[jira] [Commented] (NIFI-4701) Support encrypted properties in authorizers.xml

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-4701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16306534#comment-16306534
 ] 

ASF GitHub Bot commented on NIFI-4701:
--------------------------------------

Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2350#discussion_r159102652
  
    --- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/test/groovy/org/apache/nifi/properties/ConfigEncryptionToolTest.groovy
 ---
    @@ -319,6 +320,59 @@ class ConfigEncryptionToolTest extends GroovyTestCase {
             }
         }
     
    +    @Test
    +    void testShouldParseAuthorizersArgument() {
    +        // Arrange
    +        def flags = ["-a", "--authorizers"]
    +        String authorizersPath = "src/test/resources/authorizers.xml"
    +        ConfigEncryptionTool tool = new ConfigEncryptionTool()
    +
    +        // Act
    +        flags.each { String arg ->
    +            tool.parse([arg, authorizersPath] as String[])
    +            logger.info("Parsed authorizers.xml location: 
${tool.authorizersPath}")
    +
    +            // Assert
    +            assert tool.authorizersPath == authorizersPath
    +            assert tool.handlingAuthorizers
    +        }
    +    }
    +
    +    @Test
    +    void testShouldParseOutputAuthorizersArgument() {
    +        // Arrange
    +        def flags = ["-u", "--outputAuthorizers"]
    +        String authorizersPath = "src/test/resources/authorizers.xml"
    +        ConfigEncryptionTool tool = new ConfigEncryptionTool()
    +
    +        // Act
    +        flags.each { String arg ->
    +            tool.parse([arg, authorizersPath, "-a", authorizersPath] as 
String[])
    --- End diff --
    
    Change so the `outputAuthorizersPath` is different from `authorizersPath` 
(just call `authorizersPath.reverse()`; it doesn't have to be a valid file) to 
ensure from the equality check at the end that the correct value is being read 
here. 


> Support encrypted properties in authorizers.xml
> -----------------------------------------------
>
>                 Key: NIFI-4701
>                 URL: https://issues.apache.org/jira/browse/NIFI-4701
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Configuration
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>             Fix For: 1.5.0
>
>
> Since the addition of LdapUserGroupProvider (see NIFI-4059) in v1.4.0, 
> authorizers.xml can now contain properties for LDAP Server credentials. 
> This ticket is to enable properties in authorizers.xml to be encrypted, so 
> that the LDAP Server Manager credentials can be protected similar to 
> LdapProvider which is configured via login-identity-providers.xml.
> The main changes are in nifi-authorizers are:
> * authorizers.xsd to add an encryption attribute to Property
> * to PropertyAuthorizerFactoryBean to check for that attribute and decrypt 
> the property value if necessary when creating the the configuration context
> Additionally, support for creating an encrypted authorizers.xml, protected by 
> the NiFi master key, should be added to the Encrypt Tool in NiFi Toolkit.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)