You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/12/18 15:40:00 UTC
[jira] [Commented] (NIFI-4701) Support encrypted properties in
authorizers.xml
[ https://issues.apache.org/jira/browse/NIFI-4701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295137#comment-16295137 ]
ASF GitHub Bot commented on NIFI-4701:
--------------------------------------
GitHub user kevdoran opened a pull request:
https://github.com/apache/nifi/pull/2350
NIFI-4701 Support encrypted authorizers.xml
Enable properties in authorizers.xml to be encrypted by the master key.
Adds authorizers.xml to the files understood by the encrypt-config tool in the NiFi Toolkit. If passed to the tool using the CLI, then the sensitive properties for LdapUserGroupProvider will be encrypted.
Also fixes a bug wherein encrypt-config replaces multiple XML nodes in login-indentity-providers.xml when LdapProvider is not the first provider listed in the file.
---
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [ ] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [ ] Has your PR been rebased against the latest commit within the target branch (typically master)?
- [ ] Is your initial contribution a single, squashed commit?
### For code changes:
- [ ] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/kevdoran/nifi NIFI-4701
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/2350.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2350
----
commit 35d69e06cd878ae22e0de142803d9d0d9112c7a0
Author: Kevin Doran <kd...@gmail.com>
Date: 2017-12-17T16:40:06Z
NIFI-4701 Support encrypted authorizers.xml
Enable properties in authorizers.xml to be encrypted by the master key.
commit a9c496e97a8e3f4fbcee3b7c0ab260e88ecc9b19
Author: Kevin Doran <kd...@gmail.com>
Date: 2017-12-18T04:46:39Z
NIFI-4701 Add authorizers.xml support to toolkit
Adds authorizers.xml to the files understood by the encrypt-config
tool in the NiFi Toolkit. If passed to the tool using the CLI, then
the sensitive properties for LdapUserGroupProvider will be encrypted.
Also fixes a bug wherein encrypt-config replaces multiple XML nodes in
login-indentity-providers.xml when LdapProvider is not the first
provider listed in the file.
----
> Support encrypted properties in authorizers.xml
> -----------------------------------------------
>
> Key: NIFI-4701
> URL: https://issues.apache.org/jira/browse/NIFI-4701
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Configuration
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> Since the addition of LdapUserGroupProvider (see NIFI-4059) in v1.4.0, authorizers.xml can now contain properties for LDAP Server credentials.
> This ticket is to enable properties in authorizers.xml to be encrypted, so that the LDAP Server Manager credentials can be protected similar to LdapProvider which is configured via login-identity-providers.xml.
> The main changes are in nifi-authorizers are:
> * authorizers.xsd to add an encryption attribute to Property
> * to PropertyAuthorizerFactoryBean to check for that attribute and decrypt the property value if necessary when creating the the configuration context
> Additionally, support for creating an encrypted authorizers.xml, protected by the NiFi master key, should be added to the Encrypt Tool in NiFi Toolkit.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)