New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NIFI-4942 Add capability for encrypt-config tool to use securely hashed key/password for demonstration of previous knowledge #2628
Conversation
…nfig toolkit. Added test resource for Python scrypt implementation/verifier. Added unit tests.
Added unit tests.
Added unit tests.
Added logic to check hashed password/key. Added logic to retrieve secure hash from file to compare. Added unit tests (125/125).
Added logic to return current hash params in JSON for Ambari to consume. Fixed typos in error messages. Added unit tests (129/129).
Added unit tests.
Here are some instructions and expected outputs to demonstrate that the tool works as intended:
|
@alopresto thanks for addressing this, happy to review. It does look like Travis is failing on a ratcheck related error in nifi-toolkit-encrypt-config |
@alopresto ran through test cases and this works as expected. One question for you is there a way to designate an output location for the secure-hash.key file? Such as if I want to pipe it to stdin or just to another location? Also as a side note I tested with -p (password) input where it may contain certain characters (@, -, and &). The '&' caused the script to fail but also to stall, needed to do a Control-C to break out of it. I'm guessing the command line is seeing it as a concatenated command. The below is resolved by simply including quotes around the password but may be good to document for users:
|
Spoke with @alopresto offline. He highlighted that is it important to maintain control of location of secure-hash.key file in order to prevent calling application from piping into a file that is controlled externally. We want to keep it as secured as possible. Concerning the documentation update recommendation that can be addressed in a separate item. +1 Will merge after reconfirming tests/rat-check. |
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
For all changes:
Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
Has your PR been rebased against the latest commit within the target branch (typically master)?
Is your initial contribution a single, squashed commit?
For code changes:
For documentation related changes:
Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.