Tamas Payer created KNOX-3207:
---------------------------------
Summary: Make it possible to omit the 'doAs=user' query parameter
from the request
Key: KNOX-3207
URL: https://issues.apache.org/jira/browse/KNOX-3207
Project: Apache Knox
Issue Type: Improvement
Reporter: Tamas Payer
I am working on integrating OpenSearch with Knox and encountered some issues
when trying to proxy the REST API.
Since OpenSearch is not part of the Hadoop ecosystem it does not understand the
"{{{}?doAs=user" {}}}query parameter for the impersonation.
Part of the issue can be solved by requesting the impersonation and providing
the impersonated principal via the HTTP header
"{{{}opendistro_security_impersonate_as: user{}}}".
[https://docs.opensearch.org/2.19/security/access-control/impersonation/]
However, the proxied requests are failing on the OpenSearch side since the
"doAs=user" query parameter is unknown for OpenSearch:
{code:java}
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"request
[/_nodes] contains unrecognized parameter:
[doAs]"}],"type":"illegal_argument_exception","reason":"request [/_nodes]
contains unrecognized parameter: [doAs]"},"status":400}%{code}
I would like to request a mechanism to disable the sending of 'doAs=user' query
parameter.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
