[ANNOUNCE] Apache Knox 2.0.0 Release
The Apache Knox team is proud to announce the release of Apache Knox 2.0.0! Apache Knox is a REST API Gateway for providing secure access to the data and processing resources of Hadoop clusters. More details on Apache Knox can be found at: https://knox.apache.org/ Downloads, KEYS and verification details can be found on the Releases page at: https://cwiki.apache.org/confluence/display/KNOX/Apache+Knox+Releases The release bits are available at: https://dlcdn.apache.org/knox/2.0.0 This release contains numerous improvements including: * [KNOX-1462] - Migrate from Log4j 1.x to 2.x (#488) * [KNOX-2631] - KnoxSSO for Secure Shell Access (#639) * [KNOX-2833] - Ozone integration for Apache Knox (#672) * [KNOX-2776] - Concurrent Session Limit for UIs Many other bug fixes, improvements and library upgrades are also included in this release. We would like to thank all of the contributors who made the release possible and to invite others interested in helping out to engage the community on the dev and users lists! --Apache Knox PMC and community
[RESULT] [VOTE] Release Apache Knox 2.0.0 - RC 2
The VOTE for 2.0.0 RC 2 passes with: 4 binding +1's 0 -1's I will be working on promoting 2.0.0 RC 2 to an official release shortly. Thank you for taking the time to test this release and contributing to the Apache Knox community! - Phil
Re: [VOTE] Release Apache Knox 2.0.0 - RC2
I vote +1 to release RC2 as Apache Knox 2.0.0 - Checked NOTICE, LICENSE, CHANGES files - Built from source - Verified no log4j 1.x JARs - Ran WebHdfs samples - Tested HDFS dispatch whitelist - Tested the RDBMS configuration monitor - Verified [KNOX-2692] - Topology redeployment should be configurable - Verified [KNOX-2807] - Restart of HIVE_ON_TEZ causes a Knox topology redeploy - Tested Concurrent session-limiting - Enabled and tested the WebShell - Homepage - It still seems like the icon sizes are not normalized. - Admin UI (given the Angular upgrade): - Created a provider configuration - Created a descriptor - Verified the generated topology - Noticed one minor issue: The formatting of service names wrt checkboxes is weird when creating a new descriptor - https://issues.apache.org/jira/browse/KNOX-2876
[VOTE] Release Apache Knox 2.0.0 - RC2
Release candidate #2 for the Apache Knox 2.0.0 release is available at: https://dist.apache.org/repos/dist/dev/knox/knox-2.0.0/ The release candidate is a zip archive of the sources in: https://gitbox.apache.org/repos/asf/knox.git Branch v2.0.0 (git checkout -b v2.0.0) The KEYS file for signature validation is available at: https://dist.apache.org/repos/dist/release/knox/KEYS Please find the most recent changes here: https://github.com/apache/knox/blob/v2.0.0/CHANGES KnoxShell User Guide: https://knox.apache.org/books/knox-2-0-0/knoxshell_user_guide.html Gateway User Guide: https://knox.apache.org/books/knox-2-0-0/user-guide.html Dev Guide: https://knox.apache.org/books/knox-2-0-0/dev-guide.html Please vote on releasing this package as Apache Knox 2.0.0. The vote is open for the next 72 hours and passes if a majority of at least three +1 Apache Knox PMC votes are cast. [ ] +1 Release this package as Apache Knox 2.0.0 [ ] -1 Do not release this package because... Thanks, Phil
Re: [VOTE] Release Apache Knox 2.0.0
Oops! It looks like I mistyped the source code link. The release candidate is a zip archive of the sources in: https://gitbox.apache.org/repos/asf/knox.git Branch v2.0.0 (git checkout -b v2.0.0) Thanks again, Phil On Tue, Jan 31, 2023 at 1:48 PM Phil Zampino wrote: > Release candidate #1 for the Apache Knox 2.0.0 release is available at: > https://dist.apache.org/repos/dist/dev/knox/knox-2.0.0/ > > The release candidate is a zip archive of the sources in: > https://https://gitbox.apache.org/repos/asf/knox.git > Branch v2.0.0 (git checkout -b v2.0.0) > > The KEYS file for signature validation is available at: > https://dist.apache.org/repos/dist/release/knox/KEYS > > Please find the most recent changes here: > https://github.com/apache/knox/blob/v2.0.0/CHANGES > > KnoxShell User Guide: > https://knox.apache.org/books/knox-2-0-0/knoxshell_user_guide.html > > Gateway User Guide: > http://knox.apache.org/books/knox-2-0-0/user-guide.html > > Dev Guide: > http://knox.apache.org/books/knox-2-0-0/dev-guide.html > > Please vote on releasing this package as Apache Knox 2.0.0. > The vote is open for the next 72 hours and passes if a majority of at > least three +1 Apache Knox PMC votes are cast. > > [ ] +1 Release this package as Apache Knox 2.0.0 > [ ] -1 Do not release this package because... > > Thanks, > Phil >
[VOTE] Release Apache Knox 2.0.0
Release candidate #1 for the Apache Knox 2.0.0 release is available at: https://dist.apache.org/repos/dist/dev/knox/knox-2.0.0/ The release candidate is a zip archive of the sources in: https://https://gitbox.apache.org/repos/asf/knox.git Branch v2.0.0 (git checkout -b v2.0.0) The KEYS file for signature validation is available at: https://dist.apache.org/repos/dist/release/knox/KEYS Please find the most recent changes here: https://github.com/apache/knox/blob/v2.0.0/CHANGES KnoxShell User Guide: https://knox.apache.org/books/knox-2-0-0/knoxshell_user_guide.html Gateway User Guide: http://knox.apache.org/books/knox-2-0-0/user-guide.html Dev Guide: http://knox.apache.org/books/knox-2-0-0/dev-guide.html Please vote on releasing this package as Apache Knox 2.0.0. The vote is open for the next 72 hours and passes if a majority of at least three +1 Apache Knox PMC votes are cast. [ ] +1 Release this package as Apache Knox 2.0.0 [ ] -1 Do not release this package because... Thanks, Phil
Re: [VOTE] Release Apache Knox 1.6.0 - RC 4
Sandor, thank you for pulling this release together. * Verified signatures * Checked NOTICE, LICENSE, CHANGES files * Downloaded and built from source * Ran unit tests * Tested logout from home page * Exercised some of the samples +1 On Wed, Nov 3, 2021 at 4:58 AM Sandor Molnar wrote: > Hi folks! > > Release candidate #4 for the Apache Knox 1.6.0 release is available at: > > https://dist.apache.org/repos/dist/dev/knox/knox-1.6.0/ > > The release candidate is a zip archive of the sources in: > > https://gitbox.apache.org/repos/asf/knox.git > Branch v1.6.0 (git checkout -b v1.6.0) > > The KEYS file for signature validation is available at: > https://dist.apache.org/repos/dist/release/knox/KEYS > > KnoxShell User Guide: > http://knox.apache.org/books/knox-1-6-0/knoxshell_user_guide.html > > Gateway User Guide: > http://knox.apache.org/books/knox-1-6-0/user-guide.html > > Dev Guide: > http://knox.apache.org/books/knox-1-6-0/dev-guide.html > > Please vote on releasing this package as Apache Knox 1.6.0. > The vote is open for the next 96 hours and passes if a majority of at > least three +1 Apache Knox PMC votes are cast. > > [ ] +1 Release this package as Apache Knox 1.6.0 > [ ] -1 Do not release this package because... > > Thanks, > Sandor >
Re: [VOTE] Release Apache Knox 1.5.0 - RC 1
+1 for Apache Knox 1.5.0 RC1 I've performed the following: - Verified the signatures for knox-source, knox, and knoxshell artifacts. - Checked the LICENSE and NOTICE files (already commented on the copyright in the NOTICE) - Downloaded the source artifact, built it and executed the unit/functional tests - Exercised the homepage - Exercised the Admin UI Service Definition browser/editor - Created a descriptor using the Admin UI, and verified discovery and topology generation against a CM cluster therewith - Tested token API (issue, renew, revoke) - Tested server-managed token state LGTM, Phil On Sun, Nov 22, 2020 at 2:59 PM larry mccay wrote: > All - > > Release candidate #1 for the Apache Knox 1.5.0 release is available at: > > https://dist.apache.org/repos/dist/dev/knox/knox-1.5.0/ > > The release candidate is a zip archive of the sources in: > > https://https://gitbox.apache.org/repos/asf/knox.git > Branch v1.5.0 (git checkout -b v1.5.0) > > The KEYS file for signature validation is available at: > https://dist.apache.org/repos/dist/release/knox/KEYS > > KnoxShell User Guide at > http://knox.apache.org/books/knox-1-5-0/knoxshell_user_guide.html > Gateway User Guide: > http://knox.apache.org/books/knox-1-5-0/user-guide.html > Dev Guide: http://knox.apache.org/books/knox-1-5-0/dev-guide.html > > Please vote on releasing this package as Apache Knox 1.5.0. > The vote is open for the next 72 hours and passes if a majority of at > least three +1 Apache Knox PMC votes are cast. > > [ ] +1 Release this package as Apache Knox 1.5.0 > [ ] -1 Do not release this package because... > > thanks! > > --larry >
Re: [VOTE] Release Apache Knox 1.5.0 - RC 1
I would not consider it a blocker, but put it on the list in case we should need another RC. On Fri, Nov 27, 2020 at 3:21 PM larry mccay wrote: > Yes, it should. Not sure whether this is a blocker or not. Thoughts? > > On Wed, Nov 25, 2020, 9:59 PM Phil Zampino wrote: > >> Checking the NOTICE file in the RC, it has the copyright date as >> 2012-20*19*. >> Should it rather be 2012-20*20*? >> >> >> >> On Sun, Nov 22, 2020 at 2:59 PM larry mccay wrote: >> >> > All - >> > >> > Release candidate #1 for the Apache Knox 1.5.0 release is available at: >> > >> > https://dist.apache.org/repos/dist/dev/knox/knox-1.5.0/ >> > >> > The release candidate is a zip archive of the sources in: >> > >> > https://https://gitbox.apache.org/repos/asf/knox.git >> > Branch v1.5.0 (git checkout -b v1.5.0) >> > >> > The KEYS file for signature validation is available at: >> > https://dist.apache.org/repos/dist/release/knox/KEYS >> > >> > KnoxShell User Guide at >> > http://knox.apache.org/books/knox-1-5-0/knoxshell_user_guide.html >> > Gateway User Guide: >> > http://knox.apache.org/books/knox-1-5-0/user-guide.html >> > Dev Guide: http://knox.apache.org/books/knox-1-5-0/dev-guide.html >> > >> > Please vote on releasing this package as Apache Knox 1.5.0. >> > The vote is open for the next 72 hours and passes if a majority of at >> > least three +1 Apache Knox PMC votes are cast. >> > >> > [ ] +1 Release this package as Apache Knox 1.5.0 >> > [ ] -1 Do not release this package because... >> > >> > thanks! >> > >> > --larry >> > >> >
Re: [VOTE] Release Apache Knox 1.5.0 - RC 1
Checking the NOTICE file in the RC, it has the copyright date as 2012-20*19*. Should it rather be 2012-20*20*? On Sun, Nov 22, 2020 at 2:59 PM larry mccay wrote: > All - > > Release candidate #1 for the Apache Knox 1.5.0 release is available at: > > https://dist.apache.org/repos/dist/dev/knox/knox-1.5.0/ > > The release candidate is a zip archive of the sources in: > > https://https://gitbox.apache.org/repos/asf/knox.git > Branch v1.5.0 (git checkout -b v1.5.0) > > The KEYS file for signature validation is available at: > https://dist.apache.org/repos/dist/release/knox/KEYS > > KnoxShell User Guide at > http://knox.apache.org/books/knox-1-5-0/knoxshell_user_guide.html > Gateway User Guide: > http://knox.apache.org/books/knox-1-5-0/user-guide.html > Dev Guide: http://knox.apache.org/books/knox-1-5-0/dev-guide.html > > Please vote on releasing this package as Apache Knox 1.5.0. > The vote is open for the next 72 hours and passes if a majority of at > least three +1 Apache Knox PMC votes are cast. > > [ ] +1 Release this package as Apache Knox 1.5.0 > [ ] -1 Do not release this package because... > > thanks! > > --larry >
Re: [DISCUSS] - Integrating Knox with Swagger
We have had casual discussions about this before. It is something we’ve wanted to do, so +1 from me. On Wed, Nov 13, 2019 at 3:45 PM Sandor Molnar wrote: > Hi folks, > > recently I had some contribution that allows end-users managing service > definitions without restarting the Knox Gateway. See > https://issues.apache.org/jira/browse/KNOX-2053 and > https://issues.apache.org/jira/browse/KNOX-2056 for further details. > > I've been just about creating a new JIRA to document those new API > endpoints in Knox user guide but it has come to my mind that we can do it > much better by using Swagger. > > Given the fact, the Admin API does not consist of hundreds of existing > endpoints it should not be 'that' huge work. I personally believe the > project would gain a lot by using this very useful tool (e.g. Admin API > documentation would be generated out-of-the-box, no more documentation > JIRAs required. Moreover, the generated documentation would be in sync with > the actual implementation). > You can check this out here: https://swagger.io/tools/swagger-ui/ (there > is a live demo too; it's worth looking at). > > Any comments, ideas are welcome! > > Cheers, > Sandor >
Re: [DISCUSS] Planning for Apache Knox 1.4
I think the proposed themes are appropriate. CM-based service discovery is partially there already, and need only be fleshed out for completeness and tested. We've wanted to provide much of the Knox CLI functionality through KnoxShell (so it could be accessed remotely) for quite some time now. +1 On Thu, Oct 31, 2019 at 11:53 AM larry mccay wrote: > Folks - > > Out last release with end of July, I apologize for the delay in starting > the planning thread for 1.4. > > We currently have a backlog of ~65 JIRAs slated for a Fix Version of 1.4. > > There has been some work going on within KnoxShell to provide a general > purpose representation for tabular data. This will be leveraged for > rendering SQL query results as well as CSV files and simple processing > within KnoxShell. I will be writing up a KIP to represent the overall > vision for this work and initial set of usecases. > > We also have Cloudera Manager based discovery emerging and we should target > an initial set of services to enable for CM/CDH and CDP deployments where > CM is available. > > With the continued increase in cloud based deployments and Knox Gateway use > in securely accessing the exposed resources, we will concentrate on > KnoxShell as a first class environment for this access. This will likely > include an API for discovering metadata about the resources exposed through > Knox, the required authentication mechanisms, resource types and public > certs. It will also include Custom GroovyShell Commands for the KnoxShell > environment to help interact with the remote clusters and resultsets as > local in-memory tables. I will be start a KIP to try and articulate this > vision and related 1.4. usecases as well. > > I propose that the CM based Service Discovery and KnoxShell access to > remote clusters be the primary themes of the Apache Knox 1.4 release. > > I also propose that we target the end of November as the release date for > 1.4. > > Thoughts? > > --larry >
Re: Add a filter to intercept Knox requests and be able to add a custom logic
I was going to suggest that you might be experiencing a docker issue
because the ext folder works; You beat me to it.
I'm not sure if this is what you're after, but
org.apache.knox.gateway.security.SubjectUtils might be of use to you for
identifying the currently logged-in principal.
On Fri, Mar 15, 2019 at 11:53 AM Matteo Alessandroni
wrote:
> Ok I think I found the issue:
> I had to restart the full Docker container to actually restart Knox.
> So I did that and it seems it's getting my class in "ext/" now.
>
> The error I get now is:
>
> Caused by: org.apache.knox.gateway.config.ConfigurationException: Failed
> to find configuration for provider as provider of
> org.apache.knox.gateway.dispatch.MyCustomDispatch via
> org.apache.knox.gateway.config.FilterConfigurationAdapter
>
> so I guess it's a problem with my class code.
> Is there a very simple code snippet I could use for my custom dispatch in
> order to access the "request" object in order to get the name of the user
> that is currently logged?
>
> Regards,
> Matteo
>
>
> On 15/03/19 15:49, Matteo Alessandroni wrote:
>
> Thanks!
> I checked that too, my ".jar" has the same permissions of the other files
> in "lib/" folder (e.g. "gateway-shell-1.2.0.jar").
> I see your point about the script [1], but I also see that the original
> gateway.sh (for Knox v1.2.0) [2] is not doing anything special for the
> "ext/" folder, or am I wrong?
>
> Regards,
> Matteo
>
>
> [1]
> https://github.com/moresandeep/knox-dev-docker/blob/master/build/gateway.sh
> [2]
> https://github.com/apache/knox/blob/v1.2.0/gateway-release/home/bin/gateway.sh
>
>
> On 15/03/19 15:27, Sandeep Moré wrote:
>
> Ah, i missed the launcher.cfg, I see,
> https://github.com/moresandeep/knox-dev-docker/blob/master/build/gateway.sh
> does
> not take into account a lot of environmental variables and new stuff that
> is included in the
> https://github.com/apache/knox/blob/master/gateway-release/home/bin/gateway.sh
> that script is due for an update.
>
> The only other thing I can think of are the file permissions, make sure
> that your file can be read by knox.
>
> Best,
> Sandeep
>
>
>
> On Fri, Mar 15, 2019 at 10:09 AM Matteo Alessandroni
> wrote:
>
>> Hi,
>>
>> I tried also the "lib/" folder, but same problem.
>> About the configuration for classpath yes it should be correct because I
>> have the "bin/gateway.cfg" file containing:
>>
>> #Created from
>> jar:file:/knox-runtime/bin/gateway.jar!/META-INF/launcher.cfg
>> #Thu Mar 14 10:10:31 GMT 2019
>> GATEWAY_HOME=${launcher.dir}/..
>> log4j.configuration=${GATEWAY_HOME}/conf/${launcher.name
>> }-log4j.properties
>> main.class=org.apache.knox.gateway.GatewayServer
>> class.path=../conf;../lib/*.jar;../dep/*.jar;../ext;../ext/*.jar
>>
>> so it should load the ".jar" files in those folders.
>>
>> Is there anything I can do to debug this?
>> FYI I'm using this Docker image [1] to run Knox and after adding files
>> to "ext/" or "lib/" I use this script [2] to restart Knox and it seems to
>> restart well, but still not seeing my classes in classpath.
>>
>> Thanks
>>
>>
>> [1] https://github.com/moresandeep/knox-dev-docker
>> [2]
>> https://github.com/moresandeep/knox-dev-docker/blob/master/build/gateway.sh
>>
>>
>> On 15/03/19 14:56, Sandeep Moré wrote:
>>
>> It should have picked it up, going through the gateway.sh file, I don't
>> see any place where ext folder is added to class path, can you open a BUG
>> for this ?
>>
>> as a workaround for this you can copy your jar into the lib folder and
>> Knox should pick it up on the startup.
>>
>> Hopefully, this should help !
>>
>> Best,
>> Sandepe
>>
>>
>> On Fri, Mar 15, 2019 at 5:37 AM Matteo Alessandroni
>> wrote:
>>
>>> Hi Sandeep,
>>>
>>> thank you for your answer!
>>> Ok so I tried to change my project and adding a simple class like this:
>>>
>>> package com.test.ext;
>>>
>>> import java.io.IOException;
>>> import java.net.URI;
>>> import java.net.URISyntaxException;
>>> import javax.servlet.http.HttpServletRequest;
>>> import javax.servlet.http.HttpServletResponse;
>>> import org.apache.knox.gateway.config.Configure;
>>> import org.apache.knox.gateway.config.Default;
>>> import org.apache.knox.gateway.dispatch.AbstractGatewayDispatch;
>>> import org.slf4j.Logger;
>>> import org.slf4j.LoggerFactory;
>>>
>>> public class MyDispatch extends AbstractGatewayDispatch {
>>>
>>> private static final Logger LOG =
>>> LoggerFactory.getLogger(MyDispatch.class);
>>>
>>> @Override
>>> public void destroy() {
>>> LOG.debug("*** destroy()");
>>> }
>>>
>>> @Configure
>>> protected void customMethod(@Default("Test") String test) {
>>> LOG.debug("*** @Configure customMethod(): {}", test);
>>> }
>>>
>>> @Override
>>> public void doGet(URI url, HttpServletRequest request,
>>> HttpServletResponse response)
>>> throws IOException, URISyntaxException {
>>>
>>> LOG.debug("*** doGet() request: {}, {}",
>>> request.getMethod(), new
Re: [VOTE] Release Apache Knox 1.1.0 RC 3
Great news! Thanks Larry. On Sun, Jul 29, 2018 at 12:50 PM larry mccay wrote: > The VOTE for 1.1.0 rc3 passes with: > > 3 binding +1's > 0 -1's > > I will be working on promoting RC3 to an official release shortly. > > Thank you for taking the time to test this release and contributing to the > Apache Knox community! > > > On Thu, Jul 26, 2018 at 12:51 PM, Sandeep Moré > wrote: > > > > > +1 > > > > * Downloaded and built from source > > * Checked LICENSE and NOTICE files > > * Verified GPG/MD5/SHA signatures for Knox source, Knox and Knoxshell > > release packages (zip files) > > * Installed pseudo-distributed instance (Mac OS X ) > > * Ran through knox tests > > * Checked websocket functionality > > * Checked Topology Port Mapping feature > > * Checked KnoxShell samples > > * Tested HDFSUI (recent changes) > > > > Best, > > Sandeep > > > > > > On Wed, Jul 25, 2018 at 7:28 PM larry mccay wrote: > > > >> All - > >> > >> An issue with the OOTB configuration was found and subsequently fixed > >> based > >> on testing of RC 2. This is a minimal incremental change over the > previous > >> RC. > >> > >> Release candidate #3 for the Apache Knox 1.1.0 is available at: > >> > >> https://dist.apache.org/repos/dist/dev/knox/knox-1.1.0/ > >> > >> The release candidate is a zip archive of the sources in: > >> > >> https://git-wip-us.apache.org/repos/asf/knox.git > >> Branch v1.1.0 (git checkout -b v1.1.0) > >> Tag is v1.1.0-rc3 > >> > >> The KEYS file for signature validation is available at: > >> https://dist.apache.org/repos/dist/release/knox/KEYS > >> > >> Please vote on releasing this package as Apache Knox 1.1.0. > >> The vote is open for the next 72 hours and passes if a majority of at > >> least three +1 Apache Knox PMC votes are cast. > >> > >> [ ] +1 Release this package as Apache Knox 1.1.0 > >> [ ] -1 Do not release this package because... > >> > >> Thanks, > >> > >> --larry > >> > > >
Re: [VOTE] Release Apache Knox 1.1.0 RC 3
Thanks for the quick turnaround on these RCs, Larry! +1 * Verified GPG/MD5/SHA signatures for Knox source, Knox and KnoxShell release packages (zip files) * Downloaded and built from source (with Java 1.8.0_144) * Checked LICENSE and NOTICE files * Checked ISSUES file * Checked CHANGES file * Ran KnoxShell samples * Exercised the Admin UI (provider configuration wizard, descriptor wizard, etc...) * Verified the Admin UI issues discovered in RC1 (URL field validation, topology list refreshing) have been addressed * Tested service discovery and topology generation * Verified the resolution of the gateway-site.xml duplicate property issue discovered in RC2 -- Phil On Wed, Jul 25, 2018 at 7:28 PM larry mccay wrote: > All - > > An issue with the OOTB configuration was found and subsequently fixed based > on testing of RC 2. This is a minimal incremental change over the previous > RC. > > Release candidate #3 for the Apache Knox 1.1.0 is available at: > > https://dist.apache.org/repos/dist/dev/knox/knox-1.1.0/ > > The release candidate is a zip archive of the sources in: > > https://git-wip-us.apache.org/repos/asf/knox.git > Branch v1.1.0 (git checkout -b v1.1.0) > Tag is v1.1.0-rc3 > > The KEYS file for signature validation is available at: > https://dist.apache.org/repos/dist/release/knox/KEYS > > Please vote on releasing this package as Apache Knox 1.1.0. > The vote is open for the next 72 hours and passes if a majority of at > least three +1 Apache Knox PMC votes are cast. > > [ ] +1 Release this package as Apache Knox 1.1.0 > [ ] -1 Do not release this package because... > > Thanks, > > --larry >
Re: [VOTE] Release Apache Knox 1.1.0 RC 2
-1 I've discovered that conf/gateway-site.xml defines the gateway.dispatch.whitelist property twice, each with different values. This may result in the expected behavior, but it's technically incorrect (properties should not be defined twice) and it's certainly confusing. Less concerning is that the CHANGES file does not include any changes from rc1 --> rc2. * Verified GPG/MD5/SHA signatures for Knox source, Knox and KnoxShell release packages (zip files) * Downloaded and built from source (with Java 1.8.0_144) * Checked LICENSE and NOTICE files * Checked ISSUES file * Checked CHANGES file * Ran KnoxShell samples * Exercised the Admin UI (provider configuration wizard, descriptor wizard, etc...) * Verified the Admin UI issues discovered in RC1 (URL field validation, topology list refreshing) have been addressed * Tested service discovery and topology generation On Tue, Jul 24, 2018 at 8:21 PM larry mccay wrote: > All - > > A number of issues were identified and subsequently fixed based > on testing of RC 1. > > Release candidate #2 for the Apache Knox 1.1.0 is available at: > > https://dist.apache.org/repos/dist/dev/knox/knox-1.1.0/ > > The release candidate is a zip archive of the sources in: > > https://git-wip-us.apache.org/repos/asf/knox.git > Branch v1.1.0 (git checkout -b v1.1.0) > Tag is v1.1.0-rc2 > > The KEYS file for signature validation is available at: > https://dist.apache.org/repos/dist/release/knox/KEYS > > Please vote on releasing this package as Apache Knox 1.1.0. > The vote is open for the next 72 hours and passes if a majority of at > least three +1 Apache Knox PMC votes are cast. > > [ ] +1 Release this package as Apache Knox 1.1.0 > [ ] -1 Do not release this package because... > > Thanks, > > --larry > >
Re: [VOTE] Release Apache Knox 1.1.0 RC 1
-1 After some testing, there are some issues which merit another RC, IMO: - Some services are unnecessarily held to the dispatch whitelist validation (e.g., WEBHDFS, WEBHBASE) - The Admin UI URL input field validation requires a port, which it should not. While there are work-arounds for both, they adversely affect the user experience. On Sat, Jul 21, 2018 at 3:58 PM larry mccay wrote: > All - > > Release candidate #1 for the Apache Knox 1.1.0 is available at: > > https://dist.apache.org/repos/dist/dev/knox/knox-1.1.0/ > > The release candidate is a zip archive of the sources in: > > https://git-wip-us.apache.org/repos/asf/knox.git > Branch v1.1.0 (git checkout -b v1.1.0) > Tag is v1.1.0-rc1 > > The KEYS file for signature validation is available at: > https://dist.apache.org/repos/dist/release/knox/KEYS > > Please vote on releasing this package as Apache Knox 1.1.0. > The vote is open for the next 72 hours and passes if a majority of at > least three +1 Apache Knox PMC votes are cast. > > [ ] +1 Release this package as Apache Knox 1.1.0 > [ ] -1 Do not release this package because... > > Thanks, > > --larry >
Re: [DISCUSS] Planning for Apache Knox 1.1.0 Release
During some testing of the proposed 1.1.0 code, I've discovered some NPEs in filters (e.g., AclsAuthorizationFilter, HadoopGroupProviderFilter), which are concerning. I've committed a change to address the AclsAuthorizationFilter, but seeing similar behavior for the HadoopGroupProviderFilter has increased my concern that there may be a more fundamental problem. In both cases, it seems that the filters are being invoked prior to (or during) their respective init() methods have been invoked. Thus, members which should be initialized in the init() method are not yet initialized. This can be consistently reproduced, though it is a bit of a pain: - Install Knox (‘ant install-test-home’, or just unzip knox-1.1.0.zip) - Start the gateway - Access the Admin UI Note that the latest 1.1.0 source has a *fix* for the AclsAuthorizationFilter NPE, but master does not yet have this change. This is important because that change effectively hides the issue. I think we should determine what's happening with this before producing/testing a release candidate. On Sat, Feb 24, 2018 at 12:57 PM larry mccay wrote: > All - > > Sorry for the delay on this topic. > > We are going to start of this planning thread with ~85 Unresolved JIRAs in > either 1.1.0 or 0.15.0 fixVersion. > > project = KNOX AND resolution = Unresolved AND fixVersion in (1.1.0, > 0.15.0) ORDER BY priority DESC, updated DESC > > I will spend some time migrating all 0.15.0 to 1.1.0 to begin with and then > we will need to go through and see what is already taken care of or can > wait for a 1.2.0 or later. > > I also have a couple KIPs in mind to target larger features/themes for this > release. > > Off the top of my head: > > * I think we need to address some cloud specific usecases and plan to > provide a KIP for that. Hybrid cloud/federated knox instances, Azure AD > integration, ID mapping from Hadoop user to IAM users/roles, etc. Perhaps > some CASB-like features if they make sense. > > * I also think we need one for articulating a reasonable flow for Logout in > KnoxSSO. There are a lot of little nuances to logout across multiple apps > and between different IDPs. This will require some discussion. > > * Another thing that has been tugging at my interest has been the fact that > we may be able provide some common libraries to help ecosystem applications > uptake the trusted proxy pattern and KnoxSSO. > > Anyway, these are my initial thoughts, please feel free to raise additional > ideas/themes for KIPs, etc. > > I was thinking that we could try and target an end of March or Mid April > 1.1.0 release. > > Thoughts? > > --larry >
subscribe
subscribe
