[
https://issues.apache.org/jira/browse/KNOX-3185?focusedWorklogId=981651&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-981651
]
ASF GitHub Bot logged work on KNOX-3185:
----------------------------------------
Author: ASF GitHub Bot
Created on: 03/Sep/25 15:29
Start Date: 03/Sep/25 15:29
Worklog Time Spent: 10m
Work Description: smolnar82 opened a new pull request, #1080:
URL: https://github.com/apache/knox/pull/1080
## What changes were proposed in this pull request?
Added a new topology-level configuration that can be added in the
`KNOXTOKEN` service called `knox.token.limit.per.user`. If this is set to a
valid integer number, the gateway-level config
(`gateway.knox.token.limit.per.user`) is ignored and the topology-level value
is used as token limit per user.
If it's absent or set to an invalid number, the `KNOXTOKEN` service falls
back to the gateway-level config
(which defaults to `10`).
## How was this patch tested?
Updated and ran unit tests (covering the configuration of both the gateway
and topology level settings).
Other than this, I concluded the following manual testing after I redeployed
Knox locally with my changes:
- set `gateway.knox.token.limit.per.user` to `3` in `gateway-site.xml` and
confirmed I could only generate 3 tokens
- set `knox.token.limit.per.user` to `2` in the `homepage` topology (did not
touch the gateway-level config I added previously) and confirmed that I could
only generate 2 tokens
- set `knox.token.limit.per.user` to `invalidNumber` and confirmed that I
could only generate 3 tokens (gateway-level config) and saw the relevant log
message in `gateway.log`:
```
2025-09-03 17:27:52,253 e36f34f0-53d3-43ed-b821-f4521b36e49b ERROR
service.knoxtoken (TokenResource.java:init(309)) - The specified value for the
knox.token.limit.per.user configuration property is not valid for the
"homepage" topology: invalidNumber
2025-09-03 17:27:52,253 e36f34f0-53d3-43ed-b821-f4521b36e49b INFO
service.knoxtoken (TokenResource.java:init(310)) - Using the gateway-level
token limit per user configuration.
```
Issue Time Tracking
-------------------
Worklog Id: (was: 981651)
Remaining Estimate: 0h
Time Spent: 10m
> Make token limit configurable on the topology level
> ---------------------------------------------------
>
> Key: KNOX-3185
> URL: https://issues.apache.org/jira/browse/KNOX-3185
> Project: Apache Knox
> Issue Type: Task
> Components: Server
> Affects Versions: 2.0.0, 1.6.0, 2.1.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> As of now, the {{gateway.knox.token.limit.per.user}} config (added in
> KNOX-2627) exists only on the gateway-level. There is a need for being set
> that limit on the topology level too. That is, the gateway-level config
> should be overridden by the topology-level config (as we support this path in
> many other configs too).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
