[jira] [Updated] (MINIFICPP-1579) Fingerprinting of the conf file in agent's heartbeat

Ferenc Gerlits (Jira) Thu, 01 Jul 2021 01:03:07 -0700


     [ 
https://issues.apache.org/jira/browse/MINIFICPP-1579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ferenc Gerlits updated MINIFICPP-1579:
--------------------------------------
    Description: 
It'd be useful to add the fingerprint of the configuration file(s) of the agent 
and have this information as part of the heartbeat. This would be used to make 
sure no one is changing the configuration files locally for agents deployed on 
non trusted hosts.

Proposal: add a new top-level section to the heartbeat, both short and full, 
like this:
{noformat}
         },
         "flowId": "908ae39a-c833-11eb-97a2-5c879c2c3c60"
     },
+    "configFileInfo": {
+        "SHA256Sums": {
+            "minifi.properties": 
"183d2a43c77e429f3448c99cd80c0700bf858436793f0443c980a8a190ab13c7",
+            "minifi-log.properties": 
"e6d5346f50170a758092fe9dd7f84a59367cf32fa33ef43953ee21236db26be4",
+            "minifi-uid.properties": 
"d7f563cff464f20494f907cfc829e36250c95e902231f3487d26f4c0dfdcda68",
+            "configure.yml": 
"634efcf2af76db967f4189c6318b77f03f7cae5bb1c3de1200a10014d0fc0ca4"
+        }
+    },
     "metrics": {
         "RuntimeMetrics": {
             "ProcessMetrics": {
{noformat}

EDIT: we decided to (at least initially) not include {{minifi-log.properties}} 
and {{minifi-uid.properties}}, so after a few other minor changes, this is the 
new format:
{noformat}
          "agentClass": "Test-Checksum",
          "identifier": "Test-Checksum-001"
      },
+     "configurationChecksums": {
+         "SHA256": {
+             "config.yml": 
"634efcf2af76db967f4189c6318b77f03f7cae5bb1c3de1200a10014d0fc0ca4",
+             "minifi.properties": 
"efc629585c4a2207d9e7f129150a49f2dc6cfd1ae8338788b30921984da2b6c6"
+         }
+     },
      "deviceInfo": {
          "systemInfo": {
{noformat}


  was:
It'd be useful to add the fingerprint of the configuration file(s) of the agent 
and have this information as part of the heartbeat. This would be used to make 
sure no one is changing the configuration files locally for agents deployed on 
non trusted hosts.

Proposal: add a new top-level section to the heartbeat, both short and full, 
like this:
{noformat}
         },
         "flowId": "908ae39a-c833-11eb-97a2-5c879c2c3c60"
     },
+    "configFileInfo": {
+        "SHA256Sums": {
+            "minifi.properties": 
"183d2a43c77e429f3448c99cd80c0700bf858436793f0443c980a8a190ab13c7",
+            "minifi-log.properties": 
"e6d5346f50170a758092fe9dd7f84a59367cf32fa33ef43953ee21236db26be4",
+            "minifi-uid.properties": 
"d7f563cff464f20494f907cfc829e36250c95e902231f3487d26f4c0dfdcda68",
+            "configure.yml": 
"634efcf2af76db967f4189c6318b77f03f7cae5bb1c3de1200a10014d0fc0ca4"
+        }
+    },
     "metrics": {
         "RuntimeMetrics": {
             "ProcessMetrics": {
{noformat}

EDIT: we decided to (at least initially) not include {{minifi-log.properties}} 
and {{minifi-uid.properties}}, so after a few other minor changes, this is the 
new format:
{noformat}
          "agentClass": "Test-System-Store",
          "identifier": "Test-System-Store-001"
      },
+     "configurationChecksums": {
+         "SHA256": {
+             "config.yml": 
"634efcf2af76db967f4189c6318b77f03f7cae5bb1c3de1200a10014d0fc0ca4",
+             "minifi.properties": 
"efc629585c4a2207d9e7f129150a49f2dc6cfd1ae8338788b30921984da2b6c6"
+         }
+     },
      "deviceInfo": {
          "systemInfo": {
{noformat}



> Fingerprinting of the conf file in agent's heartbeat
> ----------------------------------------------------
>
>                 Key: MINIFICPP-1579
>                 URL: https://issues.apache.org/jira/browse/MINIFICPP-1579
>             Project: Apache NiFi MiNiFi C++
>          Issue Type: Task
>            Reporter: Ferenc Gerlits
>            Assignee: Ferenc Gerlits
>            Priority: Major
>             Fix For: 0.11.0
>
>
> It'd be useful to add the fingerprint of the configuration file(s) of the 
> agent and have this information as part of the heartbeat. This would be used 
> to make sure no one is changing the configuration files locally for agents 
> deployed on non trusted hosts.
> Proposal: add a new top-level section to the heartbeat, both short and full, 
> like this:
> {noformat}
>          },
>          "flowId": "908ae39a-c833-11eb-97a2-5c879c2c3c60"
>      },
> +    "configFileInfo": {
> +        "SHA256Sums": {
> +            "minifi.properties": 
> "183d2a43c77e429f3448c99cd80c0700bf858436793f0443c980a8a190ab13c7",
> +            "minifi-log.properties": 
> "e6d5346f50170a758092fe9dd7f84a59367cf32fa33ef43953ee21236db26be4",
> +            "minifi-uid.properties": 
> "d7f563cff464f20494f907cfc829e36250c95e902231f3487d26f4c0dfdcda68",
> +            "configure.yml": 
> "634efcf2af76db967f4189c6318b77f03f7cae5bb1c3de1200a10014d0fc0ca4"
> +        }
> +    },
>      "metrics": {
>          "RuntimeMetrics": {
>              "ProcessMetrics": {
> {noformat}
> EDIT: we decided to (at least initially) not include 
> {{minifi-log.properties}} and {{minifi-uid.properties}}, so after a few other 
> minor changes, this is the new format:
> {noformat}
>           "agentClass": "Test-Checksum",
>           "identifier": "Test-Checksum-001"
>       },
> +     "configurationChecksums": {
> +         "SHA256": {
> +             "config.yml": 
> "634efcf2af76db967f4189c6318b77f03f7cae5bb1c3de1200a10014d0fc0ca4",
> +             "minifi.properties": 
> "efc629585c4a2207d9e7f129150a49f2dc6cfd1ae8338788b30921984da2b6c6"
> +         }
> +     },
>       "deviceInfo": {
>           "systemInfo": {
> {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (MINIFICPP-1579) Fingerprinting of the conf file in agent's heartbeat

Reply via email to