You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/12/18 15:40:00 UTC

[jira] [Commented] (NIFI-4701) Support encrypted properties in authorizers.xml

    [ https://issues.apache.org/jira/browse/NIFI-4701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295137#comment-16295137 ] 

ASF GitHub Bot commented on NIFI-4701:
--------------------------------------

GitHub user kevdoran opened a pull request:

    https://github.com/apache/nifi/pull/2350

    NIFI-4701 Support encrypted authorizers.xml

    Enable properties in authorizers.xml to be encrypted by the master key.
    
    Adds authorizers.xml to the files understood by the encrypt-config tool in the NiFi Toolkit. If passed to the tool using the CLI, then the sensitive properties for LdapUserGroupProvider will be encrypted.
    
    Also fixes a bug wherein encrypt-config replaces multiple XML nodes in login-indentity-providers.xml when LdapProvider is not the first provider listed in the file.
    
    --- 
    
    Thank you for submitting a contribution to Apache NiFi.
    
    In order to streamline the review of the contribution we ask you
    to ensure the following steps have been taken:
    
    ### For all changes:
    - [ ] Is there a JIRA ticket associated with this PR? Is it referenced 
         in the commit message?
    
    - [ ] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
    
    - [ ] Has your PR been rebased against the latest commit within the target branch (typically master)?
    
    - [ ] Is your initial contribution a single, squashed commit?
    
    ### For code changes:
    - [ ] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
    - [ ] Have you written or updated unit tests to verify your changes?
    - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? 
    - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
    - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
    - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?
    
    ### For documentation related changes:
    - [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
    
    ### Note:
    Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/kevdoran/nifi NIFI-4701

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/2350.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2350
    
----
commit 35d69e06cd878ae22e0de142803d9d0d9112c7a0
Author: Kevin Doran <kd...@gmail.com>
Date:   2017-12-17T16:40:06Z

    NIFI-4701 Support encrypted authorizers.xml
    
    Enable properties in authorizers.xml to be encrypted by the master key.

commit a9c496e97a8e3f4fbcee3b7c0ab260e88ecc9b19
Author: Kevin Doran <kd...@gmail.com>
Date:   2017-12-18T04:46:39Z

    NIFI-4701 Add authorizers.xml support to toolkit
    
    Adds authorizers.xml to the files understood by the encrypt-config
    tool in the NiFi Toolkit. If passed to the tool using the CLI, then
    the sensitive properties for LdapUserGroupProvider will be encrypted.
    
    Also fixes a bug wherein encrypt-config replaces multiple XML nodes in
    login-indentity-providers.xml when LdapProvider is not the first
    provider listed in the file.

----


> Support encrypted properties in authorizers.xml
> -----------------------------------------------
>
>                 Key: NIFI-4701
>                 URL: https://issues.apache.org/jira/browse/NIFI-4701
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Configuration
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>             Fix For: 1.5.0
>
>
> Since the addition of LdapUserGroupProvider (see NIFI-4059) in v1.4.0, authorizers.xml can now contain properties for LDAP Server credentials. 
> This ticket is to enable properties in authorizers.xml to be encrypted, so that the LDAP Server Manager credentials can be protected similar to LdapProvider which is configured via login-identity-providers.xml.
> The main changes are in nifi-authorizers are:
> * authorizers.xsd to add an encryption attribute to Property
> * to PropertyAuthorizerFactoryBean to check for that attribute and decrypt the property value if necessary when creating the the configuration context
> Additionally, support for creating an encrypted authorizers.xml, protected by the NiFi master key, should be added to the Encrypt Tool in NiFi Toolkit.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)