Skip to content

KNOX-2805 - getUserTokens honours different metadata values with the same name#633

Merged
smolnar82 merged 1 commit intoapache:masterfrom
smolnar82:KNOX-2805
Sep 22, 2022
Merged

KNOX-2805 - getUserTokens honours different metadata values with the same name#633
smolnar82 merged 1 commit intoapache:masterfrom
smolnar82:KNOX-2805

Conversation

@smolnar82
Copy link
Contributor

@smolnar82 smolnar82 commented Sep 21, 2022

What changes were proposed in this pull request?

If the user supplied the same metadata name with different values in Knox's getUserTokens API, the result only contained tokens that matched the first name/value pair. This is now fixed by including all values of each metadata name during the filter logic.

How was this patch tested?

I manually tested this feature and added the metadata/expected result matrix in KNOX-2805.

The curl command I used to create the tokens:

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token?md_Name=reina&md_Score=50"

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token?md_Name=mary&md_Score=100"

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token?md_Name=mary&md_Score=20&md_Grade=A"

Screenshot 2022-09-21 at 15 30 05

Here are the curl commands and responses I used for verifying my changes:

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token/getUserTokens?userName=admin"

{
	"tokens": [{
		"tokenId": "fff4eb61-09c0-4460-aba9-0ccf45e31cef",
		"issueTime": "2022-09-21T14:49:32.701+0200",
		"expiration": "2023-01-19T13:49:32.698+0100",
		"maxLifetime": "2022-09-28T14:49:32.701+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "50",
				"Name": "reina"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572701,
		"expirationLong": 1674132572698,
		"maxLifetimeLong": 1664369372701
	}, {
		"tokenId": "dec27b78-82e1-423e-bd6d-3847bf0be026",
		"issueTime": "2022-09-21T14:49:32.751+0200",
		"expiration": "2023-01-19T13:49:32.748+0100",
		"maxLifetime": "2022-09-28T14:49:32.751+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "100",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572751,
		"expirationLong": 1674132572748,
		"maxLifetimeLong": 1664369372751
	}, {
		"tokenId": "0a68d122-f2d1-41a8-9da3-b12ff9e463e4",
		"issueTime": "2022-09-21T14:49:32.808+0200",
		"expiration": "2023-01-19T13:49:32.805+0100",
		"maxLifetime": "2022-09-28T14:49:32.808+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "20",
				"Grade": "A",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572808,
		"expirationLong": 1674132572805,
		"maxLifetimeLong": 1664369372808
	}]
}

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_Name=reina"

{
	"tokens": [{
		"tokenId": "fff4eb61-09c0-4460-aba9-0ccf45e31cef",
		"issueTime": "2022-09-21T14:49:32.701+0200",
		"expiration": "2023-01-19T13:49:32.698+0100",
		"maxLifetime": "2022-09-28T14:49:32.701+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "50",
				"Name": "reina"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572701,
		"expirationLong": 1674132572698,
		"maxLifetimeLong": 1664369372701
	}]
}

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_Name=mary"

{
	"tokens": [{
		"tokenId": "dec27b78-82e1-423e-bd6d-3847bf0be026",
		"issueTime": "2022-09-21T14:49:32.751+0200",
		"expiration": "2023-01-19T13:49:32.748+0100",
		"maxLifetime": "2022-09-28T14:49:32.751+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "100",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572751,
		"expirationLong": 1674132572748,
		"maxLifetimeLong": 1664369372751
	}, {
		"tokenId": "0a68d122-f2d1-41a8-9da3-b12ff9e463e4",
		"issueTime": "2022-09-21T14:49:32.808+0200",
		"expiration": "2023-01-19T13:49:32.805+0100",
		"maxLifetime": "2022-09-28T14:49:32.808+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "20",
				"Grade": "A",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572808,
		"expirationLong": 1674132572805,
		"maxLifetimeLong": 1664369372808
	}]
}

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_Score=100"

{
	"tokens": [{
		"tokenId": "dec27b78-82e1-423e-bd6d-3847bf0be026",
		"issueTime": "2022-09-21T14:49:32.751+0200",
		"expiration": "2023-01-19T13:49:32.748+0100",
		"maxLifetime": "2022-09-28T14:49:32.751+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "100",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572751,
		"expirationLong": 1674132572748,
		"maxLifetimeLong": 1664369372751
	}]
}

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_Name=mary&md_Score=20"

{
	"tokens": [{
		"tokenId": "dec27b78-82e1-423e-bd6d-3847bf0be026",
		"issueTime": "2022-09-21T14:49:32.751+0200",
		"expiration": "2023-01-19T13:49:32.748+0100",
		"maxLifetime": "2022-09-28T14:49:32.751+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "100",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572751,
		"expirationLong": 1674132572748,
		"maxLifetimeLong": 1664369372751
	}, {
		"tokenId": "0a68d122-f2d1-41a8-9da3-b12ff9e463e4",
		"issueTime": "2022-09-21T14:49:32.808+0200",
		"expiration": "2023-01-19T13:49:32.805+0100",
		"maxLifetime": "2022-09-28T14:49:32.808+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "20",
				"Grade": "A",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572808,
		"expirationLong": 1674132572805,
		"maxLifetimeLong": 1664369372808
	}]
}

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_Name=mary&md_Name=reina"

{
	"tokens": [{
		"tokenId": "fff4eb61-09c0-4460-aba9-0ccf45e31cef",
		"issueTime": "2022-09-21T14:49:32.701+0200",
		"expiration": "2023-01-19T13:49:32.698+0100",
		"maxLifetime": "2022-09-28T14:49:32.701+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "50",
				"Name": "reina"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572701,
		"expirationLong": 1674132572698,
		"maxLifetimeLong": 1664369372701
	}, {
		"tokenId": "dec27b78-82e1-423e-bd6d-3847bf0be026",
		"issueTime": "2022-09-21T14:49:32.751+0200",
		"expiration": "2023-01-19T13:49:32.748+0100",
		"maxLifetime": "2022-09-28T14:49:32.751+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "100",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572751,
		"expirationLong": 1674132572748,
		"maxLifetimeLong": 1664369372751
	}, {
		"tokenId": "0a68d122-f2d1-41a8-9da3-b12ff9e463e4",
		"issueTime": "2022-09-21T14:49:32.808+0200",
		"expiration": "2023-01-19T13:49:32.805+0100",
		"maxLifetime": "2022-09-28T14:49:32.808+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "20",
				"Grade": "A",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572808,
		"expirationLong": 1674132572805,
		"maxLifetimeLong": 1664369372808
	}]
}

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_Name=*"

{
	"tokens": [{
		"tokenId": "fff4eb61-09c0-4460-aba9-0ccf45e31cef",
		"issueTime": "2022-09-21T14:49:32.701+0200",
		"expiration": "2023-01-19T13:49:32.698+0100",
		"maxLifetime": "2022-09-28T14:49:32.701+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "50",
				"Name": "reina"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572701,
		"expirationLong": 1674132572698,
		"maxLifetimeLong": 1664369372701
	}, {
		"tokenId": "dec27b78-82e1-423e-bd6d-3847bf0be026",
		"issueTime": "2022-09-21T14:49:32.751+0200",
		"expiration": "2023-01-19T13:49:32.748+0100",
		"maxLifetime": "2022-09-28T14:49:32.751+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "100",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572751,
		"expirationLong": 1674132572748,
		"maxLifetimeLong": 1664369372751
	}, {
		"tokenId": "0a68d122-f2d1-41a8-9da3-b12ff9e463e4",
		"issueTime": "2022-09-21T14:49:32.808+0200",
		"expiration": "2023-01-19T13:49:32.805+0100",
		"maxLifetime": "2022-09-28T14:49:32.808+0200",
		"metadata": {
			"enabled": true,
			"createdBy": null,
			"customMetadataMap": {
				"Score": "20",
				"Grade": "A",
				"Name": "mary"
			},
			"userName": "admin",
			"comment": null
		},
		"issueTimeLong": 1663764572808,
		"expirationLong": 1674132572805,
		"maxLifetimeLong": 1664369372808
	}]
}

curl -iku admin:admin-password --cookie "hadoop-jwt=$HADOOP_JWT_COOKIE" -X GET "https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token/getUserTokens?userName=admin&md_Unknown=*"

{
	"tokens": []
}

@smolnar82 smolnar82 self-assigned this Sep 21, 2022
@smolnar82
Copy link
Contributor Author

smolnar82 commented Sep 21, 2022

Cc. @MrtnBalazs

@smolnar82 smolnar82 merged commit 14f5754 into apache:master Sep 22, 2022
@smolnar82 smolnar82 deleted the KNOX-2805 branch September 22, 2022 07:58
stoty pushed a commit to stoty/knox that referenced this pull request May 14, 2024
@smolnar82
CDPD-44358 KNOX-2805 - getUserTokens honours different metadata value…
8e34ad0 
…s with the same name (apache#633)

Change-Id: I1ffdfee08fe32c8bada825b9781f7522b9b3bcab
stoty pushed a commit to stoty/knox that referenced this pull request May 14, 2024
@smolnar82
Merge "CDPD-44358 KNOX-2805 - getUserTokens honours different metadat…
8dedf73 
…a values with the same name (apache#633)" into cdpd-master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zeroflag zeroflag zeroflag approved these changes

@moresandeep moresandeep Awaiting requested review from moresandeep

Assignees

@smolnar82 smolnar82

Labels

knoxtoken

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@smolnar82 @zeroflag