[KNOX-2948] Make encryptquerystring provision optional - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.14.0, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 2.0.0, 1.6.0
Fix Version/s: 2.1.0
Component/s: Server
Labels:
None

Description

Since ~~KNOX-1136~~, Knox saves the encryptQueryString alias in the given topology's credential store when processing the descriptor.

The problem with this approach is, that, in some cases, it may happen that 3rd party deployment tools (such as Cloudera Manager) persists that secret in a separate phase and

this makes the Knox call redundant
Knox will override the previously saved value silently

Proposal:

introduce a new descriptor-level property called provision-encrypt-query-string-credential (defaults to true) which controls this behavior
if the descriptor is configured with provisionEncryptQueryStringCredential = false, no credential store operation should be done to save that alias.

Attachments

Issue Links

links to

GitHub Pull Request #784

GitHub Pull Request #793

Activity

People

Assignee:: Sandor Molnar

Reporter:: Sandor Molnar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Aug/23 11:13

Updated:: 11/Sep/23 09:07

Resolved:: 16/Aug/23 12:00

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: