ASF GitHub Bot commented on NIFI-4237:

GitHub user alopresto opened a pull request:


    NIFI-4237 Improve error messaging on encryption failures

    Thank you for submitting a contribution to Apache NiFi.
    In order to streamline the review of the contribution we ask you
    to ensure the following steps have been taken:
    ### For all changes:
    - [x] Is there a JIRA ticket associated with this PR? Is it referenced 
         in the commit message?
    - [x] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number 
you are trying to resolve? Pay particular attention to the hyphen "-" character.
    - [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?
    - [ ] Is your initial contribution a single, squashed commit?
    ### For code changes:
    - [x] Have you ensured that the full suite of tests is executed via mvn 
-Pcontrib-check clean install at the root nifi folder?
    - [x] Have you written or updated unit tests to verify your changes?
    - [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
    - [ ] If applicable, have you updated the LICENSE file, including the main 
LICENSE file under nifi-assembly?
    - [ ] If applicable, have you updated the NOTICE file, including the main 
NOTICE file found under nifi-assembly?
    - [ ] If adding new Properties, have you added .displayName in addition to 
.name (programmatic access) for each of the new properties?
    ### For documentation related changes:
    - [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered?
    ### Note:
    Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/alopresto/nifi NIFI-4237

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2077
commit 5752925ac51035db1a5e9f7e9797e308fc5770f2
Author: Andy LoPresto <alopre...@apache.org>
Date:   2017-08-11T20:15:16Z

    NIFI-4237 Added working test for StringEncryptor decryption of sensitive 
flow values in FlowFromDOMFactory.

commit 7c35cfccb2868814184aa4768ee398d0038eaab1
Author: Andy LoPresto <alopre...@apache.org>
Date:   2017-08-11T20:17:09Z

    NIFI-4237 Cleaned up unused alternate approaches.

commit a45a259a99a176aea848190d23253a54e88aed95
Author: Andy LoPresto <alopre...@apache.org>
Date:   2017-08-11T20:20:11Z

    NIFI-4237 Added failing unit test for better error message.

commit 1a2a4ddebdd506b058b359747f0a1016a6ff3346
Author: Andy LoPresto <alopre...@apache.org>
Date:   2017-08-11T20:30:44Z

    NIFI-4237 Added logic to capture unhelpful encryption exception and provide 
context in message.
    All tests pass.


> EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest 
> underlying cause
> --------------------------------------------------------------------------------------------
>                 Key: NIFI-4237
>                 URL: https://issues.apache.org/jira/browse/NIFI-4237
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>            Reporter: Russell Bateman
>            Assignee: Andy LoPresto
>            Priority: Minor
> Our Ansible instructions upgraded NiFi and created a new 
> {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, 
> is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon 
> relaunching NiFi, the wrong key was used to decrypt resulting in the reported 
> failure to start, _flow.xml.gz_ is no longer useful.
> We found the problem and fixed it after Mark Payne suggested a possible 
> cause, but if this state of things can be determined, it might save on 
> community support for this situation if the logged message were to suggest 
> what's at the bottom of this problem. The top of the stack trace appears in 
> _logs/nifi-bootstrap.log_ as below:
> 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException:
> org.jasypt.exceptions.EncryptionOperationNotPossibleException
>         at
> org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>         at
> org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474)
> ~[nifi-framework-core-1.1.2.jar:1.1.2]
>         at...

This message was sent by Atlassian JIRA

Reply via email to