skip to content

Navigation Menu

Appearance settings

View all features
- BY COMPANY SIZE
  Enterprises
  Small and medium teams
  Startups
  Nonprofits
- BY USE CASE
  App Modernization
  DevSecOps
  DevOps
  CI/CD
  View all use cases
- BY INDUSTRY
  Healthcare
  Financial services
  Manufacturing
  Government
  View all industries
View all solutions
- EXPLORE BY TOPIC
  AI
  Software Development
  DevOps
  Security
  View all topics
- EXPLORE BY TYPE
  Customer stories
  Events & webinars
  Ebooks & reports
  Business insights
  GitHub Skills
- SUPPORT & SERVICES
  Documentation
  Customer support
  Community forum
  Trust center
  Partners
View all resources
- COMMUNITY
  GitHub SponsorsFund open source developers
- PROGRAMS
  Security Lab
  Maintainer Community
  Accelerator
  GitHub Stars
  Archive Program
- REPOSITORIES
  Topics
  Trending
  Collections
- ENTERPRISE SOLUTIONS
  Enterprise platformAI-powered developer platform
- AVAILABLE ADD-ONS
  GitHub Advanced SecurityEnterprise-grade security features
  Copilot for BusinessEnterprise-grade AI features
  Premium SupportEnterprise-grade 24/7 support
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

apache / nifi Public

Notifications You must be signed in to change notification settings
Fork 2.9k
Star 6k

Code
Pull requests 36
Actions
Security and quality
Insights

Additional navigation options

Code
Pull requests
Actions
Security and quality
Insights

NIFI-11360 Support Client-Side Encryption for Azure Blob v12 Processors#7182

Closed

mkalavala wants to merge 4 commits intoapache:mainapache/nifi:mainfrom

mkalavala:NIFI-11360mkalavala/nifi:NIFI-11360Copy head branch name to clipboard

Conversation Commits4 (4)Checks Files changed

Closed

NIFI-11360 Support Client-Side Encryption for Azure Blob v12 Processors#7182
mkalavala wants to merge 4 commits intoapache:mainfrom
mkalavala:NIFI-11360

Conversation

Copy link

Copy Markdown

Contributor

mkalavala commented Apr 17, 2023

Summary

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

Apache NiFi Jira issue created

Pull Request Tracking

Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000

Pull Request Formatting

Pull Request based on current revision of the main branch
Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

Build completed using mvn clean install -P contrib-check
- JDK 11
- JDK 17

Licensing

New dependencies are compatible with the Apache License 2.0 according to the License Policy
New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

Documentation formatting appears as expected in rendered files

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions


          NIFI-11360 Support Client-Side Encryption for Azure Blob v12 Processors

d0bcf9d

nandorsoma self-requested a review

April 24, 2023 12:46

exceptionfactory requested changes

View reviewed changes

Copy link

Copy Markdown

Contributor

exceptionfactory left a comment

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this new feature @mkalavala!

Although the approach is similar to the legacy implementation, this is a good opportunity to make some improvements. I noted some naming and implementation recommendations in several places. I also recommend removing the integration tests since they are not run automatically and can get stale quickly.

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...rocessors/src/main/java/org/apache/nifi/processors/azure/AbstractAzureBlobProcessor_v12.java Outdated Show resolved Hide resolved

Uh oh!

There was an error while loading. Please reload this page.

...rocessors/src/main/java/org/apache/nifi/processors/azure/AbstractAzureBlobProcessor_v12.java Outdated Show resolved Hide resolved

Uh oh!

There was an error while loading. Please reload this page.

.../org/apache/nifi/processors/azure/storage/utils/AzureBlobClientSideEncryptionMethod_v12.java Outdated Show resolved Hide resolved

Uh oh!

There was an error while loading. Please reload this page.

.../org/apache/nifi/processors/azure/storage/utils/AzureBlobClientSideEncryptionMethod_v12.java Outdated Show resolved Hide resolved

Uh oh!

There was an error while loading. Please reload this page.

.../org/apache/nifi/processors/azure/storage/utils/AzureBlobClientSideEncryptionMethod_v12.java Outdated Show resolved Hide resolved

Uh oh!

There was an error while loading. Please reload this page.

...a/org/apache/nifi/processors/azure/storage/utils/AzureBlobClientSideEncryptionUtils_v12.java Outdated

Comment on lines +44 to +45

		.name("cse-key-type")
		.displayName("Client-Side Encryption Key Type")

Copy link

Copy Markdown

Contributor

exceptionfactory Apr 25, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although the conventions are not consistent, in this case, the new properties can have the same name and displayName.

Suggested change

      
                        .name("cse-key-type")
          
                        .displayName("Client-Side Encryption Key Type")
          
                        .name("Client-Side Encryption Key Type")
          
                        .displayName("Client-Side Encryption Key Type")

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

mkalavala reacted with thumbs up emoji

All reactions

👍 1 reaction

...a/org/apache/nifi/processors/azure/storage/utils/AzureBlobClientSideEncryptionUtils_v12.java Outdated Show resolved Hide resolved

Uh oh!

There was an error while loading. Please reload this page.

...a/org/apache/nifi/processors/azure/storage/utils/AzureBlobClientSideEncryptionUtils_v12.java Outdated Show resolved Hide resolved

Uh oh!

There was an error while loading. Please reload this page.

...a/org/apache/nifi/processors/azure/storage/utils/AzureBlobClientSideEncryptionUtils_v12.java Outdated Show resolved Hide resolved

Uh oh!

There was an error while loading. Please reload this page.

...s/src/test/java/org/apache/nifi/processors/azure/storage/AbstractAzureBlobStorage_v12IT.java Show resolved Hide resolved

Uh oh!

There was an error while loading. Please reload this page.


          NIFI-11360 Address review comments

13de54f

mkalavala requested a review from exceptionfactory

April 27, 2023 16:37


          NIFI-11475 Fixed missing jackson-dataformat-xml in nifi-azure-service…

14f86a2

…s-api

This closes apache#7186

Signed-off-by: David Handermann <exceptionfactory@apache.org>
(cherry picked from commit 8586ac5)

exceptionfactory requested changes

View reviewed changes

Copy link

Copy Markdown

Contributor

exceptionfactory left a comment

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @mkalavala! Functional behavior works as expected, and these changes interoperate with the earlier versions of the Processors. I noted some additional wording and style adjustments, but otherwise this looks close to completion.

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...e-processors/src/main/java/org/apache/nifi/processors/azure/ClientSideEncryptionSupport.java Outdated

Comment on lines +99 to +101

+                          byte[] keyBytes;
+                          try {
+                              keyBytes = Hex.decodeHex(keyHex);

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The declaration and assignment can be merged.

Suggested change

      
                        byte[] keyBytes;
          
                        try {
          
                            keyBytes = Hex.decodeHex(keyHex);
          
                        try {
          
                            final byte[] keyBytes = Hex.decodeHex(keyHex);

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...e-processors/src/main/java/org/apache/nifi/processors/azure/ClientSideEncryptionSupport.java Outdated

+                              keyBytes = Hex.decodeHex(keyHex);
+                              if (getKeyWrapAlgorithm(keyBytes) == null) {
+                                  validationResults.add(new ValidationResult.Builder().subject(CSE_LOCAL_KEY_HEX.getDisplayName())
+                                          .explanation("the local key must be 128, 192, 256, 384 or 512 bits of data.").build());

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recommend adjusting the wording and including the actual length.

Suggested change

      
                                        .explanation("the local key must be 128, 192, 256, 384 or 512 bits of data.").build());
          
                                        .explanation(String.format("Key size in bits must be one of [128, 192, 256, 384, 512] instead of [%d]", keyBytes.length * 8)).build());

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...e-processors/src/main/java/org/apache/nifi/processors/azure/ClientSideEncryptionSupport.java Outdated

+                              }
+                          } catch (DecoderException e) {
+                              validationResults.add(new ValidationResult.Builder().subject(CSE_LOCAL_KEY_HEX.getDisplayName())
+                                      .explanation("the local key must be a valid hexadecimal string.").build());

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

      
                                    .explanation("the local key must be a valid hexadecimal string.").build());
          
                                    .explanation("Key must be a valid hexadecimal string").build());

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...e-processors/src/main/java/org/apache/nifi/processors/azure/ClientSideEncryptionSupport.java Outdated

+                      final List<ValidationResult> validationResults = new ArrayList<>();
+                      if (StringUtils.isBlank(keyHex)) {
+                          validationResults.add(new ValidationResult.Builder().subject(CSE_LOCAL_KEY_HEX.getDisplayName())
+                                  .explanation("a local key must be set when client-side encryption is enabled with local encryption.").build());

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

      
                                .explanation("a local key must be set when client-side encryption is enabled with local encryption.").build());
          
                                .explanation("a local key must be set when client-side encryption is enabled").build());

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...e-processors/src/main/java/org/apache/nifi/processors/azure/ClientSideEncryptionSupport.java Outdated

+                      final String cseLocalKeyHex = validationContext.getProperty(CSE_LOCAL_KEY_HEX).getValue();
+                      if (cseKeyType != ClientSideEncryptionMethod.NONE && StringUtils.isBlank(cseKeyId)) {
+                          validationResults.add(new ValidationResult.Builder().subject(CSE_KEY_ID.getDisplayName())
+                                  .explanation("a key ID must be set when client-side encryption is enabled.").build());

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

      
                                .explanation("a key ID must be set when client-side encryption is enabled.").build());
          
                                .explanation("a key ID must be set when client-side encryption is enabled").build());

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...e-processors/src/main/java/org/apache/nifi/processors/azure/ClientSideEncryptionSupport.java

+                          .dependsOn(CSE_KEY_TYPE, ClientSideEncryptionMethod.LOCAL.name())
+                          .build();
+                  PropertyDescriptor CSE_LOCAL_KEY_HEX = new PropertyDescriptor.Builder()

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

      
                PropertyDescriptor CSE_LOCAL_KEY_HEX = new PropertyDescriptor.Builder()
          
                PropertyDescriptor CSE_LOCAL_KEY = new PropertyDescriptor.Builder()

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...e-processors/src/main/java/org/apache/nifi/processors/azure/ClientSideEncryptionSupport.java Outdated

+                          .displayName("Client-Side Encryption Key ID")
+                          .description("Specifies the ID of the key to use for client-side encryption.")
+                          .expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES)
+                          .required(false)

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be changed to required(true) since it depends on the Local Type, which should remove the need for custom validation.

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...e-processors/src/main/java/org/apache/nifi/processors/azure/ClientSideEncryptionSupport.java Outdated

+                          .name("cse-local-key-hex")
+                          .displayName("Client-Side Encryption Local Key")
+                          .description("When using local client-side encryption, this is the raw key, encoded in hexadecimal")
+                          .required(false)

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

      
                        .required(false)
          
                        .required(true)

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...ocessors/src/main/java/org/apache/nifi/processors/azure/storage/PutAzureBlobStorage_v12.java Outdated

Comment on lines +133 to +134

		CSE_KEY_ID,
		CSE_KEY_TYPE,

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Key Type should be listed before the Key ID:

Suggested change

      
                        CSE_KEY_ID,
          
                        CSE_KEY_TYPE,
          
                        CSE_KEY_TYPE,
          
                        CSE_KEY_ID,

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

...essors/src/main/java/org/apache/nifi/processors/azure/storage/FetchAzureBlobStorage_v12.java Outdated

Comment on lines +123 to +124

		CSE_KEY_ID,
		CSE_KEY_TYPE,

Copy link

Copy Markdown

Contributor

exceptionfactory May 1, 2023

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

      
                        CSE_KEY_ID,
          
                        CSE_KEY_TYPE,
          
                        CSE_KEY_TYPE,
          
                        CSE_KEY_ID,

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Copy link

Copy Markdown

Contributor

exceptionfactory commented May 1, 2023

@mkalavala I also cherry-picked the fix from NIFI-11475 on to the pull request branch to correct a missing runtime dependency on jackson-dataformat-xml, which is already corrected in the main branch.

All reactions

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.


          NIFI-11360 Address review comments

789a039

exceptionfactory approved these changes

View reviewed changes

Copy link

Copy Markdown

Contributor

exceptionfactory left a comment

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @mkalavala, the latest version looks good! +1 merging

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

exceptionfactory closed this in

aad7b40

exceptionfactory pushed a commit that referenced this pull request


          NIFI-11360 Added Client-Side Encryption for Azure Blob v12 Processors

66b2e2f

This closes #7182

Signed-off-by: David Handermann <exceptionfactory@apache.org>
(cherry picked from commit aad7b40)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

exceptionfactory exceptionfactory approved these changes

nandorsoma Awaiting requested review from nandorsoma

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Uh oh!

There was an error while loading. Please reload this page.

3 participants

Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Footer

© 2026 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Community
Docs
Contact

You can’t perform that action at this time.