Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1136

Provision Consistent Credentials For Generated Topologies

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.14.0
    • Fix Version/s: 0.14.0
    • Component/s: Server
    • Labels:
      None

      Description

      For Knox HA scenarios, the password used to encrypt/decrypt query params MUST be the same across all of the participating Knox instances. Today, synching these passwords is a manual activity.

      With Knox now discovering descriptors from remote registries, requiring an admin to manually configure the credential store for each participating Knox instance prior to deploying the descriptor to the remote registry limits the usefulness of this new feature and introduces potential for frequent failed deployments.

      Knox can pre-provision a password for a topology prior to the generation of that topology, based on the master secret, in a manner which will be consistent across all the participating Knox instances.

        Attachments

          Activity

            People

            • Assignee:
              pzampino Philip Zampino
              Reporter:
              pzampino Philip Zampino

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment