[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16313671#comment-16313671
 ] 

ASF GitHub Bot commented on NIFI-4708:
--------------------------------------

Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2376#discussion_r159953548
  
    --- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
 ---
    @@ -0,0 +1,143 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.nifi.toolkit.encryptconfig
    +
    +import org.apache.nifi.properties.AESSensitivePropertyProvider
    +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
    +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
    +import org.slf4j.Logger
    +import org.slf4j.LoggerFactory
    +
    +/**
    + * A special DecryptMode that can run using NiFiRegistry CLI Options
    + */
    +class NiFiRegistryDecryptMode extends DecryptMode {
    +
    +    private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
    +
    +    CliBuilder cli
    +
    +    NiFiRegistryDecryptMode() {
    +        cli = NiFiRegistryMode.cliBuilder()
    +    }
    +
    +    @Override
    +    void run(String[] args) {
    +        logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
    +        try {
    +
    +            def options = cli.parse(args)
    +
    +            if (!options || options.h) {
    +                EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
    +            }
    +
    +            EncryptConfigLogger.configureLogger(options.v)
    +
    +            DecryptConfiguration config = new DecryptConfiguration()
    +
    +            /* Invalid fields when used with --decrypt: */
    +            def invalidDecryptOptions = ["i", "a"]
    +            def presentInvalidOptions = 
Arrays.stream(options.getInner().getOptions()).findAll {
    +                invalidDecryptOptions.contains(it.getOpt())
    +            }
    +            if (presentInvalidOptions.size() > 0) {
    +                throw new RuntimeException("Invalid options: 
${EncryptConfigMain.DECRYPT_OPT} cannot be used with 
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
    +            }
    +
    +            /* Required fields when using --decrypt */
    +            // registryPropertiesFile (-r)
    +            if (!options.r) {
    +                throw new RuntimeException("Invalid options: Input 
nifiRegistryProperties (-r) is required when using --decrypt")
    +            }
    +            config.inputFilePath = options.r
    +            config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
    +
    +            // one of [--oldPassword, --oldKey] or [-p, -k, -b <file]
    --- End diff --
    
    Typo in comment -- `[-p, -k, -b <file>]`. 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> ------------------------------------------------------------------------
>
>                 Key: NIFI-4708
>                 URL: https://issues.apache.org/jira/browse/NIFI-4708
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>             Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)