[KNOX-1129] Remote Configuration Monitor Should Define The Entries It Monitors If They're Not Yet Defined - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.14.0
Fix Version/s: 0.14.0
Component/s: Server
Labels:
- kip-8

Description

Currently, if the remote configuration monitor finds that the /knox/config/shared-providers and/or /knox/config/descriptors entries (e.g., znodes) are not present (or are otherwise inaccessible), it determines that it cannot function, and it ceases any attempt at monitoring.

For those cases where the entries do not yet exist, the monitor can define them. If the client employed by the monitor does not require authentication, then the new entries will be created without any meaningful ACLs applied. If the client has been authenticated, then the ACLs should be such that the authenticated principal has write permissions, while everyone else has read-only permissions.

Whether or not the read permissions should be more restrictive is yet to be determined; Other projects in the ecosystem seem to allow everyone read access to their respective ZooKeeper content.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

KNOX-1129.patch
30/Nov/17 15:46
26 kB
Philip Zampino
KNOX-1129-001.patch
01/Dec/17 04:20
32 kB
Philip Zampino
KNOX-1129-002.patch
04/Dec/17 20:52
34 kB
Philip Zampino

Issue Links

is depended upon by

KNOX-1135 Add Configuration Property For Allowing Remote Configuration to be Read By Unauthenticated Clients

Closed

Activity

People

Assignee:: Philip Zampino

Reporter:: Philip Zampino

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 28/Nov/17 22:03

Updated:: 28/Mar/19 14:07

Resolved:: 05/Dec/17 02:31