Knox CLI testing tools
Learn how to use the Knox Command Line Interface (CLI) to run diagnostic tests.
The Knox CLI is a command line utility that can be used to manage and test various aspects of a Knox deployment.
You must set the following environment variables before using the Knox
CLI:
export KNOX_GATEWAY_DATA_DIR="/var/lib/knox/gateway/data"
export KNOX_GATEWAY_CONF_DIR="/var/lib/knox/gateway/conf"The knoxcli.sh command line utility script is located in the
/opt/cloudera/parcels/CDH/lib/knox/bin directory.
Invoke the CLI by using the following
command:
/opt/cloudera/parcels/CDH/lib/knox/bin/knoxcli.shKnox CLI LDAP authentication and authorization testing
You can use the following command format to authenticate a user name and password against
LDAP.
bin/knoxcli.sh user-auth-test [--cluster c] [--u username] [--p password] [--g] [--d] [--help]This command tests the ability of a topology to connect, authenticate, and authorize a user
with an LDAP server. The only required argument is the --cluster argument to
specify the name of the topology you want to use. The topology must be valid (passes a
validate-topology command). If the –u and –p arguments are not
specified, you are prompted for a user name and password.
If authentication is successful, the command attempts to use the topology to do an LDAP group
lookup. The topology must be configured correctly to do this. If the topology is not configured
correctly, groups are not returned and no errors are printed unless the
--g
argument is specified. Currently, this command only works if a topology supports the use of
ShiroProvider for authentication.| Argument | Description | Required? |
|---|---|---|
| --cluster | The name of the cluster to authenticate. | Yes |
| --u | The user name to authenticate with. | No |
| --p | The password to authenticate with. | No |
| --g | Specifies that you want to return a user’s groups. If not specified, group lookup errors will not be returned. | No |
| --d | Print extra debug information for a failed authentication. | No |
