swazza/nifi-gen-cert.sh

## nifi-gen-cert.sh
# Run the tls-toolkit in client mode to generate the truststore and keystore
/opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh client -c nifi-ca-cs -t <token> --dn "CN=$(hostname -f), OU=NIFI"

# Use jq to extract the passwords form the config.json generated by the tls-toolkit
KEY_STORE_PASSWD=`jq -r '.keyStorePassword' ./config.json`
KEY_PASSWD=`jq -r '.keyPassword' ./config.json`
TRUST_STORE_PASSWD=`jq -r '.trustStorePassword' ./config.json`

mv ./keystore.jks conf/
mv ./truststore.jks conf/

prop_replace nifi.security.keystore                 ${NIFI_KEY_STORE}               ${NIFI_PROPS}
prop_replace nifi.security.keystoreType             ${NIFI_KEY_STORE_TYPE}          ${NIFI_PROPS}
prop_replace nifi.security.keystorePasswd           ${NIFI_KEY_STORE_PASSWORD}      ${NIFI_PROPS}
prop_replace nifi.security.keyPasswd                ${NIFI_KEY_PASSWORD}            ${NIFI_PROPS}
prop_replace nifi.security.truststore               ${NIFI_TRUST_STORE}             ${NIFI_PROPS}
prop_replace nifi.security.truststoreType           ${NIFI_TRUST_STORE_TYPE}        ${NIFI_PROPS}
prop_replace nifi.security.truststorePasswd         ${NIFI_TRUST_STORE_PASSWORD}    ${NIFI_PROPS}

sed -i -e 's|<property name="Initial User Identity 1"></property>|<property name="Initial User Identity 0">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|'                   $${NIFI_AUTHZ_FILE}
sed -i -e 's|<property name="Initial Admin Identity"></property>|<property name="Initial Admin Identity">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>|'                     $${NIFI_AUTHZ_FILE}

# Set initial node identities. A separate node identity will be set for each Node in the cluster (specified by the instance_count variable)
sed -i -e 's|<property name="Node Identity 1"></property>|<property name="Node Identity 1">'"CN=nifi-0.nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>|'                              $${NIFI_AUTHZ_FILE}
for i in $(seq 2 ${instance_count}); do
    sed -i -e '/<property name="Node Identity 1">.*/a <property name="Node Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>'                             $${NIFI_AUTHZ_FILE}
done

# Set Initial user identities for each node identity that is created.
for i in $(seq 1 ${instance_count}); do
    sed -i -e '/<property name="Initial User Identity 0">.*/a <property name="Initial User Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>'             $${NIFI_AUTHZ_FILE}
done
	# Run the tls-toolkit in client mode to generate the truststore and keystore
	/opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh client -c nifi-ca-cs -t <token> --dn "CN=$(hostname -f), OU=NIFI"

	# Use jq to extract the passwords form the config.json generated by the tls-toolkit
	KEY_STORE_PASSWD=`jq -r '.keyStorePassword' ./config.json`
	KEY_PASSWD=`jq -r '.keyPassword' ./config.json`
	TRUST_STORE_PASSWD=`jq -r '.trustStorePassword' ./config.json`

	mv ./keystore.jks conf/
	mv ./truststore.jks conf/

	prop_replace nifi.security.keystore ${NIFI_KEY_STORE} ${NIFI_PROPS}
	prop_replace nifi.security.keystoreType ${NIFI_KEY_STORE_TYPE} ${NIFI_PROPS}
	prop_replace nifi.security.keystorePasswd ${NIFI_KEY_STORE_PASSWORD} ${NIFI_PROPS}
	prop_replace nifi.security.keyPasswd ${NIFI_KEY_PASSWORD} ${NIFI_PROPS}
	prop_replace nifi.security.truststore ${NIFI_TRUST_STORE} ${NIFI_PROPS}
	prop_replace nifi.security.truststoreType ${NIFI_TRUST_STORE_TYPE} ${NIFI_PROPS}
	prop_replace nifi.security.truststorePasswd ${NIFI_TRUST_STORE_PASSWORD} ${NIFI_PROPS}

	sed -i -e 's\|<property name="Initial User Identity 1"></property>\|<property name="Initial User Identity 0">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>\|' $${NIFI_AUTHZ_FILE}
	sed -i -e 's\|<property name="Initial Admin Identity"></property>\|<property name="Initial Admin Identity">'"${NIFI_INITIAL_ADMIN_IDENTITY}"'</property>\|' $${NIFI_AUTHZ_FILE}

	# Set initial node identities. A separate node identity will be set for each Node in the cluster (specified by the instance_count variable)
	sed -i -e 's\|<property name="Node Identity 1"></property>\|<property name="Node Identity 1">'"CN=nifi-0.nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>\|' $${NIFI_AUTHZ_FILE}
	for i in $(seq 2 ${instance_count}); do
	sed -i -e '/<property name="Node Identity 1">.*/a <property name="Node Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE}
	done

	# Set Initial user identities for each node identity that is created.
	for i in $(seq 1 ${instance_count}); do
	sed -i -e '/<property name="Initial User Identity 0">.*/a <property name="Initial User Identity '"$i"'">'"CN=nifi-$((i-1)).nifi-hs.nifi.svc.cluster.local, OU=NIFI"'</property>' $${NIFI_AUTHZ_FILE}
	done