Dynamically Generating Knox Topology Files
Topology files can be dynamically generated from combinations of Provider Configurations and Descriptors, which can be defined using the Knox Admin UI.
You can access the Knox Admin UI from
- Provider configurations: e.g., authentication, federation, authentication, authorization, identity assertion, etc
- HA provider
- Services: component URLs you want to proxy
- Provider Configurations: A named set of providers, e.g., authentication, federation, authentication, authorization, identity assertion, etc. Provider configurations can be shared across descriptors/topologies.
- Descriptors: References the Provider Configurations to declare the policy (authentication, authorization, identity assertion, etc) that goes along with proxying that cluster. Descriptors cannot be shared across topologies; Descriptors and topologies are 1-to-1.
- Topologies: Dynamically generated based on the Provider Configurations and Descriptors you define.
However- the topologies that are managed by Cloudera Manager should be read-only. Within an Cloudera Manager-managed cluster, the Knox Admin UI is to be used for creating additional topologies. When a Knox instance is not managed by Cloudera Manager, all topology management will be done via the Knox Admin UI.