[nifi] branch main updated: NIFI-10378 Added OIDC client secret to encrypted properties

Tue, 30 Aug 2022 14:14:58 -0700 

This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 10d1fbe888 NIFI-10378 Added OIDC client secret to encrypted properties
10d1fbe888 is described below

commit 10d1fbe88879d51abc09c00fea9488cbe2506b4f
Author: Nathan Gough <[email protected]>
AuthorDate: Tue Aug 30 12:41:01 2022 -0400

    NIFI-10378 Added OIDC client secret to encrypted properties
    
    This closes #6352
    
    Signed-off-by: David Handermann <[email protected]>
---
 .../main/java/org/apache/nifi/properties/ProtectedNiFiProperties.java | 3 ++-
 .../toolkit/encryptconfig/util/NiFiRegistryPropertiesEncryptor.groovy | 4 +++-
 .../resources/nifi_with_sensitive_properties_unprotected.properties   | 2 ++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/main/java/org/apache/nifi/properties/ProtectedNiFiProperties.java
 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/main/java/org/apache/nifi/properties/ProtectedNiFiProperties.java
index 09b1f92eef..5e59642ae4 100644
--- 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/main/java/org/apache/nifi/properties/ProtectedNiFiProperties.java
+++ 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/main/java/org/apache/nifi/properties/ProtectedNiFiProperties.java
@@ -56,7 +56,8 @@ class ProtectedNiFiProperties extends NiFiProperties 
implements ProtectedPropert
             PROVENANCE_REPO_ENCRYPTION_KEY_PROVIDER_PASSWORD,
             FLOWFILE_REPOSITORY_ENCRYPTION_KEY_PROVIDER_PASSWORD,
             CONTENT_REPOSITORY_ENCRYPTION_KEY_PROVIDER_PASSWORD,
-            REPOSITORY_ENCRYPTION_KEY_PROVIDER_KEYSTORE_PASSWORD
+            REPOSITORY_ENCRYPTION_KEY_PROVIDER_KEYSTORE_PASSWORD,
+            SECURITY_USER_OIDC_CLIENT_SECRET
     ));
 
     public ProtectedNiFiProperties() {
diff --git 
a/nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryPropertiesEncryptor.groovy
 
b/nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryPropertiesEncryptor.groovy
index df448aa97a..5c475711d4 100644
--- 
a/nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryPropertiesEncryptor.groovy
+++ 
b/nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryPropertiesEncryptor.groovy
@@ -33,13 +33,15 @@ class NiFiRegistryPropertiesEncryptor extends 
PropertiesEncryptor {
     private static final String SECURITY_KEYSTORE_PASSWD = 
"nifi.registry.security.keystorePasswd"
     private static final String SECURITY_KEY_PASSWD = 
"nifi.registry.security.keyPasswd"
     private static final String SECURITY_TRUSTSTORE_PASSWD = 
"nifi.registry.security.truststorePasswd"
+    private static final String SECURITY_USER_OIDC_CLIENT_SECRET = 
"nifi.registry.security.user.oidc.client.secret"
 
     // Defined in nifi-registry-properties: 
org.apache.nifi.registry.properties.ProtectedNiFiRegistryProperties
     private static final String ADDITIONAL_SENSITIVE_PROPERTIES_KEY = 
"nifi.registry.sensitive.props.additional.keys"
     private static final String[] DEFAULT_SENSITIVE_PROPERTIES = [
             SECURITY_KEYSTORE_PASSWD,
             SECURITY_KEY_PASSWD,
-            SECURITY_TRUSTSTORE_PASSWD
+            SECURITY_TRUSTSTORE_PASSWD,
+            SECURITY_USER_OIDC_CLIENT_SECRET
     ]
 
     NiFiRegistryPropertiesEncryptor(SensitivePropertyProvider 
encryptionProvider, SensitivePropertyProvider decryptionProvider) {
diff --git 
a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected.properties
 
b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected.properties
index 7729d4c494..2f82e14084 100644
--- 
a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected.properties
+++ 
b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected.properties
@@ -120,3 +120,5 @@ nifi.cluster.manager.node.api.request.threads=10
 nifi.cluster.manager.flow.retrieval.delay=5 sec
 nifi.cluster.manager.protocol.threads=10
 nifi.cluster.manager.safemode.duration=0 sec
+
+nifi.security.user.oidc.client.secret=aSecret
\ No newline at end of file

Reply via email to