You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by alopresto <gi...@git.apache.org> on 2016/11/05 05:03:30 UTC
[GitHub] nifi pull request #1186: NIFI-2652 [WIP] Handle encrypted config key migrati...
GitHub user alopresto opened a pull request:
https://github.com/apache/nifi/pull/1186
NIFI-2652 [WIP] Handle encrypted config key migration
Submitting a WIP PR because other features depend on this work. There is an unrelated test failure that I got locally after rebasing against master, so I will investigate that, but the module where I did all of this work is fine.
I will also update the Admin Guide with instructions for key migration and squash these commits.
---
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [x] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [x] Has your PR been rebased against the latest commit within the target branch (typically master)?
- [o] Is your initial contribution a single, squashed commit?
### For code changes:
- [x] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
- [x] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?
### For documentation related changes:
- [o] Have you ensured that format looks appropriate for the output in which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/alopresto/nifi NIFI-2652
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/1186.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1186
----
commit ad2b8d46a21a1642f88be9519ab535d60930dfe5
Author: Andy LoPresto <al...@apache.org>
Date: 2016-11-02T03:49:15Z
NIFI-2652 Implemented first pass of key migration logic and provided single comprehensive unit test.
commit f7f88859e1b26e40d0abeb0670d2626ddf6f4714
Author: Andy LoPresto <al...@apache.org>
Date: 2016-11-03T02:31:37Z
NIFI-2652 Added logic and unit test for all combinations of original key/password and new key/password.
commit 283924dacaf6f7b4396334c4315d040da240eb71
Author: Andy LoPresto <al...@apache.org>
Date: 2016-11-05T04:08:02Z
NIFI-2652 Expanded unit test for combinations into individual tests due to System.exit() only be capturable once per test.
Three tests which mock Scrypt for speed are temporarily ignored to perform test pollution identification.
commit f28610a65e9245e9a8b2fe462efdcec8aa777331
Author: Andy LoPresto <al...@apache.org>
Date: 2016-11-05T04:11:48Z
NIFI-2652 Removed SCrypt mock from one unit test that did not need it. Two offenders remain ignored.
commit df9c18f4aae1f1dd40631f37139b91646bfa4e4f
Author: Andy LoPresto <al...@apache.org>
Date: 2016-11-05T04:14:13Z
NIFI-2652 Removed SCrypt mock from one redundant unit test. One offender remains ignored.
commit 23a150c52120f12a7f772dc655cf5d8e8eeee223
Author: Andy LoPresto <al...@apache.org>
Date: 2016-11-05T04:22:51Z
NIFI-2652 Removed SCrypt mock from one unit test that didn't need it. Test pollution is removed and all tests pass.
commit f6144a491ad27f70cf562749e1b8da02364bb348
Author: Andy LoPresto <al...@apache.org>
Date: 2016-11-05T04:42:46Z
NIFI-2652 Added unit tests for negative cases for migration argument parsing.
Cleaned up TODOs and comments.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi issue #1186: NIFI-2652 [WIP] Handle encrypted config key migration
Posted by YolandaMDavis <gi...@git.apache.org>.
Github user YolandaMDavis commented on the issue:
https://github.com/apache/nifi/pull/1186
@alopresto just to add clarity on unit test failures, I am specifically receiving a problem when running the ConfigEncryptionToolTest. Several tests are failing for me and the failure appears to be due to a generated key that looks truncated.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi pull request #1186: NIFI-2652 [WIP] Handle encrypted config key migrati...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/nifi/pull/1186
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi issue #1186: NIFI-2652 [WIP] Handle encrypted config key migration
Posted by YolandaMDavis <gi...@git.apache.org>.
Github user YolandaMDavis commented on the issue:
https://github.com/apache/nifi/pull/1186
@alopresto happy to review (understanding this is WIP)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi issue #1186: NIFI-2652 [WIP] Handle encrypted config key migration
Posted by alopresto <gi...@git.apache.org>.
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1186
@YolandaMDavis made a good catch; the tests are ambivalent in regards to JCE jurisdiction policy, but some of the test resources I generated relied on 256-bit keys and so were not compatible with an environment that did not have the policies installed. I am provided resources with 128-bit keys to allow them to run on any environment.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi issue #1186: NIFI-2652 [WIP] Handle encrypted config key migration
Posted by YolandaMDavis <gi...@git.apache.org>.
Github user YolandaMDavis commented on the issue:
https://github.com/apache/nifi/pull/1186
@alopresto re-ran the unit tests and scenarios looks good
+1
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi issue #1186: NIFI-2652 [WIP] Handle encrypted config key migration
Posted by alopresto <gi...@git.apache.org>.
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1186
@YolandaMDavis I believe I have resolved the issue you were encountering, and the unrelated test failure was due to DNS settings on my machine which I have now fixed. Please perform the review. Thank you.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] nifi issue #1186: NIFI-2652 [WIP] Handle encrypted config key migration
Posted by YolandaMDavis <gi...@git.apache.org>.
Github user YolandaMDavis commented on the issue:
https://github.com/apache/nifi/pull/1186
@alopresto I also received problems running unit test but confirmed that I could migrate keys using several scenarios:
raw key -> raw key
password -> password
password -> raw key
raw key -> password
Also tried negative conditions including incorrect old password/rawkey and received expected exception.
Once unit test issue is resolved I can reevaluate for merge. Thanks @alopresto!
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---