Add a new provider in an existing provider configuration
An example of how to add a new provider to the authorization provider in the manager shared provider configuration.
In this example you will see how to add a new HA provider (this time only
the ATLAS service will be configured for high availability) in the manager shared
provider configuration . This particular
authorization
provider is
set as follows (in its JSON
descriptor):{ "role": "authorization", "name": "AclsAuthz", "enabled": "true", "params": { "knox.acl.mode": "OR", "knox.acl": "KNOX_ADMIN_USERS;KNOX_ADMIN_GROUPS;*" } }
-
From Cloudera Manager > Knox > Configuration, add the following entry in the
Knox Gateway Advanced Configuration Snippet (Safety Valve) for conf/cdp-descriptors.xml
:- name =
providerConfigs:manager
- value =
role=authorization#authorization.name=AclsAuthz#authorization.enabled=false#authorization.param.knox.acl=myTestUser;KNOX_ADMIN_GROUPS;*#authorization.param.knox.acl.mode=OR#role=ha#ha.name=HaProvider#ha.param.ATLAS=enabled=true;maxFailoverAttempts=3;failoverSleep=1000;maxRetryAttempts=300;retrySleep=1000
- name =
- Save your changes.
- Refresh the cluster.
-
Validate:
$ curl -ku knoxui:knoxui 'https://johndoe-1.abc.cloudera.com:8443/gateway/admin/api/v1/providerconfig/manager' { "providers" : [ ... }, { "role" : "authorization", "name" : "AclsAuthz", "enabled" : false, "params" : { "knox.acl" : "myTestUser;KNOX_ADMIN_GROUPS;*", "knox.acl.mode" : "OR" } }, { "role" : "ha", "name" : "HaProvider", "enabled" : true, "params" : { "ATLAS" : "enabled=true;maxFailoverAttempts=3;failoverSleep=1000;maxRetryAttempts=300;retrySleep=1000" } } ] }