Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2350#discussion_r159102075
--- Diff:
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/properties/ConfigEncryptionTool.groovy
---
@@ -772,6 +899,48 @@ class ConfigEncryptionTool {
}
}
+ String encryptAuthorizers(String plainXml, String newKeyHex = keyHex) {
+ AESSensitivePropertyProvider sensitivePropertyProvider = new
AESSensitivePropertyProvider(newKeyHex)
+
+ // TODO: Switch to XmlParser & XmlNodePrinter to maintain "empty"
element structure
+ try {
+ def doc = new XmlSlurper().parseText(plainXml)
+ // Find the provider element by class even if it has been
renamed
+ def passwords = doc.userGroupProvider.find { it.'class' as
String == LDAP_USER_GROUP_PROVIDER_CLASS }
+ .property.findAll {
+ // Only operate on un-encrypted passwords
+ it.@name =~ "Password" && (it.@encryption == "none" ||
it.@encryption == "") && it.text()
+ }
+
+ if (passwords.isEmpty()) {
+ if (isVerbose) {
+ logger.info("No unencrypted password property elements
found in login-identity-providers.xml")
+ }
+ return plainXml
+ }
+
+ passwords.each { password ->
+ if (isVerbose) {
+ logger.info("Attempting to encrypt ${password.name()}")
+ }
+ String encryptedValue =
sensitivePropertyProvider.protect(password.text().trim())
+ password.replaceNode {
+ property(name: password.@name, encryption:
sensitivePropertyProvider.identifierKey, encryptedValue)
+ }
+ }
+
+ // Does not preserve whitespace formatting or comments
+ String updatedXml = XmlUtil.serialize(doc)
+ logger.info("Updated XML content: ${updatedXml}")
+ updatedXml
+ } catch (Exception e) {
+ if (isVerbose) {
+ logger.error("Encountered exception", e)
+ }
+ printUsageAndThrow("Cannot encrypt login identity providers
XML content", ExitCode.SERVICE_ERROR)
--- End diff --
This message should also be updated to `authorizers.xml`.
---
