nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Lundeberg <>
Subject Parameters within password/passphrase fields
Date Wed, 13 Nov 2019 16:17:13 GMT
Hi all,

Recently we upgraded to Nifi 1.10 to take advantage of parameters and using
those within our deployment process (using the registry).  I am seeing some
strange behavior and want to confirm my understanding of how this new
feature works, before digging deeper.

*Some general background info:*
I have a three node cluster running Nifi 1.10.  Its security enabled, but I
am using an admin user with full rights to view/modify policies.  Its
running on linux and using java 8.

*Producing the issue:*
As a test, I moved over some existing flows from our 1.9.2 cluster (same
specs and user rights as we build everything with puppet).  A few of the
processors are pulling and pushing to SFTP, for which we use an RSA key, a
known hosts file and the "paraphrase" property descriptor is populated with
a password.  I converted that password over to a parameter within the
master processor group, set the "Process Group Parameter Context" for the
processor group this processor resides and saved everything.  After that
was done, I was able to access the parameter within #{ + ctrl + space.  I
choose the correct one, closed in the curly braces and saved the
processor.  I noticed immediately after saving and re-opening that the new
options icon to the right of the property descriptor reverted back from
"access the parameters" to "convert to a parameter".  I didn't think much
of it, besides maybe a small bug in the UI (Although that does save
correctly when you set a non sensitive field).  When I started the
processor, it immediately failed with an authentication error. I tried
setting a few different parameters, manually typing in #{ftp.password} into
the paraphrase and even setting a new parameter directly from the helper
icon within the processor.  That didn't seem to change the behavior.
 Lastly I went back into the processor and removed the "Sensitive value
set" and typed the password in plain text and saved.  It worked fine after

I thought it may have been something off with our policies or even install,
so I installed Nifi locally and experienced the same issue. It seems as
though the actual value is not being evaluated correctly when passed
into/through the processor for sensitive values.

Has anyone experienced this before?


Chris Lundeberg

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message