ASF GitHub Bot commented on NIFIREG-120:

Github user kevdoran commented on a diff in the pull request:

    --- Diff: nifi-registry-docker/dockerhub/sh/secure.sh ---
    @@ -0,0 +1,56 @@
    +#!/bin/sh -e
    +#    Licensed to the Apache Software Foundation (ASF) under one or more
    +#    contributor license agreements.  See the NOTICE file distributed with
    +#    this work for additional information regarding copyright ownership.
    +#    The ASF licenses this file to You under the Apache License, Version 
    +#    (the "License"); you may not use this file except in compliance with
    +#    the License.  You may obtain a copy of the License at
    +#       http://www.apache.org/licenses/LICENSE-2.0
    +#    Unless required by applicable law or agreed to in writing, software
    +#    distributed under the License is distributed on an "AS IS" BASIS,
    +#    See the License for the specific language governing permissions and
    +#    limitations under the License.
    +[ -f "${scripts_dir}/common.sh" ] && . "${scripts_dir}/common.sh"
    +# Perform idempotent changes of configuration to support secure 
    +echo 'Configuring environment with SSL settings'
    +: ${KEYSTORE_PATH:?"Must specify an absolute path to the keystore being 
    +if [ ! -f "${KEYSTORE_PATH}" ]; then
    +    echo "Keystore file specified (${KEYSTORE_PATH}) does not exist."
    +    exit 1
    +: ${KEYSTORE_TYPE:?"Must specify the type of keystore (JKS, PKCS12, PEM) 
of the keystore being used."}
    +: ${KEYSTORE_PASSWORD:?"Must specify the password of the keystore being 
    +: ${TRUSTSTORE_PATH:?"Must specify an absolute path to the truststore 
being used."}
    +if [ ! -f "${TRUSTSTORE_PATH}" ]; then
    +    echo "Keystore file specified (${TRUSTSTORE_PATH}) does not exist."
    +    exit 1
    +: ${TRUSTSTORE_TYPE:?"Must specify the type of truststore (JKS, PKCS12, 
PEM) of the truststore being used."}
    +: ${TRUSTSTORE_PASSWORD:?"Must specify the password of the truststore 
being used."}
    +prop_replace 'nifi.registry.security.keystore'           "${KEYSTORE_PATH}"
    +prop_replace 'nifi.registry.security.keystoreType'       "${KEYSTORE_TYPE}"
    +prop_replace 'nifi.registry.security.keystorePasswd'     
    --- End diff --
    Noticed we don't have a way to specify 
`nifi.registry.security.keystorePasswd` through env variables. This is the case 
for the NiFi docker image as well. The default behavior on startup is to use 
the keystorePasswd as the keyPasswd, and I think that is good for most use 
cases, but at some point it might be nice to add the ability to set 
`nifi.registry.security.keyPasswd` via the env var KEY_PASSWORD. Can add that 
as an enhancement for NiFi as well.

> Basic Docker Image
> ------------------
>                 Key: NIFIREG-120
>                 URL: https://issues.apache.org/jira/browse/NIFIREG-120
>             Project: NiFi Registry
>          Issue Type: Improvement
>    Affects Versions: 0.1.0
>            Reporter: Daniel Chaffelson
>            Priority: Minor
>             Fix For: 0.2.0
> It would be convenient if NiFi Registry had an integrated Docker image ready 
> for uploading to Dockerhub, similar to the main NiFi Project, for ease of 
> integration testing.
> This could probably be ported, with some changes, from the same approach used 
> in the main NiFi project for continuity.

This message was sent by Atlassian JIRA

Reply via email to