[
https://issues.apache.org/jira/browse/KNOX-2948?focusedWorklogId=876508&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-876508
]
ASF GitHub Bot logged work on KNOX-2948:
----------------------------------------
Author: ASF GitHub Bot
Created on: 16/Aug/23 12:00
Start Date: 16/Aug/23 12:00
Worklog Time Spent: 10m
Work Description: smolnar82 merged PR #784:
URL: https://github.com/apache/knox/pull/784
Issue Time Tracking
-------------------
Worklog Id: (was: 876508)
Time Spent: 20m (was: 10m)
> Make encryptquerystring provision optional
> ------------------------------------------
>
> Key: KNOX-2948
> URL: https://issues.apache.org/jira/browse/KNOX-2948
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.14.0, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 2.0.0,
> 1.6.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 2.1.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Since KNOX-1136, Knox saves the {{encryptQueryString}} alias in the given
> topology's credential store when processing the descriptor.
> The problem with this approach is, that, in some cases, it may happen that
> 3rd party deployment tools (such as Cloudera Manager) persists that secret in
> a separate phase and
> * this makes the Knox call redundant
> * Knox will override the previously saved value silently
> Proposal:
> - introduce a new descriptor-level property called
> {{provision-encrypt-query-string-credential}} (defaults to {{true}}) which
> controls this behavior
> - if the descriptor is configured with
> {{provisionEncryptQueryStringCredential = false}}, no credential store
> operation should be done to save that alias.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
