[jira] [Work logged] (KNOX-3084) Update CM service discovery with the enhanced role configs endpoint

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3084?focusedWorklogId=975122&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-975122
 ]

ASF GitHub Bot logged work on KNOX-3084:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Jul/25 13:17
            Start Date: 18/Jul/25 13:17
    Worklog Time Spent: 10m 
      Work Description: bonampak commented on code in PR #1059:
URL: https://github.com/apache/knox/pull/1059#discussion_r2216026145


##########
gateway-discovery-cm/src/main/java/org/apache/knox/gateway/topology/discovery/cm/DiscoveryApiClient.java:
##########
@@ -126,55 +124,53 @@ private void configure(GatewayConfig gatewayConfig, 
AliasService aliasService, K
     setUsername(username);
     setPassword(password);
 
-    if (isKerberos) {
+    if (isKerberos()) {
       // If there is a Kerberos subject, then add the SPNEGO auth interceptor
       Subject subject = AuthUtils.getKerberosSubject();
       if (subject != null) {
-        SpnegoAuthInterceptor spnegoInterceptor = new 
SpnegoAuthInterceptor(subject);
-        getHttpClient().interceptors().add(spnegoInterceptor);
+        addInterceptor(new SpnegoAuthInterceptor(subject));
       }
+      addInterceptor(new DoAsQueryParameterInterceptor(username));
     }
     configureTimeouts(gatewayConfig);
 
     configureSsl(gatewayConfig, trustStore);
   }
 
-  private void configureTimeouts(GatewayConfig config) {
-    OkHttpClient client = getHttpClient();
-    client.setConnectTimeout(config.getServiceDiscoveryConnectTimeoutMillis(), 
TimeUnit.MILLISECONDS);
-    client.setReadTimeout(config.getServiceDiscoveryReadTimeoutMillis(), 
TimeUnit.MILLISECONDS);
-    client.setWriteTimeout(config.getServiceDiscoveryWriteTimeoutMillis(), 
TimeUnit.MILLISECONDS);
-    log.discoveryClientTimeout(client.getConnectTimeout(), 
client.getReadTimeout(), client.getWriteTimeout());
+  private String getApiPath(GatewayConfig gatewayConfig) {
+    if (gatewayConfig == null) {
+      return API_PATH_PREFIX + 
GatewayConfig.DEFAULT_CLOUDERA_MANAGER_SERVICE_DISCOVERY_API_VERSION;
+    } else {
+      return API_PATH_PREFIX + 
gatewayConfig.getClouderaManagerServiceDiscoveryApiVersion();
+    }
   }
 
-  @Override
-  public String buildUrl(String path, List<Pair> queryParams) {
-    // If kerberos is enabled, then for every request, we're going to include 
a doAs query param
-    if (isKerberos()) {
-      String user = getUsername();
-      if (user != null) {
-        queryParams.add(new Pair("doAs", user));
-      }
-    }
-    return super.buildUrl(path, queryParams);
+  private String getApiAddress(ServiceDiscoveryConfig serviceDiscoveryConfig, 
GatewayConfig gatewayConfig) {
+    String address = serviceDiscoveryConfig.getAddress();
+    String apiPath = getApiPath(gatewayConfig);
+    return (address.endsWith("/") ? address + apiPath : address + "/" + 
apiPath);
   }
 
-  /**
-   * @return The username set from the discovery configuration when this 
instance was initialized.
-   */
-  private String getUsername() {
-    String username = null;
-    Authentication basicAuth = getAuthentication("basic");
-    if (basicAuth instanceof HttpBasicAuth) {
-      username = ((HttpBasicAuth) basicAuth).getUsername();
-    }
-    return username;
+  private void addInterceptor(Interceptor interceptor) {
+    OkHttpClient newClient = 
getHttpClient().newBuilder().addInterceptor(interceptor).build();
+    setHttpClient(newClient);
+  }

Review Comment:
   done





Issue Time Tracking
-------------------

    Worklog Id:     (was: 975122)
    Time Spent: 1h  (was: 50m)

> Update CM service discovery with the enhanced role configs endpoint
> -------------------------------------------------------------------
>
>                 Key: KNOX-3084
>                 URL: https://issues.apache.org/jira/browse/KNOX-3084
>             Project: Apache Knox
>          Issue Type: Task
>          Components: cm-discovery
>    Affects Versions: 2.1.0
>            Reporter: Tamás Marcinkovics
>            Assignee: Tamás Marcinkovics
>            Priority: Major
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> There is a new CM API endpoint to fetch all role configurations for a given 
> service ({{RolesResouce.readRolesConfig}}) if the supported API version is 
> greater than or equal to v57. This endpoint is available in the 
> cloudera-manager-api-swagger:7.13.1 artifact.
> [https://repository.cloudera.com/service/rest/repository/browse/cloudera-repos/com/cloudera/api/swagger/cloudera-manager-api-swagger/7.13.1/]
> On the Knox side, we need to change the existing {{readRoles}} and 
> {{readRoleConfig}} API calls to the new {{readRolesConfig}} call.
> The {{view}} parameter should still remain {{full}} as 
> {{full_with_no_health_check}} only returns role configuration parameters with 
> non-default values.
> As the new cloudera-manager-api-swagger artifact is using okhttp 4.10, we 
> also need to change {{DiscoveryApiClient}} setup and our Okhttp interceptors 
> from Okhttp 2.7.5 to Okhttp 4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)