KNOX-2631 - Webshell

[moresandeep]

What changes were proposed in this pull request?

This feature enables shell access to the machine running Apache Knox. Users can SSO into Knox and then access shell using the KnoxShell URL on knox homepage.

Configuration:
Webshell is not turned on by default. To enable Webshell following properties needs to be changed in gateway-site.xml

 <property>
        <name>gateway.websocket.feature.enabled</name>
        <value>true</value>
        <description>Enable/Disable websocket feature.</description>
    </property>

<property>
        <name>gateway.webshell.feature.enabled</name>
        <value>true</value>
        <description>Enable/Disable webshell feature.</description>
    </property>
<!-- in case JWT cookie validation for websockets is needed -->
<property>
        <name>gateway.websocket.JWT.validation.feature.enabled</name>
        <value>true</value>
        <description>Enable/Disable websocket JWT validation feature.</description>
    </property>

Create a sudoers file /etc/sudoers.d/knox with entries for all the users that need webshell acess. e.g. the following config file let's user sam login to webshell. Further restrictions on what user sam
can do can be performed with sudoers file. More info: https://linux.die.net/man/5/sudoers

Defaults env_keep += JAVA_HOME
Defaults always_set_home
knox ALL=(sam:ALL) NOPASSWD: /bin/bash
knox ALL=(knoxui:ALL) NOPASSWD: /bin/bash

How was this patch tested?

This patch was tested on my local machine.

[lmccay]

Looks good, asked some questions and we need to update the LICENSE file for pty4j EPLv1 license.

[moresandeep]

Thanks @lmccay ! For license I added Pty4j to the existing EPLv1 license text, is that fine or should I be copying the entire license text? There is no language in the license that indicates I need a separate copy as long as we clearly indicate that Pty4j uses EPLv1 license (followed by the license text)

[smolnar82]

LGTM