-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NIFI-8403: Generating Self-signed cert on startup when applicable #4986
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your work on this feature @gresockj. Encapsulating the implementation in a separate utility class looks good. See individual comments regarding implementation details and consideration of logging for various situations.
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/util/TestSecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/util/TestSecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
...ifi-security-utils/src/main/java/org/apache/nifi/security/util/StandardTlsConfiguration.java
Outdated
Show resolved
Hide resolved
...ifi-security-utils/src/main/java/org/apache/nifi/security/util/StandardTlsConfiguration.java
Outdated
Show resolved
Hide resolved
...ifi-security-utils/src/main/java/org/apache/nifi/security/util/StandardTlsConfiguration.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates @gresockj! It looks close to completion, I made a few additional comments. As an injection into the NiFi startup process, this should be as clean as possible to avoid issues, so thanks for continuing to work through the details.
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Outdated
Show resolved
Hide resolved
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Show resolved
Hide resolved
...t-suite/src/test/java/org/apache/nifi/tests/system/SpawnedStandaloneNiFiInstanceFactory.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the work on this feature @gresockj! Verified runtime behavior with current default properties as well as with the keystore and truststore file paths specified.
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Latest changes look good to me, going to merge, thanks!
…ache#4986) * NIFI-8403: Implementing auto-generated certificates for secure startup * Adding check for passwords in SecureNiFiConfigUtil
Description of PR
Adding autogeneration of self-signed certificate in a default keystore/truststore when applicable. Conditions for autogeneration are as follows:
nifi.properties contains the following configuration:
Additionally, the keystore and truststore files as configured must not exist on the file system at those locations in order for them to be autogenerated. The code will not attempt to generate these files if one or both of them is present in the configured locations.
The results will be:
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
For all changes:
Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
Has your PR been rebased against the latest commit within the target branch (typically
main
)?Is your initial contribution a single, squashed commit? Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not
squash
or use--force
when pushing to allow for clean monitoring of changes.For code changes:
mvn -Pcontrib-check clean install
at the rootnifi
folder?LICENSE
file, including the mainLICENSE
file undernifi-assembly
?NOTICE
file, including the mainNOTICE
file found undernifi-assembly
?.displayName
in addition to .name (programmatic access) for each of the new properties?For documentation related changes:
Note:
Please ensure that once the PR is submitted, you check GitHub Actions CI for build issues and submit an update to your PR as soon as possible.