[
https://issues.apache.org/jira/browse/NIFI-4942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16434408#comment-16434408
]
ASF GitHub Bot commented on NIFI-4942:
--------------------------------------
GitHub user alopresto opened a pull request:
https://github.com/apache/nifi/pull/2628
NIFI-4942 Add capability for encrypt-config tool to use securely hashed
key/password for demonstration of previous knowledge
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [x] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number
you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [x] Has your PR been rebased against the latest commit within the target
branch (typically master)?
- [ ] Is your initial contribution a single, squashed commit?
### For code changes:
- [x] Have you ensured that the full suite of tests is executed via mvn
-Pcontrib-check clean install at the root nifi folder?
- [x] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file, including the main
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to
.name (programmatic access) for each of the new properties?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in
which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build
issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/alopresto/nifi NIFI-4942
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/2628.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2628
----
commit b122f9192394b1d50eb319eb2b6e1999aefafd30
Author: Andy LoPresto <alopresto@...>
Date: 2018-03-23T03:47:53Z
NIFI-4942 [WIP] Added skeleton for secure hash handling in encrypt-config
toolkit.
Added test resource for Python scrypt implementation/verifier.
Added unit tests.
commit 4f7bd03d8730ec50babb66850d6dbdc05c1a4834
Author: Andy LoPresto <alopresto@...>
Date: 2018-03-29T02:11:42Z
NIFI-4942 [WIP] More unit tests passing.
commit 5d43edfac6fa99a8f4cba4174628b9133ff5a6f2
Author: Andy LoPresto <alopresto@...>
Date: 2018-04-02T23:18:38Z
NIFI-4942 All unit tests pass and test artifacts are cleaned up.
commit c2fc9555704b3df68a63200ff8bc850b2c3730fd
Author: Andy LoPresto <alopresto@...>
Date: 2018-04-05T00:25:33Z
NIFI-4942 Added RAT exclusions.
commit 513dadfb29595d9755d220678b6233c9fb2a8c66
Author: Andy LoPresto <alopresto@...>
Date: 2018-04-05T00:26:00Z
NIFI-4942 Added Scrypt hash format checker.
Added unit tests.
commit 411b54f15871227d8128446cc131b85da00a56ef
Author: Andy LoPresto <alopresto@...>
Date: 2018-04-05T00:26:22Z
NIFI-4942 Added NiFi hash format checker.
Added unit tests.
commit 1b2d6406b94c08b99b434bdc7b47d1cf1eb7319c
Author: Andy LoPresto <alopresto@...>
Date: 2018-04-05T23:45:24Z
NIFI-4942 Added check for simultaneous use of -z/-y.
Added logic to check hashed password/key.
Added logic to retrieve secure hash from file to compare.
Added unit tests (125/125).
commit 706015ce3fa745a7de0485e68e7cc96efe529d62
Author: Andy LoPresto <alopresto@...>
Date: 2018-04-10T02:48:44Z
NIFI-4942 Added new ExitCode.
Added logic to return current hash params in JSON for Ambari to consume.
Fixed typos in error messages.
Added unit tests (129/129).
commit 6308fd65b994bad637a205a5e661db4712cde811
Author: Andy LoPresto <alopresto@...>
Date: 2018-04-10T22:28:49Z
NIFI-4942 Added Scrypt hash format verification for hash check.
Added unit tests.
commit 0b2d12f9a440d207f1d21c06566b839a18efd089
Author: Andy LoPresto <alopresto@...>
Date: 2018-04-11T17:54:40Z
NIFI-4942 Fixed RAT checks.
----
> NiFi Toolkit - Allow migration of master key without previous password
> ----------------------------------------------------------------------
>
> Key: NIFI-4942
> URL: https://issues.apache.org/jira/browse/NIFI-4942
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.5.0
> Reporter: Yolanda M. Davis
> Assignee: Andy LoPresto
> Priority: Major
>
> Currently the encryption cli in nifi toolkit requires that, in order to
> migrate from one master key to the next, the previous master key or password
> should be provided. In cases where the provisioning tool doesn't have the
> previous value available this becomes challenging to provide and may be prone
> to error. In speaking with [~alopresto] we can allow toolkit to support a
> mode of execution such that the master key can be updated without requiring
> the previous password. Also documentation around it's usage should be updated
> to be clear in describing the purpose and the type of environment where this
> command should be used (admin only access etc).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
