[knox] branch master updated: KNOX-2740 - Impersonation-related fields should be displayed only if that's enabled in the topology for the KnoxToken service (#569)

Thu, 05 May 2022 11:19:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 2c7140ed4 KNOX-2740 - Impersonation-related fields should be displayed 
only if that's enabled in the topology for the KnoxToken service (#569)
2c7140ed4 is described below

commit 2c7140ed4e4231134f0a91f5c99fcfe321e8611f
Author: Sandor Molnar <[email protected]>
AuthorDate: Thu May 5 20:19:22 2022 +0200

    KNOX-2740 - Impersonation-related fields should be displayed only if that's 
enabled in the topology for the KnoxToken service (#569)
---
 .../resources/applications/tokengen/app/index.html     |  8 +++++---
 .../resources/applications/tokengen/app/js/tokengen.js |  4 ++++
 .../knox/gateway/service/knoxtoken/TokenResource.java  |  6 ++++++
 .../app/token.management.component.html                |  2 +-
 .../token-management/app/token.management.component.ts |  7 +++++++
 .../token-management/app/token.management.service.ts   | 18 ++++++++++++++++++
 6 files changed, 41 insertions(+), 4 deletions(-)

diff --git 
a/gateway-applications/src/main/resources/applications/tokengen/app/index.html 
b/gateway-applications/src/main/resources/applications/tokengen/app/index.html
index 3810a8d7b..57d20254c 100644
--- 
a/gateway-applications/src/main/resources/applications/tokengen/app/index.html
+++ 
b/gateway-applications/src/main/resources/applications/tokengen/app/index.html
@@ -79,9 +79,11 @@
                             </table>
                             <label style="display: none; color: red;" 
id="invalidLifetimeText"><i class="icon-warning"></i>Invalid lifetime!</label>
                         </div>
-                        <label><i class="icon-user"></i> Generating token for 
(impersonation):</label>
-                        <input type="text" name="doas" id="doas" size="50" 
maxlength="255">
-                        <label style="display: none; color: red;" 
id="invalidDoasText"><i class="icon-warning"></i>Invalid doAs!</label>
+                        <div id="impersonationFields" style="display: none;">
+                            <label><i class="icon-user"></i> Generating token 
for (impersonation):</label>
+                            <input type="text" name="doas" id="doas" size="50" 
maxlength="255">
+                            <label style="display: none; color: red;" 
id="invalidDoasText"><i class="icon-warning"></i>Invalid doAs!</label>
+                        </div>
                     </div>
                     <span id="errorBox" class="help-inline" 
style="color:red;display:none;"><span class="errorMsg"></span>
                         <i class="icon-warning-sign" 
style="color:#ae2817;"></i>
diff --git 
a/gateway-applications/src/main/resources/applications/tokengen/app/js/tokengen.js
 
b/gateway-applications/src/main/resources/applications/tokengen/app/js/tokengen.js
index 04079e8eb..d5d1263ba 100644
--- 
a/gateway-applications/src/main/resources/applications/tokengen/app/js/tokengen.js
+++ 
b/gateway-applications/src/main/resources/applications/tokengen/app/js/tokengen.js
@@ -112,6 +112,10 @@ function setTokenStateServiceStatus() {
                     $('#lifespanFields').show();
                     document.getElementById("lifespanInputEnabled").value = 
"true";
                 }
+
+                if (resp.impersonationEnabled === "true") {
+                    $('#impersonationFields').show();
+                }
             }
         }
     }
diff --git 
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
 
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
index 85c07d33a..b0cc793e8 100644
--- 
a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
+++ 
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
@@ -145,6 +145,8 @@ public class TokenResource {
   private static final String TARGET_ENDPOINT_PULIC_CERT_PEM = 
TOKEN_PARAM_PREFIX + "target.endpoint.cert.pem";
   static final String QUERY_PARAMETER_DOAS = "doAs";
   static final String PROXYUSER_PREFIX = TOKEN_PARAM_PREFIX + "proxyuser";
+  private static final String IMPERSONATION_ENABLED_PARAM = TOKEN_PARAM_PREFIX 
+ "impersonation.enabled";
+  private static final String IMPERSONATION_ENABLED_TEXT = 
"impersonationEnabled";
   public static final String KNOX_TOKEN_INCLUDE_GROUPS = TOKEN_PARAM_PREFIX + 
"include.groups";
 
   private static TokenServiceMessages log = 
MessagesFactory.get(TokenServiceMessages.class);
@@ -361,6 +363,10 @@ public class TokenResource {
     final String lifespanInputEnabledValue = 
context.getInitParameter(LIFESPAN_INPUT_ENABLED_PARAM);
     final Boolean lifespanInputEnabled = lifespanInputEnabledValue == null ? 
Boolean.TRUE : Boolean.parseBoolean(lifespanInputEnabledValue);
     tokenStateServiceStatusMap.put(LIFESPAN_INPUT_ENABLED_TEXT, 
lifespanInputEnabled.toString());
+
+    final String impersonationEnabledValue = 
context.getInitParameter(IMPERSONATION_ENABLED_PARAM);
+    final Boolean impersonationEnabled = impersonationEnabledValue == null ? 
Boolean.TRUE : Boolean.parseBoolean(impersonationEnabledValue);
+    tokenStateServiceStatusMap.put(IMPERSONATION_ENABLED_TEXT, 
impersonationEnabled.toString());
   }
 
   private void populateAllowedTokenStateBackendForTokenGenApp(final String 
actualTokenServiceName) {
diff --git 
a/knox-token-management-ui/token-management/app/token.management.component.html 
b/knox-token-management-ui/token-management/app/token.management.component.html
index 7aebe2577..5a9157565 100644
--- 
a/knox-token-management-ui/token-management/app/token.management.component.html
+++ 
b/knox-token-management-ui/token-management/app/token.management.component.html
@@ -66,7 +66,7 @@
 
     <!-- 'doAs' Knox Tokens (tokens created by the current user on behalf on 
another user -->
 
-    <div class="table-responsive" style="width:100%; overflow: auto; 
overflow-y: scroll; padding: 10px 0px 0px 0px;">
+    <div class="table-responsive" style="width:100%; overflow: auto; 
overflow-y: scroll; padding: 10px 0px 0px 0px;" 
*ngIf="isImpersonationEnabled()">
         <label>Impersonation Knox Tokens</label>
         <table class="table table-hover" [mfData]="doAsKnoxTokens" 
#doAsTokens="mfDataTable" [mfRowsOnPage]="10">
             <thead>
diff --git 
a/knox-token-management-ui/token-management/app/token.management.component.ts 
b/knox-token-management-ui/token-management/app/token.management.component.ts
index e4ebc0d5c..af7742539 100644
--- 
a/knox-token-management-ui/token-management/app/token.management.component.ts
+++ 
b/knox-token-management-ui/token-management/app/token.management.component.ts
@@ -31,6 +31,7 @@ export class TokenManagementComponent implements OnInit {
     userName: string;
     knoxTokens: KnoxToken[];
     doAsKnoxTokens: KnoxToken[];
+    impersonationEnabled: boolean;
 
     toggleBoolean(propertyName: string) {
         this[propertyName] = !this[propertyName];
@@ -46,6 +47,8 @@ export class TokenManagementComponent implements OnInit {
     ngOnInit(): void {
         console.debug('TokenManagementComponent --> ngOnInit()');
         this.tokenManagementService.getUserName().then(userName => 
this.setUserName(userName));
+        this.tokenManagementService.getImpersonationEnabled()
+            .then(impersonationEnabled => this.impersonationEnabled = 
impersonationEnabled === 'true');
     }
 
     setUserName(userName: string) {
@@ -87,6 +90,10 @@ export class TokenManagementComponent implements OnInit {
         return Date.now() > expiration;
     }
 
+    isImpersonationEnabled(): boolean {
+        return this.impersonationEnabled;
+    }
+
     getCustomMetadataArray(knoxToken: KnoxToken): [string, string][] {
       let mdMap = new Map();
       if (knoxToken.metadata.customMetadataMap) {
diff --git 
a/knox-token-management-ui/token-management/app/token.management.service.ts 
b/knox-token-management-ui/token-management/app/token.management.service.ts
index 4da100d43..7a6ddda23 100644
--- a/knox-token-management-ui/token-management/app/token.management.service.ts
+++ b/knox-token-management-ui/token-management/app/token.management.service.ts
@@ -31,6 +31,7 @@ export class TokenManagementService {
     enableKnoxTokenUrl = this.apiUrl + 'enable';
     disableKnoxTokenUrl = this.apiUrl + 'disable';
     revokeKnoxTokenUrl = this.apiUrl + 'revoke';
+    getTssStatusUrl = this.apiUrl + 'getTssStatus';
 
     constructor(private http: HttpClient) {}
 
@@ -102,6 +103,23 @@ export class TokenManagementService {
             });
     }
 
+    getImpersonationEnabled(): Promise<string> {
+        let headers = new HttpHeaders();
+        headers = this.addJsonHeaders(headers);
+        return this.http.get(this.getTssStatusUrl, { headers: headers})
+            .toPromise()
+            .then(response => response['impersonationEnabled'] as string)
+            .catch((err: HttpErrorResponse) => {
+                console.debug('TokenManagementService --> 
getImpersonationEnabled() --> ' + this.getTssStatusUrl
+                              + '\n  error: ' + err.message);
+                if (err.status === 401) {
+                    window.location.assign(document.location.pathname);
+                } else {
+                    return this.handleError(err);
+                }
+            });
+    }
+
     addJsonHeaders(headers: HttpHeaders): HttpHeaders {
         return this.addCsrfHeaders(headers.append('Accept', 
'application/json').append('Content-Type', 'application/json'));
     }

Reply via email to