Doesn't sound like a Knox problem if it works with curl. Sounds like presto-cli is doing something wrong.
Kevin Risden On Fri, May 3, 2019 at 1:05 PM Odon Copon <odonco...@gmail.com> wrote: > A quick update. Using curl, it works fine with http or https, but when > using presto-cli it tries to use HTTPS between Knox and Presto when it > should not, and I don't know why Knox is doing that. > > > On Fri, 3 May 2019 at 12:09, Odon Copon <odonco...@gmail.com> wrote: > >> I have been checking this lately, and I have managed to make it work, but >> I'm having some issues when using HTTPS with Knox. >> When I run a curl command to Knox (with HTTP), that uses a topology with >> a Presto service, it works fine, but when I use Presto CLI, for some reason >> it adds HTTPS to the connection between Knox and Presto. >> At the moment I have user -> Knox -> Presto, and when using HTTP, the >> following happens: user --http--> Knox --http--> Presto, and that works >> fine, but when using HTTPS I was expecting to have user --https--> Knox >> --http--> Presto, so the first part between the user and Knox uses HTTPS >> and the next one, between Knox and Presto uses HTTP. But that's not the >> case, and I end having user --https--> Knox --https--> Presto so I get and >> error "Unsupported or unrecognized SSL message" that usually comes when >> trying to use HTTPS with a non HTTP. >> >> I checked my service, and it's using serviceUrl[service] so it shouldn't >> be replacing the protocol for https. >> Any idea about what could be causing the issue? >> Thanks. >> >> On Fri, 26 Apr 2019 at 15:03, Odon Copon <odonco...@gmail.com> wrote: >> >>> One of the issues I'm facing is that per example with Hive I could use >>> httpPath to specify the knox path (gateway/topology, etc) but I don't know >>> if that's something from Hive specifically or something it can be >>> replicated with Presto. >>> Thanks >>> >>> On Thu, 25 Apr 2019, 18:22 Kevin Risden, <kris...@apache.org> wrote: >>> >>>> Another doubt regarding all this, would Knox be able to send to Presto >>>>> the credentials used when performing the authentication? >>>> >>>> >>>> There is a lot of flexibility here depending what needs to be done. >>>> Knox can pass through authentication or add things like doAs or do >>>> something completely custom with a custom dispatch. >>>> >>>> >>>> Kevin Risden >>>> >>>> >>>> On Mon, Apr 22, 2019 at 2:51 PM Odon Copon <odonco...@gmail.com> wrote: >>>> >>>>> Hi Kevin, >>>>> I haven't found much information about the Rest API, just the >>>>> following, >>>>> https://github.com/prestodb/presto/tree/master/presto-docs/src/main/sphinx/rest >>>>> that >>>>> doesn't seem to contain anything useful and the Presto headers from the >>>>> code, >>>>> https://github.com/prestosql/presto/blob/master/presto-client/src/main/java/io/prestosql/client/PrestoHeaders.java >>>>> . >>>>> Also found some info about using jdbc to connect to Presto: >>>>> https://prestodb.github.io/docs/current/installation/jdbc.html. >>>>> >>>>> Another doubt regarding all this, would Knox be able to send to Presto >>>>> the credentials used when performing the authentication? >>>>> Thanks. >>>>> >>>>> On Mon, 22 Apr 2019 at 19:11, Kevin Risden <kris...@apache.org> wrote: >>>>> >>>>>> Not sure. I don't know what the endpoints for Presto are. From the >>>>>> link you provided it looks like it could be possible. There was a Knox >>>>>> Jira >>>>>> issue opened (and closed by that same user) about Presto [1]. So I would >>>>>> guess it works but there isn't anything included in Knox today. >>>>>> >>>>>> [1] https://issues.apache.org/jira/browse/KNOX-1163 >>>>>> >>>>>> Kevin Risden >>>>>> >>>>>> >>>>>> On Mon, Apr 22, 2019 at 2:07 PM Odon Copon <odonco...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> Is there any way of making Knox work with Presto so it can authorize >>>>>>> the access to Presto or redirect LDAP credentials to Presto? >>>>>>> The only information I have seen is the following link: >>>>>>> https://github.com/prestodb/presto/issues/5643 >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>
