[
https://issues.apache.org/jira/browse/KNOX-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on KNOX-2948 started by Sandor Molnar.
-------------------------------------------
> Make encryptquerystring provision optional
> ------------------------------------------
>
> Key: KNOX-2948
> URL: https://issues.apache.org/jira/browse/KNOX-2948
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.14.0, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 2.0.0,
> 1.6.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 2.1.0
>
>
> Since KNOX-1136, Knox saves the {{encryptQueryString}} alias in the given
> topology's credential store when processing the descriptor.
> The problem with this approach is, that, in some cases, it may happen that
> 3rd party deployment tools (such as Cloudera Manager) persists that secret in
> a separate phase and
> * this makes the Knox call redundant
> * Knox will override the previously saved value silently
> Proposal:
> - introduce a new descriptor-level property called
> {{provisionQueryParamEncryptionCredential}} (defaults to {{{}true{}}}) which
> controls this behavior
> - if the descriptor is configured with
> {{provisionQueryParamEncryptionCredential = false}}, no credential store
> operation should be done in terms of saving that alias.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
