Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KNOX-2713 - Allowing end-users to customize 'user limit exceeded' action when creating Knox tokens #543

Merged
merged 1 commit into from Mar 7, 2022
Merged

KNOX-2713 - Allowing end-users to customize 'user limit exceeded' action when creating Knox tokens #543

merged 1 commit into from Mar 7, 2022

Conversation

smolnar82
Copy link
Contributor

What changes were proposed in this pull request?

Changing Knox's default behavior when a user exceeds the configured token limit: if REMOVE_OLDEST is configured, Knox will remove the oldest token instead of returning an error.

How was this patch tested?

Updated existing JUnit tests as well as added new ones:

$ mvn clean -Dshellcheck=true verify -Prelease,package -am -pl gateway-service-knoxtoken
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  05:56 min
[INFO] Finished at: 2022-03-04T15:23:36+01:00
[INFO] ------------------------------------------------------------------------

Manual testing:

  • set gateway.knox.token.limit.per.user = 1 in gateway-site.xml
  • set knox.token.user.limit.exceeded.action = REMOVE_OLDEST in the homepage topology for the KNOXTOKEN service
  • restarted Knox and created a token with comment token 1 on the Token Generation pageScreenshot 2022-03-04 at 15 16 14
  • created another token with comment token 2 successfully (and the previously created one got revoked):Screenshot 2022-03-04 at 15 16 30
2022-03-04 15:30:48,390 3ee2f801-ed84-4cee-bf9d-8da686266eed ERROR service.knoxtoken (TokenResource.java:getAuthenticationToken(669)) - Unable to get token for user admin: token limit exceeded
2022-03-04 15:30:48,391 3ee2f801-ed84-4cee-bf9d-8da686266eed INFO  service.knoxtoken (TokenResource.java:getAuthenticationToken(675)) - Revoking admin's oldest token 066b2c...2bb6f5 ...
2022-03-04 15:30:48,407 3ee2f801-ed84-4cee-bf9d-8da686266eed INFO  service.knoxtoken (TokenResource.java:revoke(512)) - Knox Token service (homepage) revoked token 066b2c...2bb6f5 (066b2cc3...946c6e2bb6f5) (renewer=admin)
2022-03-04 15:30:48,413 3ee2f801-ed84-4cee-bf9d-8da686266eed INFO  service.knoxtoken (TokenResource.java:getAuthenticationToken(704)) - Knox Token service (homepage) issued token eyJqa3...k1ikvg (893cbbef...a754c8a4f5bb)

@smolnar82 smolnar82 merged commit 848689b into apache:master Mar 7, 2022
@smolnar82 smolnar82 deleted the KNOX-2713 branch March 7, 2022 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zeroflag zeroflag zeroflag approved these changes

@moresandeep moresandeep Awaiting requested review from moresandeep

@pzampino pzampino Awaiting requested review from pzampino

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@smolnar82 @zeroflag