[
https://issues.apache.org/jira/browse/NIFI-6783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-6783:
--------------------------------
Description:
If the content repository changes from encrypted -> unencrypted or vice-versa
on startup, the application should handle the change.
* Unencrypted -> encrypted: Attempt to create an {{InputStream}} instance to
read the existing content into memory and write them back using
{{EncryptedContentRepositoryOutputStream}}
* Encrypted -> unencrypted: Attempt to create a {{CipherInputStream}} instance
to read the existing events into memory and write them back using
{{OutputStream}}. This depends on the key(s) for the key IDs used still being
available via {{nifi.properties}}.
This process may be very slow given large existing repositories, so a
standalone tool should also be made available to perform this process outside
of the running app.
was:
If the provenance repository changes from encrypted -> unencrypted or
vice-versa on startup, the application should handle the change.
* Unencrypted -> encrypted: Attempt to create a
{{EventIdFirstSchemaRecordReader}} instance to read the existing events into
memory and write them back using {{EncryptedSchemaRecordWriter}}
* Encrypted -> unencrypted: Attempt to create a {{EncryptedSchemaRecordReader}}
instance to read the existing events into memory and write them back using
{{EventIdFirstSchemaRecordWriter}} or {{ByteArraySchemaRecordWriter}} depending
on the repository implementation class. This depends on the key(s) for the key
IDs used still being available via {{nifi.properties}}.
This process may be very slow given large existing repositories, so a
standalone tool should also be made available to perform this process outside
of the running app.
> Handle content repository encryption status change on startup
> -------------------------------------------------------------
>
> Key: NIFI-6783
> URL: https://issues.apache.org/jira/browse/NIFI-6783
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core Framework
> Affects Versions: 1.2.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: encryption, provenance, security
>
> If the content repository changes from encrypted -> unencrypted or vice-versa
> on startup, the application should handle the change.
> * Unencrypted -> encrypted: Attempt to create an {{InputStream}} instance to
> read the existing content into memory and write them back using
> {{EncryptedContentRepositoryOutputStream}}
> * Encrypted -> unencrypted: Attempt to create a {{CipherInputStream}}
> instance to read the existing events into memory and write them back using
> {{OutputStream}}. This depends on the key(s) for the key IDs used still being
> available via {{nifi.properties}}.
> This process may be very slow given large existing repositories, so a
> standalone tool should also be made available to perform this process outside
> of the running app.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
