You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/06/15 04:45:00 UTC

[jira] [Commented] (NIFI-5193) Improve ConfigEncryptionTool handling of complex user search mapping values

    [ https://issues.apache.org/jira/browse/NIFI-5193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16513331#comment-16513331 ] 

ASF GitHub Bot commented on NIFI-5193:
--------------------------------------

GitHub user alopresto opened a pull request:

    https://github.com/apache/nifi/pull/2797

    NIFI-5193 Fixed issue in ConfigEncryptionTool when XML contained regex-breaking LDAP filters

    Thank you for submitting a contribution to Apache NiFi.
    
    In order to streamline the review of the contribution we ask you
    to ensure the following steps have been taken:
    
    ### For all changes:
    - [x] Is there a JIRA ticket associated with this PR? Is it referenced 
         in the commit message?
    
    - [x] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
    
    - [x] Has your PR been rebased against the latest commit within the target branch (typically master)?
    
    - [ ] Is your initial contribution a single, squashed commit?
    
    ### For code changes:
    - [x] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
    - [x] Have you written or updated unit tests to verify your changes?
    - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? 
    - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
    - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
    - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?
    
    ### For documentation related changes:
    - [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
    
    ### Note:
    Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/alopresto/nifi NIFI-5193

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/2797.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2797
    
----
commit 16b2deaa27244c595f6544874b17dd893fe42e16
Author: Andy LoPresto <al...@...>
Date:   2018-06-15T03:38:11Z

    NIFI-5193 Added logic to handle complex user filter expressions.
    Added unit tests.
    Added unit test resources.

commit a6f21818e83a51d3ff84fb8cfbd6d5f03bff259d
Author: Andy LoPresto <al...@...>
Date:   2018-06-15T03:50:38Z

    NIFI-5193 Fixed comments.
    Refactored XmlSlurper instantiation to keep ignorable whitespace.

commit fea1716e057c222ccc4dd659676a70f05af6c90b
Author: Andy LoPresto <al...@...>
Date:   2018-06-15T03:57:25Z

    NIFI-5193 Added logic to handle LIP complex user search filter.
    Added unit tests.
    Added unit test resources.

commit 7a0471e1201602fea00feae76159d9fb1f84dce3
Author: Andy LoPresto <al...@...>
Date:   2018-06-15T04:07:56Z

    NIFI-5193 Removed unnecessary substitution/repopulation logic from encrypt|decryptAuthorizers.
    All unit tests pass.

commit a96b63ae6a6269f3277e781b6e6a76b0166b6abc
Author: Andy LoPresto <al...@...>
Date:   2018-06-15T04:33:35Z

    NIFI-5193 Removed unnecessary substitution/repopulation logic from CET.
    Removed unnecessary unit tests.

commit cca5ce4c718927cb42c1c44762a642119e58062d
Author: Andy LoPresto <al...@...>
Date:   2018-06-15T04:36:54Z

    NIFI-5193 Removed unnecessary commons-text dependency from pom.xml.

----


> Improve ConfigEncryptionTool handling of complex user search mapping values
> ---------------------------------------------------------------------------
>
>                 Key: NIFI-5193
>                 URL: https://issues.apache.org/jira/browse/NIFI-5193
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Tools and Build
>    Affects Versions: 1.6.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: regex, security, toolkit
>
> The {{ConfigEncryptionTool}} can fail to encrypt {{login-identity-providers.xml}} or {{authorizers.xml}} if the XML contains a User Search Mapping value which is interpreted as having regular expression capture groups. 
> {code}
> <property name="User Search Filter">(& (objectCategory=Person)(sAMAccountName=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(!(sAMAccountName=$*)))</property>
> {code}
> Results in:
> {code}
> 2018/05/14 15:05:22 ERROR [main] org.apache.nifi.properties.ConfigEncryptionTool: Encountered an error
> java.lang.IllegalArgumentException: Illegal group reference
>             at java.util.regex.Matcher.appendReplacement(Matcher.java:857)
>             at java.util.regex.Matcher.replaceFirst(Matcher.java:1004)
>             at java.lang.String.replaceFirst(String.java:2178)
>             at java_lang_String$replaceFirst$6.call(Unknown Source)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
>             at org.apache.nifi.properties.ConfigEncryptionTool.serializeAuthorizersAndPreserveFormat(ConfigEncryptionTool.groovy:1246)
>             at org.apache.nifi.properties.ConfigEncryptionTool$serializeAuthorizersAndPreserveFormat$6.callStatic(Unknown Source)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
>             at org.apache.nifi.properties.ConfigEncryptionTool.writeAuthorizers(ConfigEncryptionTool.groovy:1118)
>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>             at java.lang.reflect.Method.invoke(Method.java:498)
>             at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210)
>             at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
>             at org.apache.nifi.properties.ConfigEncryptionTool.main(ConfigEncryptionTool.groovy:1485)
>             at org.apache.nifi.properties.ConfigEncryptionTool$main.call(Unknown Source)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
>             at org.apache.nifi.toolkit.encryptconfig.LegacyMode.run(LegacyMode.groovy:30)
>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>             at java.lang.reflect.Method.invoke(Method.java:498)
>             at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:169)
>             at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
>             at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
>             at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
>             at org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain.main(EncryptConfigMain.groovy:109)
> Encountered an error writing the master key to the bootstrap.conf file and the encrypted properties to nifi.properties
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)