From dev-return-20143-archive-asf-public=cust-asf.ponee.io@nifi.apache.org Wed Nov 13 22:52:23 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 8BF6C180621 for ; Wed, 13 Nov 2019 23:52:23 +0100 (CET) Received: (qmail 44263 invoked by uid 500); 13 Nov 2019 22:52:22 -0000 Mailing-List: contact dev-help@nifi.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@nifi.apache.org Delivered-To: mailing list dev@nifi.apache.org Received: (qmail 44249 invoked by uid 99); 13 Nov 2019 22:52:22 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Nov 2019 22:52:21 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 6E3ACC05B3 for ; Wed, 13 Nov 2019 22:52:21 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.203 X-Spam-Level: X-Spam-Status: No, score=0.203 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=1904labs-com.20150623.gappssmtp.com Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id V83AiOkZZuSu for ; Wed, 13 Nov 2019 22:52:20 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.210.43; helo=mail-ot1-f43.google.com; envelope-from=clundeberg@1904labs.com; receiver= Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id CA6A6BC555 for ; Wed, 13 Nov 2019 22:52:19 +0000 (UTC) Received: by mail-ot1-f43.google.com with SMTP id f10so3174602oto.3 for ; Wed, 13 Nov 2019 14:52:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1904labs-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=qU+l4dBrDT+K4JZhO1744ohplUWPBNP/NfUO20m3ezk=; b=jp8SeLxKUpJg6+D1K35P6AIeMrxkW9PUrscDy3UXW1X3Mr+z71oRyiowug6q3hCYbi pIBKnP4jCZNqPxs4kcy1/1FnaPwk9g5dOJWyjZeRKxURX7O4dSZigriOZragFR/dQxLX rhpq/nvTEGVpKQFdg9sZOetkkZxCidQGCqJCusW72R/ebHQN2twolDwJyZVbv2gJB4lG 6YV+FlRHrW80lUzqHDO7GTskwj+Toi33DvhpLsAT8u+/noKd3byGOs+H7hjgg6dGiaIq ysHfISkwvUduPLcD/vURzOKyzSqw5yqf71udSmNA+EONaEOSLiBNaOFf8Eu5AiN5rVhT qN+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=qU+l4dBrDT+K4JZhO1744ohplUWPBNP/NfUO20m3ezk=; b=CkVYiLBGE+HXLcTfQraosNv7zbBlKLb9j6M9qwVCVmfwrFYWjgbBf1b5SLg9fQPIcN Ha0o6OQWDAeYppYwdAYNFd7wAlhy3M/jeHaidyDfhCJYxyXPvd+lKw7nGzL7OL9SBRLy e+/cGtaBi6lVKJ7FvLx+Jdqrav+7ArqsmcctlsQXiVodk8WA06j4/AI7fQ7Xrj/zXhQW scMcBHLY/K0K0xDRBab/cjTJDbCDps0UaH5Kc1KBRSVK6076rJ3MkDB+87N9tQ8E8AQQ kJY+ZiJPab7gsm1LhGYqZS8peR9hKWmqYJxcGBWrTkAOd0ZEuqrs0DQn12nKBPZM9rF/ BHAg== X-Gm-Message-State: APjAAAVoEQ5WIkNboxM41t2IALngde00156zSGA1ZeQIAdn9LpbPqUzm pzCLZBLm7b1y7QKUDU7lUM9J/4rWBmVPunx1QkQaiShOFmk= X-Google-Smtp-Source: APXvYqyywFZK+xj6fmpi9YSEtU6CU7muQag/P9F2SKTpId+Aezjo4CmQdrks+I358DJmyVTpLHcQ8CgS5wz+Ja/Rtmw= X-Received: by 2002:a05:6830:224c:: with SMTP id t12mr4734225otd.299.1573685538793; Wed, 13 Nov 2019 14:52:18 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Chris Lundeberg Date: Wed, 13 Nov 2019 16:52:08 -0600 Message-ID: Subject: Re: Parameters within password/passphrase fields To: dev@nifi.apache.org Content-Type: multipart/alternative; boundary="00000000000087465c05974237f5" --00000000000087465c05974237f5 Content-Type: text/plain; charset="UTF-8" Robert, Thanks very much for the information about the UI and logging the ticket - you beat me to the punch! I am glad you were able to reproduce. Thanks again, Chris Lundeberg On Wed, Nov 13, 2019 at 4:26 PM Robert Fellows wrote: > Chris, > I was able to reproduce your issue so I just logged the issue. You can > track it here: https://issues.apache.org/jira/browse/NIFI-6868. Feel free > to add any more context/comments as you like. > > - Rob > > On Wed, Nov 13, 2019 at 3:55 PM Robert Fellows > wrote: > > > Chris, > > I think there are 2 things happening here. First, I think there might > be > > a bug in how sensitive parameters are evaluated on the backend and it is > > causing your issue. Please log an issue for this. > > > > Second, the UI is a bit confusing in terms of the availability of the > > "Convert to parameter" and "Go to Parameter" actions for sensitive > > parameter references in properties. However, this is due to the nature of > > sensitive parameters/properties. The actual value of the sensitive > property > > is only ever known to the UI when the user enters the value. Once > applied, > > those values are never sent back to the UI. The UI knows there is a value > > set, but it has no idea if it contains a parameter reference or not. The > > "Go To Parameter" action is only available when the UI can parse the > value > > of the property and it matches the '#{...}' syntax format. Since the > values > > is not sent to the UI, it can't parse the value to know if it is a > > parameter reference or not. The "Convert to parameter" action option is > > available just as a shortcut to create a new parameter, it is hidden when > > it is known that the value already references a parameter. This may be > > improved in the future, but it was implemented this way intentionally. > > > > - Rob > > > > On Wed, Nov 13, 2019 at 11:17 AM Chris Lundeberg < > clundeberg@1904labs.com> > > wrote: > > > >> Hi all, > >> > >> Recently we upgraded to Nifi 1.10 to take advantage of parameters and > >> using > >> those within our deployment process (using the registry). I am seeing > >> some > >> strange behavior and want to confirm my understanding of how this new > >> feature works, before digging deeper. > >> > >> *Some general background info:* > >> I have a three node cluster running Nifi 1.10. Its security enabled, > but > >> I > >> am using an admin user with full rights to view/modify policies. Its > >> running on linux and using java 8. > >> > >> *Producing the issue:* > >> As a test, I moved over some existing flows from our 1.9.2 cluster (same > >> specs and user rights as we build everything with puppet). A few of the > >> processors are pulling and pushing to SFTP, for which we use an RSA > key, a > >> known hosts file and the "paraphrase" property descriptor is populated > >> with > >> a password. I converted that password over to a parameter within the > >> master processor group, set the "Process Group Parameter Context" for > the > >> processor group this processor resides and saved everything. After that > >> was done, I was able to access the parameter within #{ + ctrl + space. > I > >> choose the correct one, closed in the curly braces and saved the > >> processor. I noticed immediately after saving and re-opening that the > new > >> options icon to the right of the property descriptor reverted back from > >> "access the parameters" to "convert to a parameter". I didn't think > much > >> of it, besides maybe a small bug in the UI (Although that does save > >> correctly when you set a non sensitive field). When I started the > >> processor, it immediately failed with an authentication error. I tried > >> setting a few different parameters, manually typing in #{ftp.password} > >> into > >> the paraphrase and even setting a new parameter directly from the helper > >> icon within the processor. That didn't seem to change the behavior. > >> Lastly I went back into the processor and removed the "Sensitive value > >> set" and typed the password in plain text and saved. It worked fine > after > >> that. > >> > >> I thought it may have been something off with our policies or even > >> install, > >> so I installed Nifi locally and experienced the same issue. It seems as > >> though the actual value is not being evaluated correctly when passed > >> into/through the processor for sensitive values. > >> > >> Has anyone experienced this before? > >> > >> Thanks! > >> > >> Chris Lundeberg > >> > > > > > > -- > > ------------------------------- > > Rob Fellows > > > > > -- > ------------------------------- > Rob Fellows > --00000000000087465c05974237f5--