search

stackabletech / nifi-operator

A kubernetes operator for Apache NiFi
Other
30 stars 5 forks source link

Support NiFi 1.15 #82

Closed maltesander closed 2 years ago

maltesander commented 3 years ago

When implementing up and downgrades (From 1.13.2 -> 1.14.0) i got an error with NiFi.

2021-09-16 20:55:20,146 ERROR [main] org.apache.nifi.NiFi Failure to launch NiFi due to java.lang.IllegalArgumentException: There was an issue decrypting protected properties
java.lang.IllegalArgumentException: There was an issue decrypting protected properties
    at org.apache.nifi.NiFi.initializeProperties(NiFi.java:346)
    at org.apache.nifi.NiFi.convertArgumentsToValidatedNiFiProperties(NiFi.java:314)
    at org.apache.nifi.NiFi.convertArgumentsToValidatedNiFiProperties(NiFi.java:310)
    at org.apache.nifi.NiFi.main(NiFi.java:302)
Caused by: org.apache.nifi.properties.SensitivePropertyProtectionException: Sensitive Properties Key [nifi.sensitive.props.key] not found: See Admin Guide section [Updating the Sensitive Properties Key]
    at org.apache.nifi.properties.NiFiPropertiesLoader.getDefaultProperties(NiFiPropertiesLoader.java:220)
    at org.apache.nifi.properties.NiFiPropertiesLoader.get(NiFiPropertiesLoader.java:209)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.apache.nifi.NiFi.initializeProperties(NiFi.java:341)
    ... 3 common frames omitted

@Jimvin mentioned that they need encryption out of the box.

Needs investigation.

lfrancke commented 2 years ago

Just a heads-up: NiFi 1.15 has been released. As far as I'm concerned the latest version is the only version we need to support at the moment.

fhennig commented 2 years ago

I found the problem. It is only a single property, for which - since 1.14 - no default value is provided anymore and an explicit value needs to be given. The property is the encryption key for sensitive properties in flows. If a user would like to migrate from the 1.13 default key to an explicit key, a script needs to be run: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#updating-the-sensitive-properties-key

If there are no sensitive properties to migrate, the new version can simply be used.

I added a hardcoded key. The key should be configurable, but making nifi secure needs more than that, and that's a seperate issue.

fhennig commented 2 years ago

Update:

Nifi doesn't support the loading of the key from an environment variable directly. The official nifi docker image had this problem too, I'll use that as guidance on how to implement a solution