.github/workflows/build/gateway-site.xml - knox - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements.  See the NOTICE file
 distributed with this work for additional information
 regarding copyright ownership.  The ASF licenses this file
 to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
 with the License.  You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 -->
 <configuration>

     <property>
         <name>gateway.service.alias.impl</name>
         <value>org.apache.knox.gateway.services.security.impl.DefaultAliasService</value>
     </property>
     <property>
         <name>gateway.port</name>
         <value>8443</value>
         <description>The HTTP port for the Gateway.</description>
     </property>

     <property>
         <name>gateway.path</name>
         <value>gateway</value>
         <description>The default context path for the gateway.</description>
     </property>

     <property>
         <name>gateway.gateway.conf.dir</name>
         <value>deployments</value>
         <description>The directory within GATEWAY_HOME that contains gateway topology files and deployments.</description>
     </property>

     <!-- @since 0.10 Websocket configs -->
     <property>
         <name>gateway.websocket.feature.enabled</name>
         <value>true</value>
         <description>Enable/Disable websocket feature.</description>
     </property>

     <property>
         <name>gateway.scope.cookies.feature.enabled</name>
         <value>false</value>
         <description>Enable/Disable cookie scoping feature.</description>
     </property>

     <!-- @since 2.0.0 WebShell configs -->
     <!-- must have websocket enabled to use webshell -->
     <property>
         <name>gateway.webshell.feature.enabled</name>
         <value>true</value>
         <description>Enable/Disable webshell feature.</description>
     </property>
     <property>
         <name>gateway.webshell.max.concurrent.sessions</name>
         <value>20</value>
         <description>Maximum number of total concurrent webshell sessions</description>
     </property>
     <property>
         <name>gateway.webshell.read.buffer.size</name>
         <value>1024</value>
         <description>Web Shell buffer size for reading</description>
     </property>

     <!-- @since 2.0.0 websocket JWT validation configs -->
     <property>
         <name>gateway.websocket.JWT.validation.feature.enabled</name>
         <value>true</value>
         <description>Enable/Disable websocket JWT validation at websocket layer.</description>
     </property>

     <!-- @since 1.5.0 homepage logout -->
     <property>
         <name>knox.homepage.logout.enabled</name>
         <value>true</value>
         <description>Enable/disable logout from the Knox Homepage.</description>
     </property>

     <!-- @since 1.6.0 token management related properties -->
     <property>
         <name>gateway.knox.token.eviction.grace.period</name>
         <value>0</value>
         <description>A duration (in seconds) beyond a token’s expiration to wait before evicting its state. This configuration only applies when server-managed token state is enabled either in gateway-site or at the topology level.</description>
     </property>

     <!-- Knox Admin related config -->
     <property>
         <name>gateway.knox.admin.groups</name>
         <value>admin</value>
     </property>

     <!-- DEMO LDAP config for Hadoop Group Provider -->
     <property>
         <name>gateway.group.config.hadoop.security.group.mapping</name>
         <value>org.apache.hadoop.security.LdapGroupsMapping</value>
     </property>
     <property>
         <name>gateway.group.config.hadoop.security.group.mapping.ldap.bind.user</name>
         <value>uid=guest,ou=people,dc=hadoop,dc=apache,dc=org</value>
     </property>
     <property>
         <name>gateway.group.config.hadoop.security.group.mapping.ldap.bind.password</name>
         <value>guest-password</value>
     </property>
     <property>
         <name>gateway.group.config.hadoop.security.group.mapping.ldap.url</name>
         <value>ldap://localhost:33389</value>
     </property>
     <property>
         <name>gateway.group.config.hadoop.security.group.mapping.ldap.base</name>
         <value></value>
     </property>
     <property>
         <name>gateway.group.config.hadoop.security.group.mapping.ldap.search.filter.user</name>
         <value>(&amp;(|(objectclass=person)(objectclass=applicationProcess))(cn={0}))</value>
     </property>
     <property>
         <name>gateway.group.config.hadoop.security.group.mapping.ldap.search.filter.group</name>
         <value>(objectclass=groupOfNames)</value>
     </property>
     <property>
         <name>gateway.group.config.hadoop.security.group.mapping.ldap.search.attr.member</name>
         <value>member</value>
     </property>
     <property>
         <name>gateway.group.config.hadoop.security.group.mapping.ldap.search.attr.group.name</name>
         <value>cn</value>
     </property>
     <property>
         <name>gateway.dispatch.whitelist.services</name>
         <value>DATANODE,HBASEUI,HDFSUI,JOBHISTORYUI,NODEUI,YARNUI,knoxauth</value>
         <description>The comma-delimited list of service roles for which the gateway.dispatch.whitelist should be applied.</description>
     </property>
     <property>
         <name>gateway.dispatch.whitelist</name>
         <value>^https?:\/\/(www\.local\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
         <description>The whitelist to be applied for dispatches associated with the service roles specified by gateway.dispatch.whitelist.services.
         If the value is DEFAULT, a domain-based whitelist will be derived from the Knox host.</description>
     </property>
     <property>
         <name>gateway.xforwarded.header.context.append.servicename</name>
         <value>LIVYSERVER</value>
         <description>Add service name to x-forward-context header for the list of services defined above.</description>
     </property>
     <property>
         <name>gateway.strict.transport.enabled</name>
         <value>true</value>
     </property>
     <property>
         <name>gateway.strict.transport.option</name>
         <value>max-age=300; includeSubDomains</value>
     </property>

 </configuration>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<configuration>

	<property>
	<name>gateway.service.alias.impl</name>
	<value>org.apache.knox.gateway.services.security.impl.DefaultAliasService</value>
	</property>
	<property>
	<name>gateway.port</name>
	<value>8443</value>
	<description>The HTTP port for the Gateway.</description>
	</property>

	<property>
	<name>gateway.path</name>
	<value>gateway</value>
	<description>The default context path for the gateway.</description>
	</property>

	<property>
	<name>gateway.gateway.conf.dir</name>
	<value>deployments</value>
	<description>The directory within GATEWAY_HOME that contains gateway topology files and deployments.</description>
	</property>

	<!-- @since 0.10 Websocket configs -->
	<property>
	<name>gateway.websocket.feature.enabled</name>
	<value>true</value>
	<description>Enable/Disable websocket feature.</description>
	</property>

	<property>
	<name>gateway.scope.cookies.feature.enabled</name>
	<value>false</value>
	<description>Enable/Disable cookie scoping feature.</description>
	</property>

	<!-- @since 2.0.0 WebShell configs -->
	<!-- must have websocket enabled to use webshell -->
	<property>
	<name>gateway.webshell.feature.enabled</name>
	<value>true</value>
	<description>Enable/Disable webshell feature.</description>
	</property>
	<property>
	<name>gateway.webshell.max.concurrent.sessions</name>
	<value>20</value>
	<description>Maximum number of total concurrent webshell sessions</description>
	</property>
	<property>
	<name>gateway.webshell.read.buffer.size</name>
	<value>1024</value>
	<description>Web Shell buffer size for reading</description>
	</property>

	<!-- @since 2.0.0 websocket JWT validation configs -->
	<property>
	<name>gateway.websocket.JWT.validation.feature.enabled</name>
	<value>true</value>
	<description>Enable/Disable websocket JWT validation at websocket layer.</description>
	</property>

	<!-- @since 1.5.0 homepage logout -->
	<property>
	<name>knox.homepage.logout.enabled</name>
	<value>true</value>
	<description>Enable/disable logout from the Knox Homepage.</description>
	</property>

	<!-- @since 1.6.0 token management related properties -->
	<property>
	<name>gateway.knox.token.eviction.grace.period</name>
	<value>0</value>
	<description>A duration (in seconds) beyond a token’s expiration to wait before evicting its state. This configuration only applies when server-managed token state is enabled either in gateway-site or at the topology level.</description>
	</property>

	<!-- Knox Admin related config -->
	<property>
	<name>gateway.knox.admin.groups</name>
	<value>admin</value>
	</property>

	<!-- DEMO LDAP config for Hadoop Group Provider -->
	<property>
	<name>gateway.group.config.hadoop.security.group.mapping</name>
	<value>org.apache.hadoop.security.LdapGroupsMapping</value>
	</property>
	<property>
	<name>gateway.group.config.hadoop.security.group.mapping.ldap.bind.user</name>
	<value>uid=guest,ou=people,dc=hadoop,dc=apache,dc=org</value>
	</property>
	<property>
	<name>gateway.group.config.hadoop.security.group.mapping.ldap.bind.password</name>
	<value>guest-password</value>
	</property>
	<property>
	<name>gateway.group.config.hadoop.security.group.mapping.ldap.url</name>
	<value>ldap://localhost:33389</value>
	</property>
	<property>
	<name>gateway.group.config.hadoop.security.group.mapping.ldap.base</name>
	<value></value>
	</property>
	<property>
	<name>gateway.group.config.hadoop.security.group.mapping.ldap.search.filter.user</name>
	<value>(&(\|(objectclass=person)(objectclass=applicationProcess))(cn={0}))</value>
	</property>
	<property>
	<name>gateway.group.config.hadoop.security.group.mapping.ldap.search.filter.group</name>
	<value>(objectclass=groupOfNames)</value>
	</property>
	<property>
	<name>gateway.group.config.hadoop.security.group.mapping.ldap.search.attr.member</name>
	<value>member</value>
	</property>
	<property>
	<name>gateway.group.config.hadoop.security.group.mapping.ldap.search.attr.group.name</name>
	<value>cn</value>
	</property>
	<property>
	<name>gateway.dispatch.whitelist.services</name>
	<value>DATANODE,HBASEUI,HDFSUI,JOBHISTORYUI,NODEUI,YARNUI,knoxauth</value>
	<description>The comma-delimited list of service roles for which the gateway.dispatch.whitelist should be applied.</description>
	</property>
	<property>
	<name>gateway.dispatch.whitelist</name>
	<value>^https?:\/\/(www\.local\.com\|localhost\|127\.0\.0\.1\|0:0:0:0:0:0:0:1\|::1):[0-9].*$</value>
	<description>The whitelist to be applied for dispatches associated with the service roles specified by gateway.dispatch.whitelist.services.
	If the value is DEFAULT, a domain-based whitelist will be derived from the Knox host.</description>
	</property>
	<property>
	<name>gateway.xforwarded.header.context.append.servicename</name>
	<value>LIVYSERVER</value>
	<description>Add service name to x-forward-context header for the list of services defined above.</description>
	</property>
	<property>
	<name>gateway.strict.transport.enabled</name>
	<value>true</value>
	</property>
	<property>
	<name>gateway.strict.transport.option</name>
	<value>max-age=300; includeSubDomains</value>
	</property>

	</configuration>