[ https://issues.apache.org/jira/browse/NIFI-2654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15663254#comment-15663254 ]
ASF GitHub Bot commented on NIFI-2654: -------------------------------------- GitHub user alopresto opened a pull request: https://github.com/apache/nifi/pull/1216 NIFI-2654 Enabled encryption coverage for login-identity-providers.xml. Thank you for submitting a contribution to Apache NiFi. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically master)? - [x] Is your initial contribution a single, squashed commit? ### For code changes: - [x] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder? - [x] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly? - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly? - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [x] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. NIFI-2654 Enabled encryption coverage for login-identity-providers.xml. Squashed commits: [5dd22a9] NIFI-2654 Updated administration guide with login-identity-providers.xml flags. Exposed master key retrieval code in NiFiPropertiesLoader. Added logic to decrypt login identity providers XML configuration. Updated login-identity-providers.xsd to include encryption scheme attribute. Added unit tests. (+18 squashed commits) Squashed commits: [57c815f] NIFI-2654 Resolved issue where empty LIP property elements could not be encrypted. Added unit test and resource. [27d7309] NIFI-2654 Wired in serialization logic to write logic for LIP. Added comprehensive unit test for LIP & NFP in same test. [b450eb2] NIFI-2654 Finalized logic for preserving comments in LIP parsing. [5aa6c9c] NIFI-2654 Added logic for maintaining XML formatting (comments and whitespace) for LIP. Added unit tests (w/o encryption works; w/ does not). [b53461f] NIFI-2654 Added unit test for full tool invocation migrating a login-identity-providers.xml file and updating file and bootstrap.conf with key. [2d9686c] NIFI-2654 Updated tool description and various logging statements. Added unit test for full tool invocation encrypting a login-identity-providers.xml file and updating file and bootstrap.conf with key. [8c67cb2] NIFI-2654 Added logic to encrypt LIP XML content. Added unit tests. [8682d19] NIFI-2654 Added logic to handle "empty" (commented) LIP files. Added unit tests. [077230e] NIFI-2654 Fixed logic to decrypt multiline and multiple-per-line XML elements. Added unit tests and resources. [d5bb8da] NIFI-2654 Ignored unit test for unreadable conf directory because directory was causing Maven build issues. Removed test resources. [7e50506] NIFI-2654 Fixed AESSensitivePropertyProvider bug handling cipher text with whitespace. Added unit test. [b69a661] NIFI-2654 Fixed AESSensitivePropertyProviderFactoryTest to reflect absence of key causes errors. [6f821b9] NIFI-2654 Added standard password to arbitrary encryption test for use in test resources. [d289ffa] NIFI-2654 Added LIP XML decryption. Added unit tests. [a482245] NIFI-2654 Added LIP test resources. [7204df4] NIFI-2654 Changed logic to only perform properties encryption when file path is provided. [729e1df] NIFI-2654 Removed population of default file locations for bootstrap.conf, nifi.properties, and login-identity-providers.xml as not all files may be desired. Added/updated unit tests. [7dba5ef] NIFI-2654 Started LIP work (arguments & parsing). Added unit tests. You can merge this pull request into a Git repository by running: $ git pull https://github.com/alopresto/nifi NIFI-2654-squashed Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/1216.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1216 ---- commit faf9b52e1f23e66a19858b3aebd49313520c1abc Author: Andy LoPresto <alopre...@apache.org> Date: 2016-11-08T04:36:59Z NIFI-2654 Enabled encryption coverage for login-identity-providers.xml. Squashed commits: [5dd22a9] NIFI-2654 Updated administration guide with login-identity-providers.xml flags. Exposed master key retrieval code in NiFiPropertiesLoader. Added logic to decrypt login identity providers XML configuration. Updated login-identity-providers.xsd to include encryption scheme attribute. Added unit tests. (+18 squashed commits) Squashed commits: [57c815f] NIFI-2654 Resolved issue where empty LIP property elements could not be encrypted. Added unit test and resource. [27d7309] NIFI-2654 Wired in serialization logic to write logic for LIP. Added comprehensive unit test for LIP & NFP in same test. [b450eb2] NIFI-2654 Finalized logic for preserving comments in LIP parsing. [5aa6c9c] NIFI-2654 Added logic for maintaining XML formatting (comments and whitespace) for LIP. Added unit tests (w/o encryption works; w/ does not). [b53461f] NIFI-2654 Added unit test for full tool invocation migrating a login-identity-providers.xml file and updating file and bootstrap.conf with key. [2d9686c] NIFI-2654 Updated tool description and various logging statements. Added unit test for full tool invocation encrypting a login-identity-providers.xml file and updating file and bootstrap.conf with key. [8c67cb2] NIFI-2654 Added logic to encrypt LIP XML content. Added unit tests. [8682d19] NIFI-2654 Added logic to handle "empty" (commented) LIP files. Added unit tests. [077230e] NIFI-2654 Fixed logic to decrypt multiline and multiple-per-line XML elements. Added unit tests and resources. [d5bb8da] NIFI-2654 Ignored unit test for unreadable conf directory because directory was causing Maven build issues. Removed test resources. [7e50506] NIFI-2654 Fixed AESSensitivePropertyProvider bug handling cipher text with whitespace. Added unit test. [b69a661] NIFI-2654 Fixed AESSensitivePropertyProviderFactoryTest to reflect absence of key causes errors. [6f821b9] NIFI-2654 Added standard password to arbitrary encryption test for use in test resources. [d289ffa] NIFI-2654 Added LIP XML decryption. Added unit tests. [a482245] NIFI-2654 Added LIP test resources. [7204df4] NIFI-2654 Changed logic to only perform properties encryption when file path is provided. [729e1df] NIFI-2654 Removed population of default file locations for bootstrap.conf, nifi.properties, and login-identity-providers.xml as not all files may be desired. Added/updated unit tests. [7dba5ef] NIFI-2654 Started LIP work (arguments & parsing). Added unit tests. ---- > Encrypted configs should handle login identity provider configs > --------------------------------------------------------------- > > Key: NIFI-2654 > URL: https://issues.apache.org/jira/browse/NIFI-2654 > Project: Apache NiFi > Issue Type: Improvement > Components: Configuration, Tools and Build > Affects Versions: 1.0.0 > Reporter: Andy LoPresto > Assignee: Andy LoPresto > Labels: config, encryption, ldap, security > Fix For: 1.1.0 > > > The encrypted configuration tool and internal logic to load unprotected > values should handle sensitive values contained in the login identity > providers (like LDAP Manager Password). -- This message was sent by Atlassian JIRA (v6.3.4#6332)