NIFI-14228 Removed fallback Sensitive Properties Key from Commands

nifi-commons/nifi-flow-encryptor/src/main/java/org/apache/nifi/flow/encryptor/command/FlowEncryptorCommand.java

@@ -27,7 +27,6 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
-import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
 import java.util.Properties;
@@ -52,16 +51,14 @@ class FlowEncryptorCommand implements Runnable {
 
     protected static final String CONFIGURATION_FILE = "nifi.flow.configuration.file";
 
-    private static final List<String> CONFIGURATION_FILES = Arrays.asList(CONFIGURATION_FILE);
+    private static final List<String> CONFIGURATION_FILES = List.of(CONFIGURATION_FILE);
 
     private static final String FLOW_PREFIX = "nifi.flow.";
 
     private static final String GZ_EXTENSION = ".gz";
 
     private static final String DEFAULT_PROPERTIES_ALGORITHM = PropertyEncryptionMethod.NIFI_PBKDF2_AES_GCM_256.name();
 
-    private static final String DEFAULT_PROPERTIES_KEY = "nififtw!";
-
     private static final String SENSITIVE_PROPERTIES_KEY = String.format("%s=", PROPS_KEY);
 
     private static final String SENSITIVE_PROPERTIES_ALGORITHM = String.format("%s=", PROPS_ALGORITHM);
@@ -103,7 +100,19 @@ public void run() {
 
     private void processFlowConfigurationFiles(final Properties properties) {
         final String outputAlgorithm = requestedPropertiesAlgorithm == null ? getAlgorithm(properties) : requestedPropertiesAlgorithm;
-        final String outputKey = requestedPropertiesKey == null ? getKey(properties) : requestedPropertiesKey;
+        final String outputKey;
+
+        if (requestedPropertiesKey == null) {
+            final String inputKey = properties.getProperty(PROPS_KEY);
+            if (inputKey == null || inputKey.isBlank()) {
+                throw new IllegalStateException("Sensitive Properties Key [%s] not specified".formatted(PROPS_KEY));
+            } else {
+                outputKey = inputKey;
+            }
+        } else {
+            outputKey = requestedPropertiesKey;
+        }
+
         final PropertyEncryptor outputEncryptor = getPropertyEncryptor(outputKey, outputAlgorithm);
 
         for (final String configurationFilePropertyName : CONFIGURATION_FILES) {
@@ -125,7 +134,7 @@ private void processFlowConfiguration(final File flowConfigurationFile, final Pr
             final Path flowOutputPath = flowOutputFile.toPath();
             try (final OutputStream flowOutputStream = new GZIPOutputStream(new FileOutputStream(flowOutputFile))) {
                 final String inputAlgorithm = getAlgorithm(properties);
-                final String inputPropertiesKey = getKey(properties);
+                final String inputPropertiesKey = getInputPropertiesKey(properties);
                 final PropertyEncryptor inputEncryptor = getPropertyEncryptor(inputPropertiesKey, inputAlgorithm);
 
                 final FlowEncryptor flowEncryptor = new JsonFlowEncryptor();
@@ -136,23 +145,22 @@ private void processFlowConfiguration(final File flowConfigurationFile, final Pr
             Files.move(flowOutputPath, flowConfigurationPath, StandardCopyOption.REPLACE_EXISTING);
             System.out.printf("Flow Configuration Processed [%s]%n", flowConfigurationPath);
         } catch (final IOException | RuntimeException e) {
-            System.err.printf("Failed to process Flow Configuration [%s]%n", flowConfigurationFile);
-            e.printStackTrace();
+            throw new IllegalStateException("Failed to process Flow Configuration [%s]".formatted(flowConfigurationFile), e);
         }
     }
 
     private String getAlgorithm(final Properties properties) {
         String algorithm = properties.getProperty(PROPS_ALGORITHM, DEFAULT_PROPERTIES_ALGORITHM);
-        if (algorithm.length() == 0) {
+        if (algorithm.isEmpty()) {
             algorithm = DEFAULT_PROPERTIES_ALGORITHM;
         }
         return algorithm;
     }
 
-    private String getKey(final Properties properties) {
-        String key = properties.getProperty(PROPS_KEY, DEFAULT_PROPERTIES_KEY);
-        if (key.length() == 0) {
-            key = DEFAULT_PROPERTIES_KEY;
+    private String getInputPropertiesKey(final Properties properties) {
+        String key = properties.getProperty(PROPS_KEY);
+        if (key == null || key.isEmpty()) {
+            throw new IllegalStateException("Sensitive Properties Key [%s] not found".formatted(PROPS_KEY));
         }
         return key;
     }

nifi-commons/nifi-flow-encryptor/src/test/java/org/apache/nifi/flow/encryptor/command/FlowEncryptorCommandTest.java

@@ -74,9 +74,7 @@ public void testRunPropertiesKeyBlankProperties() throws IOException, URISyntaxE
 
         final String propertiesKey = UUID.randomUUID().toString();
         command.setRequestedPropertiesKey(propertiesKey);
-        command.run();
-
-        assertPropertiesKeyUpdated(propertiesPath, propertiesKey);
+        assertThrows(IllegalStateException.class, command::run);
     }
 
     @Test
@@ -119,12 +117,12 @@ protected static void assertPropertiesKeyUpdated(final Path propertiesPath, fina
     }
 
     protected static Path getBlankNiFiProperties() throws IOException, URISyntaxException {
-        final Path flowConfigurationJson = getFlowConfiguration(FLOW_CONTENTS_JSON, JSON_GZ);
+        final Path flowConfigurationJson = getFlowConfiguration();
         return getNiFiProperties(flowConfigurationJson, BLANK_PROPERTIES);
     }
 
     protected static Path getPopulatedNiFiProperties() throws IOException, URISyntaxException {
-        final Path flowConfigurationJson = getFlowConfiguration(FLOW_CONTENTS_JSON, JSON_GZ);
+        final Path flowConfigurationJson = getFlowConfiguration();
         return getNiFiProperties(flowConfigurationJson, POPULATED_PROPERTIES);
     }
 
@@ -156,13 +154,13 @@ private static URL getResourceUrl(String resource) throws FileNotFoundException
         return resourceUrl;
     }
 
-    private static Path getFlowConfiguration(final String contents, final String extension) throws IOException {
-        final Path flowConfigurationPath = Files.createTempFile(TEMP_FILE_PREFIX, extension);
+    private static Path getFlowConfiguration() throws IOException {
+        final Path flowConfigurationPath = Files.createTempFile(TEMP_FILE_PREFIX, JSON_GZ);
         final File flowConfigurationFile = flowConfigurationPath.toFile();
         flowConfigurationFile.deleteOnExit();
 
         try (final GZIPOutputStream outputStream = new GZIPOutputStream(new FileOutputStream(flowConfigurationFile))) {
-            outputStream.write(contents.getBytes(StandardCharsets.UTF_8));
+            outputStream.write(FLOW_CONTENTS_JSON.getBytes(StandardCharsets.UTF_8));
         }
         return flowConfigurationPath;
     }

nifi-commons/nifi-flow-encryptor/src/test/java/org/apache/nifi/flow/encryptor/command/SetSensitivePropertiesKeyTest.java

@@ -24,6 +24,8 @@
 import java.nio.file.Path;
 import java.util.UUID;
 
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
 public class SetSensitivePropertiesKeyTest {
 
     @AfterEach
@@ -41,6 +43,15 @@ public void testMainBlankKeyAndAlgorithm() throws IOException, URISyntaxExceptio
         final Path propertiesPath = FlowEncryptorCommandTest.getBlankNiFiProperties();
         System.setProperty(FlowEncryptorCommand.PROPERTIES_FILE_PATH, propertiesPath.toString());
 
+        final String sensitivePropertiesKey = UUID.randomUUID().toString();
+        assertThrows(IllegalStateException.class, () -> SetSensitivePropertiesKey.main(new String[]{sensitivePropertiesKey}));
+    }
+
+    @Test
+    public void testMainPopulatedKeyAndAlgorithm() throws IOException, URISyntaxException {
+        final Path propertiesPath = FlowEncryptorCommandTest.getPopulatedNiFiProperties();
+        System.setProperty(FlowEncryptorCommand.PROPERTIES_FILE_PATH, propertiesPath.toString());
+
         final String sensitivePropertiesKey = UUID.randomUUID().toString();
         SetSensitivePropertiesKey.main(new String[]{sensitivePropertiesKey});