You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/06/15 04:45:00 UTC
[jira] [Commented] (NIFI-5193) Improve ConfigEncryptionTool
handling of complex user search mapping values
[ https://issues.apache.org/jira/browse/NIFI-5193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16513331#comment-16513331 ]
ASF GitHub Bot commented on NIFI-5193:
--------------------------------------
GitHub user alopresto opened a pull request:
https://github.com/apache/nifi/pull/2797
NIFI-5193 Fixed issue in ConfigEncryptionTool when XML contained regex-breaking LDAP filters
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [x] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [x] Has your PR been rebased against the latest commit within the target branch (typically master)?
- [ ] Is your initial contribution a single, squashed commit?
### For code changes:
- [x] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
- [x] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/alopresto/nifi NIFI-5193
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/2797.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2797
----
commit 16b2deaa27244c595f6544874b17dd893fe42e16
Author: Andy LoPresto <al...@...>
Date: 2018-06-15T03:38:11Z
NIFI-5193 Added logic to handle complex user filter expressions.
Added unit tests.
Added unit test resources.
commit a6f21818e83a51d3ff84fb8cfbd6d5f03bff259d
Author: Andy LoPresto <al...@...>
Date: 2018-06-15T03:50:38Z
NIFI-5193 Fixed comments.
Refactored XmlSlurper instantiation to keep ignorable whitespace.
commit fea1716e057c222ccc4dd659676a70f05af6c90b
Author: Andy LoPresto <al...@...>
Date: 2018-06-15T03:57:25Z
NIFI-5193 Added logic to handle LIP complex user search filter.
Added unit tests.
Added unit test resources.
commit 7a0471e1201602fea00feae76159d9fb1f84dce3
Author: Andy LoPresto <al...@...>
Date: 2018-06-15T04:07:56Z
NIFI-5193 Removed unnecessary substitution/repopulation logic from encrypt|decryptAuthorizers.
All unit tests pass.
commit a96b63ae6a6269f3277e781b6e6a76b0166b6abc
Author: Andy LoPresto <al...@...>
Date: 2018-06-15T04:33:35Z
NIFI-5193 Removed unnecessary substitution/repopulation logic from CET.
Removed unnecessary unit tests.
commit cca5ce4c718927cb42c1c44762a642119e58062d
Author: Andy LoPresto <al...@...>
Date: 2018-06-15T04:36:54Z
NIFI-5193 Removed unnecessary commons-text dependency from pom.xml.
----
> Improve ConfigEncryptionTool handling of complex user search mapping values
> ---------------------------------------------------------------------------
>
> Key: NIFI-5193
> URL: https://issues.apache.org/jira/browse/NIFI-5193
> Project: Apache NiFi
> Issue Type: Bug
> Components: Tools and Build
> Affects Versions: 1.6.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: regex, security, toolkit
>
> The {{ConfigEncryptionTool}} can fail to encrypt {{login-identity-providers.xml}} or {{authorizers.xml}} if the XML contains a User Search Mapping value which is interpreted as having regular expression capture groups.
> {code}
> <property name="User Search Filter">(& (objectCategory=Person)(sAMAccountName=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(!(sAMAccountName=$*)))</property>
> {code}
> Results in:
> {code}
> 2018/05/14 15:05:22 ERROR [main] org.apache.nifi.properties.ConfigEncryptionTool: Encountered an error
> java.lang.IllegalArgumentException: Illegal group reference
> at java.util.regex.Matcher.appendReplacement(Matcher.java:857)
> at java.util.regex.Matcher.replaceFirst(Matcher.java:1004)
> at java.lang.String.replaceFirst(String.java:2178)
> at java_lang_String$replaceFirst$6.call(Unknown Source)
> at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
> at org.apache.nifi.properties.ConfigEncryptionTool.serializeAuthorizersAndPreserveFormat(ConfigEncryptionTool.groovy:1246)
> at org.apache.nifi.properties.ConfigEncryptionTool$serializeAuthorizersAndPreserveFormat$6.callStatic(Unknown Source)
> at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
> at org.apache.nifi.properties.ConfigEncryptionTool.writeAuthorizers(ConfigEncryptionTool.groovy:1118)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210)
> at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
> at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
> at org.apache.nifi.properties.ConfigEncryptionTool.main(ConfigEncryptionTool.groovy:1485)
> at org.apache.nifi.properties.ConfigEncryptionTool$main.call(Unknown Source)
> at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
> at org.apache.nifi.toolkit.encryptconfig.LegacyMode.run(LegacyMode.groovy:30)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:169)
> at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
> at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
> at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
> at org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain.main(EncryptConfigMain.groovy:109)
> Encountered an error writing the master key to the bootstrap.conf file and the encrypted properties to nifi.properties
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)