Repository: nifi Updated Branches: refs/heads/master b6117743d -> a8817e023
http://git-wip-us.apache.org/repos/asf/nifi/blob/a8817e02/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-commented.xml ---------------------------------------------------------------------- diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-commented.xml b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-commented.xml new file mode 100644 index 0000000..1e8cf64 --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-commented.xml @@ -0,0 +1,106 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ~ Licensed to the Apache Software Foundation (ASF) under one or more + ~ contributor license agreements. See the NOTICE file distributed with + ~ this work for additional information regarding copyright ownership. + ~ The ASF licenses this file to You under the Apache License, Version 2.0 + ~ (the "License"); you may not use this file except in compliance with + ~ the License. You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> +<!-- + This file lists the identity providers to use when running securely. In order + to use a specific provider it must be configured here and its identifier + must be specified in the nifi-registry.properties file. +--> +<identityProviders> + <!-- + Identity Provider for users logging in with username/password against an LDAP server. + + 'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible + values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS. + + 'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users. + 'Manager Password' - The password of the manager that is used to bind to the LDAP server to + search for users. + + 'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS. + 'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP + using LDAPS or START_TLS. + 'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using + LDAPS or START_TLS (i.e. JKS or PKCS12). + 'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS. + 'TLS - Truststore Password' - Password for the Truststore that is used when connecting to + LDAP using LDAPS or START_TLS. + 'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using + LDAPS or START_TLS (i.e. JKS or PKCS12). + 'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS. + Possible values are REQUIRED, WANT, NONE. + 'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS, + TLSv1.1, TLSv1.2, etc). + 'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully + before the target context is closed. Defaults to false. + + 'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW. + 'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs). + 'Read Timeout' - Duration of read timeout. (i.e. 10 secs). + + 'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>). + 'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com). + 'User Search Filter' - Filter for searching for users against the 'User Search Base'. + (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'. + + 'Identity Strategy' - Strategy to identify users. Possible values are USE_DN and USE_USERNAME. + The default functionality if this property is missing is USE_DN in order to retain + backward compatibility. USE_DN will use the full DN of the user entry if possible. + USE_USERNAME will use the username the user logged in with. + 'Authentication Expiration' - The duration of how long the user authentication is valid + for. If the user never logs out, they will be required to log back in following + this duration. + --> + <!-- To enable the ldap-identity-provider remove 2 lines. This is 1 of 2. + <provider> + <identifier>ldap-identity-provider</identifier> + <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class> + <property name="Authentication Strategy">SIMPLE</property> + + <property name="Manager DN"></property> + <property name="Manager Password"></property> + + <property name="Referral Strategy">FOLLOW</property> + <property name="Connect Timeout">10 secs</property> + <property name="Read Timeout">10 secs</property> + + <property name="Url"></property> + <property name="User Search Base"></property> + <property name="User Search Filter"></property> + + <property name="Identity Strategy">USE_USERNAME</property> + <property name="Authentication Expiration">12 hours</property> + </provider> + To enable the ldap-identity-provider remove 2 lines. This is 2 of 2. --> + + <!-- + Identity Provider for users logging in with username/password against a Kerberos KDC server. + + 'Default Realm' - Default realm to provide when user enters incomplete user principal (i.e. NIFI.APACHE.ORG). + 'Authentication Expiration' - The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration. + --> + <!-- To enable the kerberos-identity-provider remove 2 lines. This is 1 of 2. + <provider> + <identifier>kerberos-identity-provider</identifier> + <class>org.apache.nifi.registry.web.security.authentication.kerberos.KerberosIdentityProvider</class> + <property name="Default Realm">NIFI.APACHE.ORG</property> + <property name="Authentication Expiration">12 hours</property> + <property name="Enable Debug">false</property> + </provider> + To enable the kerberos-provider remove 2 lines. This is 2 of 2. --> + +</identityProviders> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/a8817e02/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-empty.xml ---------------------------------------------------------------------- diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-empty.xml b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-empty.xml new file mode 100644 index 0000000..1d075ac --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-empty.xml @@ -0,0 +1,104 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ~ Licensed to the Apache Software Foundation (ASF) under one or more + ~ contributor license agreements. See the NOTICE file distributed with + ~ this work for additional information regarding copyright ownership. + ~ The ASF licenses this file to You under the Apache License, Version 2.0 + ~ (the "License"); you may not use this file except in compliance with + ~ the License. You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> +<!-- + This file lists the identity providers to use when running securely. In order + to use a specific provider it must be configured here and its identifier + must be specified in the nifi-registry.properties file. +--> +<identityProviders> + <!-- + Identity Provider for users logging in with username/password against an LDAP server. + + 'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible + values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS. + + 'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users. + 'Manager Password' - The password of the manager that is used to bind to the LDAP server to + search for users. + + 'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS. + 'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP + using LDAPS or START_TLS. + 'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using + LDAPS or START_TLS (i.e. JKS or PKCS12). + 'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS. + 'TLS - Truststore Password' - Password for the Truststore that is used when connecting to + LDAP using LDAPS or START_TLS. + 'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using + LDAPS or START_TLS (i.e. JKS or PKCS12). + 'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS. + Possible values are REQUIRED, WANT, NONE. + 'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS, + TLSv1.1, TLSv1.2, etc). + 'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully + before the target context is closed. Defaults to false. + + 'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW. + 'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs). + 'Read Timeout' - Duration of read timeout. (i.e. 10 secs). + + 'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>). + 'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com). + 'User Search Filter' - Filter for searching for users against the 'User Search Base'. + (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'. + + 'Identity Strategy' - Strategy to identify users. Possible values are USE_DN and USE_USERNAME. + The default functionality if this property is missing is USE_DN in order to retain + backward compatibility. USE_DN will use the full DN of the user entry if possible. + USE_USERNAME will use the username the user logged in with. + 'Authentication Expiration' - The duration of how long the user authentication is valid + for. If the user never logs out, they will be required to log back in following + this duration. + --> + <provider> + <identifier>ldap-identity-provider</identifier> + <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class> + <property name="Authentication Strategy">SIMPLE</property> + + <property name="Manager DN"></property> + <property name="Manager Password"></property> + + <property name="Referral Strategy">FOLLOW</property> + <property name="Connect Timeout">10 secs</property> + <property name="Read Timeout">10 secs</property> + + <property name="Url"></property> + <property name="User Search Base"></property> + <property name="User Search Filter"></property> + + <property name="Identity Strategy">USE_USERNAME</property> + <property name="Authentication Expiration">12 hours</property> + </provider> + + <!-- + Identity Provider for users logging in with username/password against a Kerberos KDC server. + + 'Default Realm' - Default realm to provide when user enters incomplete user principal (i.e. NIFI.APACHE.ORG). + 'Authentication Expiration' - The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration. + --> + <!-- To enable the kerberos-identity-provider remove 2 lines. This is 1 of 2. + <provider> + <identifier>kerberos-identity-provider</identifier> + <class>org.apache.nifi.registry.web.security.authentication.kerberos.KerberosIdentityProvider</class> + <property name="Default Realm">NIFI.APACHE.ORG</property> + <property name="Authentication Expiration">12 hours</property> + <property name="Enable Debug">false</property> + </provider> + To enable the kerberos-provider remove 2 lines. This is 2 of 2. --> + +</identityProviders> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/a8817e02/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-populated-unprotected.xml ---------------------------------------------------------------------- diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-populated-unprotected.xml b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-populated-unprotected.xml new file mode 100644 index 0000000..67b7a18 --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/identity-providers-populated-unprotected.xml @@ -0,0 +1,97 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ~ Licensed to the Apache Software Foundation (ASF) under one or more + ~ contributor license agreements. See the NOTICE file distributed with + ~ this work for additional information regarding copyright ownership. + ~ The ASF licenses this file to You under the Apache License, Version 2.0 + ~ (the "License"); you may not use this file except in compliance with + ~ the License. You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> +<!-- + This file lists the login identity providers to use when running securely. In order + to use a specific provider it must be configured here and it's identifier + must be specified in the nifi-registry.properties file. +--> +<identityProviders> + <!-- + Identity Provider for users logging in with username/password against an LDAP server. + + 'Authentication Strategy' - How the connection to the LDAP server is authenticated. Possible + values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS. + + 'Manager DN' - The DN of the manager that is used to bind to the LDAP server to search for users. + 'Manager Password' - The password of the manager that is used to bind to the LDAP server to + search for users. + + 'TLS - Keystore' - Path to the Keystore that is used when connecting to LDAP using LDAPS or START_TLS. + 'TLS - Keystore Password' - Password for the Keystore that is used when connecting to LDAP + using LDAPS or START_TLS. + 'TLS - Keystore Type' - Type of the Keystore that is used when connecting to LDAP using + LDAPS or START_TLS (i.e. JKS or PKCS12). + 'TLS - Truststore' - Path to the Truststore that is used when connecting to LDAP using LDAPS or START_TLS. + 'TLS - Truststore Password' - Password for the Truststore that is used when connecting to + LDAP using LDAPS or START_TLS. + 'TLS - Truststore Type' - Type of the Truststore that is used when connecting to LDAP using + LDAPS or START_TLS (i.e. JKS or PKCS12). + 'TLS - Client Auth' - Client authentication policy when connecting to LDAP using LDAPS or START_TLS. + Possible values are REQUIRED, WANT, NONE. + 'TLS - Protocol' - Protocol to use when connecting to LDAP using LDAPS or START_TLS. (i.e. TLS, + TLSv1.1, TLSv1.2, etc). + 'TLS - Shutdown Gracefully' - Specifies whether the TLS should be shut down gracefully + before the target context is closed. Defaults to false. + + 'Referral Strategy' - Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW. + 'Connect Timeout' - Duration of connect timeout. (i.e. 10 secs). + 'Read Timeout' - Duration of read timeout. (i.e. 10 secs). + + 'Url' - Space-separated list of URLs of the LDAP servers (i.e. ldap://<hostname>:<port>). + 'User Search Base' - Base DN for searching for users (i.e. CN=Users,DC=example,DC=com). + 'User Search Filter' - Filter for searching for users against the 'User Search Base'. + (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'. + + 'Identity Strategy' - Strategy to identify users. Possible values are USE_DN and USE_USERNAME. + The default functionality if this property is missing is USE_DN in order to retain + backward compatibility. USE_DN will use the full DN of the user entry if possible. + USE_USERNAME will use the username the user logged in with. + 'Authentication Expiration' - The duration of how long the user authentication is valid + for. If the user never logs out, they will be required to log back in following + this duration. + --> + <provider> + <identifier>ldap-identity-provider</identifier> + <class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class> + <property name="Authentication Strategy">START_TLS</property> + + <property name="Manager DN">someuser</property> + <property name="Manager Password">thisIsABadPassword</property> + + <property name="TLS - Keystore"></property> + <property name="TLS - Keystore Password">thisIsABadPassword</property> + <property name="TLS - Keystore Type"></property> + <property name="TLS - Truststore"></property> + <property name="TLS - Truststore Password">thisIsABadPassword</property> + <property name="TLS - Truststore Type"></property> + <property name="TLS - Client Auth"></property> + <property name="TLS - Protocol"></property> + <property name="TLS - Shutdown Gracefully"></property> + + <property name="Referral Strategy">FOLLOW</property> + <property name="Connect Timeout">10 secs</property> + <property name="Read Timeout">10 secs</property> + + <property name="Url"></property> + <property name="User Search Base"></property> + <property name="User Search Filter"></property> + + <property name="Authentication Expiration">12 hours</property> + </provider> + +</identityProviders> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/a8817e02/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-commented.properties ---------------------------------------------------------------------- diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-commented.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-commented.properties new file mode 100644 index 0000000..05d233b --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-commented.properties @@ -0,0 +1,31 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# web properties # +nifi.registry.web.war.directory=./lib +nifi.registry.web.http.host=localhost +nifi.registry.web.http.port=18080 +#nifi.registry.web.https.host=localhost +#nifi.registry.web.https.port=18443 +nifi.registry.web.jetty.working.directory=./work/jetty +nifi.registry.web.jetty.threads=10 + +# security properties # +#nifi.registry.security.keystorePasswd= +#nifi.registry.security.keyPasswd= +#nifi.registry.security.truststorePasswd= + +# sensitive property protection properties # +#nifi.registry.sensitive.props.additional.keys= \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/a8817e02/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-empty.properties ---------------------------------------------------------------------- diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-empty.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-empty.properties new file mode 100644 index 0000000..8f7907f --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-empty.properties @@ -0,0 +1,31 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# web properties # +nifi.registry.web.war.directory=./lib +nifi.registry.web.http.host=localhost +nifi.registry.web.http.port=18080 +#nifi.registry.web.https.host=localhost +#nifi.registry.web.https.port=18443 +nifi.registry.web.jetty.working.directory=./work/jetty +nifi.registry.web.jetty.threads=10 + +# security properties # +nifi.registry.security.keystorePasswd= +nifi.registry.security.keyPasswd= +nifi.registry.security.truststorePasswd= + +# sensitive property protection properties # +nifi.registry.sensitive.props.additional.keys= \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/a8817e02/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-key-128.properties ---------------------------------------------------------------------- diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-key-128.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-key-128.properties new file mode 100644 index 0000000..5464436 --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-key-128.properties @@ -0,0 +1,50 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# web properties # +nifi.registry.web.war.directory=./lib +#nifi.registry.web.http.host=localhost +#nifi.registry.web.http.port=8080 +nifi.registry.web.https.host=localhost +nifi.registry.web.https.port=8443 +nifi.registry.web.jetty.working.directory=./work/jetty +nifi.registry.web.jetty.threads=10 + +# security properties # +nifi.registry.security.keystore=/path/to/keystore.jks +nifi.registry.security.keystoreType=JKS +nifi.registry.security.keystorePasswd=IpbMQE9HsW5ZcwbK||/5jdbYqORj8aZfw5UPx2PSVUamunQt6uxmaYcaDbeCxAaPKhAUCN3bnX +nifi.registry.security.keystorePasswd.protected=aes/gcm/128 +nifi.registry.security.keyPasswd=MuTrxqJQBrIJE5eq||VDbTIPVA9zijI6eZ1Z6VMU7xhpBOxPjJLQ48h5GhIX7BY/bQzA +nifi.registry.security.keyPasswd.protected=aes/gcm/128 +nifi.registry.security.truststore=/path/to/truststore.jks +nifi.registry.security.truststoreType=JKS +nifi.registry.security.truststorePasswd=Pso0P5eiT+HF0sfy||cev+b7rbqR+s94t9uWkhZly6AT00AV5bsS8D+ok/oTx81FV3IMkZzIzlsEI +nifi.registry.security.truststorePasswd.protected=aes/gcm/128 +nifi.registry.security.needClientAuth=false +nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml +nifi.registry.security.authorizer=managed-authorizer +nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml +nifi.registry.security.identity.provider=ldap-identity-provider + +# sensitive property protection properties # +nifi.registry.sensitive.props.additional.keys=nifi.registry.dummy.sensitive.property.1,nifi.registry.dummy.sensitive.property.2 +nifi.registry.dummy.sensitive.property.1=XDXDfZ2e2dqZF4HM||kfeu78d1HxCNZ5Ljq/RXrAQd3PEXPA +nifi.registry.dummy.sensitive.property.1.protected=aes/gcm/128 +nifi.registry.dummy.sensitive.property.2=GElHCO9gRNkV8EPh||jfdlaaU82FJZ9SSHWsyEtgYqBIancA +nifi.registry.dummy.sensitive.property.2.protected=aes/gcm/128 + +# providers properties # +nifi.registry.providers.configuration.file=./conf/providers.xml \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/a8817e02/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-key-256.properties ---------------------------------------------------------------------- diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-key-256.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-key-256.properties new file mode 100644 index 0000000..37eb356 --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-key-256.properties @@ -0,0 +1,50 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# web properties # +nifi.registry.web.war.directory=./lib +#nifi.registry.web.http.host=localhost +#nifi.registry.web.http.port=8080 +nifi.registry.web.https.host=localhost +nifi.registry.web.https.port=8443 +nifi.registry.web.jetty.working.directory=./work/jetty +nifi.registry.web.jetty.threads=10 + +# security properties # +nifi.registry.security.keystore=/path/to/keystore.jks +nifi.registry.security.keystoreType=JKS +nifi.registry.security.keystorePasswd=UxL26wbxvVVOwxDb||mWErKKQ4WpGbLWWrvPNfxVswVwrO68GMLa3RbRyxLyogvGg9Zj79INuu +nifi.registry.security.keystorePasswd.protected=aes/gcm/256 +nifi.registry.security.keyPasswd=n5np+8Fc7QlSGicG||1eOSgx39YwGJAwqbVW/t1Lwjoz7aYUzySCUoWttR+HRct9nQLg +nifi.registry.security.keyPasswd.protected=aes/gcm/256 +nifi.registry.security.truststore=/path/to/truststore.jks +nifi.registry.security.truststoreType=JKS +nifi.registry.security.truststorePasswd=zpPQ4kXKwWFsAE0R||e+Ht1rplq7S1Nn5UMt8lmTK4FhCqScuXf2ERFhpeo8QF/Pd017F7NB/sIbE +nifi.registry.security.truststorePasswd.protected=aes/gcm/256 +nifi.registry.security.needClientAuth=false +nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml +nifi.registry.security.authorizer=managed-authorizer +nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml +nifi.registry.security.identity.provider=ldap-identity-provider + +# sensitive property protection properties # +nifi.registry.sensitive.props.additional.keys=nifi.registry.dummy.sensitive.property.1,nifi.registry.dummy.sensitive.property.2 +nifi.registry.dummy.sensitive.property.1=vwSuUUXRZVI4Jau7||pA5Y1TiUt7jlPMgLz6fyozGk3Kywog +nifi.registry.dummy.sensitive.property.1.protected=aes/gcm/256 +nifi.registry.dummy.sensitive.property.2=bFdNvsYJwGOd36IX||qhmzpXmDIOBbjiUs2QDo5uwtlRZRuQ +nifi.registry.dummy.sensitive.property.2.protected=aes/gcm/256 + +# providers properties # +nifi.registry.providers.configuration.file=./conf/providers.xml \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/a8817e02/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-password-256.properties ---------------------------------------------------------------------- diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-password-256.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-password-256.properties new file mode 100644 index 0000000..e59c885 --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-protected-password-256.properties @@ -0,0 +1,52 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# web properties # +nifi.registry.web.war.directory=./lib +#nifi.registry.web.http.host=localhost +#nifi.registry.web.http.port=8080 +nifi.registry.web.https.host=localhost +nifi.registry.web.https.port=8443 +nifi.registry.web.jetty.working.directory=./work/jetty +nifi.registry.web.jetty.threads=10 + +# security properties # +nifi.registry.security.keystore=/path/to/keystore.jks +nifi.registry.security.keystoreType=JKS +nifi.registry.security.keystorePasswd=hYUecef4Tl7j82Ml||1VvxnSFxzrrMU6gcHgt/1M69uuk4OsbsRuN4x9FUY3p7frQ3m15SjyV1 +nifi.registry.security.keyPasswd=Ex+EVvW31ZFwTxoe||obIlGXnqhfAHngV6tie577PPKOuU1+B7osTL3wJ6t4z74C5PKw +nifi.registry.security.truststore=/path/to/truststore.jks +nifi.registry.security.truststoreType=JKS +nifi.registry.security.truststorePasswd=qVLfrvg+UgwD1J5p||b6FHicQmve1toY56MLrwJDturN3GrYptSMJ+DP6FaixiTrtyo8L+cwHZkiA +nifi.registry.security.needClientAuth=false +nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml +nifi.registry.security.authorizer=managed-authorizer +nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml +nifi.registry.security.identity.provider=ldap-identity-provider + +# sensitive property protection properties # +nifi.registry.sensitive.props.additional.keys=nifi.registry.dummy.sensitive.property.1,nifi.registry.dummy.sensitive.property.2 +nifi.registry.dummy.sensitive.property.1=oGB/wu12Cb0xAqsl||tEuOJNxIAJQdNGh1bRXLWeskI7MUTg +nifi.registry.dummy.sensitive.property.2=RnYVB0CZC2CerkYY||bhGllLX3oIwSxJy9HqBX/DV8gKwSKA + +# providers properties # +nifi.registry.providers.configuration.file=./conf/providers.xml + +# protection properties +nifi.registry.dummy.sensitive.property.1.protected=aes/gcm/256 +nifi.registry.dummy.sensitive.property.2.protected=aes/gcm/256 +nifi.registry.security.keyPasswd.protected=aes/gcm/256 +nifi.registry.security.keystorePasswd.protected=aes/gcm/256 +nifi.registry.security.truststorePasswd.protected=aes/gcm/256 \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/a8817e02/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-unprotected.properties ---------------------------------------------------------------------- diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-unprotected.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-unprotected.properties new file mode 100644 index 0000000..1a46c2e --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi-registry/nifi-registry-populated-unprotected.properties @@ -0,0 +1,45 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# web properties # +nifi.registry.web.war.directory=./lib +#nifi.registry.web.http.host=localhost +#nifi.registry.web.http.port=8080 +nifi.registry.web.https.host=localhost +nifi.registry.web.https.port=8443 +nifi.registry.web.jetty.working.directory=./work/jetty +nifi.registry.web.jetty.threads=10 + +# security properties # +nifi.registry.security.keystore=/path/to/keystore.jks +nifi.registry.security.keystoreType=JKS +nifi.registry.security.keystorePasswd=thisIsABadKeystorePassword +nifi.registry.security.keyPasswd=thisIsABadKeyPassword +nifi.registry.security.truststore=/path/to/truststore.jks +nifi.registry.security.truststoreType=JKS +nifi.registry.security.truststorePasswd=thisIsABadTruststorePassword +nifi.registry.security.needClientAuth=false +nifi.registry.security.authorizers.configuration.file=./conf/authorizers.xml +nifi.registry.security.authorizer=managed-authorizer +nifi.registry.security.identity.providers.configuration.file=./conf/identity-providers.xml +nifi.registry.security.identity.provider=ldap-identity-provider + +# sensitive property protection properties # +nifi.registry.sensitive.props.additional.keys=nifi.registry.dummy.sensitive.property.1,nifi.registry.dummy.sensitive.property.2 +nifi.registry.dummy.sensitive.property.1=secret +nifi.registry.dummy.sensitive.property.2=secret + +# providers properties # +nifi.registry.providers.configuration.file=./conf/providers.xml
