Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NIFI-12339 Fix Property Decryption for Migrated Components #8002

Merged
merged 1 commit into from
Nov 10, 2023
Merged

NIFI-12339 Fix Property Decryption for Migrated Components #8002

merged 1 commit into from
Nov 10, 2023

Conversation

exceptionfactory
Copy link
Contributor

Summary

NIFI-12339 Resolves recursive sensitive property encryption issues on the main branch, introduced with changes for handling migration of properties in NIFI-12301. The problem was the result of passing encrypted property values to migration methods, which subsequently resulted in encrypting a value that was already encrypted.

The resolution decrypts original property values prior to registering created extensions so that subsequent property migration methods have access to the decrypted property values.

The resolution can be verified using the InvokeHTTP Processor and creating a sensitive dynamic property named Authorization. After creating the property with an arbitrary value, restarting NiFi maintains the same length for the encrypted string in flow.json.gz, as opposed to growing the encrypted string length after each restart operation. New test methods for the Versioned Component Synchronizer also verify that migration methods for Processors receive decrypted values.

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

Pull Request Tracking

  • Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
  • Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000

Pull Request Formatting

  • Pull Request based on current revision of the main branch
  • Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

  • Build completed using mvn clean install -P contrib-check
    • JDK 21

Licensing

  • New dependencies are compatible with the Apache License 2.0 according to the License Policy
  • New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

  • Documentation formatting appears as expected in rendered files

@exceptionfactory
NIFI-12339 Fixed Property Decryption for Migrated Components
cd5b9f2 
- Updated StandardVersionedComponentSynchronizer to decrypt properties when creating extension references for subsequent migration
@markap14
Copy link
Contributor

Thanks for fixing @exceptionfactory . The approach seems to be good. Code looks good to me. +1 will merge.

@markap14 markap14 merged commit dabdf94 into apache:main Nov 10, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@exceptionfactory @markap14