Sandor Molnar created KNOX-2990:
-----------------------------------
Summary: TokenStateService implementation cleanup
Key: KNOX-2990
URL: https://issues.apache.org/jira/browse/KNOX-2990
Project: Apache Knox
Issue Type: Task
Components: Server
Affects Versions: 1.6.0, 2.0.0, 1.6.1
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.1.0
This issue is driven by a [DISCUSS] thread initiated on Knox's DEV mailing list
[here|https://lists.apache.org/thread/fs9nkl6l45o330ttvgvqxj3jnxt63bcs].
As a result of that discussion, the following needs to be implemented:
* deprecate the following TSS implementations:
** AliasBasedTokenStateService
** ZookeeperTokenStateService
** JournalBasedTokenStateService
* document the deprecation of these TSS implementations in v2.1.0 and
highlight that they will be removed in the upcoming release (v2.2.0?).
* implement a DerbyDB storage that will store tokens in
{{$DATA_DIR/security/tokens}} (encrypted or not, it'll be decided later)
* make sure appropriate file permissions are set on that folder
* have the {{homepage}} topology configured with JDBC TSS pointing to this
DerbyDB storage
* implement a new KnoxCLI command that migrates existing tokens from
credential stores to the DerbyDB storage
* automate this new KnoxCLI command in a way such that it runs when Knox
Gateway is started, token management is enabled, and DerbyDB storage is
configured
* ensure that the previous automated step can be controlled (E.g. in case of
unforeseen errors it can be turned off)
* document possible data replication scenarios when, in the case of HA
deployments, existing tokens from one Knox node should be made available in
other Knox node(s) and there is no other centralized RDBMS in use (PostgreSQL,
MySQL for instance)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
