[jira] [Commented] (NIFI-4942) NiFi Toolkit - Allow migration of master key without previous password

Mon, 07 May 2018 08:47:31 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-4942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16466054#comment-16466054
 ] 

Kevin Doran commented on NIFI-4942:
-----------------------------------

{quote}The root issue appears to be that the key is not believed to be in valid 
hex format. Also, for what it is worth i'm running these without JCE full 
strength.{quote}

I think you're on to something here, [~joewitt]. I reverted the crypto policy 
jars on my local dev env (Mac OS X) to the default, limited strength crypto, 
and was able to reproduce this build result:

{noformat}
...
[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.nifi.properties.ConfigEncryptionToolTest
[ERROR] Tests run: 137, Failures: 2, Errors: 0, Skipped: 8, Time elapsed: 
19.928 s <<< FAILURE! - in org.apache.nifi.properties.ConfigEncryptionToolTest
[ERROR] 
testTranslateCliWithEncryptedInputShouldNotIntersperseVerboseOutput(org.apache.nifi.properties.ConfigEncryptionToolTest)
  Time elapsed: 0.029 s  <<< FAILURE!
java.lang.AssertionError: Wrong exit status expected:<0> but was:<4>

[ERROR] 
testShouldTranslateCliWithEncryptedInput(org.apache.nifi.properties.ConfigEncryptionToolTest)
  Time elapsed: 0.02 s  <<< FAILURE!
java.lang.AssertionError: Wrong exit status expected:<0> but was:<4>

...
[INFO]
[INFO] Results:
[INFO]
[ERROR] Failures:
[ERROR]   ConfigEncryptionToolTest.testShouldTranslateCliWithEncryptedInput 
Wrong exit status expected:<0> but was:<4>
[ERROR]   
ConfigEncryptionToolTest.testTranslateCliWithEncryptedInputShouldNotIntersperseVerboseOutput
 Wrong exit status expected:<0> but was:<4>
[INFO]
[ERROR] Tests run: 155, Failures: 2, Errors: 0, Skipped: 9
...
{noformat}



> NiFi Toolkit - Allow migration of master key without previous password
> ----------------------------------------------------------------------
>
>                 Key: NIFI-4942
>                 URL: https://issues.apache.org/jira/browse/NIFI-4942
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.5.0
>            Reporter: Yolanda M. Davis
>            Assignee: Andy LoPresto
>            Priority: Major
>             Fix For: 1.7.0
>
>         Attachments: 
> TEST-org.apache.nifi.properties.ConfigEncryptionToolTest.xml
>
>
> Currently the encryption cli in nifi toolkit requires that, in order to 
> migrate from one master key to the next, the previous master key or password 
> should be provided. In cases where the provisioning tool doesn't have the 
> previous value available this becomes challenging to provide and may be prone 
> to error. In speaking with [~alopresto] we can allow toolkit to support a 
> mode of execution such that the master key can be updated without requiring 
> the previous password. Also documentation around it's usage should be updated 
> to be clear in describing the purpose and the type of environment where this 
> command should be used (admin only access etc).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to