Re: sensitive variable values ?

2019-03-22 Thread Andy LoPresto 
I have done some proposals for sensitive variables storage in the variable 
registry, but haven’t been able to focus on it yet due to other priorities. You 
can see some light example mock-up, workflow, and bullet points towards the end 
of this presentation [1]. 

If you just want to write a secret into the flow.xml.gz during the automated 
deployment process, I have written a sample Ruby script that performs this task 
[2]. You can use this as an example if you need to implement this in a 
different language. 

[1] 
https://github.com/alopresto/slides/blob/master/australia_2018/future_of_data_melbourne.pdf
[2] 
http://apache-nifi-developer-list.39713.n7.nabble.com/Re-Passwords-in-EncryptContent-tp12900.html


Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Mar 21, 2019, at 20:28, Joe Witt  wrote:
> 
> Hello
> 
> The variables of a pg are not, at this time, for sensitive values.  You can 
> set the sens values programatically to ensure they are never shown.
> 
> We will likely add support for secrets (ie sensitive variables) but eta there 
> depends on progress in the community.
> 
> thanks
> 
>> On Thu, Mar 21, 2019, 3:17 PM l vic  wrote:
>> Is there a mechanism in Nifi to use sensitive variable values? For example: 
>> would it be possible to store/set password value in 
>> StandardRestrictedSSLContextService without exposing it? I am looking for 
>> the way to set password in StandardRestrictedSSLContextService from the 
>> automated deployment script
>> Thank you,
>> -V

Re: sensitive variable values ?

2019-03-21 Thread Shawn Weeks 
Are you not able to update the properties for the controller service. It looks 
like you use something like PUT /controller-services/{id} with some json kinda 
like this.

{ "revision": {…}, "id": "value", "uri": "value", "position": {…}, 
"permissions": {…}, "bulletins": [{…}], "disconnectedNodeAcknowledged": true, 
"parentGroupId": "value", "component": {…}, "operatePermissions": {…}, 
"status": {…} }

Filling in component with something like this and trying to set the properties.

{ "id": "value", "versionedComponentId": "value", "parentGroupId": "value", 
"position": {…}, "name": "value", "type": "value", "bundle": {…}, 
"controllerServiceApis": [{…}], "comments": "value", "state": "value", 
"persistsState": true, "restricted": true, "deprecated": true, 
"multipleVersionsAvailable": true, "properties": { "name": "value" }, 
"descriptors": { "name": {…} }, "customUiUrl": "value", "annotationData": 
"value", "referencingComponents": [{…}], "validationErrors": ["value"], 
"validationStatus": "value", "extensionMissing": true }

Check https://nifi.apache.org/docs/nifi-docs/rest-api/index.html

What JSON have you tried so far?

Thanks
Shawn


From: l vic 
Reply-To: "users@nifi.apache.org" 
Date: Thursday, March 21, 2019 at 3:38 PM
To: "users@nifi.apache.org" 
Subject: Re: sensitive variable values ?

I don't see how to do it for service from NiFi REST api... Any suggestions?
Thank you

Re: sensitive variable values ?

2019-03-21 Thread l vic 
I don't see how to do it for service from NiFi REST api... Any suggestions?
Thank you


>
>

Re: sensitive variable values ?

2019-03-21 Thread Bryan Bende 
Sensitive variables is something we'd like to support, but we
currently don't have that capability yet.

If you are using a script to create components, or to instantiate
templates, you should be able to set the property values of those
components using the REST API.

You would be making the same REST call that is made if you were in the
UI and were on the config window, entered the password, and hit the
Apply button.

On Thu, Mar 21, 2019 at 3:17 PM l vic  wrote:
>
> Is there a mechanism in Nifi to use sensitive variable values? For example: 
> would it be possible to store/set password value in 
> StandardRestrictedSSLContextService without exposing it? I am looking for the 
> way to set password in StandardRestrictedSSLContextService from the automated 
> deployment script
> Thank you,
> -V

Re: sensitive variable values ?

2019-03-21 Thread Joe Witt 
Hello

The variables of a pg are not, at this time, for sensitive values.  You can
set the sens values programatically to ensure they are never shown.

We will likely add support for secrets (ie sensitive variables) but eta
there depends on progress in the community.

thanks

On Thu, Mar 21, 2019, 3:17 PM l vic  wrote:

> Is there a mechanism in Nifi to use sensitive variable values? For
> example: would it be possible to store/set password value
> in StandardRestrictedSSLContextService without exposing it? I am looking
> for the way to set password in StandardRestrictedSSLContextService from the
> automated deployment script
> Thank you,
> -V
>