[jira] [Commented] (NIFI-5540) NiFi does not start in cluster mode without sensitive key explicitly defined

Wed, 22 Aug 2018 10:57:10 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-5540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16589186#comment-16589186
 ] 

ASF subversion and git services commented on NIFI-5540:
-------------------------------------------------------

Commit 744b15b4a7a7533ef81fc2333df0cd212c3779eb in nifi's branch 
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=744b15b ]

NIFI-5540 Added unit test to demonstrate missing default sensitive properties 
key in flow election encryptor creation.

NIFI-5540 Added failing unit test and ignored regression test to demonstrate 
missing default sensitive properties key in flow election encryptor creation.

NIFI-5540 Added equality logic to StringEncryptor and utility equality methods 
to CryptoUtils.

NIFI-5540 Added default sensitive properties key population logic and log 
warning to StringEncryptor.

NIFI-5540 Cleaned up formatting.

NIFI-5540 Cleaned up boolean logic.

NIFI-5540 Added Javadoc to StringEncryptor.

NIFI-5540 Added unit test for StringEncryptor#equals().

NIFI-5540 Added performance benchmarking unit tests for constantTimeEquals 
methods for String, byte[], and char[].

NIFI-5540 Fixed checkstyle issue.

NIFI-5540 Fixed unit tests for default key population.

This closes #2959.

Signed-off-by: Bryan Bende <[email protected]>


> NiFi does not start in cluster mode without sensitive key explicitly defined
> ----------------------------------------------------------------------------
>
>                 Key: NIFI-5540
>                 URL: https://issues.apache.org/jira/browse/NIFI-5540
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.7.1
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: config, encryption, security
>
> While the docs instruct users to explicitly set a value for 
> {{nifi.sensitive.props.key}} in *nifi.properties* to use when encrypting 
> sensitive component properties to persist in the *flow.xml.gz*, some users do 
> not. Historically, these instances use a default, hardcoded key generation 
> value. 
> During the deprecation of {{StringEncryptor.createEncryptor(NiFiProperties)}} 
> in NIFI-5376, the code which provided the default was missed in a specific 
> cluster scenario. 
> The default should be provided, and a warning should be printed to the app 
> log if the provided key value is empty, in both standalone and cluster modes. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to