[
https://issues.apache.org/jira/browse/KNOX-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17755022#comment-17755022
]
ASF subversion and git services commented on KNOX-2948:
-------------------------------------------------------
Commit eb683275d312e9656f76767eb7928833c48702e9 in knox's branch
refs/heads/master from Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=eb683275d ]
KNOX-2948 - encryptQueryString provision should happen if needed (#784)
> Make encryptquerystring provision optional
> ------------------------------------------
>
> Key: KNOX-2948
> URL: https://issues.apache.org/jira/browse/KNOX-2948
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.14.0, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 2.0.0,
> 1.6.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 2.1.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Since KNOX-1136, Knox saves the {{encryptQueryString}} alias in the given
> topology's credential store when processing the descriptor.
> The problem with this approach is, that, in some cases, it may happen that
> 3rd party deployment tools (such as Cloudera Manager) persists that secret in
> a separate phase and
> * this makes the Knox call redundant
> * Knox will override the previously saved value silently
> Proposal:
> - introduce a new descriptor-level property called
> {{provision-encrypt-query-string-credential}} (defaults to {{true}}) which
> controls this behavior
> - if the descriptor is configured with
> {{provisionEncryptQueryStringCredential = false}}, no credential store
> operation should be done to save that alias.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
