New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NIFI-11536: implemented AbstractStoreScanner and KeyStoreScanner that… #7446
Conversation
… reloads SSL context, changed TrustStoreScanner to extend the AbstractStoreScanner, and implemented unit tests
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for addressing the issue @emiliosetiadarma! The general implementation approach looks good.
Reviewing the differences between the Scanner implementations, it looks like it comes down to configuration. Recommend making one concrete class named StoreScanner
and using constructor arguments to provide the appropriate settings.
.../nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/util/AbstractStoreScanner.java
Outdated
Show resolved
Hide resolved
.../nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/util/AbstractStoreScanner.java
Outdated
Show resolved
Hide resolved
.../nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/util/AbstractStoreScanner.java
Outdated
Show resolved
Hide resolved
.../nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/util/AbstractStoreScanner.java
Outdated
Show resolved
Hide resolved
Thanks @exceptionfactory for the quick review! Will address the comments |
…mentation StoreScanner
I made the changes while still preserving
Some thoughts: I was wondering if we were to have just one class whether it's a good idea to have both a keystore scanner and truststore scanner in the same class. One advantage this would have is if both keystore and truststore changed, then the |
It is not necessary to define a class-specific logger, although maintaining two separate class implementations might be useful based on the second concern.
That is a good point regarding
Although having one class might be worth considering, in general the keystore and truststore should change independently, so keeping two separate classes sounds good. Thanks for considering the options. |
…with StoreScanner
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates @emiliosetiadarma, this looks closer to completion. Can you consolidate the two test classes into a single StoreScannerTest
now that there is a single implementation class?
…th StoreScannerTest
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for working through the feedback @emiliosetiadarma, the latest version works as expected in success and failure conditions. +1 merging
- Replaced Jetty KeyStoreScanner and custom TrustStoreScanner with shared StoreScanner - New StoreScanner uses TLS Configuration to reload SSLContext instead of relying on Jetty SslContextFactory properties This closes #7446 Signed-off-by: David Handermann <exceptionfactory@apache.org> (cherry picked from commit a85ef2c)
… reloads SSL context, changed TrustStoreScanner to extend the AbstractStoreScanner, and implemented unit tests
Summary
NIFI-11536
Tracking
Please complete the following tracking steps prior to pull request creation.
Issue Tracking
Pull Request Tracking
NIFI-00000
NIFI-00000
Pull Request Formatting
main
branchVerification
Please indicate the verification steps performed prior to pull request creation.
Build
mvn clean install -P contrib-check
Licensing
LICENSE
andNOTICE
filesDocumentation