[
https://issues.apache.org/jira/browse/NIFI-4942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16445266#comment-16445266
]
ASF GitHub Bot commented on NIFI-4942:
--------------------------------------
Github user kevdoran commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2648#discussion_r182941468
--- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/pom.xml ---
@@ -167,10 +167,12 @@
<groupId>org.apache.rat</groupId>
<artifactId>apache-rat-plugin</artifactId>
<configuration>
+ <consoleOutput>true</consoleOutput>
<excludes combine.children="append">
<exclude>src/test/resources/scrypt.py</exclude>
-
<exclude>src/test/resources/secure_hash.key</exclude>
-
<exclude>src/test/resources/secure_hash_128.key</exclude>
+ <!-- use wildcard for below files as tests
generate additional files during the build -->
+ <exclude>**/secure_hash.key</exclude>
+ <exclude>**/secure_hash_128.key</exclude>
--- End diff --
Ok, here's what I've got so far for the secure_hash.key file issue. It does
not look trivial to find and disable the tests that could be creating this
file, as I think it can come from both the existing (pre-NIFI-4942) and the
recently introduced test cases.
The path is hardcoded to ./secure_hash.key, but the test class does appear
to try to account for that here:
https://github.com/kevdoran/nifi/blob/master/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/groov...
I'm not sure why that is not working on some Linux platforms. I'm wondering
if it has to do with the fact that it is a static field and how the classes get
loaded for these test cases, but in any case it means that any execution of the
tool could create the file that we want to avoid.
So options I see are:
- leave the tests enabled, leave the wildcard directory for the RAT
exclusions, and maybe add the file to a .gitignore listing so as to prevent it
from getting accidentally committed
- try to find every test that is creating this file and temporarily disable
it (non-trivial from what I can tell, but maybe I am missing something obvious)
- disable the entire ConfigEncryptionToolTest suite (for now)
I think all of these approaches only address the immediate issues and still
require a longer-term solution.
> NiFi Toolkit - Allow migration of master key without previous password
> ----------------------------------------------------------------------
>
> Key: NIFI-4942
> URL: https://issues.apache.org/jira/browse/NIFI-4942
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.5.0
> Reporter: Yolanda M. Davis
> Assignee: Andy LoPresto
> Priority: Major
> Fix For: 1.7.0
>
>
> Currently the encryption cli in nifi toolkit requires that, in order to
> migrate from one master key to the next, the previous master key or password
> should be provided. In cases where the provisioning tool doesn't have the
> previous value available this becomes challenging to provide and may be prone
> to error. In speaking with [~alopresto] we can allow toolkit to support a
> mode of execution such that the master key can be updated without requiring
> the previous password. Also documentation around it's usage should be updated
> to be clear in describing the purpose and the type of environment where this
> command should be used (admin only access etc).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
