Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-10378 Added OIDC client secret to encrypted properties 

This closes #6352

Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
Nathan Gough 2022-08-30 12:41:01 -04:00 committed by exceptionfactory
parent e2d6df5afc
commit 10d1fbe888
No known key found for this signature in database
GPG Key ID: 29B6A52D2AAE8DBA
3 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/main/java/org/apache/nifi/properties/ProtectedNiFiProperties.java
View File

@ -56,7 +56,8 @@ class ProtectedNiFiProperties extends NiFiProperties implements ProtectedPropert
PROVENANCE_REPO_ENCRYPTION_KEY_PROVIDER_PASSWORD, PROVENANCE_REPO_ENCRYPTION_KEY_PROVIDER_PASSWORD,
FLOWFILE_REPOSITORY_ENCRYPTION_KEY_PROVIDER_PASSWORD, FLOWFILE_REPOSITORY_ENCRYPTION_KEY_PROVIDER_PASSWORD,
CONTENT_REPOSITORY_ENCRYPTION_KEY_PROVIDER_PASSWORD, CONTENT_REPOSITORY_ENCRYPTION_KEY_PROVIDER_PASSWORD,
REPOSITORY_ENCRYPTION_KEY_PROVIDER_KEYSTORE_PASSWORD REPOSITORY_ENCRYPTION_KEY_PROVIDER_KEYSTORE_PASSWORD,
SECURITY_USER_OIDC_CLIENT_SECRET
)); ));
public ProtectedNiFiProperties() { public ProtectedNiFiProperties() {

4
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryPropertiesEncryptor.groovy
View File

@ -33,13 +33,15 @@ class NiFiRegistryPropertiesEncryptor extends PropertiesEncryptor {
private static final String SECURITY_KEYSTORE_PASSWD = "nifi.registry.security.keystorePasswd" private static final String SECURITY_KEYSTORE_PASSWD = "nifi.registry.security.keystorePasswd"
private static final String SECURITY_KEY_PASSWD = "nifi.registry.security.keyPasswd" private static final String SECURITY_KEY_PASSWD = "nifi.registry.security.keyPasswd"
private static final String SECURITY_TRUSTSTORE_PASSWD = "nifi.registry.security.truststorePasswd" private static final String SECURITY_TRUSTSTORE_PASSWD = "nifi.registry.security.truststorePasswd"
private static final String SECURITY_USER_OIDC_CLIENT_SECRET = "nifi.registry.security.user.oidc.client.secret"
// Defined in nifi-registry-properties: org.apache.nifi.registry.properties.ProtectedNiFiRegistryProperties // Defined in nifi-registry-properties: org.apache.nifi.registry.properties.ProtectedNiFiRegistryProperties
private static final String ADDITIONAL_SENSITIVE_PROPERTIES_KEY = "nifi.registry.sensitive.props.additional.keys" private static final String ADDITIONAL_SENSITIVE_PROPERTIES_KEY = "nifi.registry.sensitive.props.additional.keys"
private static final String[] DEFAULT_SENSITIVE_PROPERTIES = [ private static final String[] DEFAULT_SENSITIVE_PROPERTIES = [
SECURITY_KEYSTORE_PASSWD, SECURITY_KEYSTORE_PASSWD,
SECURITY_KEY_PASSWD, SECURITY_KEY_PASSWD,
SECURITY_TRUSTSTORE_PASSWD SECURITY_TRUSTSTORE_PASSWD,
SECURITY_USER_OIDC_CLIENT_SECRET
] ]
NiFiRegistryPropertiesEncryptor(SensitivePropertyProvider encryptionProvider, SensitivePropertyProvider decryptionProvider) { NiFiRegistryPropertiesEncryptor(SensitivePropertyProvider encryptionProvider, SensitivePropertyProvider decryptionProvider) {

2
nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected.properties
View File

@ -120,3 +120,5 @@ nifi.cluster.manager.node.api.request.threads=10
nifi.cluster.manager.flow.retrieval.delay=5 sec nifi.cluster.manager.flow.retrieval.delay=5 sec
nifi.cluster.manager.protocol.threads=10 nifi.cluster.manager.protocol.threads=10
nifi.cluster.manager.safemode.duration=0 sec nifi.cluster.manager.safemode.duration=0 sec
nifi.security.user.oidc.client.secret=aSecret