Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
The current HadoopAuthFilter implementation is capable of handling aliases on topology level:
if (value.startsWith("${ALIAS=") && value.endsWith("}")) { String alias = value.substring("${ALIAS=".length(), value.length() - 1); try { value = String.valueOf( aliasService.getPasswordFromAliasForCluster(clusterName, alias)); } catch (AliasServiceException e) { throw new ServletException("Unable to retrieve alias for config: " + name, e); } }
However, this solution is not too flexible: imagine you create a shared provider configuration with the HadoopAuth provider where you want to use an alias (e.g the keytab file location in Cloudera Manager isn't static, it's relative to the Knox process's directory). At the provider creation time, you don't know the descriptors (topologies) that may reference your newly created shared provider configuration. Thus, you cannot create the desired aliases in advance using the Knox CLI. what you can do is to create an alias on the gateway-level which the HadoopAuth filter should be able to lookup.
The suggested solution is to extend the above logic as follows: if the topology-level alias is not found, try to get the value from the gateway-level.
Attachments
Issue Links
- links to