You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2022/03/03 10:08:00 UTC

[jira] [Updated] (KNOX-2712) Adding arbitrary metadata to a Knox Token

     [ https://issues.apache.org/jira/browse/KNOX-2712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sandor Molnar updated KNOX-2712:
--------------------------------
    Description: 
We would need to enhance our GET API to accept an arbitrary list of key/value pairs as Knox token metadata. At the time of this Jira is being created, the following hard-coded metadata exists for a Knox Token:
 * userName
 * comment
 * enabled
 * passcode

The plan is to modify our TokenResource to accept query parameters starting with the ‘{{{}md_{}}}’ prefix and treat them as Knox Token Metadata. For instance:
{noformat}
curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token?md_notebookName=accountantKnoxToken&md_souldBeRemovedBy=31March2022&md_otherMeaningfuMetadata=KnoxIsCool'{noformat}
When such a token is created by Knox, we should save the following metadata too:
 * {{notebookName=accountantKnoxToken}}
 * {{shouldBeRemovedBy=31March2022}}
 * {{otherMeaningfulMetadata=KnoxIsCool}}

It’s not only Knox will be able to save these metadata, but we have to update our existing {{getUserTokens}} API endpoint to be able to fetch basic token information (see {{{}org.apache.knox.gateway.services.security.token.KnoxToken{}}}) using the supplied metadata name besides the user name information.

For instance:
{noformat}
curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_notebookName=accountantKnoxToken'{noformat}
will return all Knox tokens where metadata with _‘notebookName’_ exists and equals {_}‘accountantKnoxToken’{_}.

Finally, the Token Management page should display metadata too.

  was:
We would need to enhance our GET API to accept an arbitrary list of key/value pairs as Knox token metadata. At the time of this Jira is being created, the following hard-coded metadata exists for a Knox Token:
 * userName
 * comment
 * enabled
 * passcode

The plan is to modify our TokenResource to accept query parameters starting with the ‘{{{}md_{}}}’ prefix and treat them as Knox Token Metadata. For instance:
{noformat}
curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token?doAs=bob&md_notebookName=accountantKnoxToken&md_souldBeRemovedBy=31March2022&md_otherMeaningfuMetadata=KnoxIsCool'{noformat}
When such a token is created by Knox, we should save the following metadata too:
 * {{notebookName=accountantKnoxToken}}
 * {{shouldBeRemovedBy=31March2022}}
 * {{otherMeaningfulMetadata=KnoxIsCool}}

It’s not only Knox will be able to save these metadata, but we have to update our existing {{getUserTokens}} API endpoint to be able to fetch basic token information (see {{org.apache.knox.gateway.services.security.token.KnoxToken}}) using the supplied metadata name besides the user name information.

For instance:
{noformat}
curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_notebookName=accountantKnoxToken'{noformat}
will return all Knox tokens where metadata with _‘notebookName’_ exists and equals {_}‘accountantKnoxToken’{_}.

Finally, the Token Management page should display metadata too.


> Adding arbitrary metadata to a Knox Token
> -----------------------------------------
>
>                 Key: KNOX-2712
>                 URL: https://issues.apache.org/jira/browse/KNOX-2712
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.6.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>             Fix For: 2.0.0
>
>
> We would need to enhance our GET API to accept an arbitrary list of key/value pairs as Knox token metadata. At the time of this Jira is being created, the following hard-coded metadata exists for a Knox Token:
>  * userName
>  * comment
>  * enabled
>  * passcode
> The plan is to modify our TokenResource to accept query parameters starting with the ‘{{{}md_{}}}’ prefix and treat them as Knox Token Metadata. For instance:
> {noformat}
> curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token?md_notebookName=accountantKnoxToken&md_souldBeRemovedBy=31March2022&md_otherMeaningfuMetadata=KnoxIsCool'{noformat}
> When such a token is created by Knox, we should save the following metadata too:
>  * {{notebookName=accountantKnoxToken}}
>  * {{shouldBeRemovedBy=31March2022}}
>  * {{otherMeaningfulMetadata=KnoxIsCool}}
> It’s not only Knox will be able to save these metadata, but we have to update our existing {{getUserTokens}} API endpoint to be able to fetch basic token information (see {{{}org.apache.knox.gateway.services.security.token.KnoxToken{}}}) using the supplied metadata name besides the user name information.
> For instance:
> {noformat}
> curl -iku admin:admin-password -X GET 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_notebookName=accountantKnoxToken'{noformat}
> will return all Knox tokens where metadata with _‘notebookName’_ exists and equals {_}‘accountantKnoxToken’{_}.
> Finally, the Token Management page should display metadata too.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)