Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-521

Enhance Principal Mapping to Handle Dynamic Mappings

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.6.0
    • Server
    • None

    Description

      We will add the ability to use provider parameters in order to dynamically create a disambiguated username for use in the Hadoop cluster.
      This will require unix accounts for the disambiguated name inside the cluster.
      The mapping syntax will be something like the following to dynamically append a domain/tenant id to the username:

      <provider>
    <role>identity-assertion</role>
    <name>Default</name>
    <enabled>true</enabled>
    <param>
        <name>tenant.id</name>
        <value>_domain1</value>
    </param>
    <param>
        <name>principal.mapping</name>
        <value>*=_PRINCIPAL+$tenant.id</value>
    </param>
</provider>

      The above demonstrates using a dynamic method of adding a tenant.id as a suffix for disambiguating users for this topology from users of another. Reversing the order of that idea would provide a prefix. This generic parameter name approach is very flexible.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. KNOX-1651 Cleanup *IdentityAsserterMessages interfaces

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Activity

            People

              lmccay Larry McCay
              lmccay Larry McCay
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: