[
https://issues.apache.org/jira/browse/NIFI-3051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto resolved NIFI-3051.
---------------------------------
Resolution: Fixed
Fix Version/s: 1.1.0
{code}
# Commented login-identity-providers.xml file by default
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(master) alopresto
🔓 62s @ 01:05:01 $ ./bin/encrypt-config.sh -b
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/bootstrap.conf
-l
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
-k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
2016/11/18 01:05:11 WARN [main]
org.apache.nifi.properties.ConfigEncryptionTool: The source
login-identity-providers.xml and destination login-identity-providers.xml are
identical
[../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml]
so the original will be overwritten
2016/11/18 01:05:11 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: Loaded LoginIdentityProviders
content (107 lines)
2016/11/18 01:05:11 ERROR [main]
org.apache.nifi.properties.ConfigEncryptionTool: No provider element with class
org.apache.nifi.ldap.LdapProvider found in XML content; the file could be empty
or the element may be missing or commented out
# Uncomment the ldap-provider element
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(master) alopresto
🔓 10s @ 01:05:12 $ subl
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
# Run the encrypt command against an empty ldap-provider element
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(master) alopresto
🔓 26s @ 01:05:39 $ ./bin/encrypt-config.sh -b
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/bootstrap.conf
-l
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
-k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
2016/11/18 01:06:02 WARN [main]
org.apache.nifi.properties.ConfigEncryptionTool: The source
login-identity-providers.xml and destination login-identity-providers.xml are
identical
[../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml]
so the original will be overwritten
2016/11/18 01:06:02 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: Loaded LoginIdentityProviders
content (105 lines)
# No populated passwords
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(master) alopresto
🔓 24s @ 01:06:03 $ more
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
| grep Password
'Manager Password' - The password of the manager that is used to bind
to the LDAP server to
'TLS - Keystore Password' - Password for the Keystore that is used when
connecting to LDAP
'TLS - Truststore Password' - Password for the Truststore that is used
when connecting to
<property name="Manager Password"/>
<property name="TLS - Keystore Password"/>
<property name="TLS - Truststore Password"/>
# Populate passwords
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(master) alopresto
🔓 21s @ 01:06:24 $ subl
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
# View the populated passwords
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(master) alopresto
🔓 7s @ 01:06:32 $ more
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
| grep Password
'Manager Password' - The password of the manager that is used to bind
to the LDAP server to
'TLS - Keystore Password' - Password for the Keystore that is used when
connecting to LDAP
'TLS - Truststore Password' - Password for the Truststore that is used
when connecting to
<property name="Manager Password">thisIsABadPassword</property>
<property name="TLS - Keystore Password">thisIsABadPassword</property>
<property name="TLS - Truststore Password">thisIsABadPassword</property>
# Run the tool against the populated, uncommented ldap-provider
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(master) alopresto
🔓 46s @ 01:07:19 $ ./bin/encrypt-config.sh -b
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/bootstrap.conf
-l
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
-k 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
2016/11/18 01:07:22 WARN [main]
org.apache.nifi.properties.ConfigEncryptionTool: The source
login-identity-providers.xml and destination login-identity-providers.xml are
identical
[../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml]
so the original will be overwritten
2016/11/18 01:07:22 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: Loaded LoginIdentityProviders
content (101 lines)
2016/11/18 01:07:23 INFO [main]
org.apache.nifi.properties.AESSensitivePropertyProvider: AES Sensitive Property
Provider encrypted a sensitive value successfully
2016/11/18 01:07:23 INFO [main]
org.apache.nifi.properties.AESSensitivePropertyProvider: AES Sensitive Property
Provider encrypted a sensitive value successfully
2016/11/18 01:07:23 INFO [main]
org.apache.nifi.properties.AESSensitivePropertyProvider: AES Sensitive Property
Provider encrypted a sensitive value successfully
2016/11/18 01:07:23 INFO [main]
org.apache.nifi.properties.ConfigEncryptionTool: Updated XML content: <?xml
version="1.0" encoding="UTF-8"?><loginIdentityProviders>
<provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">START_TLS</property>
<property name="Manager DN"/>
<property name="Manager Password"
encryption="aes/gcm/256">1Fm/qp3OFXyDtrSp||jUTZZIoWWRmu+Z7/2a/oQrwi3c4QBW7sybIBGgH5/Xv9pg</property>
<property name="TLS - Keystore"/>
<property name="TLS - Keystore Password"
encryption="aes/gcm/256">lHUTRoWGGGk5Mdvm||RC326w5m6/YenkB9QyeqAojZSkK2rn3SWc9Ug+XuRWrvgg</property>
<property name="TLS - Keystore Type"/>
<property name="TLS - Truststore"/>
<property name="TLS - Truststore Password"
encryption="aes/gcm/256">ZhobpvbTxi3uyhyd||CaqPbCXri6do3uGnVtO/hRv4fxtWEju56MesZxsWSFVAAQ</property>
<property name="TLS - Truststore Type"/>
<property name="TLS - Client Auth"/>
<property name="TLS - Protocol"/>
<property name="TLS - Shutdown Gracefully"/>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url"/>
<property name="User Search Base"/>
<property name="User Search Filter"/>
<property name="Authentication Expiration">12 hours</property>
</provider>
</loginIdentityProviders>
# Show the encrypted property elements
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(master) alopresto
🔓 4s @ 01:07:24 $ more
../../../../../nifi-assembly/target/nifi-1.1.0-SNAPSHOT-bin/nifi-1.1.0-SNAPSHOT/conf/login-identity-providers.xml
| grep Password
'Manager Password' - The password of the manager that is used to bind
to the LDAP server to
'TLS - Keystore Password' - Password for the Keystore that is used when
connecting to LDAP
'TLS - Truststore Password' - Password for the Truststore that is used
when connecting to
<property encryption="aes/gcm/256" name="Manager
Password">1Fm/qp3OFXyDtrSp||jUTZZIoWWRmu+Z7/2a/oQrwi3c4QBW7sybIBGgH5/Xv9pg</property>
<property encryption="aes/gcm/256" name="TLS - Keystore
Password">lHUTRoWGGGk5Mdvm||RC326w5m6/YenkB9QyeqAojZSkK2rn3SWc9Ug+XuRWrvgg</property>
<property encryption="aes/gcm/256" name="TLS - Truststore
Password">ZhobpvbTxi3uyhyd||CaqPbCXri6do3uGnVtO/hRv4fxtWEju56MesZxsWSFVAAQ</property>
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(master) alopresto
🔓 5s @ 01:07:30 $
{code}
> Encrypt Config - XML Parse Exception Occurs on Login Identity Providers File
> ----------------------------------------------------------------------------
>
> Key: NIFI-3051
> URL: https://issues.apache.org/jira/browse/NIFI-3051
> Project: Apache NiFi
> Issue Type: Bug
> Components: Tools and Build
> Affects Versions: 1.1.0
> Reporter: Yolanda M. Davis
> Assignee: Andy LoPresto
> Fix For: 1.1.0
>
>
> I encountered an error when attempting to run encrypt config on a
> login-identity-provider.xml file where the provider with "ldap-provider"
> identity was commented out. The exception received is below:
> org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 1; Premature end
> of file.
> at groovy.xml.XmlUtil.serialize(XmlUtil.java:454)
> at groovy.xml.XmlUtil.serialize(XmlUtil.java:440)
> at groovy.xml.XmlUtil.serialize(XmlUtil.java:182)
> at groovy.xml.XmlUtil.serialize(XmlUtil.java:151)
> at groovy.xml.XmlUtil$serialize.call(Unknown Source)
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
> at
> org.apache.nifi.properties.ConfigEncryptionTool.serializeLoginIdentityProvidersAndPreserveFormat(ConfigEncryptionTool.groovy:693)
> at
> org.apache.nifi.properties.ConfigEncryptionTool$serializeLoginIdentityProvidersAndPreserveFormat$0.call(Unknown
> Source)
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
> I've discussed this directly with [~alopresto] and he has agreed to
> investigate.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
