Added: knox/site/books/knox-2-0-0/warning.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-2-0-0/warning.png?rev=1903930&view=auto
==============================================================================
Binary file - no diff available.
Propchange: knox/site/books/knox-2-0-0/warning.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: knox/site/books/knox-2-0-0/workflow-configuration.xml
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-2-0-0/workflow-configuration.xml?rev=1903930&view=auto
==============================================================================
--- knox/site/books/knox-2-0-0/workflow-configuration.xml (added)
+++ knox/site/books/knox-2-0-0/workflow-configuration.xml Thu Sep 8 14:32:02
2022
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>jobTracker</name>
+ <value>REPLACE.JOBTRACKER.RPCHOSTPORT</value>
+ <!-- Example: <value>localhost:50300</value> -->
+ </property>
+ <property>
+ <name>nameNode</name>
+ <value>hdfs://REPLACE.NAMENODE.RPCHOSTPORT</value>
+ <!-- Example: <value>hdfs://localhost:8020</value> -->
+ </property>
+ <property>
+ <name>oozie.wf.application.path</name>
+ <value>hdfs://REPLACE.NAMENODE.RPCHOSTPORT/tmp/test</value>
+ <!-- Example: <value>hdfs://localhost:8020/tmp/test</value> -->
+ </property>
+ <property>
+ <name>user.name</name>
+ <value>mapred</value>
+ </property>
+ <property>
+ <name>inputDir</name>
+ <value>/tmp/test/input</value>
+ </property>
+ <property>
+ <name>outputDir</name>
+ <value>/tmp/test/output</value>
+ </property>
+</configuration>
Added: knox/site/books/knox-2-0-0/workflow-definition.xml
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-2-0-0/workflow-definition.xml?rev=1903930&view=auto
==============================================================================
--- knox/site/books/knox-2-0-0/workflow-definition.xml (added)
+++ knox/site/books/knox-2-0-0/workflow-definition.xml Thu Sep 8 14:32:02 2022
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<workflow-app xmlns="uri:oozie:workflow:0.2" name="wordcount-workflow">
+ <start to="root"/>
+ <action name="root">
+ <java>
+ <job-tracker>${jobTracker}</job-tracker>
+ <name-node>${nameNode}</name-node>
+ <main-class>org.apache.hadoop.examples.WordCount</main-class>
+ <arg>${inputDir}</arg>
+ <arg>${outputDir}</arg>
+ </java>
+ <ok to="end"/>
+ <error to="fail"/>
+ </action>
+ <kill name="fail">
+ <message>Java failed, error
message[${wf:errorMessage(wf:lastErrorNode())}]</message>
+ </kill>
+ <end name="end"/>
+</workflow-app>
Modified: knox/site/index.html
URL:
http://svn.apache.org/viewvc/knox/site/index.html?rev=1903930&r1=1903929&r2=1903930&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Thu Sep 8 14:32:02 2022
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
src/site/markdown/index.md at 2022-01-13
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
src/site/markdown/index.md at 2022-09-08
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20220113" />
+ <meta name="Date-Revision-yyyymmdd" content="20220908" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Announcing Apache Knox 1.6.1!</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2022-01-13</li>
+ <li id="publishDate">Last Published: 2022-09-08</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/issue-management.html
URL:
http://svn.apache.org/viewvc/knox/site/issue-management.html?rev=1903930&r1=1903929&r2=1903930&view=diff
==============================================================================
--- knox/site/issue-management.html (original)
+++ knox/site/issue-management.html Thu Sep 8 14:32:02 2022
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:issue-management
at 2022-01-13
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:issue-management
at 2022-09-08
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20220113" />
+ <meta name="Date-Revision-yyyymmdd" content="20220908" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Issue Management</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2022-01-13</li>
+ <li id="publishDate">Last Published: 2022-09-08</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/licenses.html
URL:
http://svn.apache.org/viewvc/knox/site/licenses.html?rev=1903930&r1=1903929&r2=1903930&view=diff
==============================================================================
--- knox/site/licenses.html (original)
+++ knox/site/licenses.html Thu Sep 8 14:32:02 2022
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:licenses at
2022-01-13
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:licenses at
2022-09-08
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20220113" />
+ <meta name="Date-Revision-yyyymmdd" content="20220908" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Licenses</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2022-01-13</li>
+ <li id="publishDate">Last Published: 2022-09-08</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/mailing-lists.html
URL:
http://svn.apache.org/viewvc/knox/site/mailing-lists.html?rev=1903930&r1=1903929&r2=1903930&view=diff
==============================================================================
--- knox/site/mailing-lists.html (original)
+++ knox/site/mailing-lists.html Thu Sep 8 14:32:02 2022
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:mailing-lists
at 2022-01-13
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:mailing-lists
at 2022-09-08
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20220113" />
+ <meta name="Date-Revision-yyyymmdd" content="20220908" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Mailing Lists</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2022-01-13</li>
+ <li id="publishDate">Last Published: 2022-09-08</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/project-info.html
URL:
http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1903930&r1=1903929&r2=1903930&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Thu Sep 8 14:32:02 2022
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-site-plugin:3.7.1:CategorySummaryDocumentRenderer
at 2022-01-13
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-site-plugin:3.7.1:CategorySummaryDocumentRenderer
at 2022-09-08
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20220113" />
+ <meta name="Date-Revision-yyyymmdd" content="20220908" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Information</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2022-01-13</li>
+ <li id="publishDate">Last Published: 2022-09-08</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/team.html
URL:
http://svn.apache.org/viewvc/knox/site/team.html?rev=1903930&r1=1903929&r2=1903930&view=diff
==============================================================================
--- knox/site/team.html (original)
+++ knox/site/team.html Thu Sep 8 14:32:02 2022
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:team at
2022-01-13
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:team at
2022-09-08
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20220113" />
+ <meta name="Date-Revision-yyyymmdd" content="20220908" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Team</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2022-01-13</li>
+ <li id="publishDate">Last Published: 2022-09-08</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/trunk/books/2.0.0/book.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/2.0.0/book.md?rev=1903930&r1=1903929&r2=1903930&view=diff
==============================================================================
--- knox/trunk/books/2.0.0/book.md (original)
+++ knox/trunk/books/2.0.0/book.md Thu Sep 8 14:32:02 2022
@@ -66,6 +66,7 @@
* #[KnoxToken Configuration]
* #[Mutual Authentication with SSL]
* #[TLS Client Certificate Provider]
+ * #[Knox Auth Service]
* #[Authorization]
* #[Identity Assertion]
* #[Default Identity Assertion Provider]
Modified: knox/trunk/books/2.0.0/book_gateway-details.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/2.0.0/book_gateway-details.md?rev=1903930&r1=1903929&r2=1903930&view=diff
==============================================================================
--- knox/trunk/books/2.0.0/book_gateway-details.md (original)
+++ knox/trunk/books/2.0.0/book_gateway-details.md Thu Sep 8 14:32:02 2022
@@ -105,3 +105,4 @@ In the Hortonworks Sandbox, Apache Ambar
<<config_tls_client_certificate_authentication_provider.md>>
<<websocket-support.md>>
<<config_audit.md>>
+<<config_knoxauth_service.md>>
Added: knox/trunk/books/2.0.0/config_knoxauth_service.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/2.0.0/config_knoxauth_service.md?rev=1903930&view=auto
==============================================================================
--- knox/trunk/books/2.0.0/config_knoxauth_service.md (added)
+++ knox/trunk/books/2.0.0/config_knoxauth_service.md Thu Sep 8 14:32:02 2022
@@ -0,0 +1,45 @@
+## Knox Auth Service
+
+### Introduction
+With workloads moving to containers Knox needs to support new ways of
authentication needs of containers. As part of this effort, the Knox team
developed a new internal service, called `KNOX-AUTH-SERVICE`. This service
gathers a collection of public REST API endpoints that allows other developers
to integrate Knox in their microservice/DEVOPS architectures using containers
(such as docker or k8s).
+
+### Configuration
+
+This service can be added to any Knox topology as an internal service as
follows:
+
+ <service>
+ <role>KNOX-AUTH-SERVICE</role>
+ <param>
+ <name>preauth.auth.header.actor.id.name</name>
+ <value>X-Knox-Actor-ID</value>
+ </param>
+ <param>
+ <name>preauth.auth.header.actor.groups.prefix</name>
+ <value>X-Knox-Actor-Groups</value>
+ </param>
+ <param>
+ <name>preauth.group.filter.pattern</name>
+ <value>.*</value>
+ </param>
+ <param>
+ <name>auth.bearer.token.env</name>
+ <value>BEARER_AUTH_TOKEN</value>
+ </param>
+ </service>
+
+
+### Available REST API endpoints
+
+#### auth/api/v1/pre
+
+This REST API endpoint has a very simple job: if a valid principal is found in
the incoming request, a header is added to the response (by default
`X-Knox-Actor-ID`) with the principal name. In addition, if the authenticated
subject has group(s), it (they) will be added as comma-separated entries in the
header(s) of the default form of `X-Knox-Actor-Groups-#num`. Each group header
has a character limit of 1000 to keep them reasonably sized. The header names
can be customized via the `preauth.auth.header.actor.id.name` and
`preauth.auth.header.actor.groups.prefix` service parameters.
+
+End users may filter user groups by setting the `preauth.group.filter.pattern`
service parameter to a valid regular expression. By default, all the user
gropus are added into the `X-Knox-Actor-Groups-#num` header.
+
+Sample `curl` command are available in this [GitHub Pull
Request](https://github.com/apache/knox/pull/625).
+
+#### auth/api/v1/bearer
+
+This REST API enpoint populates the HTTP "Authorization" header with the
`Bearer Token` in the HTTP response obejctobtained from an environment
variable. The current implementation assumes that the token is not rotated as
it never gets exposed to the end-user. By default, the `BEARER_AUTH_TOKEN`
environment variable is expected to hold the Bearer token. This can be
customized by configuring the `auth.bearer.token.env` service parameter to the
desired value.
+
+Sample `curl` command are available in this [GitHub Pull
Request](https://github.com/apache/knox/pull/627).
\ No newline at end of file
Modified: knox/trunk/books/2.0.0/config_sso_cookie_provider.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/2.0.0/config_sso_cookie_provider.md?rev=1903930&r1=1903929&r2=1903930&view=diff
==============================================================================
--- knox/trunk/books/2.0.0/config_sso_cookie_provider.md (original)
+++ knox/trunk/books/2.0.0/config_sso_cookie_provider.md Thu Sep 8 14:32:02
2022
@@ -112,6 +112,9 @@ Name | Description | Default
knox.token.audiences | Optional parameter. This parameter allows the
administrator to constrain the use of tokens on this endpoint to those that
have tokens with at least one of the configured audience claims. These claims
have associated configuration within the KnoxToken service as well. This
provides an interesting way to make sure that the token issued based on
authentication to a particular LDAP server or other IdP is accepted but not
others.|N/A
knox.token.exp.server-managed | Optional parameter for specifying that
server-managed token state should be referenced for evaluating token validity.
| false
knox.token.verification.pem | Optional parameter that specifies public key
used to validate the token. The key must be in PEM encoded format excluding the
header and footer lines.| N/A
+knox.token.use.cookie | Optional parameter that indicates if the JWT token can
be retrieved from an HTTP cookie instead of the Authorization header. If this
is set to `true`, then Knox will first check if the `hadoop-jwt` cookie (the
cookie name is configurable) is available in the request and, if that's the
case, Knox will try to fetch a JWT from that cookie. If the cookie is not
present in the request, Knox will continue its authentication flow using the
Authorization header. If the cookie is there, but it holds an invalid JWT, then
authentication will fail. Sample use cases and `curl` commands are available in
this [GitHub Pull Request](https://github.com/apache/knox/pull/623). | false
+knox.token.cookie.name | Optional parameter to use a custom cookie name in the
request if `knox.token.use.cookie = true`. | hadoop-jwt
+
The optional `knox.token.exp.server-managed` parameter indicates that Knox is
managing the state of tokens it issues (e.g., expiration) external from the
token, and this external state should be referenced when validating tokens.
This parameter can be ommitted if the global default is configured in
gateway-site (see
[gateway.knox.token.exp.server-managed](#Gateway+Server+Configuration)), and
matches the requirements of this provider. Otherwise, this provider parameter
overrides the gateway configuration for the provider's deployment.
