[jira] [Commented] (NIFI-4701) Support encrypted properties in authorizers.xml

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-4701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16306522#comment-16306522
 ] 

ASF GitHub Bot commented on NIFI-4701:
--------------------------------------

Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2350#discussion_r159101417
  
    --- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/properties/ConfigEncryptionTool.groovy
 ---
    @@ -473,6 +536,34 @@ class ConfigEncryptionTool {
             }
         }
     
    +    /**
    +     * Loads the authorizers configuration from the provided file path.
    +     *
    +     * @param existingKeyHex the key used to encrypt the configs (defaults 
to the current key)
    +     *
    +     * @return the file content
    +     * @throw IOException if the authorizers.xml file cannot be read
    +     */
    +    private String loadAuthorizers(String existingKeyHex = keyHex) throws 
IOException {
    +        File authorizersFile
    +        if (authorizersPath && (authorizersFile = new 
File(authorizersPath)).exists()) {
    +            try {
    +                String xmlContent = authorizersFile.text
    +                List<String> lines = authorizersFile.readLines()
    +                logger.info("Loaded Authroizers content (${lines.size()} 
lines)")
    --- End diff --
    
    I think this was copied from the LIP section and should be fixed there too 
-- this is redundant. In order to capture the number of lines and get all the 
contents as a single string, we should use the `readLines()` method and then 
`join` the `List<String>`. 


> Support encrypted properties in authorizers.xml
> -----------------------------------------------
>
>                 Key: NIFI-4701
>                 URL: https://issues.apache.org/jira/browse/NIFI-4701
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Configuration
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>             Fix For: 1.5.0
>
>
> Since the addition of LdapUserGroupProvider (see NIFI-4059) in v1.4.0, 
> authorizers.xml can now contain properties for LDAP Server credentials. 
> This ticket is to enable properties in authorizers.xml to be encrypted, so 
> that the LDAP Server Manager credentials can be protected similar to 
> LdapProvider which is configured via login-identity-providers.xml.
> The main changes are in nifi-authorizers are:
> * authorizers.xsd to add an encryption attribute to Property
> * to PropertyAuthorizerFactoryBean to check for that attribute and decrypt 
> the property value if necessary when creating the the configuration context
> Additionally, support for creating an encrypted authorizers.xml, protected by 
> the NiFi master key, should be added to the Encrypt Tool in NiFi Toolkit.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)