smolnar82 opened a new pull request, #681: URL: https://github.com/apache/knox/pull/681
## What changes were proposed in this pull request? //TODO ## How was this patch tested? Manual test cases executed on the token generation page: 1. Impersonation thru ProxyUser config is disabled and user mapping is not configured - logged in as the 'admin' user - generated a token without the doAs param: userName=admin; createdBy was not added - generated a token with the doAs=bob param: userName=admin; createdBy was not added 2. Impersonation thru ProxyUser config is enabled and user mapping is not configured - proxyuser config was set to: hadoop.proxyuser.admin.[users|groups|hosts] = * - logged in as the 'admin' user - generated a token without the doAs param: userName=admin; createdBy was not added - generated a token with the doAs=bob param: userName=bob; createdBy=admin - tested negative case too: removed hadoop.proxyuser.admin.[users|groups|hosts] = * - logged in as the 'admin' user - generated a token without the doAs param: userName=admin; createdBy was not added - generated a token with the doAs=bob param: token creation failed (User: admin is not allowed to impersonate bob) 3. Impersonation thru ProxyUser config is disabled and user mapping is configured - user mapping was set to: principal.mapping = admin=sam - logged in the 'admin' user - generated a token without the doAs param: userName=sam; createdBy=admin - generated a token with the doAs=bob param: userName=sam; createdBy=admin 4. Impersonation thru ProxyUser config is enabled and user mapping is configured - proxyuser config was set to: hadoop.proxyuser.admin.[users|groups|hosts] = * - user mapping was set to: principal.mapping = admin=sam - logged in the 'admin' user - generated a token without the doAs param: userName=sam; createdBy=admin - generated a token with the doAs=bob param: userName=bob; createdBy=admin - re-configured user mapping to: principal.mapping = bob=tom - did not touch the proxyuser config - logged in the 'admin' user - generated a token without the doAs param: userName=admin; createdBy was not added - generated a token with the doAs=bob param: userName=tom; createdBy=admin //TODO: testing in a secure (Kerberos-enabled) cluster -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
