I have create a patch and upload to the JIRA, but can't change the assignee to myself, maybe don't have assignment permission.
P.S. I created the patch using below command: git diff master KNOX-1025 > ../knox-1025.patch And the commit of master and KNOX-1025 are: * KNOX-1025 5808d5d KNOX-1025 - Topology Domain Mapping master c7cbd46 KNOX-962 - Add signature validation tests for the JWT filters Best, Benjamin On Fri, Sep 8, 2017 at 8:59 PM Sandeep More <[email protected]> wrote: > Great, thanks Benjamin, I will review it soon. > For now we do not do PRs, so can you create a patch and upload it to the > JIRA KNOX-1025 <https://issues.apache.org/jira/browse/KNOX-1025>, we do > it so we can track everything in JIRA and it will be easy to backport, also > you can change the assignee filed to yourself ! > > Again, thanks a lot and I will try to review it as soon as I can ! > > Best, > Sandeep > > On Fri, Sep 8, 2017 at 5:05 AM, Benjamin Tan <[email protected]> wrote: > >> Hello Sandeep & Larry, >> >> Would you please review the PR for KNOX-1025? >> https://github.com/apache/knox/pull/10 >> >> Thanks! >> >> On Thu, Sep 7, 2017 at 12:18 AM larry mccay <[email protected]> wrote: >> >>> Excellent! >>> >>> On Wed, Sep 6, 2017 at 11:04 AM, Benjamin Tan <[email protected]> >>> wrote: >>> >>>> Thanks, I have filed a JIRA KNOX-1025 >>>> <https://issues.apache.org/jira/browse/KNOX-1025>: Topology Domain >>>> Mapping, and trying to prepare the patch. >>>> >>>> On Wed, Sep 6, 2017 at 12:00 AM larry mccay <[email protected]> wrote: >>>> >>>>> Sure, I can see a feature that maps an incoming request domain to a >>>>> particular topology. >>>>> Feel free to file a JIRA for it and even provide a patch. >>>>> >>>>> Make sure to provide enough details of the usecase in the JIRA. >>>>> >>>>> On Tue, Sep 5, 2017 at 5:37 AM, Benjamin Tan <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello Larry, >>>>>> >>>>>> Thanks very much for your detail guide. >>>>>> >>>>>> We already designed a similar deployment, but want give >>>>>> more convenience for user. >>>>>> >>>>>> Now the access path seems: >>>>>> tenant-doamin.com -> apache virtual host -> proxy to >>>>>> tenant-topology's port -> tenant-topology >>>>>> >>>>>> If Knox support some feature like domain mapping, the access path >>>>>> will be: >>>>>> tenant-doamin.com -> tenant-topology >>>>>> >>>>>> Does let knox support domain mapping make sense? >>>>>> >>>>>> On Mon, Sep 4, 2017 at 10:20 AM larry mccay <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> There is no need for a separate reverse proxy in front of Knox - >>>>>>> other than for load balancing if desired. >>>>>>> >>>>>>> Basically, the typical approach for multi-tenant deployments is to: >>>>>>> >>>>>>> 1. dedicate specific topologies to each tenant >>>>>>> 2. have each topology authenticate against a specific LDAP server or >>>>>>> some tenant specific OU within a single LDAP schema >>>>>>> 3. have OS accounts for each user that is unique per tenant >>>>>>> 4. use identity assertion providers to disambiguate the tenant by >>>>>>> appending a tenant id or the like to the user name to match the tenant >>>>>>> specific username in #3 >>>>>>> 5. you could use port mapping to remove the extra path >>>>>>> "gateway/tenant-topology" from the tenant specific URLs >>>>>>> >>>>>>> HTH >>>>>>> >>>>>>> --larry >>>>>>> >>>>>>> On Sun, Sep 3, 2017 at 9:34 PM, Benjamin Tan <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello Sandeep, >>>>>>>> >>>>>>>> Thanks for your information. >>>>>>>> >>>>>>>> In our use case, we are designing hadoop security solution for a >>>>>>>> big telecom company, and it have many corporation customers(tenant), >>>>>>>> so we >>>>>>>> try to supply an unique access domain for every tenant, such as >>>>>>>> cust1.the-hadoop-domain.com, cust2.the-hadoop-domain.com or >>>>>>>> their's customized domain using CNAME. >>>>>>>> >>>>>>>> I have got some information about topology port mapping from >>>>>>>> 0.13.0, but it seems have to deploy a reverse proxy before knox. >>>>>>>> >>>>>>>> In my opinion, many users of knox have the need to support tenant >>>>>>>> deployment. >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Sep 1, 2017 at 12:23 AM Sandeep More <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hello Tan, >>>>>>>>> >>>>>>>>> Can you describe your use case in more detail so I could answer it >>>>>>>>> more accurately. About, virtual hosts we do not have a virtual host >>>>>>>>> concept >>>>>>>>> in Knox, although we we have Topology Port mapping >>>>>>>>> <http://knox.apache.org/books/knox-0-13-0/user-guide.html#Topology+Port+Mapping> >>>>>>>>> feature >>>>>>>>> (0.13.0) which uses virtual hosts under the hood. Let me know if that >>>>>>>>> interests you. >>>>>>>>> >>>>>>>>> Best, >>>>>>>>> Sandeep >>>>>>>>> >>>>>>>>> On Wed, Aug 30, 2017 at 11:48 PM, Benjamin Tan < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> I have to deploy many topologies, and don't know how to set >>>>>>>>>> access domain for every topology. >>>>>>>>>> >>>>>>>>>> Or knox doesn't support the feature like virtual host in apache >>>>>>>>>> mod_proxy? >>>>>>>>>> >>>>>>>>>> Thanks. >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> >>>>> >>> >
