[GitHub] nifi issue #1238: NIFI-3051 Fixed issue serializing commented or empty login...

Fri, 18 Nov 2016 01:12:07 -0800 

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/1238
  
    Example:
    
    ```
    # Commented login-identity-providers.xml file by default
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 62s @ 01:05:01 $ ./bin/encrypt-config.sh -b 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/bootstrap.conf
 -l 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 -k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
    2016/11/18 01:05:11 WARN [main] 
org.apache.nifi.properties.ConfigEncryptionTool: The source 
login-identity-providers.xml and destination login-identity-providers.xml are 
identical 
[../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml]
 so the original will be overwritten
    2016/11/18 01:05:11 INFO [main] 
org.apache.nifi.properties.ConfigEncryptionTool: Loaded LoginIdentityProviders 
content (107 lines)
    2016/11/18 01:05:11 ERROR [main] 
org.apache.nifi.properties.ConfigEncryptionTool: No provider element with class 
org.apache.nifi.ldap.LdapProvider found in XML content; the file could be empty 
or the element may be missing or commented out
    
    # Uncomment the ldap-provider element
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 10s @ 01:05:12 $ subl 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
    
    # Run the encrypt command against an empty ldap-provider element
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 26s @ 01:05:39 $ ./bin/encrypt-config.sh -b 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/bootstrap.conf
 -l 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 -k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
    2016/11/18 01:06:02 WARN [main] 
org.apache.nifi.properties.ConfigEncryptionTool: The source 
login-identity-providers.xml and destination login-identity-providers.xml are 
identical 
[../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml]
 so the original will be overwritten
    2016/11/18 01:06:02 INFO [main] 
org.apache.nifi.properties.ConfigEncryptionTool: Loaded LoginIdentityProviders 
content (105 lines)
    
    # No populated passwords
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 24s @ 01:06:03 $ more 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 | grep Password
            'Manager Password' - The password of the manager that is used to 
bind to the LDAP server to
            'TLS - Keystore Password' - Password for the Keystore that is used 
when connecting to LDAP
            'TLS - Truststore Password' - Password for the Truststore that is 
used when connecting to
      <property name="Manager Password"/>
      <property name="TLS - Keystore Password"/>
      <property name="TLS - Truststore Password"/>
    
    # Populate passwords
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 21s @ 01:06:24 $ subl 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
    
    # View the populated passwords
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 7s @ 01:06:32 $ more 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 | grep Password
            'Manager Password' - The password of the manager that is used to 
bind to the LDAP server to
            'TLS - Keystore Password' - Password for the Keystore that is used 
when connecting to LDAP
            'TLS - Truststore Password' - Password for the Truststore that is 
used when connecting to
      <property name="Manager Password">thisIsABadPassword</property>
      <property name="TLS - Keystore Password">thisIsABadPassword</property>
      <property name="TLS - Truststore Password">thisIsABadPassword</property>
    
    # Run the tool against the populated, uncommented ldap-provider
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 46s @ 01:07:19 $ ./bin/encrypt-config.sh -b 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/bootstrap.conf
 -l 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 -k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
    2016/11/18 01:07:22 WARN [main] 
org.apache.nifi.properties.ConfigEncryptionTool: The source 
login-identity-providers.xml and destination login-identity-providers.xml are 
identical 
[../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml]
 so the original will be overwritten
    2016/11/18 01:07:22 INFO [main] 
org.apache.nifi.properties.ConfigEncryptionTool: Loaded LoginIdentityProviders 
content (101 lines)
    2016/11/18 01:07:23 INFO [main] 
org.apache.nifi.properties.AESSensitivePropertyProvider: AES Sensitive Property 
Provider encrypted a sensitive value successfully
    2016/11/18 01:07:23 INFO [main] 
org.apache.nifi.properties.AESSensitivePropertyProvider: AES Sensitive Property 
Provider encrypted a sensitive value successfully
    2016/11/18 01:07:23 INFO [main] 
org.apache.nifi.properties.AESSensitivePropertyProvider: AES Sensitive Property 
Provider encrypted a sensitive value successfully
    2016/11/18 01:07:23 INFO [main] 
org.apache.nifi.properties.ConfigEncryptionTool: Updated XML content: <?xml 
version="1.0" encoding="UTF-8"?><loginIdentityProviders>
      <provider>
        <identifier>ldap-provider</identifier>
        <class>org.apache.nifi.ldap.LdapProvider</class>
        <property name="Authentication Strategy">START_TLS</property>
        <property name="Manager DN"/>
        <property name="Manager Password" 
encryption="aes/gcm/256">1Fm/qp3OFXyDtrSp||jUTZZIoWWRmu+Z7/2a/oQrwi3c4QBW7sybIBGgH5/Xv9pg</property>
        <property name="TLS - Keystore"/>
        <property name="TLS - Keystore Password" 
encryption="aes/gcm/256">lHUTRoWGGGk5Mdvm||RC326w5m6/YenkB9QyeqAojZSkK2rn3SWc9Ug+XuRWrvgg</property>
        <property name="TLS - Keystore Type"/>
        <property name="TLS - Truststore"/>
        <property name="TLS - Truststore Password" 
encryption="aes/gcm/256">ZhobpvbTxi3uyhyd||CaqPbCXri6do3uGnVtO/hRv4fxtWEju56MesZxsWSFVAAQ</property>
        <property name="TLS - Truststore Type"/>
        <property name="TLS - Client Auth"/>
        <property name="TLS - Protocol"/>
        <property name="TLS - Shutdown Gracefully"/>
        <property name="Referral Strategy">FOLLOW</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>
        <property name="Url"/>
        <property name="User Search Base"/>
        <property name="User Search Filter"/>
        <property name="Authentication Expiration">12 hours</property>
      </provider>
    </loginIdentityProviders>
    
    # Show the encrypted property elements
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 4s @ 01:07:24 $ more 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 | grep Password
            'Manager Password' - The password of the manager that is used to 
bind to the LDAP server to
            'TLS - Keystore Password' - Password for the Keystore that is used 
when connecting to LDAP
            'TLS - Truststore Password' - Password for the Truststore that is 
used when connecting to
      <property encryption="aes/gcm/256" name="Manager 
Password">1Fm/qp3OFXyDtrSp||jUTZZIoWWRmu+Z7/2a/oQrwi3c4QBW7sybIBGgH5/Xv9pg</property>
      <property encryption="aes/gcm/256" name="TLS - Keystore 
Password">lHUTRoWGGGk5Mdvm||RC326w5m6/YenkB9QyeqAojZSkK2rn3SWc9Ug+XuRWrvgg</property>
      <property encryption="aes/gcm/256" name="TLS - Truststore 
Password">ZhobpvbTxi3uyhyd||CaqPbCXri6do3uGnVtO/hRv4fxtWEju56MesZxsWSFVAAQ</property>
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 5s @ 01:07:30 $
    ```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to