Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1129

Remote Configuration Monitor Should Define The Entries It Monitors If They're Not Yet Defined

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.14.0
    • Fix Version/s: 0.14.0
    • Component/s: Server
    • Labels:

      Description

      Currently, if the remote configuration monitor finds that the /knox/config/shared-providers and/or /knox/config/descriptors entries (e.g., znodes) are not present (or are otherwise inaccessible), it determines that it cannot function, and it ceases any attempt at monitoring.

      For those cases where the entries do not yet exist, the monitor can define them. If the client employed by the monitor does not require authentication, then the new entries will be created without any meaningful ACLs applied. If the client has been authenticated, then the ACLs should be such that the authenticated principal has write permissions, while everyone else has read-only permissions.

      Whether or not the read permissions should be more restrictive is yet to be determined; Other projects in the ecosystem seem to allow everyone read access to their respective ZooKeeper content.

        Attachments

        1. KNOX-1129.patch
          26 kB
          Philip Zampino
        2. KNOX-1129-001.patch
          32 kB
          Philip Zampino
        3. KNOX-1129-002.patch
          34 kB
          Philip Zampino

          Issue Links

            Activity

              People

              • Assignee:
                pzampino Philip Zampino
                Reporter:
                pzampino Philip Zampino
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: