You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Joseph Witt (JIRA)" <ji...@apache.org> on 2018/05/07 12:42:00 UTC

[jira] [Commented] (NIFI-4942) NiFi Toolkit - Allow migration of master key without previous password

    [ https://issues.apache.org/jira/browse/NIFI-4942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16465861#comment-16465861 ] 

Joseph Witt commented on NIFI-4942:
-----------------------------------

[~kdoran] [~alopresto] still seeing test failures on linux.

-------------------------------------------------------------------------------
Test set: org.apache.nifi.properties.ConfigEncryptionToolTest
-------------------------------------------------------------------------------
Tests run: 137, Failures: 2, Errors: 0, Skipped: 8, Time elapsed: 13.131 s <<< FAILURE! - in org.apache.nifi.properties.ConfigEncryptionToolTest
testTranslateCliWithEncryptedInputShouldNotIntersperseVerboseOutput(org.apache.nifi.properties.ConfigEncryptionToolTest)  Time elapsed: 0.015 s  <<< FAILURE!
java.lang.AssertionError: Wrong exit status expected:<0> but was:<4>

testShouldTranslateCliWithEncryptedInput(org.apache.nifi.properties.ConfigEncryptionToolTest)  Time elapsed: 0.011 s  <<< FAILURE!
java.lang.AssertionError: Wrong exit status expected:<0> but was:<4>


I've attached a file of running the build with verbose/stacks.  The root issue appears to be that the key is not believed to be in valid hex format.  Also, for what it is worth i'm running these without JCE full strength.

> NiFi Toolkit - Allow migration of master key without previous password
> ----------------------------------------------------------------------
>
>                 Key: NIFI-4942
>                 URL: https://issues.apache.org/jira/browse/NIFI-4942
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.5.0
>            Reporter: Yolanda M. Davis
>            Assignee: Andy LoPresto
>            Priority: Major
>             Fix For: 1.7.0
>
>         Attachments: TEST-org.apache.nifi.properties.ConfigEncryptionToolTest.xml
>
>
> Currently the encryption cli in nifi toolkit requires that, in order to migrate from one master key to the next, the previous master key or password should be provided. In cases where the provisioning tool doesn't have the previous value available this becomes challenging to provide and may be prone to error. In speaking with [~alopresto] we can allow toolkit to support a mode of execution such that the master key can be updated without requiring the previous password. Also documentation around it's usage should be updated to be clear in describing the purpose and the type of environment where this command should be used (admin only access etc).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)