Skip to content

KNOX-3105 - Add Topology Level Config for Truststore to RemoteAuthProvider #1001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 4, 2025
Merged

KNOX-3105 - Add Topology Level Config for Truststore to RemoteAuthProvider #1001

merged 4 commits into from
Mar 4, 2025

Conversation

lmccay
Copy link
Contributor

@lmccay lmccay commented Mar 4, 2025

What changes were proposed in this pull request?

I originally had this topology level config only for the truststore and password but decided that it should be configured at the gateway level. However, it is much easier to use specific truststores for dev and testing environments than adding a cert from one Knox to another's truststore which may have other certs, etc.

This change will add the params for location and password with alias service support of the password.

How was this patch tested?

Added new unit tests, ran all existing tests and manually tested with another knox instance.

curl -ivku admin:admin-password https://localhost:8444/gateway/tokengen/knoxtoken/api/v1/token

Audit logs for each instance are below to show the correlation ID across instances:

Local instance:

25/03/03 23:21:10 ||878975c9-de91-4da3-94e8-f716ce5b337a|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN||||access|uri|/gateway/tokengen/knoxtoken/api/v1/token|unavailable|Request method: GET
25/03/03 23:21:21 ||878975c9-de91-4da3-94e8-f716ce5b337a|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN|admin|||authentication|uri|/gateway/tokengen/knoxtoken/api/v1/token|success|Groups: []
25/03/03 23:21:21 ||878975c9-de91-4da3-94e8-f716ce5b337a|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN|admin|||identity-mapping|principal|admin|success|Groups: []
25/03/03 23:21:21 ||878975c9-de91-4da3-94e8-f716ce5b337a|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN|admin|||access|uri|/gateway/tokengen/knoxtoken/api/v1/token|success|Response status: 200

remote instance:

25/03/03 23:21:21 ||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE||||access|uri|/gateway/sandbox/auth/api/v1/pre|unavailable|Request method: GET
25/03/03 23:21:21 ||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE|admin|||authentication|uri|/gateway/sandbox/auth/api/v1/pre|success|
25/03/03 23:21:21 ||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE|admin|||authentication|uri|/gateway/sandbox/auth/api/v1/pre|success|Groups: []
25/03/03 23:21:21 ||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE|admin|||identity-mapping|principal|admin|success|Groups: []
25/03/03 23:21:21 ||878975c9-de91-4da3-94e8-f716ce5b337a|audit|127.0.0.1|KNOX-AUTH-SERVICE|admin|||access|uri|/gateway/sandbox/auth/api/v1/pre|success|Response status: 200

The local instance above is running on port 8444 and the remote instance on 8443.

smolnar82
smolnar82 approved these changes Mar 4, 2025
View reviewed changes
Copy link
Contributor

@smolnar82 smolnar82 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
Thanks for addressing my comments so quickly.

moresandeep
moresandeep approved these changes Mar 4, 2025
View reviewed changes
Copy link
Contributor

@moresandeep moresandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.
We should have a doc jira to document these!

@lmccay lmccay merged commit 29c606f into apache:master Mar 4, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moresandeep moresandeep moresandeep approved these changes

@smolnar82 smolnar82 smolnar82 approved these changes

@pzampino pzampino Awaiting requested review from pzampino

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lmccay @moresandeep @smolnar82