Modify a provider in an existing provider configuration

An example of how to modify the authorization provider in the manager shared provider configuration.

In this example you will see how to modify the authorization provider in the manager shared provider configuration. This particular authorization provider is set as follows (in its JSON descriptor):
{
         "role": "authorization",
         "name": "AclsAuthz",
         "enabled": "true",
         "params": {
            "knox.acl.mode": "OR",
            "knox.acl": "KNOX_ADMIN_USERS;KNOX_ADMIN_GROUPS;*"
         }
      }
  1. From Cloudera Manager > Knox > Configuration, add the following entry in the Knox Gateway Advanced Configuration Snippet (Safety Valve) for conf/cdp-resources.xml:
    • name = providerConfigs:manager
    • value = role=authorization#authorization.name=AclsAuthz#authorization.enabled=false#authorization.param.knox.acl=myTestUser;KNOX_ADMIN_GROUPS;*#authorization.param.knox.acl.mode=OR

    With this change you are authorizing a user called myTestUser to login and execute administrative actions on the Knox Admin API.

  2. Save your changes.
  3. Refresh the cluster.
  4. Validate:
    $ curl -ku <username>:<password> 'https://johndoe-1.abc.cloudera.com:8443/gateway/admin/api/v1/providerconfig/manager'
    {
      "providers" : [ 
     ...
      }, {
        "role" : "authorization",
        "name" : "AclsAuthz",
        "enabled" : false,
        "params" : {
          "knox.acl" : "myTestUser;KNOX_ADMIN_GROUPS;*",
          "knox.acl.mode" : "OR"
        }
      }, {
        "role" : "ha",
        "name" : "HaProvider",
        "enabled" : true,
        "params" : {
          "ATLAS" : "enabled=true;maxFailoverAttempts=3;failoverSleep=1000;maxRetryAttempts=300;retrySleep=1000"
        }
      } ]
    }