[jira] [Commented] (NIFI-4942) NiFi Toolkit - Allow migration of master key without previous password

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-4942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16445152#comment-16445152
 ] 

ASF GitHub Bot commented on NIFI-4942:
--------------------------------------

Github user ijokarumawak commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2648#discussion_r182931405
  
    --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/pom.xml ---
    @@ -167,10 +167,12 @@
                     <groupId>org.apache.rat</groupId>
                     <artifactId>apache-rat-plugin</artifactId>
                     <configuration>
    +                    <consoleOutput>true</consoleOutput>
                         <excludes combine.children="append">
                             <exclude>src/test/resources/scrypt.py</exclude>
    -                        
<exclude>src/test/resources/secure_hash.key</exclude>
    -                        
<exclude>src/test/resources/secure_hash_128.key</exclude>
    +                        <!-- use wildcard for below files as tests 
generate additional files during the build -->
    +                        <exclude>**/secure_hash.key</exclude>
    +                        <exclude>**/secure_hash_128.key</exclude>
    --- End diff --
    
    `nifi-toolkit/nifi-toolkit-encrypt-config/secure_hash.key` is created when 
I run mvn test on a Linux machine as follows:
    
    ```
    mvn --projects nifi-toolkit/nifi-toolkit-encrypt-config -Pcontrib-check 
-Dtest=org.apache.nifi.toolkit.encryptconfig.EncryptConfigMainTest#testShouldPerformFullOperationForNiFiPropertiesAndLoginIdentityProvidersAndAuthorizers
 test
    ```
    
    Excluding these files with wild card would address the RAT check failure, 
but the created file is under directory which is version controlled with Git. 
It's possible that someone may add the created file mistakenly into Git.
    
    ```
    $ git status
    On branch master
    Your branch is up-to-date with 'origin/master'.
    Untracked files:
      (use "git add <file>..." to include in what will be committed)
    
            nifi-toolkit/nifi-toolkit-encrypt-config/secure_hash.key
    
    nothing added to commit but untracked files present (use "git add" to track)
    ```
    
    I filed [NIFI-5100](https://issues.apache.org/jira/browse/NIFI-5100) and am 
looking for a way to avoid creating such file, or remove it after test.



> NiFi Toolkit - Allow migration of master key without previous password
> ----------------------------------------------------------------------
>
>                 Key: NIFI-4942
>                 URL: https://issues.apache.org/jira/browse/NIFI-4942
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.5.0
>            Reporter: Yolanda M. Davis
>            Assignee: Andy LoPresto
>            Priority: Major
>             Fix For: 1.7.0
>
>
> Currently the encryption cli in nifi toolkit requires that, in order to 
> migrate from one master key to the next, the previous master key or password 
> should be provided. In cases where the provisioning tool doesn't have the 
> previous value available this becomes challenging to provide and may be prone 
> to error. In speaking with [~alopresto] we can allow toolkit to support a 
> mode of execution such that the master key can be updated without requiring 
> the previous password. Also documentation around it's usage should be updated 
> to be clear in describing the purpose and the type of environment where this 
> command should be used (admin only access etc).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)