nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [nifi-minifi-cpp] szaszm commented on a change in pull request #886: MINIFICPP-1323 Encrypt sensitive properties
Date Tue, 29 Sep 2020 14:32:41 GMT

szaszm commented on a change in pull request #886:
URL: https://github.com/apache/nifi-minifi-cpp/pull/886#discussion_r496767468



##########
File path: main/MiNiFiMain.cpp
##########
@@ -53,13 +53,41 @@
 #include "core/FlowConfiguration.h"
 #include "core/ConfigurationFactory.h"
 #include "core/RepositoryFactory.h"
+#include "properties/Decryptor.h"
 #include "utils/file/PathUtils.h"
 #include "utils/file/FileUtils.h"
 #include "utils/Environment.h"
 #include "FlowController.h"
 #include "AgentDocs.h"
 #include "MainHelper.h"
 
+namespace {
+#ifdef OPENSSL_SUPPORT
+bool containsEncryptedProperties(const minifi::Configure& minifi_properties) {
+  const auto is_encrypted_property_marker = [&minifi_properties](const std::string&
property_name) {
+    return utils::StringUtils::endsWith(property_name, ".protected") &&
+        minifi::Decryptor::isEncrypted(minifi_properties.get(property_name));
+  };
+  const auto property_names = minifi_properties.getConfiguredKeys();
+  return std::any_of(property_names.begin(), property_names.end(), is_encrypted_property_marker);
+}
+
+void decryptSensitiveProperties(minifi::Configure& minifi_properties, const std::string&
minifi_home, logging::Logger& logger) {

Review comment:
       In case of encrypt-config: definitely, since a few microseconds delay doesn't hurt
the user experience. My estimate: 100 properties * 3 std::strings (~allocations) per property
* ~500 ns per allocation ~= 150000 ns = 150 μs
   In case of `decryptSensitiveProperties`: probably yes, because it runs only once during
startup/initialization, but I'm not 100% sure about this one.
   Also, maybe moving resources can help avoid copies. (pass-by-value and move into the value,
transform private copy, return private copy with NRVO or implicit move).
   
   If you disagree, that's also fine with me, I'm not insisting on this change.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message