Skip to content

NIFI-15161 - Add support for Azure Federated Identity Credentials #10482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

NIFI-15161 - Add support for Azure Federated Identity Credentials #10482

wants to merge 2 commits into from
+1,295 −168

Conversation

@pvillard31
Copy link
Contributor

@pvillard31 pvillard31 commented Oct 30, 2025
edited
Loading

Summary

NIFI-15161 - Add support for Azure Federated Identity Credentials in Storage components + EventHub components

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

Pull Request Tracking

  • Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
  • Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000

Pull Request Formatting

  • Pull Request based on current revision of the main branch
  • Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

  • Build completed using ./mvnw clean install -P contrib-check
    • JDK 21
    • JDK 25

Licensing

  • New dependencies are compatible with the Apache License 2.0 according to the License Policy
  • New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

  • Documentation formatting appears as expected in rendered files

@pvillard31 pvillard31 changed the title NIFI-15161 - Add support for Azure Federated Identity Credentials in Storage components NIFI-15161 - Add support for Azure Federated Identity Credentials Nov 27, 2025
@pvillard31
Copy link
Contributor Author

pvillard31 commented Nov 27, 2025

Added support for EventHub components as well.

Screenshot 2025-11-27 at 17 21 01 Screenshot 2025-11-27 at 17 19 05 Screenshot 2025-11-27 at 17 18 54 Screenshot 2025-11-27 at 17 18 43

turcsanyip
turcsanyip reviewed Nov 27, 2025
View reviewed changes
...processors/src/main/java/org/apache/nifi/processors/azure/eventhub/ConsumeAzureEventHub.java Outdated
Comment on lines 552 to 562
} else if (blobStorageAuthenticationStrategy == BlobStorageAuthenticationStrategy.IDENTITY_FEDERATION) {
if (StringUtils.isNotBlank(storageAccountKey)) {
results.add(new ValidationResult.Builder()
.subject(STORAGE_ACCOUNT_KEY.getDisplayName())
.explanation("%s must not be set when %s is %s."
.formatted(STORAGE_ACCOUNT_KEY.getDisplayName(),
BLOB_STORAGE_AUTHENTICATION_STRATEGY.getDisplayName(),
BlobStorageAuthenticationStrategy.IDENTITY_FEDERATION.getDisplayName()))
.valid(false)
.build());
}
Copy link
Contributor

@turcsanyip turcsanyip Nov 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pvillard31 Thanks for addig identity federation support in Azure processors. My plan is to review it in more detail.

Just an initial question: Are these extensive validation steps really needed? I mean the authentication related properties are controlled by the Authentication Strategy property: only the relevant properties are shown and it does not matter what values the other properties contain. If we keep the validation steps as well, then the user will get warnings related to properties that are not visible and have no effect when the processor runs.

For example:

  1. The user chooses Authentication Strategy = Storage Account Key and fills in Storage Account Key property
  2. Then they change their mind and select Authentication Strategy = Identity Federation and provide the configuration
  3. After Apply, they get a validation error saying "Storage Account Key must not be set when Authentication Strategy is Identity Federation."
  4. So they have to go back to the other option, clear the fields, and choose the desired option again

I believe it is not the ideal user experience. However, there may be other advantages to keeping the customValidate() rules that I'm not aware of.

Copy link
Contributor Author

@pvillard31 pvillard31 Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No you're absolutely right that it's better to provide a good UX experience and rely on dependsOn/required. I pushed a commit to simplify all of this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@turcsanyip turcsanyip turcsanyip left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pvillard31 @turcsanyip