[jira] [Updated] (NIFI-7012) Using sensitive parameter in sensitive property of InvokeScriptedProcessor causes Jetty shutdown on NiFi restart

Eduardo Mota Fontes (Jira) Tue, 10 Aug 2021 08:56:07 -0700


     [ 
https://issues.apache.org/jira/browse/NIFI-7012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Eduardo Mota Fontes updated NIFI-7012:
--------------------------------------
    Affects Version/s: 1.14.0

> Using sensitive parameter in sensitive property of InvokeScriptedProcessor 
> causes Jetty shutdown on NiFi restart
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-7012
>                 URL: https://issues.apache.org/jira/browse/NIFI-7012
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.10.0, 1.14.0
>         Environment: OpenJDK 1.8.0_232 on Ubuntu 18.04.3 LTS
>            Reporter: Dariusz Chmielewski
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: parameters, scripting, security
>         Attachments: groovy_sample.txt
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> To simulate this add a new InvokeScriptedProcessor to your flow with attached 
> example basic Groovy script as the Script Body. This will create a "Password" 
> sensitive property on the processor, then using UI enter sensitive parameter 
> (ex: "#\{test_pass}") in the value of this property. At this point everything 
> will work fine, no errors in UI or nifi-app.log during this processor 
> execution, but when you restart NiFi you will notice the below warning in 
> nifi-app.log. To get around this issue and have Jetty start again I had to 
> manually edit flow.xml and set the parameter ("test_pass") sensitive value to 
> false. Note that both the processor property and parameter appear as 
> sensitive in UI (before making changes to flow.xml) and their values are 
> encrypted in flow.xml.
> {code:java}
> 2020-01-10 15:37:28,492 INFO [main] org.eclipse.jetty.server.Server Started 
> @29687ms
>  2020-01-10 15:37:28,493 WARN [main] org.apache.nifi.web.server.JettyServer 
> Failed to start web server... shutting down.
>  org.apache.nifi.controller.serialization.FlowSynchronizationException: 
> java.lang.IllegalArgumentException: The property 'Password' cannot reference 
> Parameter 'test_pass' because Sensitive Parameters may only be referenced by 
> Sensitive Properties.
>  at 
> org.apache.nifi.controller.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:510)
>  at 
> org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1368)
>  at 
> org.apache.nifi.persistence.StandardXMLFlowConfigurationDAO.load(StandardXMLFlowConfigurationDAO.java:88)
>  at 
> org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:812)
>  at 
> org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:557)
>  at 
> org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:72)
>  at 
> org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:959)
>  at 
> org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:553)
>  at 
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:924)
>  at 
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:365)
>  at 
> org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1497)
>  at 
> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1459)
>  at 
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:854)
>  at 
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:278)
>  at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:545)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:119)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at 
> org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:406)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:119)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:119)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at org.eclipse.jetty.server.Server.start(Server.java:418)
>  at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at org.eclipse.jetty.server.Server.doStart(Server.java:382)
>  at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:952)
>  at org.apache.nifi.NiFi.<init>(NiFi.java:158)
>  at org.apache.nifi.NiFi.<init>(NiFi.java:72)
>  at org.apache.nifi.NiFi.main(NiFi.java:301)
>  Caused by: java.lang.IllegalArgumentException: The property 'Password' 
> cannot reference Parameter 'test_pass' because Sensitive Parameters may only 
> be referenced by Sensitive Properties.
>  at 
> org.apache.nifi.controller.AbstractComponentNode.verifyCanUpdateProperties(AbstractComponentNode.java:307)
>  at 
> org.apache.nifi.controller.AbstractComponentNode.setProperties(AbstractComponentNode.java:192)
>  at 
> org.apache.nifi.controller.ComponentNode.setProperties(ComponentNode.java:60)
>  at 
> org.apache.nifi.controller.StandardFlowSynchronizer.updateProcessor(StandardFlowSynchronizer.java:1227)
>  at 
> org.apache.nifi.controller.StandardFlowSynchronizer.addProcessGroup(StandardFlowSynchronizer.java:1334)
>  at 
> org.apache.nifi.controller.StandardFlowSynchronizer.addProcessGroup(StandardFlowSynchronizer.java:1458)
>  at 
> org.apache.nifi.controller.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:393)
>  ... 42 common frames omitted
>  2020-01-10 15:37:28,494 INFO [Thread-1] org.apache.nifi.NiFi Initiating 
> shutdown of Jetty web server...{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (NIFI-7012) Using sensitive parameter in sensitive property of InvokeScriptedProcessor causes Jetty shutdown on NiFi restart

Reply via email to