Disable a provider in an existing provider configuration
An example of how to disable the authorization provider in the manager shared provider configuration.
In this example you will see how to disable the
authorization
provider in the manager
shared provider configuration. This particular
authorization
provider is set as follows (in its JSON
descriptor):{ "role": "authorization", "name": "AclsAuthz", "enabled": "true", "params": { "knox.acl.mode": "OR", "knox.acl": "KNOX_ADMIN_USERS;KNOX_ADMIN_GROUPS;*" } }
-
From Cloudera Manager > Knox > Configuration, add the following entry in the
Knox Gateway Advanced Configuration Snippet (Safety Valve) for conf/cdp-descriptors.xml
:- name =
providerConfigs:manager
- value =
role=authorization#authorization.name=AclsAuthz#authorization.enabled=false#authorization.param.knox.acl=KNOX_ADMIN_USERS;KNOX_ADMIN_GROUPS;*#authorization.param.knox.acl.mode=OR
- name =
- Save your changes.
- Refresh the cluster.
-
Validate:
$ curl -ku <username>:<password> 'https://johndoe-1.abc.cloudera.com:8443/gateway/admin/api/v1/providerconfig/manager' { "providers" : [ ... }, { "role" : "authorization", "name" : "AclsAuthz", "enabled" : false, "params" : { "knox.acl" : "myTestUser;KNOX_ADMIN_GROUPS;*", "knox.acl.mode" : "OR" } }, { "role" : "ha", "name" : "HaProvider", "enabled" : true, "params" : { "ATLAS" : "enabled=true;maxFailoverAttempts=3;failoverSleep=1000;maxRetryAttempts=300;retrySleep=1000" } } ] }
The only change is that the enabled flag was changed to false
.