diff --git a/nifi-extension-bundles/nifi-groovyx-bundle/nifi-groovyx-processors/src/main/java/org/apache/nifi/processors/groovyx/ExecuteGroovyScript.java b/nifi-extension-bundles/nifi-groovyx-bundle/nifi-groovyx-processors/src/main/java/org/apache/nifi/processors/groovyx/ExecuteGroovyScript.java index 54c6748f962b..e2333ede980a 100644 --- a/nifi-extension-bundles/nifi-groovyx-bundle/nifi-groovyx-processors/src/main/java/org/apache/nifi/processors/groovyx/ExecuteGroovyScript.java +++ b/nifi-extension-bundles/nifi-groovyx-bundle/nifi-groovyx-processors/src/main/java/org/apache/nifi/processors/groovyx/ExecuteGroovyScript.java @@ -85,10 +85,12 @@ expressionLanguageScope = ExpressionLanguageScope.FLOWFILE_ATTRIBUTES, description = "Updates a script engine property specified by the Dynamic Property's key with the value specified by the Dynamic Property's value. " + "Use `CTL.` to access any controller services, `SQL.` to access any DBCPServices, `RecordReader.` to access RecordReaderFactory instances, or " - + "`RecordWriter.` to access any RecordSetWriterFactory instances.") + + "`RecordWriter.` to access any RecordSetWriterFactory instances. Use `SENSITIVE.` to mark the property as sensitive.") public class ExecuteGroovyScript extends AbstractProcessor { public static final String GROOVY_CLASSPATH = "${groovy.classes.path}"; + protected static final String SENSITIVE_PROPERTY_PREFIX = "SENSITIVE."; + private static final String PRELOADS = "import org.apache.nifi.components.*;" + "import org.apache.nifi.flowfile.FlowFile;" + "import org.apache.nifi.processor.*;" + "import org.apache.nifi.processor.FlowFileFilter.FlowFileFilterResult;" + "import org.apache.nifi.processor.exception.*;" + "import org.apache.nifi.processor.io.*;" + "import org.apache.nifi.processor.util.*;" + "import org.apache.nifi.processors.script.*;" + "import org.apache.nifi.logging.ComponentLog;"; @@ -542,13 +544,19 @@ protected PropertyDescriptor getSupportedDynamicPropertyDescriptor(final String .identifiesControllerService(RecordSetWriterFactory.class) .build(); } - return new PropertyDescriptor.Builder() + + final PropertyDescriptor.Builder builder = new PropertyDescriptor.Builder() .name(propertyDescriptorName) .required(false) .addValidator(StandardValidators.NON_EMPTY_VALIDATOR) .expressionLanguageSupported(ExpressionLanguageScope.ENVIRONMENT) - .dynamic(true) - .build(); + .dynamic(true); + + if (propertyDescriptorName.startsWith(SENSITIVE_PROPERTY_PREFIX)) { + builder.sensitive(true); + } + + return builder.build(); } /** simple HashMap with exception on access of non-existent key */ diff --git a/nifi-extension-bundles/nifi-groovyx-bundle/nifi-groovyx-processors/src/test/java/org/apache/nifi/processors/groovyx/ExecuteGroovyScriptTest.java b/nifi-extension-bundles/nifi-groovyx-bundle/nifi-groovyx-processors/src/test/java/org/apache/nifi/processors/groovyx/ExecuteGroovyScriptTest.java index 0d0853bc8170..dec3f1f52cbe 100644 --- a/nifi-extension-bundles/nifi-groovyx-bundle/nifi-groovyx-processors/src/test/java/org/apache/nifi/processors/groovyx/ExecuteGroovyScriptTest.java +++ b/nifi-extension-bundles/nifi-groovyx-bundle/nifi-groovyx-processors/src/test/java/org/apache/nifi/processors/groovyx/ExecuteGroovyScriptTest.java @@ -40,7 +40,6 @@ import org.junit.jupiter.api.condition.DisabledOnOs; import org.junit.jupiter.api.condition.OS; import org.junit.jupiter.api.io.TempDir; - import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; @@ -555,6 +554,15 @@ public void test_attribute_passed_to_SQL() { assertEquals("testDB", ((DBCPServiceSimpleImpl) dbcp).getDatabaseName()); } + @Test + public void test_sensitive_dynamic_property() throws Exception { + runner.setProperty("SENSITIVE.password", "MyP@ssW0rd!"); + runner.setProperty(ExecuteGroovyScript.SCRIPT_BODY, + "assert context.getProperties().find {k,v -> k.name == 'SENSITIVE.password'}.key.sensitive"); + runner.assertValid(); + runner.run(); + } + private HashMap map(String key, String value) { HashMap attrs = new HashMap<>();