@Phil, I see a couple commits land that seem to address the NPE. Is that correct?
I have also seen an IllegalStateException during redirect from Admin UI to KnoxSSO. Has anyone seen this and/or is working on it - is it related to the NPE? I don't think it is since I see it more frequently and not always with the NPEs. I'd like to get a new RC cut by end of the week, if possible. On Fri, Jul 13, 2018 at 7:57 PM, larry mccay <[email protected]> wrote: > Agreed, Phil. > I have cut an RC but we need to address this first. I'll hold off on > announcing it. > > On Fri, Jul 13, 2018, 11:36 AM Phil Zampino <[email protected]> wrote: > >> During some testing of the proposed 1.1.0 code, I've discovered some NPEs >> in filters (e.g., AclsAuthorizationFilter, HadoopGroupProviderFilter), >> which are concerning. >> >> I've committed a change to address the AclsAuthorizationFilter, but seeing >> similar behavior for the HadoopGroupProviderFilter has increased my >> concern >> that there may be a more fundamental problem. >> In both cases, it seems that the filters are being invoked prior to (or >> during) their respective init() methods have been invoked. Thus, members >> which should be initialized in the init() method are not yet initialized. >> >> This can be consistently reproduced, though it is a bit of a pain: >> >> - Install Knox (‘ant install-test-home’, or just unzip knox-1.1.0.zip) >> - Start the gateway >> - Access the Admin UI >> >> >> Note that the latest 1.1.0 source has a *fix* for the >> AclsAuthorizationFilter NPE, but master does not yet have this change. >> This >> is important because that change effectively hides the issue. >> >> I think we should determine what's happening with this before >> producing/testing a release candidate. >> >> >> >> >> On Sat, Feb 24, 2018 at 12:57 PM larry mccay <[email protected]> wrote: >> >> > All - >> > >> > Sorry for the delay on this topic. >> > >> > We are going to start of this planning thread with ~85 Unresolved JIRAs >> in >> > either 1.1.0 or 0.15.0 fixVersion. >> > >> > project = KNOX AND resolution = Unresolved AND fixVersion in (1.1.0, >> > 0.15.0) ORDER BY priority DESC, updated DESC >> > >> > I will spend some time migrating all 0.15.0 to 1.1.0 to begin with and >> then >> > we will need to go through and see what is already taken care of or can >> > wait for a 1.2.0 or later. >> > >> > I also have a couple KIPs in mind to target larger features/themes for >> this >> > release. >> > >> > Off the top of my head: >> > >> > * I think we need to address some cloud specific usecases and plan to >> > provide a KIP for that. Hybrid cloud/federated knox instances, Azure AD >> > integration, ID mapping from Hadoop user to IAM users/roles, etc. >> Perhaps >> > some CASB-like features if they make sense. >> > >> > * I also think we need one for articulating a reasonable flow for >> Logout in >> > KnoxSSO. There are a lot of little nuances to logout across multiple >> apps >> > and between different IDPs. This will require some discussion. >> > >> > * Another thing that has been tugging at my interest has been the fact >> that >> > we may be able provide some common libraries to help ecosystem >> applications >> > uptake the trusted proxy pattern and KnoxSSO. >> > >> > Anyway, these are my initial thoughts, please feel free to raise >> additional >> > ideas/themes for KIPs, etc. >> > >> > I was thinking that we could try and target an end of March or Mid April >> > 1.1.0 release. >> > >> > Thoughts? >> > >> > --larry >> > >> >
