Modify a provider in an existing provider configuration
An example of how to modify the authorization provider in the manager shared provider configuration.
In this example you will see how to modify the
authorization
provider in the manager
shared provider configuration. This particular
authorization
provider is set as follows (in its JSON
descriptor):{ "role": "authorization", "name": "AclsAuthz", "enabled": "true", "params": { "knox.acl.mode": "OR", "knox.acl": "KNOX_ADMIN_USERS;KNOX_ADMIN_GROUPS;*" } }
-
From Cloudera Manager > Knox > Configuration, add the following entry in the
Knox Gateway Advanced Configuration Snippet (Safety Valve) for conf/cdp-resources.xml
:- name =
providerConfigs:manager
- value =
role=authorization#authorization.name=AclsAuthz#authorization.enabled=false#authorization.param.knox.acl=myTestUser;KNOX_ADMIN_GROUPS;*#authorization.param.knox.acl.mode=OR
With this change you are authorizing a user called myTestUser to login and execute administrative actions on the Knox Admin API.
- name =
- Save your changes.
- Refresh the cluster.
-
Validate:
$ curl -ku <username>:<password> 'https://johndoe-1.abc.cloudera.com:8443/gateway/admin/api/v1/providerconfig/manager' { "providers" : [ ... }, { "role" : "authorization", "name" : "AclsAuthz", "enabled" : false, "params" : { "knox.acl" : "myTestUser;KNOX_ADMIN_GROUPS;*", "knox.acl.mode" : "OR" } }, { "role" : "ha", "name" : "HaProvider", "enabled" : true, "params" : { "ATLAS" : "enabled=true;maxFailoverAttempts=3;failoverSleep=1000;maxRetryAttempts=300;retrySleep=1000" } } ] }