[
https://issues.apache.org/jira/browse/KNOX-3279?focusedWorklogId=1011903&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1011903
]
ASF GitHub Bot logged work on KNOX-3279:
----------------------------------------
Author: ASF GitHub Bot
Created on: 27/Mar/26 22:47
Start Date: 27/Mar/26 22:47
Worklog Time Spent: 10m
Work Description: pzampino opened a new pull request, #1191:
URL: https://github.com/apache/knox/pull/1191
This reverts commit a695134ec8e6fdfd46bcade58e25235f538280b5, restoring the
implementation of KNOX-3279 plus fixes for the issues which caused it to be
reverted.
## What changes were proposed in this pull request?
Implemented ICEBERG-REST custom dispatches, adding the ability to configure
token metadata which ought to be manifest as headers in requests dispatched to
the service. Also made the prefix for these header names configurable.
## How was this patch tested?
mvn -Ppackage,release clean verify (includes new unit tests for the
dispatches)
ant install-test-home
Manual testing using two topologies and a series of curl commands:
cc-test: LDAP authenticated CLIENTID service topology
rc-test: JWTProvider authenticated ICEBERG-REST service topology
Acquire the client_id and client_secret:
curl -ivku admin
'https://localhost:8443/gateway/cc-test/clientid/api/v1/oauth/credentials'
Use the client_id/client_secret to exercise the custom dispatch
curl -ivk -H 'Content-Type: application/x-www-form-urlencoded' -d
'client_secret=**<CLIENT_SECRET>**=&grant_type=client_credentials&client_id=**<CLIENT_ID>**'
'https://localhost:8443/gateway/rc-test/iceberg-rest/api/v1/'
Issue Time Tracking
-------------------
Worklog Id: (was: 1011903)
Time Spent: 3h 20m (was: 3h 10m)
> REST Catalog dispatch implementation for including configurable metadata as
> outbound request headers
> ----------------------------------------------------------------------------------------------------
>
> Key: KNOX-3279
> URL: https://issues.apache.org/jira/browse/KNOX-3279
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Philip Zampino
> Assignee: Philip Zampino
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 3h 20m
> Remaining Estimate: 0h
>
> For Iceberg REST Catalog proxying, Knox should support the ability to convey
> a configurable set of token metadata elements associated with the client
> credentials from the inbound request as headers in the outbound (dispatch)
> request.
> A custom dispatch for the ICEBERG-REST service should be implemented to
> provide this support.
> Proposed topology contents (example):
> {code:java}
> <service>
> <role>ICEBERG-REST</role>
> <param>
> <name>token-metadata-headers</name>
> <value>email,category</value>
> </param>
> </service> {code}
> If the configured metadata items don't exist for a given client_id, then no
> headers for those items should be conveyed in the outbound request (i.e.,
> they should be ignored).
>
> It's not clear whether the standard {{userName}} metadata item should be
> included by default.
> The resulting header names can be of the form {{X-Knox-Meta-<ITEM_NAME>}}
> where {{<ITEM_NAME>}} is the token metadata item name.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
