[jira] [Work logged] (KNOX-3048) Surrogate proxy user configuration for user groups

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3048?focusedWorklogId=970592&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-970592
 ]

ASF GitHub Bot logged work on KNOX-3048:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 25/May/25 15:12
            Start Date: 25/May/25 15:12
    Worklog Time Spent: 10m 
      Work Description: moresandeep commented on PR #1043:
URL: https://github.com/apache/knox/pull/1043#issuecomment-2907884343

   > @moresandeep - why add a new provider for this and not just add it to 
common so that it is available everywhere that extends that?
   
   Good point, I thought about that but decided against it in favor of code 
separation. Since all of the implementations use Common any bug might affect 
all the providers. Not all providers need this the ones that need this feature 
are virtual groups (already included in default) and hadoop-group-lookup so i 
decided to create a new provider that supports these.
   
   Putting this in common will be easy but this is not really common feature 
that can be used by all the other providers. 
   Do you anticipate this to be used by others? i can move this common in that 
case. 




Issue Time Tracking
-------------------

    Worklog Id:     (was: 970592)
    Time Spent: 2h 40m  (was: 2.5h)

> Surrogate proxy user configuration for user groups
> --------------------------------------------------
>
>                 Key: KNOX-3048
>                 URL: https://issues.apache.org/jira/browse/KNOX-3048
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 2.0.0
>            Reporter: Philip Zampino
>            Assignee: Sandeep More
>            Priority: Major
>             Fix For: 2.1.0
>
>          Time Spent: 2h 40m
>  Remaining Estimate: 0h
>
> *Problem Statement:*
> Currently Knox has the ability for specific users (say for e.g. {{sp_user}}) 
> to impersonate other users (say for e.g.{{ot_user}}). This is driven by 
> configs defined in a topology. Currently these configs are needed for each 
> user that impersonates other users (i.e. {{sp_user}}), this can get out of 
> hand quickly and can be difficult to maintain.
> To solve this problem the proposed solution uses a group level impersonation 
> configuration. This configuration will be based on the virtual groups feature 
> that is already available in Knox. With this new configuration we can have 
> specific users who belong to a virtual group/s (based on conditions such as 
> {{(match groups 'analyst|scientist') }}) impersonate other users. This will 
> significantly cut down on the config properties and keep them readable and 
> maintainable.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)