You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Matt Burgess (Jira)" <ji...@apache.org> on 2021/09/27 17:12:00 UTC

[jira] [Assigned] (NIFI-7012) Using sensitive parameter in sensitive property of InvokeScriptedProcessor causes Jetty shutdown on NiFi restart

     [ https://issues.apache.org/jira/browse/NIFI-7012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matt Burgess reassigned NIFI-7012:
----------------------------------

    Assignee: Matt Burgess  (was: Andy LoPresto)

> Using sensitive parameter in sensitive property of InvokeScriptedProcessor causes Jetty shutdown on NiFi restart
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-7012
>                 URL: https://issues.apache.org/jira/browse/NIFI-7012
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.10.0, 1.14.0
>         Environment: OpenJDK 1.8.0_232 on Ubuntu 18.04.3 LTS
>            Reporter: Dariusz Chmielewski
>            Assignee: Matt Burgess
>            Priority: Major
>              Labels: parameters, scripting, security
>         Attachments: groovy_sample.txt
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> To simulate this add a new InvokeScriptedProcessor to your flow with attached example basic Groovy script as the Script Body. This will create a "Password" sensitive property on the processor, then using UI enter sensitive parameter (ex: "#\{test_pass}") in the value of this property. At this point everything will work fine, no errors in UI or nifi-app.log during this processor execution, but when you restart NiFi you will notice the below warning in nifi-app.log. To get around this issue and have Jetty start again I had to manually edit flow.xml and set the parameter ("test_pass") sensitive value to false. Note that both the processor property and parameter appear as sensitive in UI (before making changes to flow.xml) and their values are encrypted in flow.xml.
> {code:java}
> 2020-01-10 15:37:28,492 INFO [main] org.eclipse.jetty.server.Server Started @29687ms
>  2020-01-10 15:37:28,493 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
>  org.apache.nifi.controller.serialization.FlowSynchronizationException: java.lang.IllegalArgumentException: The property 'Password' cannot reference Parameter 'test_pass' because Sensitive Parameters may only be referenced by Sensitive Properties.
>  at org.apache.nifi.controller.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:510)
>  at org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1368)
>  at org.apache.nifi.persistence.StandardXMLFlowConfigurationDAO.load(StandardXMLFlowConfigurationDAO.java:88)
>  at org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:812)
>  at org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:557)
>  at org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:72)
>  at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:959)
>  at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:553)
>  at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:924)
>  at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:365)
>  at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1497)
>  at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1459)
>  at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:854)
>  at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:278)
>  at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:545)
>  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:119)
>  at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:406)
>  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:119)
>  at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:119)
>  at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:167)
>  at org.eclipse.jetty.server.Server.start(Server.java:418)
>  at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>  at org.eclipse.jetty.server.Server.doStart(Server.java:382)
>  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>  at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:952)
>  at org.apache.nifi.NiFi.<init>(NiFi.java:158)
>  at org.apache.nifi.NiFi.<init>(NiFi.java:72)
>  at org.apache.nifi.NiFi.main(NiFi.java:301)
>  Caused by: java.lang.IllegalArgumentException: The property 'Password' cannot reference Parameter 'test_pass' because Sensitive Parameters may only be referenced by Sensitive Properties.
>  at org.apache.nifi.controller.AbstractComponentNode.verifyCanUpdateProperties(AbstractComponentNode.java:307)
>  at org.apache.nifi.controller.AbstractComponentNode.setProperties(AbstractComponentNode.java:192)
>  at org.apache.nifi.controller.ComponentNode.setProperties(ComponentNode.java:60)
>  at org.apache.nifi.controller.StandardFlowSynchronizer.updateProcessor(StandardFlowSynchronizer.java:1227)
>  at org.apache.nifi.controller.StandardFlowSynchronizer.addProcessGroup(StandardFlowSynchronizer.java:1334)
>  at org.apache.nifi.controller.StandardFlowSynchronizer.addProcessGroup(StandardFlowSynchronizer.java:1458)
>  at org.apache.nifi.controller.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:393)
>  ... 42 common frames omitted
>  2020-01-10 15:37:28,494 INFO [Thread-1] org.apache.nifi.NiFi Initiating shutdown of Jetty web server...{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)