[jira] [Commented] (NIFI-4942) NiFi Toolkit - Allow migration of master key without previous password

Thu, 19 Apr 2018 19:26:24 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-4942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16445171#comment-16445171
 ] 

ASF GitHub Bot commented on NIFI-4942:
--------------------------------------

Github user kevdoran commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2648#discussion_r182931924
  
    --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/pom.xml ---
    @@ -167,10 +167,12 @@
                     <groupId>org.apache.rat</groupId>
                     <artifactId>apache-rat-plugin</artifactId>
                     <configuration>
    +                    <consoleOutput>true</consoleOutput>
                         <excludes combine.children="append">
                             <exclude>src/test/resources/scrypt.py</exclude>
    -                        
<exclude>src/test/resources/secure_hash.key</exclude>
    -                        
<exclude>src/test/resources/secure_hash_128.key</exclude>
    +                        <!-- use wildcard for below files as tests 
generate additional files during the build -->
    +                        <exclude>**/secure_hash.key</exclude>
    +                        <exclude>**/secure_hash_128.key</exclude>
    --- End diff --
    
    Thanks @ijokarumawak. That confirms what I and others have been able to 
gather. It looks like that file is created by the command line tool that is 
under test. I don't think there is a way to change its location, other than 
perhaps changing the working directory of the test prior to executing the tool. 
Reliably removing the file would be a good approach as well. 
    
    We may also want to disable these tests to get master building reliably on 
all platforms and then re-enable them once we have sorted this out.
    
    Thanks for jumping in to assist!


> NiFi Toolkit - Allow migration of master key without previous password
> ----------------------------------------------------------------------
>
>                 Key: NIFI-4942
>                 URL: https://issues.apache.org/jira/browse/NIFI-4942
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.5.0
>            Reporter: Yolanda M. Davis
>            Assignee: Andy LoPresto
>            Priority: Major
>             Fix For: 1.7.0
>
>
> Currently the encryption cli in nifi toolkit requires that, in order to 
> migrate from one master key to the next, the previous master key or password 
> should be provided. In cases where the provisioning tool doesn't have the 
> previous value available this becomes challenging to provide and may be prone 
> to error. In speaking with [~alopresto] we can allow toolkit to support a 
> mode of execution such that the master key can be updated without requiring 
> the previous password. Also documentation around it's usage should be updated 
> to be clear in describing the purpose and the type of environment where this 
> command should be used (admin only access etc).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to