[
https://issues.apache.org/jira/browse/KNOX-2712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar updated KNOX-2712:
--------------------------------
Description:
We would need to enhance our GET API to accept an arbitrary list of key/value
pairs as Knox token metadata. At the time of this Jira is being created, the
following hard-coded metadata exists for a Knox Token:
* userName
* comment
* enabled
* passcode
The plan is to modify our TokenResource to accept query parameters starting
with the ‘{{{}md_{}}}’ prefix and treat them as Knox Token Metadata. For
instance:
{noformat}
curl -iku admin:admin-password -X GET
'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token?md_notebookName=accountantKnoxToken&md_souldBeRemovedBy=31March2022&md_otherMeaningfuMetadata=KnoxIsCool'{noformat}
When such a token is created by Knox, we should save the following metadata too:
* {{notebookName=accountantKnoxToken}}
* {{shouldBeRemovedBy=31March2022}}
* {{otherMeaningfulMetadata=KnoxIsCool}}
It’s not only Knox will be able to save these metadata, but we have to update
our existing {{getUserTokens}} API endpoint to be able to fetch basic token
information (see
{{{}org.apache.knox.gateway.services.security.token.KnoxToken{}}}) using the
supplied metadata name besides the user name information.
For instance:
{noformat}
curl -iku admin:admin-password -X GET
'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_notebookName=accountantKnoxToken'{noformat}
will return all Knox tokens where metadata with _‘notebookName’_ exists and
equals {_}‘accountantKnoxToken’{_}.
Finally, the Token Management page should display metadata too.
was:
We would need to enhance our GET API to accept an arbitrary list of key/value
pairs as Knox token metadata. At the time of this Jira is being created, the
following hard-coded metadata exists for a Knox Token:
* userName
* comment
* enabled
* passcode
The plan is to modify our TokenResource to accept query parameters starting
with the ‘{{{}md_{}}}’ prefix and treat them as Knox Token Metadata. For
instance:
{noformat}
curl -iku admin:admin-password -X GET
'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token?doAs=bob&md_notebookName=accountantKnoxToken&md_souldBeRemovedBy=31March2022&md_otherMeaningfuMetadata=KnoxIsCool'{noformat}
When such a token is created by Knox, we should save the following metadata too:
* {{notebookName=accountantKnoxToken}}
* {{shouldBeRemovedBy=31March2022}}
* {{otherMeaningfulMetadata=KnoxIsCool}}
It’s not only Knox will be able to save these metadata, but we have to update
our existing {{getUserTokens}} API endpoint to be able to fetch basic token
information (see {{org.apache.knox.gateway.services.security.token.KnoxToken}})
using the supplied metadata name besides the user name information.
For instance:
{noformat}
curl -iku admin:admin-password -X GET
'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_notebookName=accountantKnoxToken'{noformat}
will return all Knox tokens where metadata with _‘notebookName’_ exists and
equals {_}‘accountantKnoxToken’{_}.
Finally, the Token Management page should display metadata too.
> Adding arbitrary metadata to a Knox Token
> -----------------------------------------
>
> Key: KNOX-2712
> URL: https://issues.apache.org/jira/browse/KNOX-2712
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.6.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.0.0
>
>
> We would need to enhance our GET API to accept an arbitrary list of key/value
> pairs as Knox token metadata. At the time of this Jira is being created, the
> following hard-coded metadata exists for a Knox Token:
> * userName
> * comment
> * enabled
> * passcode
> The plan is to modify our TokenResource to accept query parameters starting
> with the ‘{{{}md_{}}}’ prefix and treat them as Knox Token Metadata. For
> instance:
> {noformat}
> curl -iku admin:admin-password -X GET
> 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token?md_notebookName=accountantKnoxToken&md_souldBeRemovedBy=31March2022&md_otherMeaningfuMetadata=KnoxIsCool'{noformat}
> When such a token is created by Knox, we should save the following metadata
> too:
> * {{notebookName=accountantKnoxToken}}
> * {{shouldBeRemovedBy=31March2022}}
> * {{otherMeaningfulMetadata=KnoxIsCool}}
> It’s not only Knox will be able to save these metadata, but we have to update
> our existing {{getUserTokens}} API endpoint to be able to fetch basic token
> information (see
> {{{}org.apache.knox.gateway.services.security.token.KnoxToken{}}}) using the
> supplied metadata name besides the user name information.
> For instance:
> {noformat}
> curl -iku admin:admin-password -X GET
> 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_notebookName=accountantKnoxToken'{noformat}
> will return all Knox tokens where metadata with _‘notebookName’_ exists and
> equals {_}‘accountantKnoxToken’{_}.
> Finally, the Token Management page should display metadata too.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
