Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1136

Provision Consistent Credentials For Generated Topologies

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.14.0
    • Fix Version/s: 0.14.0
    • Component/s: Server
    • Labels:
      None

      Description

      For Knox HA scenarios, the password used to encrypt/decrypt query params MUST be the same across all of the participating Knox instances. Today, synching these passwords is a manual activity.

      With Knox now discovering descriptors from remote registries, requiring an admin to manually configure the credential store for each participating Knox instance prior to deploying the descriptor to the remote registry limits the usefulness of this new feature and introduces potential for frequent failed deployments.

      Knox can pre-provision a password for a topology prior to the generation of that topology, based on the master secret, in a manner which will be consistent across all the participating Knox instances.

        Attachments

        1. KNOX-1136.patch
          21 kB
          Philip Zampino

          Activity

            People

            • Assignee:
              pzampino Philip Zampino
              Reporter:
              pzampino Philip Zampino
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: