pvillard31 commented on a change in pull request #4594:
URL: https://github.com/apache/nifi/pull/4594#discussion_r503265418
##########
File path:
nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/pom.xml
##########
@@ -45,24 +45,17 @@ language governing permissions and limitations under the
License. -->
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
- <artifactId>nifi-mock</artifactId>
- <version>1.13.0-SNAPSHOT</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-distributed-cache-client-service</artifactId>
- <scope>test</scope>
+ <artifactId>nifi-ssl-context-service-api</artifactId>
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
- <artifactId>nifi-ssl-context-service-api</artifactId>
Review comment:
A bit confused by the diff here, shouldn't we just remove the ``test``
scope?
##########
File path:
nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/processors/CaptureChangeMySQL.java
##########
@@ -738,6 +801,13 @@ protected void connect(List<InetSocketAddress> hosts,
String username, String pa
binlogClient.setServerId(serverId);
}
+ binlogClient.setSSLMode(sslMode);
+ if (sslContextService != null) {
+ final SSLContext sslContext =
sslContextService.createSSLContext(ClientAuth.NONE);
Review comment:
Why using ``ClientAuth.NONE`` here?
##########
File path:
nifi-nar-bundles/nifi-cdc/nifi-cdc-mysql-bundle/nifi-cdc-mysql-processors/src/main/java/org/apache/nifi/cdc/mysql/processors/CaptureChangeMySQL.java
##########
@@ -362,6 +377,23 @@
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
+ public static final PropertyDescriptor SSL_CONTEXT_SERVICE = new
PropertyDescriptor.Builder()
+ .name("SSL Context Service")
+ .displayName("SSL Context Service")
+ .description("SSL Context Service supporting encrypted socket
communication")
+ .required(false)
+ .identifiesControllerService(SSLContextService.class)
+ .build();
+
+ public static final PropertyDescriptor SSL_MODE = new
PropertyDescriptor.Builder()
+ .name("SSL Mode")
+ .displayName("SSL Mode")
+ .description("SSL Mode used when SSL Context Service configured
supporting certificate verification options")
+ .required(true)
+ .defaultValue(SSLMode.DISABLED.toString())
+ .allowableValues(SSL_MODES)
+ .build();
+
Review comment:
I'm a bit concerned by this property as this is going to overlap with
what is defined in the SSL Context Service for the client authentication.
SSL Context Service provides three options:
https://github.com/apache/nifi/blob/c2960998ac70009d9365326dce47b3d15ad299e4/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/ClientAuth.java#L26-L28
SSL_MODES are providing the below options:
https://github.com/shyiko/mysql-binlog-connector-java/blob/dd710a5466381faa57442977b24fceff56a0820e/src/main/java/com/github/shyiko/mysql/binlog/network/SSLMode.java#L23-L48
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
