[KNOX-1136] Provision Consistent Credentials For Generated Topologies - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.14.0
Fix Version/s: 0.14.0
Component/s: Server
Labels:
None

Description

For Knox HA scenarios, the password used to encrypt/decrypt query params MUST be the same across all of the participating Knox instances. Today, synching these passwords is a manual activity.

With Knox now discovering descriptors from remote registries, requiring an admin to manually configure the credential store for each participating Knox instance prior to deploying the descriptor to the remote registry limits the usefulness of this new feature and introduces potential for frequent failed deployments.

Knox can pre-provision a password for a topology prior to the generation of that topology, based on the master secret, in a manner which will be consistent across all the participating Knox instances.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

KNOX-1136.patch
01/Dec/17 22:17
21 kB
Philip Zampino

Activity

People

Assignee:: Philip Zampino

Reporter:: Philip Zampino

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01/Dec/17 15:43

Updated:: 28/Mar/19 14:07

Resolved:: 05/Dec/17 19:31