Larry McCay commented on KNOX-1187:

[~smore] - I notice that you are spinning your own crypto work rather than 
using the CryptoService.

I can see that there is a circular dependency with that service but you should 
consider using the underlying ConfigurableEncryptor class so that you aren't 
hardcoding the algorithm, etc. See the CMFMasterService use of this class 
directly. It is similar to what you want to do.

> Distributed Alias Service
> -------------------------
>                 Key: KNOX-1187
>                 URL: https://issues.apache.org/jira/browse/KNOX-1187
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.14.0, 1.0.0
>            Reporter: Phil Zampino
>            Assignee: Sandeep More
>            Priority: Major
>             Fix For: 1.1.0
>         Attachments: KNOX-1187.001.patch, KNOX-1187.002.patch
> Given the ability to manage provider configurations and descriptors in 
> ZooKeeper, it would also be good to employ ZooKeeper for managing aliases 
> since descriptors reference them for discovery authentication.
> The benefits of ZooKeeper-managed descriptors is limited by the current need 
> to individually define the associated aliases at each and every Knox 
> instance. Any Knox instance for which the referenced alias has not been 
> defined will fail to generate/deploy the topology because service discovery 
> will fail.
> The resolution of this issue will provide a Knox administrator the ability to 
> define aliases in ZooKeeper, which will be consumed and applied by any Knox 
> instance configured to monitor that same ZooKeeper, similar to the way 
> provider configurations and descriptors are supported.
> In fact, the alias-related CLI commands could leverage the remote 
> configuration monitor config to determine whether the aliases should be 
> persisted to / read from ZooKeeper or locally. Knox could use the remote 
> configuration client service to monitor the remote alias configuration, and 
> apply changes locally.
> This will also require some kind of coordination of Knox master secrets; at a 
> minimum, each participating Knox instance will have to have been configured 
> with the same master secret.

This message was sent by Atlassian JIRA

Reply via email to