Awesome, @sandeep! I'll keep an eye out. Once that lands, you can bump this thread and I'll cut the RC. Obviously, we will need it in both master and v1.1.0 branches.
On Thu, Jul 19, 2018 at 4:19 PM, Sandeep Moré <[email protected]> wrote: > Hello Larry, > > Yes, I have seen those exceptions, they seem to be happening fairly > consistently and only for KnoxSSO redirects when trying to access admin UI, > I am taking a look at them as we speak, will open up a JIRA for it as well. > It would be good if we can get it in, I will try to get the fix out as soon > as I can. > > Best, > Sandeep > > On Thu, Jul 19, 2018 at 4:15 PM larry mccay <[email protected]> wrote: > > > @Phil, I see a couple commits land that seem to address the NPE. > > Is that correct? > > > > I have also seen an IllegalStateException during redirect from Admin UI > to > > KnoxSSO. > > Has anyone seen this and/or is working on it - is it related to the NPE? > > I don't think it is since I see it more frequently and not always with > the > > NPEs. > > > > I'd like to get a new RC cut by end of the week, if possible. > > > > On Fri, Jul 13, 2018 at 7:57 PM, larry mccay <[email protected]> wrote: > > > > > Agreed, Phil. > > > I have cut an RC but we need to address this first. I'll hold off on > > > announcing it. > > > > > > On Fri, Jul 13, 2018, 11:36 AM Phil Zampino <[email protected]> > wrote: > > > > > >> During some testing of the proposed 1.1.0 code, I've discovered some > > NPEs > > >> in filters (e.g., AclsAuthorizationFilter, HadoopGroupProviderFilter), > > >> which are concerning. > > >> > > >> I've committed a change to address the AclsAuthorizationFilter, but > > seeing > > >> similar behavior for the HadoopGroupProviderFilter has increased my > > >> concern > > >> that there may be a more fundamental problem. > > >> In both cases, it seems that the filters are being invoked prior to > (or > > >> during) their respective init() methods have been invoked. Thus, > members > > >> which should be initialized in the init() method are not yet > > initialized. > > >> > > >> This can be consistently reproduced, though it is a bit of a pain: > > >> > > >> - Install Knox (‘ant install-test-home’, or just unzip > > knox-1.1.0.zip) > > >> - Start the gateway > > >> - Access the Admin UI > > >> > > >> > > >> Note that the latest 1.1.0 source has a *fix* for the > > >> AclsAuthorizationFilter NPE, but master does not yet have this change. > > >> This > > >> is important because that change effectively hides the issue. > > >> > > >> I think we should determine what's happening with this before > > >> producing/testing a release candidate. > > >> > > >> > > >> > > >> > > >> On Sat, Feb 24, 2018 at 12:57 PM larry mccay <[email protected]> > wrote: > > >> > > >> > All - > > >> > > > >> > Sorry for the delay on this topic. > > >> > > > >> > We are going to start of this planning thread with ~85 Unresolved > > JIRAs > > >> in > > >> > either 1.1.0 or 0.15.0 fixVersion. > > >> > > > >> > project = KNOX AND resolution = Unresolved AND fixVersion in (1.1.0, > > >> > 0.15.0) ORDER BY priority DESC, updated DESC > > >> > > > >> > I will spend some time migrating all 0.15.0 to 1.1.0 to begin with > and > > >> then > > >> > we will need to go through and see what is already taken care of or > > can > > >> > wait for a 1.2.0 or later. > > >> > > > >> > I also have a couple KIPs in mind to target larger features/themes > for > > >> this > > >> > release. > > >> > > > >> > Off the top of my head: > > >> > > > >> > * I think we need to address some cloud specific usecases and plan > to > > >> > provide a KIP for that. Hybrid cloud/federated knox instances, Azure > > AD > > >> > integration, ID mapping from Hadoop user to IAM users/roles, etc. > > >> Perhaps > > >> > some CASB-like features if they make sense. > > >> > > > >> > * I also think we need one for articulating a reasonable flow for > > >> Logout in > > >> > KnoxSSO. There are a lot of little nuances to logout across multiple > > >> apps > > >> > and between different IDPs. This will require some discussion. > > >> > > > >> > * Another thing that has been tugging at my interest has been the > fact > > >> that > > >> > we may be able provide some common libraries to help ecosystem > > >> applications > > >> > uptake the trusted proxy pattern and KnoxSSO. > > >> > > > >> > Anyway, these are my initial thoughts, please feel free to raise > > >> additional > > >> > ideas/themes for KIPs, etc. > > >> > > > >> > I was thinking that we could try and target an end of March or Mid > > April > > >> > 1.1.0 release. > > >> > > > >> > Thoughts? > > >> > > > >> > --larry > > >> > > > >> > > > > > >
