nifi icon indicating copy to clipboard operation
nifi copied to clipboard
verified publisher icon apache

NIFI-9953 - The config encryption tool is too complicated to use and can be simplified

Open thenatog opened this issue 3 years ago • 1 comments

This is a draft PR of adding the property encryptor module. I would like input on the general approach, any issues with naming, or suggestions for improvement.

At the moment this can be run by building and running:

java -cp "./target/nifi-property-encryptor-tool-1.18.0-SNAPSHOT-jar-with-dependencies.jar:~/.m2/repository/info/picocli/picocli/4.5.2/picocli-4.5.2.jar:~/.m2/repository/org/slf4j/slf4j-simple/1.7.36/slf4j-simple-1.7.36.jar:~/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar:../../nifi-commons/nifi-property-protection-factory/target/nifi-property-protection-factory-1.18.0-SNAPSHOT.jar" org.apache.nifi.util.console.PropertyEncryptorCLI encrypt config /tmp/encrypt-me aSecurePassphrase AES_GCM

though it seems the references to maven repository may need to be absolute rather than using tilde. I have not yet determined how to build the picocli application to run more like a bash script but that is the end goal.

This PR should encrypt configuration files with AES_GCM - other providers have not yet been added. Also still to add is encrypting the nifi.properties (which should be an additional commit to this PR) and encrypting the flow.xml.gz/flow.json.gz which might be a separate PR. Currently it is also writing out the encrypted files as temporary files, without overwriting the existing ones. I think I will instead add some changes to this PR to copy the old files to .bkup and rename the encrypted files.

Summary

NIFI-9953

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

Pull Request Tracking

  • [x] Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
  • [x] Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000

Pull Request Formatting

  • [x] Pull Request based on current revision of the main branch
  • [ ] Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

  • [ ] Build completed using mvn clean install -P contrib-check
    • [ ] JDK 8
    • [ ] JDK 11
    • [ ] JDK 17

Licensing

  • [ ] New dependencies are compatible with the Apache License 2.0 according to the License Policy
  • [ ] New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

  • [ ] Documentation formatting appears as expected in rendered files

thenatog avatar Aug 05 '22 16:08 thenatog

I've updated the PR with most of the requested changes, let me know if further changes are necessary

thenatog avatar Sep 08 '22 14:09 thenatog