You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2022/03/03 10:08:00 UTC
[jira] [Updated] (KNOX-2712) Adding arbitrary metadata to a Knox Token
[ https://issues.apache.org/jira/browse/KNOX-2712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar updated KNOX-2712:
--------------------------------
Description:
We would need to enhance our GET API to accept an arbitrary list of key/value pairs as Knox token metadata. At the time of this Jira is being created, the following hard-coded metadata exists for a Knox Token:
* userName
* comment
* enabled
* passcode
The plan is to modify our TokenResource to accept query parameters starting with the ‘{{{}md_{}}}’ prefix and treat them as Knox Token Metadata. For instance:
{noformat}
curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token?md_notebookName=accountantKnoxToken&md_souldBeRemovedBy=31March2022&md_otherMeaningfuMetadata=KnoxIsCool'{noformat}
When such a token is created by Knox, we should save the following metadata too:
* {{notebookName=accountantKnoxToken}}
* {{shouldBeRemovedBy=31March2022}}
* {{otherMeaningfulMetadata=KnoxIsCool}}
It’s not only Knox will be able to save these metadata, but we have to update our existing {{getUserTokens}} API endpoint to be able to fetch basic token information (see {{{}org.apache.knox.gateway.services.security.token.KnoxToken{}}}) using the supplied metadata name besides the user name information.
For instance:
{noformat}
curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_notebookName=accountantKnoxToken'{noformat}
will return all Knox tokens where metadata with _‘notebookName’_ exists and equals {_}‘accountantKnoxToken’{_}.
Finally, the Token Management page should display metadata too.
was:
We would need to enhance our GET API to accept an arbitrary list of key/value pairs as Knox token metadata. At the time of this Jira is being created, the following hard-coded metadata exists for a Knox Token:
* userName
* comment
* enabled
* passcode
The plan is to modify our TokenResource to accept query parameters starting with the ‘{{{}md_{}}}’ prefix and treat them as Knox Token Metadata. For instance:
{noformat}
curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token?doAs=bob&md_notebookName=accountantKnoxToken&md_souldBeRemovedBy=31March2022&md_otherMeaningfuMetadata=KnoxIsCool'{noformat}
When such a token is created by Knox, we should save the following metadata too:
* {{notebookName=accountantKnoxToken}}
* {{shouldBeRemovedBy=31March2022}}
* {{otherMeaningfulMetadata=KnoxIsCool}}
It’s not only Knox will be able to save these metadata, but we have to update our existing {{getUserTokens}} API endpoint to be able to fetch basic token information (see {{org.apache.knox.gateway.services.security.token.KnoxToken}}) using the supplied metadata name besides the user name information.
For instance:
{noformat}
curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_notebookName=accountantKnoxToken'{noformat}
will return all Knox tokens where metadata with _‘notebookName’_ exists and equals {_}‘accountantKnoxToken’{_}.
Finally, the Token Management page should display metadata too.
> Adding arbitrary metadata to a Knox Token
> -----------------------------------------
>
> Key: KNOX-2712
> URL: https://issues.apache.org/jira/browse/KNOX-2712
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.6.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.0.0
>
>
> We would need to enhance our GET API to accept an arbitrary list of key/value pairs as Knox token metadata. At the time of this Jira is being created, the following hard-coded metadata exists for a Knox Token:
> * userName
> * comment
> * enabled
> * passcode
> The plan is to modify our TokenResource to accept query parameters starting with the ‘{{{}md_{}}}’ prefix and treat them as Knox Token Metadata. For instance:
> {noformat}
> curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token?md_notebookName=accountantKnoxToken&md_souldBeRemovedBy=31March2022&md_otherMeaningfuMetadata=KnoxIsCool'{noformat}
> When such a token is created by Knox, we should save the following metadata too:
> * {{notebookName=accountantKnoxToken}}
> * {{shouldBeRemovedBy=31March2022}}
> * {{otherMeaningfulMetadata=KnoxIsCool}}
> It’s not only Knox will be able to save these metadata, but we have to update our existing {{getUserTokens}} API endpoint to be able to fetch basic token information (see {{{}org.apache.knox.gateway.services.security.token.KnoxToken{}}}) using the supplied metadata name besides the user name information.
> For instance:
> {noformat}
> curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_notebookName=accountantKnoxToken'{noformat}
> will return all Knox tokens where metadata with _‘notebookName’_ exists and equals {_}‘accountantKnoxToken’{_}.
> Finally, the Token Management page should display metadata too.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)