[jira] [Created] (KNOX-3040) Support multiple ways to verify JWT tokens
Sandeep More created KNOX-3040: -- Summary: Support multiple ways to verify JWT tokens Key: KNOX-3040 URL: https://issues.apache.org/jira/browse/KNOX-3040 Project: Apache Knox Issue Type: Bug Reporter: Sandeep More Assignee: Sandeep More Currently we can only have one way to validate JWT token either # Using JWKS endpoint # Using PEM # Using the signing-key We should be able to support multiple verifications together. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-3035) Group header value should be based on data size and not number
Sandeep More created KNOX-3035: -- Summary: Group header value should be based on data size and not number Key: KNOX-3035 URL: https://issues.apache.org/jira/browse/KNOX-3035 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More KNOX-2974 and KNOX-3023 support adding group headers to requests flowing to downstream endpoints. Currently the groups headers is based on number of groups (1000 default). A lot of webservers and loadbalancers support header sizes between 4KB - 8KB which be an issue when header sizes are large. This JIRA is to update this logic to limit groups in one header to configured size in KBs. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-3034) Document KNOX-3023 - Support for groups and principal in downstream dispatch request
Sandeep More created KNOX-3034: -- Summary: Document KNOX-3023 - Support for groups and principal in downstream dispatch request Key: KNOX-3034 URL: https://issues.apache.org/jira/browse/KNOX-3034 Project: Apache Knox Issue Type: Bug Components: Document Reporter: Sandeep More Assignee: Sandeep More -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-3023) Extend the Hadoop proxyuser dispatch to optionally include groups in a header in addition to doAs
[ https://issues.apache.org/jira/browse/KNOX-3023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-3023. Resolution: Fixed > Extend the Hadoop proxyuser dispatch to optionally include groups in a header > in addition to doAs > - > > Key: KNOX-3023 > URL: https://issues.apache.org/jira/browse/KNOX-3023 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Currently Hadoop proxyuser dispatch does not have a mechanism to relay user > groups. This JIRA tried to address this problem. This can be done similar to > what we have done in [Knox Auth > Service|https://knox.apache.org/books/knox-2-0-0/user-guide.html#Knox+Auth+Service] > `auth/api/v1/pre` endpoint where a header is added to the response (by > default X-Knox-Actor-ID) with the principal name to the response. In this > case these headers will be added to outgoing requests. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-3023) Extend the Hadoop proxyuser dispatch to optionally include groups in a header in addition to doAs
[ https://issues.apache.org/jira/browse/KNOX-3023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-3023: --- Description: Currently Hadoop proxyuser dispatch does not have a mechanism to relay user groups. This JIRA tried to address this problem. This can be done similar to what we have done in [Knox Auth Service|https://knox.apache.org/books/knox-2-0-0/user-guide.html#Knox+Auth+Service] `auth/api/v1/pre` endpoint where a header is added to the response (by default X-Knox-Actor-ID) with the principal name to the response. In this case these headers will be added to outgoing requests. (was: Currently ) > Extend the Hadoop proxyuser dispatch to optionally include groups in a header > in addition to doAs > - > > Key: KNOX-3023 > URL: https://issues.apache.org/jira/browse/KNOX-3023 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > > Currently Hadoop proxyuser dispatch does not have a mechanism to relay user > groups. This JIRA tried to address this problem. This can be done similar to > what we have done in [Knox Auth > Service|https://knox.apache.org/books/knox-2-0-0/user-guide.html#Knox+Auth+Service] > `auth/api/v1/pre` endpoint where a header is added to the response (by > default X-Knox-Actor-ID) with the principal name to the response. In this > case these headers will be added to outgoing requests. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-3023) Extend the Hadoop proxyuser dispatch to optionally include groups in a header in addition to doAs
[ https://issues.apache.org/jira/browse/KNOX-3023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-3023: --- Fix Version/s: 2.0.0 > Extend the Hadoop proxyuser dispatch to optionally include groups in a header > in addition to doAs > - > > Key: KNOX-3023 > URL: https://issues.apache.org/jira/browse/KNOX-3023 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-3023) Extend the Hadoop proxyuser dispatch to optionally include groups in a header in addition to doAs
[ https://issues.apache.org/jira/browse/KNOX-3023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-3023: --- Description: Currently > Extend the Hadoop proxyuser dispatch to optionally include groups in a header > in addition to doAs > - > > Key: KNOX-3023 > URL: https://issues.apache.org/jira/browse/KNOX-3023 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > > Currently -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-3023) Extend the Hadoop proxyuser dispatch to optionally include groups in a header in addition to doAs
[ https://issues.apache.org/jira/browse/KNOX-3023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-3023: --- Fix Version/s: (was: 2.0.0) > Extend the Hadoop proxyuser dispatch to optionally include groups in a header > in addition to doAs > - > > Key: KNOX-3023 > URL: https://issues.apache.org/jira/browse/KNOX-3023 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-3023) Extend the Hadoop proxyuser dispatch to optionally include groups in a header in addition to doAs
[ https://issues.apache.org/jira/browse/KNOX-3023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-3023: --- Fix Version/s: 2.0.0 > Extend the Hadoop proxyuser dispatch to optionally include groups in a header > in addition to doAs > - > > Key: KNOX-3023 > URL: https://issues.apache.org/jira/browse/KNOX-3023 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-3023) Extend the Hadoop proxyuser dispatch to optionally include groups in a header in addition to doAs
[ https://issues.apache.org/jira/browse/KNOX-3023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17839615#comment-17839615 ] Sandeep More commented on KNOX-3023: This went to the back burner, i'll add description and target version. > Extend the Hadoop proxyuser dispatch to optionally include groups in a header > in addition to doAs > - > > Key: KNOX-3023 > URL: https://issues.apache.org/jira/browse/KNOX-3023 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-3015) Document path based authorization feature
[ https://issues.apache.org/jira/browse/KNOX-3015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-3015. Resolution: Fixed > Document path based authorization feature > - > > Key: KNOX-3015 > URL: https://issues.apache.org/jira/browse/KNOX-3015 > Project: Apache Knox > Issue Type: Bug > Components: Document >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > > Document KNOX-2998 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-3023) Extend the Hadoop proxyuser dispatch to optionally include groups in a header in addition to doAs
Sandeep More created KNOX-3023: -- Summary: Extend the Hadoop proxyuser dispatch to optionally include groups in a header in addition to doAs Key: KNOX-3023 URL: https://issues.apache.org/jira/browse/KNOX-3023 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-3014) Unauthenticated paths support for Shiro provider
[ https://issues.apache.org/jira/browse/KNOX-3014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-3014. Resolution: Fixed > Unauthenticated paths support for Shiro provider > > > Key: KNOX-3014 > URL: https://issues.apache.org/jira/browse/KNOX-3014 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 40m > Remaining Estimate: 0h > > Looks like we have only support unauthenticated paths for > * JWTProvider > * HadoopAuthProvider > * SSOCookieProvider > Shiro auth provider does not have support for unauthenticated path parameter. > see KNOX-2582 and KNOX-2393 > This can be enabled by adding the following param to Shiro authentication > provider > {code:java} > > urls./knoxtoken/api/v1/jwks.json > anon > > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-3014) Unauthenticated paths support for Shiro provider
[ https://issues.apache.org/jira/browse/KNOX-3014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-3014: --- Description: Looks like we have only support unauthenticated paths for * JWTProvider * HadoopAuthProvider * SSOCookieProvider Shiro auth provider does not have support for unauthenticated path parameter. see KNOX-2582 and KNOX-2393 This can be enabled by adding the following param to Shiro authentication provider {code:java} urls./knoxtoken/api/v1/jwks.json anon {code} was: Looks like we have only support unauthenticated paths for * JWTProvider * HadoopAuthProvider * SSOCookieProvider Shiro auth provider does not have support for unauthenticated path parameter. see KNOX-2582 and KNOX-2393 > Unauthenticated paths support for Shiro provider > > > Key: KNOX-3014 > URL: https://issues.apache.org/jira/browse/KNOX-3014 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 40m > Remaining Estimate: 0h > > Looks like we have only support unauthenticated paths for > * JWTProvider > * HadoopAuthProvider > * SSOCookieProvider > Shiro auth provider does not have support for unauthenticated path parameter. > see KNOX-2582 and KNOX-2393 > This can be enabled by adding the following param to Shiro authentication > provider > {code:java} > > urls./knoxtoken/api/v1/jwks.json > anon > > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-3014) Unauthenticated paths support for Shiro provider
[ https://issues.apache.org/jira/browse/KNOX-3014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-3014: --- Fix Version/s: 2.1.0 > Unauthenticated paths support for Shiro provider > > > Key: KNOX-3014 > URL: https://issues.apache.org/jira/browse/KNOX-3014 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 40m > Remaining Estimate: 0h > > Looks like we have only support unauthenticated paths for > * JWTProvider > * HadoopAuthProvider > * SSOCookieProvider > Shiro auth provider does not have support for unauthenticated path parameter. > see KNOX-2582 and KNOX-2393 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-3015) Document path based authorization feature
Sandeep More created KNOX-3015: -- Summary: Document path based authorization feature Key: KNOX-3015 URL: https://issues.apache.org/jira/browse/KNOX-3015 Project: Apache Knox Issue Type: Bug Components: Document Reporter: Sandeep More Assignee: Sandeep More Fix For: 2.1.0 Document KNOX-2998 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2998) Path based authorization
[ https://issues.apache.org/jira/browse/KNOX-2998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2998: --- Description: We will need a new acls extension (similar to AclsAuthz) to support this functionality. Following, is an example of how this might look. {code:java} authorization PathAclsAuthz true path.acl https://*:*/**/knoxtoken/api/**;admin;*;* {code} This new extension (`path` in the above example) will work with CompositeAuthz and follow the same pattern as AclsAuthz provider. was: We will need a new acls extension (similar to AclsAuthz) to support this functionality. Following, is an example of how this might look. {code:java} path.KNOX-AUTH-SERVICE.acl /foo/* [, *|path...];username[,*|username...];group[,*|group...];ipaddr[,*|ipaddr...] {code} This new extension (`path` in the above example) will work with CompositeAuthz and follow the same pattern as AclsAuthz provider. > Path based authorization > > > Key: KNOX-2998 > URL: https://issues.apache.org/jira/browse/KNOX-2998 > Project: Apache Knox > Issue Type: New Feature > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > We will need a new acls extension (similar to AclsAuthz) to support this > functionality. Following, is an example of how this might look. > > {code:java} > > authorization > PathAclsAuthz > true > > path.acl > https://*:*/**/knoxtoken/api/**;admin;*;* > > > {code} > This new extension (`path` in the above example) will work with > CompositeAuthz and follow the same pattern as AclsAuthz provider. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2998) Path based authorization
[ https://issues.apache.org/jira/browse/KNOX-2998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2998. Resolution: Fixed > Path based authorization > > > Key: KNOX-2998 > URL: https://issues.apache.org/jira/browse/KNOX-2998 > Project: Apache Knox > Issue Type: New Feature > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > We will need a new acls extension (similar to AclsAuthz) to support this > functionality. Following, is an example of how this might look. > > {code:java} > > authorization > PathAclsAuthz > true > > path.acl > https://*:*/**/knoxtoken/api/**;admin;*;* > > > {code} > This new extension (`path` in the above example) will work with > CompositeAuthz and follow the same pattern as AclsAuthz provider. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2998) Path based authorization
[ https://issues.apache.org/jira/browse/KNOX-2998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2998: --- Fix Version/s: 2.1.0 > Path based authorization > > > Key: KNOX-2998 > URL: https://issues.apache.org/jira/browse/KNOX-2998 > Project: Apache Knox > Issue Type: New Feature > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > We will need a new acls extension (similar to AclsAuthz) to support this > functionality. Following, is an example of how this might look. > > {code:java} > > path.KNOX-AUTH-SERVICE.acl >/foo/* [, > *|path...];username[,*|username...];group[,*|group...];ipaddr[,*|ipaddr...] > > {code} > This new extension (`path` in the above example) will work with > CompositeAuthz and follow the same pattern as AclsAuthz provider. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2996) Add proxy for hdfs UI network topology
[ https://issues.apache.org/jira/browse/KNOX-2996?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2996: --- Fix Version/s: 2.1.0 Resolution: Fixed Status: Resolved (was: Patch Available) > Add proxy for hdfs UI network topology > --- > > Key: KNOX-2996 > URL: https://issues.apache.org/jira/browse/KNOX-2996 > Project: Apache Knox > Issue Type: Bug > Components: Release >Affects Versions: 2.0.0, 1.6.0 >Reporter: zhaoshuaihua >Assignee: zhaoshuaihua >Priority: Major > Fix For: 2.1.0 > > Attachments: > KNOX-2996_-_Add_proxy_for_hdfs_UI_network_topology.patch, > image-2023-12-28-16-36-57-726.png, image-2023-12-28-16-37-10-631.png, > image-2023-12-28-16-37-15-888.png > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Clicking the hdfs UI network topology proxy failed, the page should be > displayed and should not be Error. > !image-2023-12-28-16-36-57-726.png!!image-2023-12-28-16-37-10-631.png!!image-2023-12-28-16-37-15-888.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2996) Add proxy for hdfs UI network topology
[ https://issues.apache.org/jira/browse/KNOX-2996?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17823580#comment-17823580 ] Sandeep More commented on KNOX-2996: Thank you for your contribution [~beryl_zsh]. The patch has been committed to master! > Add proxy for hdfs UI network topology > --- > > Key: KNOX-2996 > URL: https://issues.apache.org/jira/browse/KNOX-2996 > Project: Apache Knox > Issue Type: Bug > Components: Release >Affects Versions: 2.0.0, 1.6.0 >Reporter: zhaoshuaihua >Assignee: zhaoshuaihua >Priority: Major > Attachments: > KNOX-2996_-_Add_proxy_for_hdfs_UI_network_topology.patch, > image-2023-12-28-16-36-57-726.png, image-2023-12-28-16-37-10-631.png, > image-2023-12-28-16-37-15-888.png > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Clicking the hdfs UI network topology proxy failed, the page should be > displayed and should not be Error. > !image-2023-12-28-16-36-57-726.png!!image-2023-12-28-16-37-10-631.png!!image-2023-12-28-16-37-15-888.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (KNOX-2996) Add proxy for hdfs UI network topology
[ https://issues.apache.org/jira/browse/KNOX-2996?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More reassigned KNOX-2996: -- Assignee: zhaoshuaihua > Add proxy for hdfs UI network topology > --- > > Key: KNOX-2996 > URL: https://issues.apache.org/jira/browse/KNOX-2996 > Project: Apache Knox > Issue Type: Bug > Components: Release >Affects Versions: 2.0.0, 1.6.0 >Reporter: zhaoshuaihua >Assignee: zhaoshuaihua >Priority: Major > Attachments: > KNOX-2996_-_Add_proxy_for_hdfs_UI_network_topology.patch, > image-2023-12-28-16-36-57-726.png, image-2023-12-28-16-37-10-631.png, > image-2023-12-28-16-37-15-888.png > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Clicking the hdfs UI network topology proxy failed, the page should be > displayed and should not be Error. > !image-2023-12-28-16-36-57-726.png!!image-2023-12-28-16-37-10-631.png!!image-2023-12-28-16-37-15-888.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-3014) Unauthenticated paths support for Shiro provider
Sandeep More created KNOX-3014: -- Summary: Unauthenticated paths support for Shiro provider Key: KNOX-3014 URL: https://issues.apache.org/jira/browse/KNOX-3014 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More Looks like we have only support unauthenticated paths for * JWTProvider * HadoopAuthProvider * SSOCookieProvider Shiro auth provider does not have support for unauthenticated path parameter. see KNOX-2582 and KNOX-2393 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2999) [Docker] Add public CA to Knox trust store
[ https://issues.apache.org/jira/browse/KNOX-2999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2999. Fix Version/s: 2.1.0 Resolution: Fixed > [Docker] Add public CA to Knox trust store > -- > > Key: KNOX-2999 > URL: https://issues.apache.org/jira/browse/KNOX-2999 > Project: Apache Knox > Issue Type: Bug > Components: docker >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > It appears that the truststore that Knox is using does not have root certs > for public CAs. This is needed for Knox to support JWKS endpoints (prod and > dev) which are signed by public CAs. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2999) [Docker] Add public CA to Knox trust store
Sandeep More created KNOX-2999: -- Summary: [Docker] Add public CA to Knox trust store Key: KNOX-2999 URL: https://issues.apache.org/jira/browse/KNOX-2999 Project: Apache Knox Issue Type: Bug Components: docker Reporter: Sandeep More Assignee: Sandeep More It appears that the truststore that Knox is using does not have root certs for public CAs. This is needed for Knox to support JWKS endpoints (prod and dev) which are signed by public CAs. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2998) Path based authorization
Sandeep More created KNOX-2998: -- Summary: Path based authorization Key: KNOX-2998 URL: https://issues.apache.org/jira/browse/KNOX-2998 Project: Apache Knox Issue Type: New Feature Components: Server Reporter: Sandeep More Assignee: Sandeep More We will need a new acls extension (similar to AclsAuthz) to support this functionality. Following, is an example of how this might look. {code:java} path.KNOX-AUTH-SERVICE.acl /foo/* [, *|path...];username[,*|username...];group[,*|group...];ipaddr[,*|ipaddr...] {code} This new extension (`path` in the above example) will work with CompositeAuthz and follow the same pattern as AclsAuthz provider. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2989) Enable support for multi-arch docer builds for Knox
[ https://issues.apache.org/jira/browse/KNOX-2989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2989. Fix Version/s: 2.1.0 Resolution: Fixed > Enable support for multi-arch docer builds for Knox > --- > > Key: KNOX-2989 > URL: https://issues.apache.org/jira/browse/KNOX-2989 > Project: Apache Knox > Issue Type: Bug > Components: docker >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2986) Enable HA for ODBC drivers > 2.6.15
[ https://issues.apache.org/jira/browse/KNOX-2986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17791166#comment-17791166 ] Sandeep More commented on KNOX-2986: Ah, thanks [~amagyar]! > Enable HA for ODBC drivers > 2.6.15 > --- > > Key: KNOX-2986 > URL: https://issues.apache.org/jira/browse/KNOX-2986 > Project: Apache Knox > Issue Type: Bug >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Labels: HA > > Currently we prevent HA for all ODBC drivers. Hive driver recently added > support for KNOX_BACKEND-HIVE cookie in 2.6.15. We need to add a version > property where we can selectively enable HA for ODBC drivers with version >= > 2.6.15. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2989) Enable support for multi-arch docer builds for Knox
Sandeep More created KNOX-2989: -- Summary: Enable support for multi-arch docer builds for Knox Key: KNOX-2989 URL: https://issues.apache.org/jira/browse/KNOX-2989 Project: Apache Knox Issue Type: Bug Components: docker Reporter: Sandeep More Assignee: Sandeep More -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2988) Documentation for KNOX-2983
[ https://issues.apache.org/jira/browse/KNOX-2988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17791089#comment-17791089 ] Sandeep More commented on KNOX-2988: Thank you [~amagyar] this makes perfect sense, LGTM :) > Documentation for KNOX-2983 > --- > > Key: KNOX-2988 > URL: https://issues.apache.org/jira/browse/KNOX-2988 > Project: Apache Knox > Issue Type: Improvement >Reporter: Attila Magyar >Assignee: Attila Magyar >Priority: Major > Attachments: KNOX-2983.patch, KNOX-2983_2.patch, Screenshot > 2023-11-20 at 12.22.28.png > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2988) Documentation for KNOX-2983
[ https://issues.apache.org/jira/browse/KNOX-2988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17791044#comment-17791044 ] Sandeep More commented on KNOX-2988: Few questions: 1. The `if` expression expects 2-3 parameters. - does this mean 2 or 3? can it be just 1 or more than 3? need to be more explicit IMO. 2. In an XML topology, the less than and greater than operators should be either encoded as `` `` - Perhaps an example will help. This will be more usefule when doing a quick visual scan when we need to refer the doc. Otherwise this looks GREAT! thank you so much [~amagyar]!! > Documentation for KNOX-2983 > --- > > Key: KNOX-2988 > URL: https://issues.apache.org/jira/browse/KNOX-2988 > Project: Apache Knox > Issue Type: Improvement >Reporter: Attila Magyar >Assignee: Attila Magyar >Priority: Major > Attachments: KNOX-2983.patch, Screenshot 2023-11-20 at 12.22.28.png > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2987) Upgrade Spring vault and amqp-client dependencies
Sandeep More created KNOX-2987: -- Summary: Upgrade Spring vault and amqp-client dependencies Key: KNOX-2987 URL: https://issues.apache.org/jira/browse/KNOX-2987 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2986) Enable HA for ODBC drivers > 2.6.15
Sandeep More created KNOX-2986: -- Summary: Enable HA for ODBC drivers > 2.6.15 Key: KNOX-2986 URL: https://issues.apache.org/jira/browse/KNOX-2986 Project: Apache Knox Issue Type: Bug Reporter: Sandeep More Assignee: Sandeep More Currently we prevent HA for all ODBC drivers. Hive driver recently added support for KNOX_BACKEND-HIVE cookie in 2.6.15. We need to add a version property where we can selectively enable HA for ODBC drivers with version >= 2.6.15. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2984) Fix Knox documentation that states HA is supported for Hive ODBC
Sandeep More created KNOX-2984: -- Summary: Fix Knox documentation that states HA is supported for Hive ODBC Key: KNOX-2984 URL: https://issues.apache.org/jira/browse/KNOX-2984 Project: Apache Knox Issue Type: Improvement Components: Document Reporter: Sandeep More Assignee: Sandeep More Update the chart in https://knox.apache.org/books/knox-2-0-0/user-guide.html#Supported+Services -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2974) Add a new endpoint like 'pre' that supports other verbs and ignores paths
[ https://issues.apache.org/jira/browse/KNOX-2974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2974. Fix Version/s: 2.1.0 Resolution: Fixed > Add a new endpoint like 'pre' that supports other verbs and ignores paths > - > > Key: KNOX-2974 > URL: https://issues.apache.org/jira/browse/KNOX-2974 > Project: Apache Knox > Issue Type: New Feature > Components: docker, Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Knox can be used as an [external authorizer for Istio > |https://istio.io/v1.10/blog/2021/better-external-authz/]. In this model > Istio forwards the request to the external authorizer and depending on the > results the request then either errors out with 401 or 403 OR proceeds to > it's intended destination after successful authentication and authorization > by Knox. > Here the request is getting forwarded and Knox acts as a "filter". This means > the "pre" endpoint should support all the HTTP verbs and it should have the > ability to ignore additional paths that may be appended by Istio. > This JIRA is to address these issues by creating a new service "extauthz" > that addresses these issues without changing existing "pre" service to > prevent breakage. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2974) Add a new endpoint like 'pre' that supports other verbs and ignores paths
Sandeep More created KNOX-2974: -- Summary: Add a new endpoint like 'pre' that supports other verbs and ignores paths Key: KNOX-2974 URL: https://issues.apache.org/jira/browse/KNOX-2974 Project: Apache Knox Issue Type: New Feature Components: docker, Server Reporter: Sandeep More Assignee: Sandeep More Knox can be used as an [external authorizer for Istio |https://istio.io/v1.10/blog/2021/better-external-authz/]. In this model Istio forwards the request to the external authorizer and depending on the results the request then either errors out with 401 or 403 OR proceeds to it's intended destination after successful authentication and authorization by Knox. Here the request is getting forwarded and Knox acts as a "filter". This means the "pre" endpoint should support all the HTTP verbs and it should have the ability to ignore additional paths that may be appended by Istio. This JIRA is to address these issues by creating a new service "extauthz" that addresses these issues without changing existing "pre" service to prevent breakage. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2973) HbaseUI>Table Details not accessible from Knox endpoint intermittently
[ https://issues.apache.org/jira/browse/KNOX-2973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2973: --- Fix Version/s: 2.1.0 > HbaseUI>Table Details not accessible from Knox endpoint intermittently > -- > > Key: KNOX-2973 > URL: https://issues.apache.org/jira/browse/KNOX-2973 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > This is due to the [SSO logic that checks for > originalURL|https://github.com/apache/knox/blob/master/gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java#L365] > query param. > During the first login, this is the redirect URL: > https://local.site/gateway/knoxsso/api/v1/websso?originalUrl=https://local.site/gateway/proxy/hbase/webui/master?host=local.site=16010 > When this reaches WebSSOResource.getOriginalUrlFromQueryParams() > functionvalue of request.getParameter(ORIGINAL_URL_REQUEST_PARAM) is > https://local.site/gateway/proxy/hbase/webui/master?host=local.site > Note: port information is missing. This is because of the & query param which > treats port as a separate param and not part of original URL. > Also, because of the same reason '?' is added after the host, this is where > it is done > This is why additional ? gets added. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2973) HbaseUI>Table Details not accessible from Knox endpoint intermittently
[ https://issues.apache.org/jira/browse/KNOX-2973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2973. Resolution: Fixed > HbaseUI>Table Details not accessible from Knox endpoint intermittently > -- > > Key: KNOX-2973 > URL: https://issues.apache.org/jira/browse/KNOX-2973 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > This is due to the [SSO logic that checks for > originalURL|https://github.com/apache/knox/blob/master/gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java#L365] > query param. > During the first login, this is the redirect URL: > https://local.site/gateway/knoxsso/api/v1/websso?originalUrl=https://local.site/gateway/proxy/hbase/webui/master?host=local.site=16010 > When this reaches WebSSOResource.getOriginalUrlFromQueryParams() > functionvalue of request.getParameter(ORIGINAL_URL_REQUEST_PARAM) is > https://local.site/gateway/proxy/hbase/webui/master?host=local.site > Note: port information is missing. This is because of the & query param which > treats port as a separate param and not part of original URL. > Also, because of the same reason '?' is added after the host, this is where > it is done > This is why additional ? gets added. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2973) HbaseUI>Table Details not accessible from Knox endpoint intermittently
Sandeep More created KNOX-2973: -- Summary: HbaseUI>Table Details not accessible from Knox endpoint intermittently Key: KNOX-2973 URL: https://issues.apache.org/jira/browse/KNOX-2973 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More This is due to the [SSO logic that checks for originalURL|https://github.com/apache/knox/blob/master/gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java#L365] query param. During the first login, this is the redirect URL: https://local.site/gateway/knoxsso/api/v1/websso?originalUrl=https://local.site/gateway/proxy/hbase/webui/master?host=local.site=16010 When this reaches WebSSOResource.getOriginalUrlFromQueryParams() functionvalue of request.getParameter(ORIGINAL_URL_REQUEST_PARAM) is https://local.site/gateway/proxy/hbase/webui/master?host=local.site Note: port information is missing. This is because of the & query param which treats port as a separate param and not part of original URL. Also, because of the same reason '?' is added after the host, this is where it is done This is why additional ? gets added. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2957) Upgrade Groovy version >= 3.0.8 to support knoxshell on JDK17 cluster
Sandeep More created KNOX-2957: -- Summary: Upgrade Groovy version >= 3.0.8 to support knoxshell on JDK17 cluster Key: KNOX-2957 URL: https://issues.apache.org/jira/browse/KNOX-2957 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More Execution on knoxshell.sh fails on jdk17 with below error {code:java} Caught: BUG! exception in phase 'semantic analysis' in source unit '/tmp/tokenShell/webHdfsLs.groovy' Unsupported class file major version 61 BUG! exception in phase 'semantic analysis' in source unit '/tmp/tokenShell/webHdfsLs.groovy' Unsupported class file major version 61 at org.apache.knox.gateway.shell.Shell.main(Shell.java:70) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at org.apache.knox.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:68) at org.apache.knox.gateway.launcher.Invoker.invoke(Invoker.java:39) at org.apache.knox.gateway.launcher.Command.run(Command.java:99) at org.apache.knox.gateway.launcher.Launcher.run(Launcher.java:75) at org.apache.knox.gateway.launcher.Launcher.main(Launcher.java:52) Caused by: java.lang.IllegalArgumentException: Unsupported class file major version 61 at groovyjarjarasm.asm.ClassReader.(ClassReader.java:189) at groovyjarjarasm.asm.ClassReader.(ClassReader.java:170) at groovyjarjarasm.asm.ClassReader.(ClassReader.java:156) at groovyjarjarasm.asm.ClassReader.(ClassReader.java:277) ... 9 more {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2953) Uniform name of http method of client metric to lowerCase
[ https://issues.apache.org/jira/browse/KNOX-2953?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2953: --- Fix Version/s: 2.1.0 Resolution: Fixed Status: Resolved (was: Patch Available) > Uniform name of http method of client metric to lowerCase > - > > Key: KNOX-2953 > URL: https://issues.apache.org/jira/browse/KNOX-2953 > Project: Apache Knox > Issue Type: Improvement > Components: Metrics >Reporter: liang.feng >Priority: Minor > Fix For: 2.1.0 > > Attachments: gateway-client-metric.png, > gateway-metric-client-after-fix.png > > Time Spent: 20m > Remaining Estimate: 0h > > The metric name starting with client should set httpMethod to lowercase, when > build metric name, just like the service metric name at [# > [https://github.com/apache/knox/blob/master/gateway-server/src/main/java/org/apache/knox/gateway/services/metrics/impl/instr/InstrHttpClientBuilderProvider.java#L68]] > > There are many similar metric names now,due to name of httpMethod is > non-uniform. > For example: > When I query from HBase with curl command , The command curl -X Get 和 curl -X > GET will generate two similar metric name > !gateway-client-metric.png! > We should uniformly change the method name to lowercase so that the metric > names of service and client are unified. > > The effect after applying the [PR789|https://github.com/apache/knox/pull/789] > !gateway-metric-client-after-fix.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2953) Uniform name of http method of client metric to lowerCase
[ https://issues.apache.org/jira/browse/KNOX-2953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17760998#comment-17760998 ] Sandeep More commented on KNOX-2953: [~a516072575] thank you your patch has been committed. Thank you for your contribution! > Uniform name of http method of client metric to lowerCase > - > > Key: KNOX-2953 > URL: https://issues.apache.org/jira/browse/KNOX-2953 > Project: Apache Knox > Issue Type: Improvement > Components: Metrics >Reporter: liang.feng >Priority: Minor > Attachments: gateway-client-metric.png, > gateway-metric-client-after-fix.png > > Time Spent: 20m > Remaining Estimate: 0h > > The metric name starting with client should set httpMethod to lowercase, when > build metric name, just like the service metric name at [# > [https://github.com/apache/knox/blob/master/gateway-server/src/main/java/org/apache/knox/gateway/services/metrics/impl/instr/InstrHttpClientBuilderProvider.java#L68]] > > There are many similar metric names now,due to name of httpMethod is > non-uniform. > For example: > When I query from HBase with curl command , The command curl -X Get 和 curl -X > GET will generate two similar metric name > !gateway-client-metric.png! > We should uniformly change the method name to lowercase so that the metric > names of service and client are unified. > > The effect after applying the [PR789|https://github.com/apache/knox/pull/789] > !gateway-metric-client-after-fix.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2911) Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy
[ https://issues.apache.org/jira/browse/KNOX-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17745919#comment-17745919 ] Sandeep More commented on KNOX-2911: [~rakeshgupta264] patch is committed, thank you for your contribution! > Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy > -- > > Key: KNOX-2911 > URL: https://issues.apache.org/jira/browse/KNOX-2911 > Project: Apache Knox > Issue Type: Improvement >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > Attachments: 0001-KNOX-2911.patch > > Time Spent: 1h 10m > Remaining Estimate: 0h > > Adding Other List of APIs via knox > - Tagrest Api > - xAudit Api > [https://ranger.apache.org/apidocs/resource_XAuditREST.html#resource_XAuditREST_searchXAccessAudits_GET] > - Role Api > - Ranger metrics APIs as well > /service/metrics/status -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2911) Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy
[ https://issues.apache.org/jira/browse/KNOX-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2911. Fix Version/s: 2.0.1 Resolution: Fixed > Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy > -- > > Key: KNOX-2911 > URL: https://issues.apache.org/jira/browse/KNOX-2911 > Project: Apache Knox > Issue Type: Improvement >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > Fix For: 2.0.1 > > Attachments: 0001-KNOX-2911.patch > > Time Spent: 1h 10m > Remaining Estimate: 0h > > Adding Other List of APIs via knox > - Tagrest Api > - xAudit Api > [https://ranger.apache.org/apidocs/resource_XAuditREST.html#resource_XAuditREST_searchXAccessAudits_GET] > - Role Api > - Ranger metrics APIs as well > /service/metrics/status -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2932) Kerberos support for Knox docker container
[ https://issues.apache.org/jira/browse/KNOX-2932?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2932: --- Description: Looks like currently Knox docker image does not have Kerberos support. This would be a problem when we use HadoopAuth authentication. Need to add the following: {code:java} apk --no-cache add krb5 {code} was: Looks like currently Knox docker image does not have Kerberos support. This would be a problem when we use HadoopAuth authentication. Need to add the following: {code:java} RUN apt-get -qq update && \ apt-get -yqq install krb5-user libpam-krb5 && \ apt-get -yqq clean {code} > Kerberos support for Knox docker container > -- > > Key: KNOX-2932 > URL: https://issues.apache.org/jira/browse/KNOX-2932 > Project: Apache Knox > Issue Type: Bug > Components: docker >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > > Looks like currently Knox docker image does not have Kerberos support. This > would be a problem when we use HadoopAuth authentication. > Need to add the following: > {code:java} > apk --no-cache add krb5 > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2932) Kerberos support for Knox docker container
Sandeep More created KNOX-2932: -- Summary: Kerberos support for Knox docker container Key: KNOX-2932 URL: https://issues.apache.org/jira/browse/KNOX-2932 Project: Apache Knox Issue Type: Bug Components: docker Reporter: Sandeep More Assignee: Sandeep More Looks like currently Knox docker image does not have Kerberos support. This would be a problem when we use HadoopAuth authentication. Need to add the following: {code:java} RUN apt-get -qq update && \ apt-get -yqq install krb5-user libpam-krb5 && \ apt-get -yqq clean {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2931) Some special characters in the rewrite rule cannot be escaped
[ https://issues.apache.org/jira/browse/KNOX-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17737672#comment-17737672 ] Sandeep More commented on KNOX-2931: Wow this is bizarre, do you know what special character causes this? is it {{}}? > Some special characters in the rewrite rule cannot be escaped > - > > Key: KNOX-2931 > URL: https://issues.apache.org/jira/browse/KNOX-2931 > Project: Apache Knox > Issue Type: Task >Reporter: Attila Magyar >Assignee: Attila Magyar >Priority: Major > > HTML content: > {code} > href="{{typestat.portval.toLowerCase()}}://{{typestat.hostname}}:{{typestat.portno}}" > target="_blank">{{typestat.hostname}} > {code} > Rule: > {code} > > pattern="{{typestat.portval.toLowerCase()}}://{{typestat.hostname}}:{{typestat.portno}}"/> > template="{gateway.url}/ozone-scm/datanode/index.html?host={{typestat.portval.toLowerCase()}}://{{typestat.hostname}}:{{typestat.portno}} > "/> > > {code} > The goal is to prepend knox URL in front of the href and have: > {code} > https://KNOX/gateway/topology/service?host={{typestat.portval.toLowerCase()}}://{{typestat.hostname}}:{{typestat.portno}} > {code} > It seems that the {{ ... }} part is interpreted as a place holder and the > host part is completely omitted. > Interestingly adding a dummy space at the end solves it. > cc: [~zitadombi] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2923) Support JDK17
[ https://issues.apache.org/jira/browse/KNOX-2923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2923. Fix Version/s: 2.1.0 Resolution: Fixed > Support JDK17 > - > > Key: KNOX-2923 > URL: https://issues.apache.org/jira/browse/KNOX-2923 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Knox should be able to run on JDK 17 but we also need to support JDK8. This > JIRA adds support for running Knox on JDK 8 and JDK 17. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2923) Support JDK17
Sandeep More created KNOX-2923: -- Summary: Support JDK17 Key: KNOX-2923 URL: https://issues.apache.org/jira/browse/KNOX-2923 Project: Apache Knox Issue Type: Improvement Components: Server Reporter: Sandeep More Assignee: Sandeep More Knox should be able to run on JDK 17 but we also need to support JDK8. This JIRA adds support for running Knox on JDK 8 and JDK 17. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (KNOX-2911) Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy
[ https://issues.apache.org/jira/browse/KNOX-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More reassigned KNOX-2911: -- Assignee: Rakesh Gupta > Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy > -- > > Key: KNOX-2911 > URL: https://issues.apache.org/jira/browse/KNOX-2911 > Project: Apache Knox > Issue Type: Improvement >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > Attachments: 0001-KNOX-2911.patch > > > Adding Other List of APIs via knox > - Tagrest Api > - xAudit Api > [https://ranger.apache.org/apidocs/resource_XAuditREST.html#resource_XAuditREST_searchXAccessAudits_GET] > - Role Api > - Ranger metrics APIs as well > /service/metrics/status -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2911) Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy
[ https://issues.apache.org/jira/browse/KNOX-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17728382#comment-17728382 ] Sandeep More commented on KNOX-2911: Thank you fpr the patch [~rakeshgupta264]! can you submit a github PR. We have moved to github PR as it helps us in reviewing and helps with proper attributions to contributors such as you! > Allow metrics,roles, tagrest & xaudit Ranger Admin APIs via knox proxy > -- > > Key: KNOX-2911 > URL: https://issues.apache.org/jira/browse/KNOX-2911 > Project: Apache Knox > Issue Type: Improvement >Reporter: Rakesh Gupta >Priority: Major > Attachments: 0001-KNOX-2911.patch > > > Adding Other List of APIs via knox > - Tagrest Api > - xAudit Api > [https://ranger.apache.org/apidocs/resource_XAuditREST.html#resource_XAuditREST_searchXAccessAudits_GET] > - Role Api > - Ranger metrics APIs as well > /service/metrics/status -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2908) Document KNOX-2543 - Add ability to retry failed requests
Sandeep More created KNOX-2908: -- Summary: Document KNOX-2543 - Add ability to retry failed requests Key: KNOX-2908 URL: https://issues.apache.org/jira/browse/KNOX-2908 Project: Apache Knox Issue Type: Bug Components: Document Reporter: Sandeep More Document: Add option to replay requests when the server unexpectedly closes the connection (not in case of socket timeouts where the server is unable to reach) Proposed changes are adding optional service params retryCount - how many times should a request be retried retryNonSafeRequest - Should an unsafe request be retries, unsafe = POST, PUT, DELETE (!GET) example WHOAMI http://localhost:50071 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2904) Endpoint is not marked as failed in case of non-idempotent request failover
[ https://issues.apache.org/jira/browse/KNOX-2904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2904: --- Fix Version/s: 2.1.0 > Endpoint is not marked as failed in case of non-idempotent request failover > --- > > Key: KNOX-2904 > URL: https://issues.apache.org/jira/browse/KNOX-2904 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 40m > Remaining Estimate: 0h > > When a non-idempotent request fails the endpoint is not marked as failed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2904) Endpoint is not marked as failed in case of non-idempotent request failover
[ https://issues.apache.org/jira/browse/KNOX-2904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2904. Resolution: Fixed > Endpoint is not marked as failed in case of non-idempotent request failover > --- > > Key: KNOX-2904 > URL: https://issues.apache.org/jira/browse/KNOX-2904 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 40m > Remaining Estimate: 0h > > When a non-idempotent request fails the endpoint is not marked as failed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2904) Endpoint is not marked as failed in case of non-idempotent request failover
Sandeep More created KNOX-2904: -- Summary: Endpoint is not marked as failed in case of non-idempotent request failover Key: KNOX-2904 URL: https://issues.apache.org/jira/browse/KNOX-2904 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More When a non-idempotent request fails the endpoint is not marked as failed. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2902) Knox homepage tiles for Impala should have host info
Sandeep More created KNOX-2902: -- Summary: Knox homepage tiles for Impala should have host info Key: KNOX-2902 URL: https://issues.apache.org/jira/browse/KNOX-2902 Project: Apache Knox Issue Type: Bug Components: Homepage Reporter: Sandeep More On knox homepage for services like Impala, NameNode UI etc. the service tiles do not reflect host request is dispatched to. I might be useful to add Host info. At the same time we need to evaluate if exposing host name is a good idea since now Knox is exposing internal cluster topology. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2890) When client-knox connection is broken knox should not retry the same client request
[ https://issues.apache.org/jira/browse/KNOX-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2890. Resolution: Fixed > When client-knox connection is broken knox should not retry the same client > request > --- > > Key: KNOX-2890 > URL: https://issues.apache.org/jira/browse/KNOX-2890 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 2.0..0 >Reporter: J.Andreina >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 2h > Remaining Estimate: 0h > > Knox should not be retrying non idempotent requests like POST, PATCH etc. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2890) When client-knox connection is broken knox should not retry the same client request
[ https://issues.apache.org/jira/browse/KNOX-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2890: --- Fix Version/s: 2.1.0 > When client-knox connection is broken knox should not retry the same client > request > --- > > Key: KNOX-2890 > URL: https://issues.apache.org/jira/browse/KNOX-2890 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 2.0..0 >Reporter: J.Andreina >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 2h > Remaining Estimate: 0h > > Knox should not be retrying non idempotent requests like POST, PATCH etc. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2890) When client-knox connection is broken knox should not retry the same client request
[ https://issues.apache.org/jira/browse/KNOX-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2890: --- Reporter: J.Andreina (was: Sandeep More) > When client-knox connection is broken knox should not retry the same client > request > --- > > Key: KNOX-2890 > URL: https://issues.apache.org/jira/browse/KNOX-2890 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 2.0..0 >Reporter: J.Andreina >Assignee: Sandeep More >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Knox should not be retrying non idempotent requests like POST, PATCH etc. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2890) When client-knox connection is broken knox should not retry the same client request
Sandeep More created KNOX-2890: -- Summary: When client-knox connection is broken knox should not retry the same client request Key: KNOX-2890 URL: https://issues.apache.org/jira/browse/KNOX-2890 Project: Apache Knox Issue Type: Bug Components: Server Affects Versions: 2.0..0 Reporter: Sandeep More Assignee: Sandeep More Knox should not be retrying non idempotent requests like POST, PATCH etc. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2888) Update gateway-version to 2.1.0 in build.xml
[ https://issues.apache.org/jira/browse/KNOX-2888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2888. Resolution: Fixed > Update gateway-version to 2.1.0 in build.xml > > > Key: KNOX-2888 > URL: https://issues.apache.org/jira/browse/KNOX-2888 > Project: Apache Knox > Issue Type: Bug > Components: Build >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2888) Update gateway-version to 2.1.0 in build.xml
[ https://issues.apache.org/jira/browse/KNOX-2888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2888: --- Fix Version/s: 2.1.0 > Update gateway-version to 2.1.0 in build.xml > > > Key: KNOX-2888 > URL: https://issues.apache.org/jira/browse/KNOX-2888 > Project: Apache Knox > Issue Type: Bug > Components: Build >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2877) HA support for Knox WebShell
[ https://issues.apache.org/jira/browse/KNOX-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2877: --- Affects Version/s: (was: 2.1.0) > HA support for Knox WebShell > > > Key: KNOX-2877 > URL: https://issues.apache.org/jira/browse/KNOX-2877 > Project: Apache Knox > Issue Type: Improvement > Components: WebShell >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > > In case of HA we need to make sure requests are routed to correct Knox > instances. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2877) HA support for Knox WebShell
[ https://issues.apache.org/jira/browse/KNOX-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2877: --- Affects Version/s: 2.1.0 > HA support for Knox WebShell > > > Key: KNOX-2877 > URL: https://issues.apache.org/jira/browse/KNOX-2877 > Project: Apache Knox > Issue Type: Improvement > Components: WebShell >Affects Versions: 2.1.0 >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > > In case of HA we need to make sure requests are routed to correct Knox > instances. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2888) Update gateway-version to 2.1.0 in build.xml
Sandeep More created KNOX-2888: -- Summary: Update gateway-version to 2.1.0 in build.xml Key: KNOX-2888 URL: https://issues.apache.org/jira/browse/KNOX-2888 Project: Apache Knox Issue Type: Bug Components: Build Reporter: Sandeep More Assignee: Sandeep More -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2886) Prevent ArrayIndexOutofBound error in GatewayWebsocketHandler class
[ https://issues.apache.org/jira/browse/KNOX-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2886: --- Summary: Prevent ArrayIndexOutofBound error in GatewayWebsocketHandler class (was: prevent ArrayIndexOutofBound error in GatewayWebsocketHandler class) > Prevent ArrayIndexOutofBound error in GatewayWebsocketHandler class > --- > > Key: KNOX-2886 > URL: https://issues.apache.org/jira/browse/KNOX-2886 > Project: Apache Knox > Issue Type: Bug > Components: websockets >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > > This is the method on question > org.apache.knox.gateway.websockets.GatewayWebsocketHandler.generateUrlSuffix(String, > String[]) > line 299 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2886) prevent ArrayIndexOutofBound error in GatewayWebsocketHandler class
Sandeep More created KNOX-2886: -- Summary: prevent ArrayIndexOutofBound error in GatewayWebsocketHandler class Key: KNOX-2886 URL: https://issues.apache.org/jira/browse/KNOX-2886 Project: Apache Knox Issue Type: Bug Components: websockets Reporter: Sandeep More Assignee: Sandeep More This is the method on question org.apache.knox.gateway.websockets.GatewayWebsocketHandler.generateUrlSuffix(String, String[]) line 299 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2885) Upgrade snakeyaml to 2.0
Sandeep More created KNOX-2885: -- Summary: Upgrade snakeyaml to 2.0 Key: KNOX-2885 URL: https://issues.apache.org/jira/browse/KNOX-2885 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2882) Add documentation for knoxsso.cookie.samesite param
Sandeep More created KNOX-2882: -- Summary: Add documentation for knoxsso.cookie.samesite param Key: KNOX-2882 URL: https://issues.apache.org/jira/browse/KNOX-2882 Project: Apache Knox Issue Type: Bug Components: Document Reporter: Sandeep More Assignee: Sandeep More -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2872) Webshell does not work with loadbalancer
[ https://issues.apache.org/jira/browse/KNOX-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2872: --- Fix Version/s: (was: 2.0.1) > Webshell does not work with loadbalancer > > > Key: KNOX-2872 > URL: https://issues.apache.org/jira/browse/KNOX-2872 > Project: Apache Knox > Issue Type: Bug > Components: WebShell >Reporter: Abhilash Perla >Assignee: Sandeep More >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Webshell gives "Connection Timeout" error when LB is used in front of Knox. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2877) HA support for Knox WebShell
Sandeep More created KNOX-2877: -- Summary: HA support for Knox WebShell Key: KNOX-2877 URL: https://issues.apache.org/jira/browse/KNOX-2877 Project: Apache Knox Issue Type: Improvement Components: WebShell Reporter: Sandeep More Assignee: Sandeep More In case of HA we need to make sure requests are routed to correct Knox instances. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2872) Webshell does not work with loadbalancer
[ https://issues.apache.org/jira/browse/KNOX-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2872: --- Reporter: Abhilash Perla (was: Sandeep More) > Webshell does not work with loadbalancer > > > Key: KNOX-2872 > URL: https://issues.apache.org/jira/browse/KNOX-2872 > Project: Apache Knox > Issue Type: Bug > Components: WebShell >Reporter: Abhilash Perla >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.1 > > Time Spent: 20m > Remaining Estimate: 0h > > Webshell gives "Connection Timeout" error when LB is used in front of Knox. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2872) Webshell does not work with loadbalancer
[ https://issues.apache.org/jira/browse/KNOX-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2872. Resolution: Fixed > Webshell does not work with loadbalancer > > > Key: KNOX-2872 > URL: https://issues.apache.org/jira/browse/KNOX-2872 > Project: Apache Knox > Issue Type: Bug > Components: WebShell >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.1 > > Time Spent: 20m > Remaining Estimate: 0h > > Webshell gives "Connection Timeout" error when LB is used in front of Knox. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work stopped] (KNOX-2872) Webshell does not work with loadbalancer
[ https://issues.apache.org/jira/browse/KNOX-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on KNOX-2872 stopped by Sandeep More. -- > Webshell does not work with loadbalancer > > > Key: KNOX-2872 > URL: https://issues.apache.org/jira/browse/KNOX-2872 > Project: Apache Knox > Issue Type: Bug > Components: WebShell >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Webshell gives "Connection Timeout" error when LB is used in front of Knox. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work started] (KNOX-2872) Webshell does not work with loadbalancer
[ https://issues.apache.org/jira/browse/KNOX-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on KNOX-2872 started by Sandeep More. -- > Webshell does not work with loadbalancer > > > Key: KNOX-2872 > URL: https://issues.apache.org/jira/browse/KNOX-2872 > Project: Apache Knox > Issue Type: Bug > Components: WebShell >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Webshell gives "Connection Timeout" error when LB is used in front of Knox. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2872) Webshell does not work with loadbalancer
[ https://issues.apache.org/jira/browse/KNOX-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2872: --- Fix Version/s: 2.0.1 > Webshell does not work with loadbalancer > > > Key: KNOX-2872 > URL: https://issues.apache.org/jira/browse/KNOX-2872 > Project: Apache Knox > Issue Type: Bug > Components: WebShell >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.1 > > Time Spent: 20m > Remaining Estimate: 0h > > Webshell gives "Connection Timeout" error when LB is used in front of Knox. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work started] (KNOX-2872) Webshell does not work with loadbalancer
[ https://issues.apache.org/jira/browse/KNOX-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on KNOX-2872 started by Sandeep More. -- > Webshell does not work with loadbalancer > > > Key: KNOX-2872 > URL: https://issues.apache.org/jira/browse/KNOX-2872 > Project: Apache Knox > Issue Type: Bug > Components: WebShell >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Webshell gives "Connection Timeout" error when LB is used in front of Knox. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2872) Webshell does not work with loadbalancer
Sandeep More created KNOX-2872: -- Summary: Webshell does not work with loadbalancer Key: KNOX-2872 URL: https://issues.apache.org/jira/browse/KNOX-2872 Project: Apache Knox Issue Type: Bug Components: WebShell Reporter: Sandeep More Assignee: Sandeep More Webshell gives "Connection Timeout" error when LB is used in front of Knox. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2868) Add Helm chart to Knox repo
Sandeep More created KNOX-2868: -- Summary: Add Helm chart to Knox repo Key: KNOX-2868 URL: https://issues.apache.org/jira/browse/KNOX-2868 Project: Apache Knox Issue Type: New Feature Components: docker Reporter: Sandeep More Assignee: Sandeep More A Helm chart for knox would help in speedy development, testing and release verification. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2867) Update Knox docker image to support adding secrets and certs
Sandeep More created KNOX-2867: -- Summary: Update Knox docker image to support adding secrets and certs Key: KNOX-2867 URL: https://issues.apache.org/jira/browse/KNOX-2867 Project: Apache Knox Issue Type: Bug Components: docker Reporter: Sandeep More Assignee: Sandeep More -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2866) REST API for determining gateway readiness
[ https://issues.apache.org/jira/browse/KNOX-2866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17681475#comment-17681475 ] Sandeep More commented on KNOX-2866: We have the health API that can be leveraged here https://knox.apache.org/books/knox-1-6-0/dev-guide.html#Health+Monitoring+API > REST API for determining gateway readiness > -- > > Key: KNOX-2866 > URL: https://issues.apache.org/jira/browse/KNOX-2866 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Affects Versions: 2.0.0 >Reporter: Philip Zampino >Priority: Major > Fix For: 2.0.1 > > > It will be good to provide a REST API for determining that the gateway has > completed its initialization and is completely ready to serve requests. > This API should be available to anyone, and should indicate the current > status upon invocation. Status values could be as basic as STARTING and > STARTED. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2841) Oozie "root" rewrite rule's pattern is too open
[ https://issues.apache.org/jira/browse/KNOX-2841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17680572#comment-17680572 ] Sandeep More commented on KNOX-2841: Merged the PR. Thank you again [~dionusos] for your contribution. > Oozie "root" rewrite rule's pattern is too open > --- > > Key: KNOX-2841 > URL: https://issues.apache.org/jira/browse/KNOX-2841 > Project: Apache Knox > Issue Type: Bug >Affects Versions: 1.6.0 >Reporter: Dénes Bodó >Assignee: Dénes Bodó >Priority: Major > Fix For: 2.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > > It seems that the "root" rewrite rule for Oozie is too open and causes the > following issue: > When we use Apache Hue as the UI for Oozie and we define a workflow property > for a file path like > *hdfs://mnameservice1/oozie/test* > then on Hue's workflow details page we will see an url for that property like: > *[http://oozie-host.examole.com:11000/oozie/test]* > And it seems this replacement is due to the following rule: > {code:xml} > pattern="*://*:*/**/oozie/{**}?{**}"> > > > {code} > When I changed it to > {code:xml} > pattern="http*://*:*/**/oozie/{**}?{**}"> > > > {code} > in my test environment then the Hue UI showed me the correct HDFS path. > > I am creating the pull request soon. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2863) LB does not work when session cookie is not the first cookie
[ https://issues.apache.org/jira/browse/KNOX-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2863. Fix Version/s: 2.0.0 Resolution: Fixed > LB does not work when session cookie is not the first cookie > > > Key: KNOX-2863 > URL: https://issues.apache.org/jira/browse/KNOX-2863 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > There is a bug in the code where we try to find the first cookie instead of > checking for all cookies in ConfigurableHADispatch class. > {code:java} > sessionCookie = > Arrays.stream(inboundRequest.getCookies()) > .findFirst() > .filter(cookie -> > stickySessionCookieName.equals(cookie.getName())); > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2863) LB does not work when session cookie is not the first cookie
Sandeep More created KNOX-2863: -- Summary: LB does not work when session cookie is not the first cookie Key: KNOX-2863 URL: https://issues.apache.org/jira/browse/KNOX-2863 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More There is a bug in the code where we try to find the first cookie instead of checking for all cookies in ConfigurableHADispatch class. {code:java} sessionCookie = Arrays.stream(inboundRequest.getCookies()) .findFirst() .filter(cookie -> stickySessionCookieName.equals(cookie.getName())); {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2861) Upgrade cloudera manager api
[ https://issues.apache.org/jira/browse/KNOX-2861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2861. Fix Version/s: 2.0.0 Resolution: Fixed > Upgrade cloudera manager api > > > Key: KNOX-2861 > URL: https://issues.apache.org/jira/browse/KNOX-2861 > Project: Apache Knox > Issue Type: Bug > Components: cm-discovery >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2861) Upgrade cloudera manager api
Sandeep More created KNOX-2861: -- Summary: Upgrade cloudera manager api Key: KNOX-2861 URL: https://issues.apache.org/jira/browse/KNOX-2861 Project: Apache Knox Issue Type: Bug Components: cm-discovery Reporter: Sandeep More Assignee: Sandeep More -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2858) Provide UI proxy support for the Grafana UI ?
[ https://issues.apache.org/jira/browse/KNOX-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2858. Resolution: Invalid > Provide UI proxy support for the Grafana UI ? > - > > Key: KNOX-2858 > URL: https://issues.apache.org/jira/browse/KNOX-2858 > Project: Apache Knox > Issue Type: New Feature >Reporter: panlijie >Priority: Minor > > Provide UI proxy support for the Grafana UI ? > Thank you! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2858) Provide UI proxy support for the Grafana UI ?
[ https://issues.apache.org/jira/browse/KNOX-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17652481#comment-17652481 ] Sandeep More commented on KNOX-2858: Hello [~panlijie] is this a question or a feature request? :) Please ask question on the Knox mailing list https://knox.apache.org/mailing-lists.html > Provide UI proxy support for the Grafana UI ? > - > > Key: KNOX-2858 > URL: https://issues.apache.org/jira/browse/KNOX-2858 > Project: Apache Knox > Issue Type: New Feature >Reporter: panlijie >Priority: Minor > > Provide UI proxy support for the Grafana UI ? > Thank you! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2837) Document KnoxShell Feature
[ https://issues.apache.org/jira/browse/KNOX-2837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2837. Fix Version/s: 2.0.0 Resolution: Fixed https://knox.apache.org/books/knox-2-0-0/user-guide.html#Webshell > Document KnoxShell Feature > -- > > Key: KNOX-2837 > URL: https://issues.apache.org/jira/browse/KNOX-2837 > Project: Apache Knox > Issue Type: Bug > Components: KnoxShell >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > > KnoxShell feature was added in KNOX-2631. We need to document this feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2841) Oozie "root" rewrite rule's pattern is too open
[ https://issues.apache.org/jira/browse/KNOX-2841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2841: --- Fix Version/s: 2.0.0 > Oozie "root" rewrite rule's pattern is too open > --- > > Key: KNOX-2841 > URL: https://issues.apache.org/jira/browse/KNOX-2841 > Project: Apache Knox > Issue Type: Bug >Affects Versions: 1.6.0 >Reporter: Dénes Bodó >Assignee: Dénes Bodó >Priority: Major > Fix For: 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > It seems that the "root" rewrite rule for Oozie is too open and causes the > following issue: > When we use Apache Hue as the UI for Oozie and we define a workflow property > for a file path like > *hdfs://mnameservice1/oozie/test* > then on Hue's workflow details page we will see an url for that property like: > *[http://oozie-host.examole.com:11000/oozie/test]* > And it seems this replacement is due to the following rule: > {code:xml} > pattern="*://*:*/**/oozie/{**}?{**}"> > > > {code} > When I changed it to > {code:xml} > pattern="http*://*:*/**/oozie/{**}?{**}"> > > > {code} > in my test environment then the Hue UI showed me the correct HDFS path. > > I am creating the pull request soon. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-2841) Oozie "root" rewrite rule's pattern is too open
[ https://issues.apache.org/jira/browse/KNOX-2841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17633989#comment-17633989 ] Sandeep More commented on KNOX-2841: Thank you for your contribution [~dionusos] the patch is now committed to master :) > Oozie "root" rewrite rule's pattern is too open > --- > > Key: KNOX-2841 > URL: https://issues.apache.org/jira/browse/KNOX-2841 > Project: Apache Knox > Issue Type: Bug >Affects Versions: 1.6.0 >Reporter: Dénes Bodó >Assignee: Dénes Bodó >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > It seems that the "root" rewrite rule for Oozie is too open and causes the > following issue: > When we use Apache Hue as the UI for Oozie and we define a workflow property > for a file path like > *hdfs://mnameservice1/oozie/test* > then on Hue's workflow details page we will see an url for that property like: > *[http://oozie-host.examole.com:11000/oozie/test]* > And it seems this replacement is due to the following rule: > {code:xml} > pattern="*://*:*/**/oozie/{**}?{**}"> > > > {code} > When I changed it to > {code:xml} > pattern="http*://*:*/**/oozie/{**}?{**}"> > > > {code} > in my test environment then the Hue UI showed me the correct HDFS path. > > I am creating the pull request soon. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2841) Oozie "root" rewrite rule's pattern is too open
[ https://issues.apache.org/jira/browse/KNOX-2841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2841. Resolution: Fixed > Oozie "root" rewrite rule's pattern is too open > --- > > Key: KNOX-2841 > URL: https://issues.apache.org/jira/browse/KNOX-2841 > Project: Apache Knox > Issue Type: Bug >Affects Versions: 1.6.0 >Reporter: Dénes Bodó >Assignee: Dénes Bodó >Priority: Major > Fix For: 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > It seems that the "root" rewrite rule for Oozie is too open and causes the > following issue: > When we use Apache Hue as the UI for Oozie and we define a workflow property > for a file path like > *hdfs://mnameservice1/oozie/test* > then on Hue's workflow details page we will see an url for that property like: > *[http://oozie-host.examole.com:11000/oozie/test]* > And it seems this replacement is due to the following rule: > {code:xml} > pattern="*://*:*/**/oozie/{**}?{**}"> > > > {code} > When I changed it to > {code:xml} > pattern="http*://*:*/**/oozie/{**}?{**}"> > > > {code} > in my test environment then the Hue UI showed me the correct HDFS path. > > I am creating the pull request soon. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2837) Document KnoxShell Feature
Sandeep More created KNOX-2837: -- Summary: Document KnoxShell Feature Key: KNOX-2837 URL: https://issues.apache.org/jira/browse/KNOX-2837 Project: Apache Knox Issue Type: Bug Components: KnoxShell Reporter: Sandeep More Assignee: Sandeep More KnoxShell feature was added in KNOX-2631. We need to document this feature. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2836) Some of the SAML properties are not getting picked up in Pac4j filter
[ https://issues.apache.org/jira/browse/KNOX-2836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2836. Resolution: Invalid > Some of the SAML properties are not getting picked up in Pac4j filter > - > > Key: KNOX-2836 > URL: https://issues.apache.org/jira/browse/KNOX-2836 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO >Reporter: Sandeep More >Priority: Major > > Some of the documented SAML properties are not picked up by the > Pac4JDispatchFilter. > e.g. > saml.keystorePassword > saml.keystorePath -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2836) Some of the SAML properties are not getting picked up in Pac4j filter
Sandeep More created KNOX-2836: -- Summary: Some of the SAML properties are not getting picked up in Pac4j filter Key: KNOX-2836 URL: https://issues.apache.org/jira/browse/KNOX-2836 Project: Apache Knox Issue Type: Bug Components: KnoxSSO Reporter: Sandeep More Some of the documented SAML properties are not picked up by the Pac4JDispatchFilter. e.g. saml.keystorePassword saml.keystorePath -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2631) KnoxSSO for Secure Shell Access
[ https://issues.apache.org/jira/browse/KNOX-2631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2631. Resolution: Fixed Thank you [~luliu0812] for your contribution, the feature is now merged to master :) > KnoxSSO for Secure Shell Access > --- > > Key: KNOX-2631 > URL: https://issues.apache.org/jira/browse/KNOX-2631 > Project: Apache Knox > Issue Type: New Feature > Components: Homepage, KnoxSSO >Affects Versions: 1.5.0 >Reporter: Lu Liu >Assignee: Lu Liu >Priority: Minor > Fix For: 2.0.0 > > Time Spent: 7h 40m > Remaining Estimate: 0h > > While Apache Knox aids in helping to lessen the need to gain physical access > to deployment machines, there are still numerous compelling reasons for users > to require such access: > 1. Debugging, log access, etc > 2. CLI use and automation > 3. beeline and other clients that are deployed to gateway machines > Gaining access to a shell for these purposes currently requires the user to > have > an ssh client installed and valid credentials that can be used for ssh, such > as: > username and password or SSH keys. Separate management of credentials for this > access introduces some additional complexities which may even violate > enterprise > infosec policies and require the secure distribution and management of keys. > The intent of this proposed improvement is to add a browser based terminal > application > that will provide secure access to a shell on the Knox machine. Just as any > resource > exposed by or hosted by Knox, you would be able to protect access to this > terminal > with any of the available security providers. We would also like to make this > available out of the box as available from the Knox Homepage. This would make > the > terminal/shell available via KnoxSSO thus providing shell access with your > existing > enterprise credential authenticated SSO session. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2826) Refactor JWT validation code
Sandeep More created KNOX-2826: -- Summary: Refactor JWT validation code Key: KNOX-2826 URL: https://issues.apache.org/jira/browse/KNOX-2826 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More As part of KNOX-2631 JWT validation was added to Websocket layer. This code is duplicate of existing JWT validation which is based on filter implementation. This JIRA is to refactor validation code. So we don't have duplicates. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KNOX-2825) Only add "Default" provider iff it is found in the provider contributor map
[ https://issues.apache.org/jira/browse/KNOX-2825?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More updated KNOX-2825: --- Fix Version/s: 2.0.0 > Only add "Default" provider iff it is found in the provider contributor map > --- > > Key: KNOX-2825 > URL: https://issues.apache.org/jira/browse/KNOX-2825 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > This issue was found as part of work on Webshell. It was suggested to create > a separate JIRA for this issue. > Only add "Default" provider iff it is found in the provider contributor map. > There could be cases where service loader might find other identity-assertion > providers e.g. JWTAuthCodeAsserter -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (KNOX-2825) Only add "Default" provider iff it is found in the provider contributor map
[ https://issues.apache.org/jira/browse/KNOX-2825?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sandeep More resolved KNOX-2825. Resolution: Fixed > Only add "Default" provider iff it is found in the provider contributor map > --- > > Key: KNOX-2825 > URL: https://issues.apache.org/jira/browse/KNOX-2825 > Project: Apache Knox > Issue Type: Bug > Components: Server >Reporter: Sandeep More >Assignee: Sandeep More >Priority: Major > Fix For: 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > This issue was found as part of work on Webshell. It was suggested to create > a separate JIRA for this issue. > Only add "Default" provider iff it is found in the provider contributor map. > There could be cases where service loader might find other identity-assertion > providers e.g. JWTAuthCodeAsserter -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (KNOX-2825) Only add "Default" provider iff it is found in the provider contributor map
Sandeep More created KNOX-2825: -- Summary: Only add "Default" provider iff it is found in the provider contributor map Key: KNOX-2825 URL: https://issues.apache.org/jira/browse/KNOX-2825 Project: Apache Knox Issue Type: Bug Components: Server Reporter: Sandeep More Assignee: Sandeep More This issue was found as part of work on Webshell. It was suggested to create a separate JIRA for this issue. Only add "Default" provider iff it is found in the provider contributor map. There could be cases where service loader might find other identity-assertion providers e.g. JWTAuthCodeAsserter -- This message was sent by Atlassian Jira (v8.20.10#820010)