[jira] [Commented] (KNOX-1129) Remote Configuration Monitor Should Define The Entries It Monitors If They're Not Yet Defined

Thu, 14 Dec 2017 13:13:22 -0800 

    [ 
https://issues.apache.org/jira/browse/KNOX-1129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16291606#comment-16291606
 ] 

ASF subversion and git services commented on KNOX-1129:
-------------------------------------------------------

Commit e482e2e93687d8601f94f8134544ebe1e0a04108 in knox's branch 
refs/heads/KNOX-998-Package_Restructuring from [~lmccay]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=e482e2e ]

KNOX-1129 - Remote Configuration Monitor Should Define The Entries It Monitors 
If They're Not Yet Defined (Phil Zampino via lmccay)

> Remote Configuration Monitor Should Define The Entries It Monitors If They're 
> Not Yet Defined
> ---------------------------------------------------------------------------------------------
>
>                 Key: KNOX-1129
>                 URL: https://issues.apache.org/jira/browse/KNOX-1129
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.14.0
>            Reporter: Phil Zampino
>            Assignee: Phil Zampino
>              Labels: kip-8
>             Fix For: 0.14.0
>
>         Attachments: KNOX-1129-001.patch, KNOX-1129-002.patch, KNOX-1129.patch
>
>
> Currently, if the remote configuration monitor finds that the 
> /knox/config/shared-providers and/or /knox/config/descriptors entries (e.g., 
> znodes) are not present (or are otherwise inaccessible), it determines that 
> it cannot function, and it ceases any attempt at monitoring.
> For those cases where the entries do not yet exist, the monitor can define 
> them. If the client employed by the monitor does not require authentication, 
> then the new entries will be created without any meaningful ACLs applied. If 
> the client has been authenticated, then the ACLs should be such that the 
> authenticated principal has write permissions, while everyone else has 
> read-only permissions.
> Whether or not the read permissions should be more restrictive is yet to be 
> determined; Other projects in the ecosystem seem to allow everyone read 
> access to their respective ZooKeeper content.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to