[
https://issues.apache.org/jira/browse/KNOX-2792?focusedWorklogId=803887&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-803887
]
ASF GitHub Bot logged work on KNOX-2792:
----------------------------------------
Author: ASF GitHub Bot
Created on: 26/Aug/22 09:41
Start Date: 26/Aug/22 09:41
Worklog Time Spent: 10m
Work Description: smolnar82 opened a new pull request, #627:
URL: https://github.com/apache/knox/pull/627
## What changes were proposed in this pull request?
A new REST API endpoint is added in `KNOX-AUTH-SERVICE` with
``auth/api/v1/bearer` path.
## How was this patch tested?
Implemented new uni test cases to cover this new functionality and executed
manual testing:
1. Default environment variable name:
```
$ export BEARER_AUTH_TOKEN=MY_AUTH_BEARER_TOKEN
$ bin/gateway.sh start
$ curl -iku admin:admin-password -X GET
https://localhost:8443/gateway/sandbox/auth/api/v1/bearer
HTTP/1.1 200 OK
Date: Fri, 26 Aug 2022 09:11:00 GMT
Set-Cookie: KNOXSESSIONID=node01u0cyzk36nibi18g2binv7e1290.node0;
Path=/gateway/sandbox; Secure; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rememberMe=deleteMe; Path=/gateway/sandbox; Max-Age=0;
Expires=Thu, 25-Aug-2022 09:11:00 GMT; SameSite=lax
Authorization: Bearer MY_AUTH_BEARER_TOKEN
Content-Length: 0
```
2. Custom environment variable name:
```
$ bin/gateway.sh stop
$ export CUSTOM_AUTH_TOKEN_ENV=MY_CUSTOM_AUTH_BEARER_TOKEN
$ bin/gateway.sh start
updated sandbox.xml to
<service>
<role>KNOX-AUTH-SERVICE</role>
<param>
<name>auth.bearer.token.env</name>
<value>CUSTOM_AUTH_TOKEN_ENV</value>
</param>
</service>
$ curl -iku admin:admin-password -X GET
https://localhost:8443/gateway/sandbox/auth/api/v1/bearer
HTTP/1.1 200 OK
Date: Fri, 26 Aug 2022 09:14:01 GMT
Set-Cookie: KNOXSESSIONID=node0169z65o0ns1lphe6xi9b4cse80.node0;
Path=/gateway/sandbox; Secure; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rememberMe=deleteMe; Path=/gateway/sandbox; Max-Age=0;
Expires=Thu, 25-Aug-2022 09:14:01 GMT; SameSite=lax
Authorization: Bearer MY_CUSTOM_AUTH_BEARER_TOKEN
Content-Length: 0
```
Issue Time Tracking
-------------------
Worklog Id: (was: 803887)
Time Spent: 1h (was: 50m)
> New Knox service to add custom auth headers in the response
> -----------------------------------------------------------
>
> Key: KNOX-2792
> URL: https://issues.apache.org/jira/browse/KNOX-2792
> Project: Apache Knox
> Issue Type: Sub-task
> Components: Server
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> A simple REST service is needed to perform centralized authentication and
> authorization of incoming requests. Combined with nginx's external
> authentication capability it allows for every request to be checked for valid
> authentication before being forwarded to the upstream service.
> If a valid principal is found, a header is added to the response, by default
> {{X-Knox-Actor-ID}}, with the principal. In addition, if the authenticated
> subject has groups, these are added into comma-separated headers of the
> default form {{X-Knox-Actor-Groups-num}}. Each group header has a character
> limit of 1000 to keep them reasonably sized. The header names can be
> customized via configuration properties.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
