[jira] [Work logged] (KNOX-3099) Add ability to exclude topologies from client auth

Wed, 26 Feb 2025 03:56:46 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-3099?focusedWorklogId=958927&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-958927
 ]

ASF GitHub Bot logged work on KNOX-3099:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 26/Feb/25 11:38
            Start Date: 26/Feb/25 11:38
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on code in PR #995:
URL: https://github.com/apache/knox/pull/995#discussion_r1971433548


##########
gateway-server/src/test/java/org/apache/knox/gateway/GatewayGlobalConfigTest.java:
##########
@@ -67,11 +69,20 @@ public void testSiteConfig() {
     GatewayConfig config = new GatewayConfigImpl();
     assertThat( config.getGatewayPort(), is( 5555 ) );
     assertThat( config.isClientAuthNeeded(), is( true ) );
+    assertTrue( config.isTopologyExcludedFromClientAuth("health"));
     assertThat( config.getTruststorePath(), is("./gateway-trust.jks"));
     assertThat( config.getTruststoreType(), is( "PKCS12" ) );
     assertThat( config.getKeystoreType(), is(KeyStore.getDefaultType()) );
   }
 
+  @Test
+  public void testSiteConfigWithDifferentTopologyExcluded() {
+    System.setProperty( GatewayConfigImpl.GATEWAY_HOME_VAR, getHomeDirName( 
"conf-site/conf/gateway-site.xml" ) );
+    GatewayConfig config = new GatewayConfigImpl();
+    assertThat( config.isClientAuthNeeded(), is( true ) );

Review Comment:
   nit: `assertTrue` might have been better,  but doesn't prevent the merge 
this as-is





Issue Time Tracking
-------------------

    Worklog Id:     (was: 958927)
    Time Spent: 1h  (was: 50m)

> Add ability to exclude topologies from client auth
> --------------------------------------------------
>
>                 Key: KNOX-3099
>                 URL: https://issues.apache.org/jira/browse/KNOX-3099
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 2.1.0
>            Reporter: Tamás Hanicz
>            Assignee: Tamás Hanicz
>            Priority: Minor
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Currently if the user adds gateway.client.auth.needed as true to the 
> gateway-site.xml every topology will enforce this. There is no option to 
> exclude from this policy. The user can also specify 
> gateway.client.auth.wanted as true however the policy is not enforced in this 
> case.
> We need the ability to be able to exclude topologies.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to