[jira] [Commented] (NIFI-4701) Support encrypted properties in authorizers.xml

Thu, 21 Dec 2017 08:39:21 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-4701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16300250#comment-16300250
 ] 

ASF GitHub Bot commented on NIFI-4701:
--------------------------------------

Github user kevdoran commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2350#discussion_r158322844
  
    --- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
    @@ -1455,25 +1455,27 @@ The default encryption algorithm utilized is 
AES/GCM 128/256-bit. 128-bit is use
     
     You can use the following command line options with the `encrypt-config` 
tool:
     
    --- End diff --
    
    The ordering is changed here (to match to ordering of the usage output when 
running the tool), so it looks like a larger change. There are only two new 
options:
    
    * `-a`,`--authorizers <arg>`  The authorizers.xml file containing 
unprotected config values (will be overwritten)
    * `-u`,`--outputAuthorizers <arg>` The destination authorizers.xml file 
containing protected config values (will not modify input authorizers.xml)


> Support encrypted properties in authorizers.xml
> -----------------------------------------------
>
>                 Key: NIFI-4701
>                 URL: https://issues.apache.org/jira/browse/NIFI-4701
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Configuration
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>             Fix For: 1.5.0
>
>
> Since the addition of LdapUserGroupProvider (see NIFI-4059) in v1.4.0, 
> authorizers.xml can now contain properties for LDAP Server credentials. 
> This ticket is to enable properties in authorizers.xml to be encrypted, so 
> that the LDAP Server Manager credentials can be protected similar to 
> LdapProvider which is configured via login-identity-providers.xml.
> The main changes are in nifi-authorizers are:
> * authorizers.xsd to add an encryption attribute to Property
> * to PropertyAuthorizerFactoryBean to check for that attribute and decrypt 
> the property value if necessary when creating the the configuration context
> Additionally, support for creating an encrypted authorizers.xml, protected by 
> the NiFi master key, should be added to the Encrypt Tool in NiFi Toolkit.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to