[
https://issues.apache.org/jira/browse/KNOX-3105?focusedWorklogId=959884&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-959884
]
ASF GitHub Bot logged work on KNOX-3105:
----------------------------------------
Author: ASF GitHub Bot
Created on: 04/Mar/25 05:40
Start Date: 04/Mar/25 05:40
Worklog Time Spent: 10m
Work Description: lmccay opened a new pull request, #1001:
URL: https://github.com/apache/knox/pull/1001
## What changes were proposed in this pull request?
I originally had this topology level config only for the truststore and
password but decided that it should be configured at the gateway level.
However, it is much easier to use specific truststores for dev and testing
environments than adding a cert from one Knox to another's truststore which may
have other certs, etc.
This change will add the params for location and password with alias service
support of the password.
## How was this patch tested?
Added new unit tests, ran all existing tests and manually tested with
another knox instance.
`curl -ivku admin:admin-password
https://localhost:8444/gateway/tokengen/knoxtoken/api/v1/token`
Audit logs for each instance are below to show the correlation ID across
instances:
Local instance:
```
25/03/03 23:21:10
||878975c9-de91-4da3-94e8-f716ce5b337a|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN||||access|uri|/gateway/tokengen/knoxtoken/api/v1/token|unavailable|Request
method: GET
25/03/03 23:21:21
||878975c9-de91-4da3-94e8-f716ce5b337a|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN|admin|||authentication|uri|/gateway/tokengen/knoxtoken/api/v1/token|success|Groups:
[]
25/03/03 23:21:21
||878975c9-de91-4da3-94e8-f716ce5b337a|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN|admin|||identity-mapping|principal|admin|success|Groups:
[]
25/03/03 23:21:21
||878975c9-de91-4da3-94e8-f716ce5b337a|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN|admin|||access|uri|/gateway/tokengen/knoxtoken/api/v1/token|success|Response
status: 200
```
remote instance:
```
25/03/03 23:21:21
||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE||||access|uri|/gateway/sandbox/auth/api/v1/pre|unavailable|Request
method: GET
25/03/03 23:21:21
||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE|admin|||authentication|uri|/gateway/sandbox/auth/api/v1/pre|success|
25/03/03 23:21:21
||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE|admin|||authentication|uri|/gateway/sandbox/auth/api/v1/pre|success|Groups:
[]
25/03/03 23:21:21
||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE|admin|||identity-mapping|principal|admin|success|Groups:
[]
25/03/03 23:21:21
||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE|admin|||access|uri|/gateway/sandbox/auth/api/v1/pre|success|Response
status: 200
```
The local instance above is running on port 8444 and the remote instance on
8443.
Issue Time Tracking
-------------------
Worklog Id: (was: 959884)
Remaining Estimate: 0h
Time Spent: 10m
> Add Topology Level Config for Truststore to RemoteAuthProvider
> --------------------------------------------------------------
>
> Key: KNOX-3105
> URL: https://issues.apache.org/jira/browse/KNOX-3105
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 2.2.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> I originally had this topology level config only for the truststore and
> password but decided that it should be configured at the gateway level.
> However, it is much easier to use specific truststores for dev and testing
> environments than adding a cert from one Knox to another's truststore which
> may have other certs, etc.
> This change will add the params for location and password with alias service
> support of the password.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
