Hi all, I hope this question is appropriate for the developers list, if not, I’ll move it to users.
I have an Ansible role for NiFi that includes generating the NiFi properties files from templates and variables set per cluster/host as well as updating keystore etc. This works very well, except when it comes to protected properties as set by the toolkit. The toolkit wants to operate on the actual properties files, which causes Ansible to then see differences and want to reset. I tried with an intermediate processing dir, but then I lose the ability to use Ansible’s –check and –diff options to see if any changes were made. In the end, I added the encrypted values by hand to the Ansible variables files. As a next step, I’m looking at whether I can use the toolkit’s java classes in my own wrapper to allow me to pass in a master key, protection scheme and raw value and get out the encrypted one, so that I can easily update my encrypted values in the Ansible inventory. However, my Java skills are somewhat limited, so I would like to ask first if this is even a good idea. Is this a sensible idea or does it conflict with NiFi or encryption design principles I’m not aware of? Kind regards, Isha Lamboo
