Editing Knox topologies

Learn how to edit Knox topologies to define for Knox how to proxy requests from external users.

Ensure that you have the following information before performing the steps:

Username of the user who will generate the CLIENT_ID and CLIENT_SECRET.

The cdp-datashare-access Knox topology is automatically deployed. Editing the token lifetime and the token allowance per user (by adding the parameter KNOXTOKEN:knox.token.limit.per.user=[***TOKENLIMIT***]) is possible for each topology but it is optional. The following steps override the general settings in the Knox Gateway for a specific Knox topology. You can add more topologies. For more information, see Add a custom descriptor to Apache Knox.

Go to Cloudera Manager > Knox > Configuration.
Select the Knox Gateway scope.
Edit the default cdp-datashare-access topology by searching for cdp_datashare_access_descriptor.
Configure the value of KNOXTOKEN:knox.token.ttl=36000000.

note
The default value of 36000000 of knox.token.ttl means a 10 hour period. You can reduce this number to adjust the CLIENT_ID and CLIENT_SECRET lifetime.

Figure 1. Editing the default topology

important
knox.token.ttl controls the lifetime of your Knox access token received in exchange for the Client ID and Secret of your external users. Once it expires, external users need to request a new access token. For more information, see Editing Knox topologies.
Optional: If additional users are needed, the marked section needs to be duplicated to add the user in cdp_datashare_access_provider.
Click Save Changes and refresh the configuration as needed.

The relevant Knox topologies are updated.

Continue with configuring Knox.