[jira] [Commented] (NIFI-4942) NiFi Toolkit - Allow migration of master key without previous password

Fri, 13 Apr 2018 16:27:35 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-4942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16438083#comment-16438083
 ] 

ASF subversion and git services commented on NIFI-4942:
-------------------------------------------------------

Commit 6d06defa6336a0902180007182024219571e12e7 in nifi's branch 
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=6d06def ]

NIFI-4942 [WIP] Added skeleton for secure hash handling in encrypt-config 
toolkit. Added test resource for Python scrypt implementation/verifier. Added 
unit tests.

NIFI-4942 [WIP] More unit tests passing.

NIFI-4942 All unit tests pass and test artifacts are cleaned up.

NIFI-4942 Added RAT exclusions.

NIFI-4942 Added Scrypt hash format checker. Added unit tests.

NIFI-4942 Added NiFi hash format checker. Added unit tests.

NIFI-4942 Added check for simultaneous use of -z/-y. Added logic to check 
hashed password/key. Added logic to retrieve secure hash from file to compare. 
Added unit tests (125/125).

NIFI-4942 Added new ExitCode. Added logic to return current hash params in JSON 
for Ambari to consume. Fixed typos in error messages. Added unit tests 
(129/129).

NIFI-4942 Added Scrypt hash format verification for hash check. Added unit 
tests.

NIFI-4942 Fixed RAT checks.

Signed-off-by: Yolanda Davis <ymda...@apache.org>

This closes #2628


> NiFi Toolkit - Allow migration of master key without previous password
> ----------------------------------------------------------------------
>
>                 Key: NIFI-4942
>                 URL: https://issues.apache.org/jira/browse/NIFI-4942
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.5.0
>            Reporter: Yolanda M. Davis
>            Assignee: Andy LoPresto
>            Priority: Major
>
> Currently the encryption cli in nifi toolkit requires that, in order to 
> migrate from one master key to the next, the previous master key or password 
> should be provided. In cases where the provisioning tool doesn't have the 
> previous value available this becomes challenging to provide and may be prone 
> to error. In speaking with [~alopresto] we can allow toolkit to support a 
> mode of execution such that the master key can be updated without requiring 
> the previous password. Also documentation around it's usage should be updated 
> to be clear in describing the purpose and the type of environment where this 
> command should be used (admin only access etc).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to