[jira] [Commented] (NIFI-3051) Encrypt Config - XML Parse Exception Occurs on Login Identity Providers File

Fri, 18 Nov 2016 01:13:01 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-3051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15676241#comment-15676241
 ] 

ASF GitHub Bot commented on NIFI-3051:
--------------------------------------

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/1238
  
    Example:
    
    ```
    # Commented login-identity-providers.xml file by default
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 62s @ 01:05:01 $ ./bin/encrypt-config.sh -b 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/bootstrap.conf
 -l 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 -k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
    2016/11/18 01:05:11 WARN [main] 
org.apache.nifi.properties.ConfigEncryptionTool: The source 
login-identity-providers.xml and destination login-identity-providers.xml are 
identical 
[../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml]
 so the original will be overwritten
    2016/11/18 01:05:11 INFO [main] 
org.apache.nifi.properties.ConfigEncryptionTool: Loaded LoginIdentityProviders 
content (107 lines)
    2016/11/18 01:05:11 ERROR [main] 
org.apache.nifi.properties.ConfigEncryptionTool: No provider element with class 
org.apache.nifi.ldap.LdapProvider found in XML content; the file could be empty 
or the element may be missing or commented out
    
    # Uncomment the ldap-provider element
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 10s @ 01:05:12 $ subl 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
    
    # Run the encrypt command against an empty ldap-provider element
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 26s @ 01:05:39 $ ./bin/encrypt-config.sh -b 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/bootstrap.conf
 -l 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 -k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
    2016/11/18 01:06:02 WARN [main] 
org.apache.nifi.properties.ConfigEncryptionTool: The source 
login-identity-providers.xml and destination login-identity-providers.xml are 
identical 
[../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml]
 so the original will be overwritten
    2016/11/18 01:06:02 INFO [main] 
org.apache.nifi.properties.ConfigEncryptionTool: Loaded LoginIdentityProviders 
content (105 lines)
    
    # No populated passwords
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 24s @ 01:06:03 $ more 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 | grep Password
            'Manager Password' - The password of the manager that is used to 
bind to the LDAP server to
            'TLS - Keystore Password' - Password for the Keystore that is used 
when connecting to LDAP
            'TLS - Truststore Password' - Password for the Truststore that is 
used when connecting to
      <property name="Manager Password"/>
      <property name="TLS - Keystore Password"/>
      <property name="TLS - Truststore Password"/>
    
    # Populate passwords
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 21s @ 01:06:24 $ subl 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
    
    # View the populated passwords
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 7s @ 01:06:32 $ more 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 | grep Password
            'Manager Password' - The password of the manager that is used to 
bind to the LDAP server to
            'TLS - Keystore Password' - Password for the Keystore that is used 
when connecting to LDAP
            'TLS - Truststore Password' - Password for the Truststore that is 
used when connecting to
      <property name="Manager Password">thisIsABadPassword</property>
      <property name="TLS - Keystore Password">thisIsABadPassword</property>
      <property name="TLS - Truststore Password">thisIsABadPassword</property>
    
    # Run the tool against the populated, uncommented ldap-provider
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 46s @ 01:07:19 $ ./bin/encrypt-config.sh -b 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/bootstrap.conf
 -l 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 -k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
    2016/11/18 01:07:22 WARN [main] 
org.apache.nifi.properties.ConfigEncryptionTool: The source 
login-identity-providers.xml and destination login-identity-providers.xml are 
identical 
[../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml]
 so the original will be overwritten
    2016/11/18 01:07:22 INFO [main] 
org.apache.nifi.properties.ConfigEncryptionTool: Loaded LoginIdentityProviders 
content (101 lines)
    2016/11/18 01:07:23 INFO [main] 
org.apache.nifi.properties.AESSensitivePropertyProvider: AES Sensitive Property 
Provider encrypted a sensitive value successfully
    2016/11/18 01:07:23 INFO [main] 
org.apache.nifi.properties.AESSensitivePropertyProvider: AES Sensitive Property 
Provider encrypted a sensitive value successfully
    2016/11/18 01:07:23 INFO [main] 
org.apache.nifi.properties.AESSensitivePropertyProvider: AES Sensitive Property 
Provider encrypted a sensitive value successfully
    2016/11/18 01:07:23 INFO [main] 
org.apache.nifi.properties.ConfigEncryptionTool: Updated XML content: <?xml 
version="1.0" encoding="UTF-8"?><loginIdentityProviders>
      <provider>
        <identifier>ldap-provider</identifier>
        <class>org.apache.nifi.ldap.LdapProvider</class>
        <property name="Authentication Strategy">START_TLS</property>
        <property name="Manager DN"/>
        <property name="Manager Password" 
encryption="aes/gcm/256">1Fm/qp3OFXyDtrSp||jUTZZIoWWRmu+Z7/2a/oQrwi3c4QBW7sybIBGgH5/Xv9pg</property>
        <property name="TLS - Keystore"/>
        <property name="TLS - Keystore Password" 
encryption="aes/gcm/256">lHUTRoWGGGk5Mdvm||RC326w5m6/YenkB9QyeqAojZSkK2rn3SWc9Ug+XuRWrvgg</property>
        <property name="TLS - Keystore Type"/>
        <property name="TLS - Truststore"/>
        <property name="TLS - Truststore Password" 
encryption="aes/gcm/256">ZhobpvbTxi3uyhyd||CaqPbCXri6do3uGnVtO/hRv4fxtWEju56MesZxsWSFVAAQ</property>
        <property name="TLS - Truststore Type"/>
        <property name="TLS - Client Auth"/>
        <property name="TLS - Protocol"/>
        <property name="TLS - Shutdown Gracefully"/>
        <property name="Referral Strategy">FOLLOW</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>
        <property name="Url"/>
        <property name="User Search Base"/>
        <property name="User Search Filter"/>
        <property name="Authentication Expiration">12 hours</property>
      </provider>
    </loginIdentityProviders>
    
    # Show the encrypted property elements
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 4s @ 01:07:24 $ more 
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
 | grep Password
            'Manager Password' - The password of the manager that is used to 
bind to the LDAP server to
            'TLS - Keystore Password' - Password for the Keystore that is used 
when connecting to LDAP
            'TLS - Truststore Password' - Password for the Truststore that is 
used when connecting to
      <property encryption="aes/gcm/256" name="Manager 
Password">1Fm/qp3OFXyDtrSp||jUTZZIoWWRmu+Z7/2a/oQrwi3c4QBW7sybIBGgH5/Xv9pg</property>
      <property encryption="aes/gcm/256" name="TLS - Keystore 
Password">lHUTRoWGGGk5Mdvm||RC326w5m6/YenkB9QyeqAojZSkK2rn3SWc9Ug+XuRWrvgg</property>
      <property encryption="aes/gcm/256" name="TLS - Truststore 
Password">ZhobpvbTxi3uyhyd||CaqPbCXri6do3uGnVtO/hRv4fxtWEju56MesZxsWSFVAAQ</property>
    
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
 (master) alopresto
    🔓 5s @ 01:07:30 $
    ```


> Encrypt Config - XML Parse Exception Occurs on Login Identity Providers File
> ----------------------------------------------------------------------------
>
>                 Key: NIFI-3051
>                 URL: https://issues.apache.org/jira/browse/NIFI-3051
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Tools and Build
>    Affects Versions: 1.1.0
>            Reporter: Yolanda M. Davis
>            Assignee: Andy LoPresto
>
> I encountered an error when attempting to run encrypt config on a 
> login-identity-provider.xml file where the provider with "ldap-provider" 
> identity was commented out. The exception received is below:
> org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 1; Premature end 
> of file.
>       at groovy.xml.XmlUtil.serialize(XmlUtil.java:454)
>       at groovy.xml.XmlUtil.serialize(XmlUtil.java:440)
>       at groovy.xml.XmlUtil.serialize(XmlUtil.java:182)
>       at groovy.xml.XmlUtil.serialize(XmlUtil.java:151)
>       at groovy.xml.XmlUtil$serialize.call(Unknown Source)
>       at 
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>       at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>       at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
>       at 
> org.apache.nifi.properties.ConfigEncryptionTool.serializeLoginIdentityProvidersAndPreserveFormat(ConfigEncryptionTool.groovy:693)
>       at 
> org.apache.nifi.properties.ConfigEncryptionTool$serializeLoginIdentityProvidersAndPreserveFormat$0.call(Unknown
>  Source)
>       at 
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>       at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>       at 
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
> I've discussed this directly with [~alopresto] and he has agreed to 
> investigate.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to