Sandor Molnar created KNOX-2948:
-----------------------------------
Summary: Make encryptquerystring provision optional
Key: KNOX-2948
URL: https://issues.apache.org/jira/browse/KNOX-2948
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 1.6.0, 1.5.0, 1.4.0, 1.3.0, 1.2.0, 1.1.0, 1.0.0, 0.14.0,
2.0.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.1.0
Since KNOX-1136, Knox saves the {{encryptQueryString}} alias in the given
topology's credential store when processing the descriptor.
The problem with this approach is, that, in some cases, it may happen that 3rd
party deployment tools (such as Cloudera Manager) persists that secret in a
separate phase and
* this makes the Knox call redundant
* Knox will override the previously saved value silently
Proposal:
- introduce a new descriptor-level property called
{{provisionQueryParamEncryptionCredential}} (defaults to {{{}true{}}}) which
controls this behavior
- if the descriptor is configured with
{{provisionQueryParamEncryptionCredential = false}}, no credential store
operation should be done in terms of saving that alias.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
