[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124552#comment-16124552 ] ASF GitHub Bot commented on NIFI-4237: -- Github user alopresto commented on the issue: https://github.com/apache/nifi/pull/2077 I have a *number* of questions about the existing implementation, but those will be addressed in NIFI-3116. > EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest > underlying cause > > > Key: NIFI-4237 > URL: https://issues.apache.org/jira/browse/NIFI-4237 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.3.0 >Reporter: Russell Bateman >Assignee: Andy LoPresto >Priority: Minor > Labels: encryption, logging, security > Fix For: 1.4.0 > > > Our Ansible instructions upgraded NiFi and created a new > {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, > is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon > relaunching NiFi, the wrong key was used to decrypt resulting in the reported > failure to start, _flow.xml.gz_ is no longer useful. > We found the problem and fixed it after Mark Payne suggested a possible > cause, but if this state of things can be determined, it might save on > community support for this situation if the logged message were to suggest > what's at the bottom of this problem. The top of the stack trace appears in > _logs/nifi-app.log_ as below: > 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer > Failed to start web server... shutting down. > org.apache.nifi.encrypt.EncryptionException: > org.jasypt.exceptions.EncryptionOperationNotPossibleException > at > org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at > org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at... -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124442#comment-16124442 ] ASF subversion and git services commented on NIFI-4237: --- Commit ae940d862420e00023eca2e996ad03646f3ed5a4 in nifi's branch refs/heads/master from [~alopresto] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae940d8 ] NIFI-4237 Added working test for StringEncryptor decryption of sensitive flow values in FlowFromDOMFactory. NIFI-4237 Cleaned up unused alternate approaches. NIFI-4237 Added failing unit test for better error message. NIFI-4237 Added logic to capture unhelpful encryption exception and provide context in message. All tests pass. This closes #2077 > EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest > underlying cause > > > Key: NIFI-4237 > URL: https://issues.apache.org/jira/browse/NIFI-4237 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.3.0 >Reporter: Russell Bateman >Assignee: Andy LoPresto >Priority: Minor > Labels: encryption, logging, security > > Our Ansible instructions upgraded NiFi and created a new > {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, > is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon > relaunching NiFi, the wrong key was used to decrypt resulting in the reported > failure to start, _flow.xml.gz_ is no longer useful. > We found the problem and fixed it after Mark Payne suggested a possible > cause, but if this state of things can be determined, it might save on > community support for this situation if the logged message were to suggest > what's at the bottom of this problem. The top of the stack trace appears in > _logs/nifi-app.log_ as below: > 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer > Failed to start web server... shutting down. > org.apache.nifi.encrypt.EncryptionException: > org.jasypt.exceptions.EncryptionOperationNotPossibleException > at > org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at > org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at... -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124441#comment-16124441 ] ASF subversion and git services commented on NIFI-4237: --- Commit ae940d862420e00023eca2e996ad03646f3ed5a4 in nifi's branch refs/heads/master from [~alopresto] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae940d8 ] NIFI-4237 Added working test for StringEncryptor decryption of sensitive flow values in FlowFromDOMFactory. NIFI-4237 Cleaned up unused alternate approaches. NIFI-4237 Added failing unit test for better error message. NIFI-4237 Added logic to capture unhelpful encryption exception and provide context in message. All tests pass. This closes #2077 > EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest > underlying cause > > > Key: NIFI-4237 > URL: https://issues.apache.org/jira/browse/NIFI-4237 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.3.0 >Reporter: Russell Bateman >Assignee: Andy LoPresto >Priority: Minor > Labels: encryption, logging, security > > Our Ansible instructions upgraded NiFi and created a new > {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, > is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon > relaunching NiFi, the wrong key was used to decrypt resulting in the reported > failure to start, _flow.xml.gz_ is no longer useful. > We found the problem and fixed it after Mark Payne suggested a possible > cause, but if this state of things can be determined, it might save on > community support for this situation if the logged message were to suggest > what's at the bottom of this problem. The top of the stack trace appears in > _logs/nifi-app.log_ as below: > 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer > Failed to start web server... shutting down. > org.apache.nifi.encrypt.EncryptionException: > org.jasypt.exceptions.EncryptionOperationNotPossibleException > at > org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at > org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at... -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124440#comment-16124440 ] ASF subversion and git services commented on NIFI-4237: --- Commit ae940d862420e00023eca2e996ad03646f3ed5a4 in nifi's branch refs/heads/master from [~alopresto] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae940d8 ] NIFI-4237 Added working test for StringEncryptor decryption of sensitive flow values in FlowFromDOMFactory. NIFI-4237 Cleaned up unused alternate approaches. NIFI-4237 Added failing unit test for better error message. NIFI-4237 Added logic to capture unhelpful encryption exception and provide context in message. All tests pass. This closes #2077 > EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest > underlying cause > > > Key: NIFI-4237 > URL: https://issues.apache.org/jira/browse/NIFI-4237 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.3.0 >Reporter: Russell Bateman >Assignee: Andy LoPresto >Priority: Minor > Labels: encryption, logging, security > > Our Ansible instructions upgraded NiFi and created a new > {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, > is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon > relaunching NiFi, the wrong key was used to decrypt resulting in the reported > failure to start, _flow.xml.gz_ is no longer useful. > We found the problem and fixed it after Mark Payne suggested a possible > cause, but if this state of things can be determined, it might save on > community support for this situation if the logged message were to suggest > what's at the bottom of this problem. The top of the stack trace appears in > _logs/nifi-app.log_ as below: > 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer > Failed to start web server... shutting down. > org.apache.nifi.encrypt.EncryptionException: > org.jasypt.exceptions.EncryptionOperationNotPossibleException > at > org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at > org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at... -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1612#comment-1612 ] ASF GitHub Bot commented on NIFI-4237: -- Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/2077 > EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest > underlying cause > > > Key: NIFI-4237 > URL: https://issues.apache.org/jira/browse/NIFI-4237 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.3.0 >Reporter: Russell Bateman >Assignee: Andy LoPresto >Priority: Minor > Labels: encryption, logging, security > > Our Ansible instructions upgraded NiFi and created a new > {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, > is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon > relaunching NiFi, the wrong key was used to decrypt resulting in the reported > failure to start, _flow.xml.gz_ is no longer useful. > We found the problem and fixed it after Mark Payne suggested a possible > cause, but if this state of things can be determined, it might save on > community support for this situation if the logged message were to suggest > what's at the bottom of this problem. The top of the stack trace appears in > _logs/nifi-app.log_ as below: > 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer > Failed to start web server... shutting down. > org.apache.nifi.encrypt.EncryptionException: > org.jasypt.exceptions.EncryptionOperationNotPossibleException > at > org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at > org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at... -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124439#comment-16124439 ] ASF subversion and git services commented on NIFI-4237: --- Commit ae940d862420e00023eca2e996ad03646f3ed5a4 in nifi's branch refs/heads/master from [~alopresto] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae940d8 ] NIFI-4237 Added working test for StringEncryptor decryption of sensitive flow values in FlowFromDOMFactory. NIFI-4237 Cleaned up unused alternate approaches. NIFI-4237 Added failing unit test for better error message. NIFI-4237 Added logic to capture unhelpful encryption exception and provide context in message. All tests pass. This closes #2077 > EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest > underlying cause > > > Key: NIFI-4237 > URL: https://issues.apache.org/jira/browse/NIFI-4237 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.3.0 >Reporter: Russell Bateman >Assignee: Andy LoPresto >Priority: Minor > Labels: encryption, logging, security > > Our Ansible instructions upgraded NiFi and created a new > {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, > is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon > relaunching NiFi, the wrong key was used to decrypt resulting in the reported > failure to start, _flow.xml.gz_ is no longer useful. > We found the problem and fixed it after Mark Payne suggested a possible > cause, but if this state of things can be determined, it might save on > community support for this situation if the logged message were to suggest > what's at the bottom of this problem. The top of the stack trace appears in > _logs/nifi-app.log_ as below: > 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer > Failed to start web server... shutting down. > org.apache.nifi.encrypt.EncryptionException: > org.jasypt.exceptions.EncryptionOperationNotPossibleException > at > org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at > org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at... -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124438#comment-16124438 ] ASF GitHub Bot commented on NIFI-4237: -- Github user mattyb149 commented on the issue: https://github.com/apache/nifi/pull/2077 I would like to learn why EncryptionException is a RuntimeException and not a checked exception, but since that's not related per se, +1 LGTM, merging to master, thank you! > EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest > underlying cause > > > Key: NIFI-4237 > URL: https://issues.apache.org/jira/browse/NIFI-4237 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.3.0 >Reporter: Russell Bateman >Assignee: Andy LoPresto >Priority: Minor > Labels: encryption, logging, security > > Our Ansible instructions upgraded NiFi and created a new > {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, > is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon > relaunching NiFi, the wrong key was used to decrypt resulting in the reported > failure to start, _flow.xml.gz_ is no longer useful. > We found the problem and fixed it after Mark Payne suggested a possible > cause, but if this state of things can be determined, it might save on > community support for this situation if the logged message were to suggest > what's at the bottom of this problem. The top of the stack trace appears in > _logs/nifi-app.log_ as below: > 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer > Failed to start web server... shutting down. > org.apache.nifi.encrypt.EncryptionException: > org.jasypt.exceptions.EncryptionOperationNotPossibleException > at > org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at > org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at... -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124065#comment-16124065 ] ASF GitHub Bot commented on NIFI-4237: -- Github user alopresto commented on the issue: https://github.com/apache/nifi/pull/2077 I added a unit test which ensures the log error output is more helpful for users when the `flow.xml.gz` decryption fails. Verify with deterministic cipher text vectors: ``` 1966 [main] INFO org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest - Cipher text: enc{8ae49f94922876d07602e737f9d0095f397e8bdf73d3151ecde439e24af95715} 2068 [main] ERROR org.apache.nifi.controller.serialization.FlowFromDOMFactory - There was a problem decrypting a sensitive flow configuration value. Check that the nifi.sensitive.props.key value in nifi.properties matches the value used to encrypt the flow.xml.gz file org.apache.nifi.encrypt.EncryptionException: org.jasypt.exceptions.EncryptionOperationNotPossibleException at org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) at org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:501) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite$StaticMetaMethodSiteNoUnwrapNoCoerce.invoke(StaticMetaMethodSite.java:151) at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.call(StaticMetaMethodSite.java:91) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133) at org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy:129) at org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest$_testShouldProvideBetterErrorMessageOnDecryptionFailure_closure2.doCall(FlowFromDOMFactoryTest.groovy) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1019) at groovy.lang.Closure.call(Closure.java:426) at groovy.lang.Closure.call(Closure.java:420) at groovy.test.GroovyAssert.shouldFail(GroovyAssert.java:119) at groovy.test.GroovyAssert$shouldFail.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214) at org.apache.nifi.controller.serialization.FlowFromDOMFactoryTest.testShouldProvideBetterErrorMessageOnDecryptionFailure(FlowFromDOMFactoryTest.groovy:128) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at
[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16124059#comment-16124059 ] ASF GitHub Bot commented on NIFI-4237: -- GitHub user alopresto opened a pull request: https://github.com/apache/nifi/pull/2077 NIFI-4237 Improve error messaging on encryption failures Thank you for submitting a contribution to Apache NiFi. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Does your PR title start with NIFI- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically master)? - [ ] Is your initial contribution a single, squashed commit? ### For code changes: - [x] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder? - [x] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly? - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly? - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. You can merge this pull request into a Git repository by running: $ git pull https://github.com/alopresto/nifi NIFI-4237 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2077.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2077 commit 5752925ac51035db1a5e9f7e9797e308fc5770f2 Author: Andy LoPrestoDate: 2017-08-11T20:15:16Z NIFI-4237 Added working test for StringEncryptor decryption of sensitive flow values in FlowFromDOMFactory. commit 7c35cfccb2868814184aa4768ee398d0038eaab1 Author: Andy LoPresto Date: 2017-08-11T20:17:09Z NIFI-4237 Cleaned up unused alternate approaches. commit a45a259a99a176aea848190d23253a54e88aed95 Author: Andy LoPresto Date: 2017-08-11T20:20:11Z NIFI-4237 Added failing unit test for better error message. commit 1a2a4ddebdd506b058b359747f0a1016a6ff3346 Author: Andy LoPresto Date: 2017-08-11T20:30:44Z NIFI-4237 Added logic to capture unhelpful encryption exception and provide context in message. All tests pass. > EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest > underlying cause > > > Key: NIFI-4237 > URL: https://issues.apache.org/jira/browse/NIFI-4237 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Reporter: Russell Bateman >Assignee: Andy LoPresto >Priority: Minor > > Our Ansible instructions upgraded NiFi and created a new > {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, > is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon > relaunching NiFi, the wrong key was used to decrypt resulting in the reported > failure to start, _flow.xml.gz_ is no longer useful. > We found the problem and fixed it after Mark Payne suggested a possible > cause, but if this state of things can be determined, it might save on > community support for this situation if the logged message were to suggest > what's at the bottom of this problem. The top of the stack trace appears in > _logs/nifi-bootstrap.log_ as below: > 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer > Failed to start web server... shutting down. > org.apache.nifi.encrypt.EncryptionException: > org.jasypt.exceptions.EncryptionOperationNotPossibleException > at > org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) >
[jira] [Commented] (NIFI-4237) EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest underlying cause
[ https://issues.apache.org/jira/browse/NIFI-4237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16122728#comment-16122728 ] Joseph Witt commented on NIFI-4237: --- Fix version can be set once contrib/review cycle is being merged or very near to merge. > EncryptionOperationNotPossibleException in nifi-bootstrap.log might suggest > underlying cause > > > Key: NIFI-4237 > URL: https://issues.apache.org/jira/browse/NIFI-4237 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Reporter: Russell Bateman >Priority: Minor > > Our Ansible instructions upgraded NiFi and created a new > {{nifi.sensitive.props.key}}. In _nifi.properties_ this property, if extant, > is used to encrypt sensitive properties in _flow.xml.gz_. Thus, upon > relaunching NiFi, the wrong key was used to decrypt resulting in the reported > failure to start, _flow.xml.gz_ is no longer useful. > We found the problem and fixed it after Mark Payne suggested a possible > cause, but if this state of things can be determined, it might save on > community support for this situation if the logged message were to suggest > what's at the bottom of this problem. The top of the stack trace appears in > _logs/nifi-bootstrap.log_ as below: > 2017-07-25 23:23:31,148 WARN [main] org.apache.nifi.web.server.JettyServer > Failed to start web server... shutting down. > org.apache.nifi.encrypt.EncryptionException: > org.jasypt.exceptions.EncryptionOperationNotPossibleException > at > org.apache.nifi.encrypt.StringEncryptor.decrypt(StringEncryptor.java:149) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at > org.apache.nifi.controller.serialization.FlowFromDOMFactory.decrypt(FlowFromDOMFactory.java:474) > ~[nifi-framework-core-1.1.2.jar:1.1.2] > at... -- This message was sent by Atlassian JIRA (v6.4.14#64029)