[GitHub] [knox] MrtnBalazs merged pull request #716: KNOX-2748 - Fixed HashiCorp alias service getPasswordFromAliasForCluster
MrtnBalazs merged PR #716: URL: https://github.com/apache/knox/pull/716 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #716: KNOX-2748 - Fixed HashiCorp alias service getPasswordFromAliasForCluster
smolnar82 commented on code in PR #716:
URL: https://github.com/apache/knox/pull/716#discussion_r1081102335
##
gateway-service-hashicorp-vault/src/test/java/org/apache/knox/gateway/backend/hashicorp/vault/TestHashicorpVaultAliasService.java:
##
@@ -184,6 +185,9 @@ public void testVaultIntegration() throws Exception {
assertNull(aliasService.getPasswordFromAliasForCluster(clusterName,
alias));
assertEquals(0, aliasService.getAliasesForCluster(clusterName).size());
+char[] generatedPassword =
aliasService.getPasswordFromAliasForCluster(clusterName, alias, true);
+assertNotNull(generatedPassword != null);
+
Review Comment:
Thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] MrtnBalazs commented on a diff in pull request #716: KNOX-2748 - Fixed HashiCorp alias service getPasswordFromAliasForCluster
MrtnBalazs commented on code in PR #716:
URL: https://github.com/apache/knox/pull/716#discussion_r1081086392
##
gateway-service-hashicorp-vault/src/test/java/org/apache/knox/gateway/backend/hashicorp/vault/TestHashicorpVaultAliasService.java:
##
@@ -184,6 +185,9 @@ public void testVaultIntegration() throws Exception {
assertNull(aliasService.getPasswordFromAliasForCluster(clusterName,
alias));
assertEquals(0, aliasService.getAliasesForCluster(clusterName).size());
+char[] generatedPassword =
aliasService.getPasswordFromAliasForCluster(clusterName, alias, true);
+assertNotNull(generatedPassword != null);
+
Review Comment:
Alright.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #716: KNOX-2748 - Fixed HashiCorp alias service getPasswordFromAliasForCluster
smolnar82 commented on code in PR #716:
URL: https://github.com/apache/knox/pull/716#discussion_r1080967212
##
gateway-service-hashicorp-vault/src/test/java/org/apache/knox/gateway/backend/hashicorp/vault/TestHashicorpVaultAliasService.java:
##
@@ -184,6 +185,9 @@ public void testVaultIntegration() throws Exception {
assertNull(aliasService.getPasswordFromAliasForCluster(clusterName,
alias));
assertEquals(0, aliasService.getAliasesForCluster(clusterName).size());
+char[] generatedPassword =
aliasService.getPasswordFromAliasForCluster(clusterName, alias, true);
+assertNotNull(generatedPassword != null);
+
Review Comment:
You may want to make sure the generated password for `alias` is not the same
as `aliasPassword`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] MrtnBalazs opened a new pull request, #716: KNOX-2748 - Fixed HashiCorp alias service getPasswordFromAliasForCluster
MrtnBalazs opened a new pull request, #716: URL: https://github.com/apache/knox/pull/716 ## What changes were proposed in this pull request? Fixed the HashiCorpVaultAliasService `getPasswordFromAliasForCluster` function, because it worked incorrectly when the generate flag was set to `true`. ## How was this patch tested? I extended the existing unit tests. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] moresandeep merged pull request #715: KNOX-2863 - Fix an issue where session cookie order in LB feature breaks
moresandeep merged PR #715: URL: https://github.com/apache/knox/pull/715 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] moresandeep opened a new pull request, #715: KNOX-2863 - Fix an issue where session cookie order in LB feature breaks
moresandeep opened a new pull request, #715: URL: https://github.com/apache/knox/pull/715 ## What changes were proposed in this pull request? Fix a bug which causes LB to break when sticky session cookie is not the first one. ## How was this patch tested? Unit tests. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] zeroflag merged pull request #714: KNOX-2862 - Setup idle timeout for SSO cookie to 15 minutes
zeroflag merged PR #714: URL: https://github.com/apache/knox/pull/714 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] pzampino commented on a diff in pull request #714: KNOX-2862 - Setup idle timeout for SSO cookie to 15 minutes
pzampino commented on code in PR #714:
URL: https://github.com/apache/knox/pull/714#discussion_r1072665671
##
gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java:
##
@@ -95,7 +95,7 @@ public class WebSSOResource {
private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
private static final String SSO_COOKIE_SAMESITE_DEFAULT = "Strict";
- private static final long TOKEN_TTL_DEFAULT = 3L;
+ private static final long TOKEN_TTL_DEFAULT = 15000 * 60;
Review Comment:
This does seem to be a more reasonable default, so let's make this change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 merged pull request #713: KNOX-2859 - Token Management UI improvements
smolnar82 merged PR #713: URL: https://github.com/apache/knox/pull/713 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] pzampino commented on a diff in pull request #713: KNOX-2859 - Token Management UI improvements
pzampino commented on code in PR #713:
URL: https://github.com/apache/knox/pull/713#discussion_r1065889252
##
knox-token-management-ui/token-management/app/token.management.component.html:
##
@@ -20,90 +20,116 @@
+
My Knox Tokens
-
-
-
-Token ID
-Issued
-Expires
-Comment
-Additional Metadata
-Actions
-
-
-
-
-{{knoxToken.tokenId}}
-{{formatDateTime(knoxToken.issueTimeLong)}}
-{{formatDateTime(knoxToken.expirationLong)}}
-{{formatDateTime(knoxToken.expirationLong)}}
-{{knoxToken.metadata.comment}}
-
-
-
- {{metadata[0]}} = {{metadata[1]}}
-
-
-
-
+
+
+Search by Token ID, Comment or Metadata...
+
+
+
+
+
+Token ID
+{{knoxToken.tokenId}}
+
+
+
+Issued
+{{formatDateTime(knoxToken.issueTimeLong)}}
+
+
+
+Expires
+{{formatDateTime(knoxToken.expirationLong)}}
+
+
+
+Comment
+{{knoxToken.metadata.comment}}
+
+
+
+Additional
Metadata
+
+
+
+ {{metadata[0]}} = {{metadata[1]}}
+
+
+
+
+
+
+Actions
+
Disable
Enable
Revoke
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-
-Impersonation Knox Tokens
-
-
-
-Token ID
-Issued
-Expires
-Comment
-Additional Metadata
-Impersonated User
-
-
-
-
-{{doAsKnoxtoken.tokenId}}
-{{formatDateTime(doAsKnoxtoken.issueTimeLong)}}
-{{formatDateTime(doAsKnoxtoken.expirationLong)}}
-{{formatDateTime(doAsKnoxtoken.expirationLong)}}
-{{doAsKnoxtoken.metadata.comment}}
-
-
-
- {{metadata[0]}} = {{metadata[1]}}
-
-
-
-{{doAsKnoxtoken.metadata.userName}}
-
-
-
-
-
-
-
-
-
-
+
Review Comment:
I recognize that this is not directly related to this PR.
I think my confusion may be due to the inability to disable/revoke the
tokens in the second table, but that is a separate topic.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] zeroflag commented on a diff in pull request #714: KNOX-2862 - Setup idle timeout for SSO cookie to 15 minutes
zeroflag commented on code in PR #714:
URL: https://github.com/apache/knox/pull/714#discussion_r1065620201
##
gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java:
##
@@ -95,7 +95,7 @@ public class WebSSOResource {
private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
private static final String SSO_COOKIE_SAMESITE_DEFAULT = "Strict";
- private static final long TOKEN_TTL_DEFAULT = 3L;
+ private static final long TOKEN_TTL_DEFAULT = 15000 * 60;
Review Comment:
@pzampino Right, this might not be strictly needed. We can modify the
deployment related default configs only.
But I think it shouldn't break anything either. If someone needs a specific
value I would expect them to have an explicit configuration instead of relaying
the default. And the default 30seconds timeout seems to be too low anyway,
isn't it?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] pzampino commented on a diff in pull request #714: KNOX-2862 - Setup idle timeout for SSO cookie to 15 minutes
pzampino commented on code in PR #714:
URL: https://github.com/apache/knox/pull/714#discussion_r1065015897
##
gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java:
##
@@ -95,7 +95,7 @@ public class WebSSOResource {
private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
private static final String SSO_COOKIE_SAMESITE_DEFAULT = "Strict";
- private static final long TOKEN_TTL_DEFAULT = 3L;
+ private static final long TOKEN_TTL_DEFAULT = 15000 * 60;
Review Comment:
Does the default value have to be FedRAMP-compliant? I would expect admins
deploying Knox for FedRAMP-compliant applications would configure the TTL
explicitly to adhere to those requirements.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #713: KNOX-2859 - Token Management UI improvements
smolnar82 commented on code in PR #713:
URL: https://github.com/apache/knox/pull/713#discussion_r1064965894
##
knox-token-management-ui/token-management/app/token.management.component.html:
##
@@ -20,90 +20,116 @@
+
My Knox Tokens
-
-
-
-Token ID
-Issued
-Expires
-Comment
-Additional Metadata
-Actions
-
-
-
-
-{{knoxToken.tokenId}}
-{{formatDateTime(knoxToken.issueTimeLong)}}
-{{formatDateTime(knoxToken.expirationLong)}}
-{{formatDateTime(knoxToken.expirationLong)}}
-{{knoxToken.metadata.comment}}
-
-
-
- {{metadata[0]}} = {{metadata[1]}}
-
-
-
-
+
+
+Search by Token ID, Comment or Metadata...
+
+
+
+
+
+Token ID
+{{knoxToken.tokenId}}
+
+
+
+Issued
+{{formatDateTime(knoxToken.issueTimeLong)}}
+
+
+
+Expires
+{{formatDateTime(knoxToken.expirationLong)}}
+
+
+
+Comment
+{{knoxToken.metadata.comment}}
+
+
+
+Additional
Metadata
+
+
+
+ {{metadata[0]}} = {{metadata[1]}}
+
+
+
+
+
+
+Actions
+
Disable
Enable
Revoke
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-
-Impersonation Knox Tokens
-
-
-
-Token ID
-Issued
-Expires
-Comment
-Additional Metadata
-Impersonated User
-
-
-
-
-{{doAsKnoxtoken.tokenId}}
-{{formatDateTime(doAsKnoxtoken.issueTimeLong)}}
-{{formatDateTime(doAsKnoxtoken.expirationLong)}}
-{{formatDateTime(doAsKnoxtoken.expirationLong)}}
-{{doAsKnoxtoken.metadata.comment}}
-
-
-
- {{metadata[0]}} = {{metadata[1]}}
-
-
-
-{{doAsKnoxtoken.metadata.userName}}
-
-
-
-
-
-
-
-
-
-
+
Review Comment:
In theory, they could be, but I made this decision when token impersonation
was introduced (so this is not a new thing here). This is easier to understand
and the UX is better this way (IMO, at least)
The relationship is straightforward:
- in the first table we list all tokens generated by the logged-in user for
himself/herself: `userName=logged-in user`
- in the second one we list all tokens generated by the logged-in user on
behalf of other users: `username=otherUser; createdBy=logged-in user`
The same is described
[here](https://knox.apache.org/books/knox-2-0-0/user-guide.html#Token+Management).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #713: KNOX-2859 - Token Management UI improvements
smolnar82 commented on code in PR #713:
URL: https://github.com/apache/knox/pull/713#discussion_r1064959951
##
knox-token-management-ui/token-management/app/token.management.component.ts:
##
@@ -57,13 +117,29 @@ export class TokenManagementComponent implements OnInit {
}
fetchAllKnoxTokens(): void {
-this.fetchKnoxTokens(true);
this.fetchKnoxTokens(false);
+this.fetchKnoxTokens(true);
Review Comment:
Nope, the order is irrelevant. I just made to change to reflect the order of
the tables on te GUI: my tokens first then the impersonation tokens.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] pzampino commented on a diff in pull request #713: KNOX-2859 - Token Management UI improvements
pzampino commented on code in PR #713:
URL: https://github.com/apache/knox/pull/713#discussion_r1064780286
##
knox-token-management-ui/token-management/app/token.management.component.ts:
##
@@ -57,13 +117,29 @@ export class TokenManagementComponent implements OnInit {
}
fetchAllKnoxTokens(): void {
-this.fetchKnoxTokens(true);
this.fetchKnoxTokens(false);
+this.fetchKnoxTokens(true);
Review Comment:
Is the order important here? Just trying to understand the change.
##
knox-token-management-ui/token-management/app/token.management.component.html:
##
@@ -20,90 +20,116 @@
+
My Knox Tokens
-
-
-
-Token ID
-Issued
-Expires
-Comment
-Additional Metadata
-Actions
-
-
-
-
-{{knoxToken.tokenId}}
-{{formatDateTime(knoxToken.issueTimeLong)}}
-{{formatDateTime(knoxToken.expirationLong)}}
-{{formatDateTime(knoxToken.expirationLong)}}
-{{knoxToken.metadata.comment}}
-
-
-
- {{metadata[0]}} = {{metadata[1]}}
-
-
-
-
+
+
+Search by Token ID, Comment or Metadata...
+
+
+
+
+
+Token ID
+{{knoxToken.tokenId}}
+
+
+
+Issued
+{{formatDateTime(knoxToken.issueTimeLong)}}
+
+
+
+Expires
+{{formatDateTime(knoxToken.expirationLong)}}
+
+
+
+Comment
+{{knoxToken.metadata.comment}}
+
+
+
+Additional
Metadata
+
+
+
+ {{metadata[0]}} = {{metadata[1]}}
+
+
+
+
+
+
+Actions
+
Disable
Enable
Revoke
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-
-Impersonation Knox Tokens
-
-
-
-Token ID
-Issued
-Expires
-Comment
-Additional Metadata
-Impersonated User
-
-
-
-
-{{doAsKnoxtoken.tokenId}}
-{{formatDateTime(doAsKnoxtoken.issueTimeLong)}}
-{{formatDateTime(doAsKnoxtoken.expirationLong)}}
-{{formatDateTime(doAsKnoxtoken.expirationLong)}}
-{{doAsKnoxtoken.metadata.comment}}
-
-
-
- {{metadata[0]}} = {{metadata[1]}}
-
-
-
-{{doAsKnoxtoken.metadata.userName}}
-
-
-
-
-
-
-
-
-
-
+
Review Comment:
Why are tokens acquired with impersonation presented in a distinct table
from "normal" tokens? Couldn't it be a single table? The relationship between
the tables isn't entirely clear to me, and you can only act on rows in the My
Knox Tokens table.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #713: KNOX-2859 - Token Management UI improvements
smolnar82 commented on code in PR #713:
URL: https://github.com/apache/knox/pull/713#discussion_r1064586511
##
knox-token-management-ui/token-management/app/token.management.component.ts:
##
@@ -57,13 +117,29 @@ export class TokenManagementComponent implements OnInit {
}
fetchAllKnoxTokens(): void {
-this.fetchKnoxTokens(true);
this.fetchKnoxTokens(false);
+this.fetchKnoxTokens(true);
}
fetchKnoxTokens(impersonated: boolean): void {
this.tokenManagementService.getKnoxTokens(this.userName, impersonated)
-.then(tokens => impersonated ? this.doAsKnoxTokens = tokens :
this.knoxTokens = tokens);
+.then(tokens => this.populateTokens(impersonated, tokens));
+}
+
+populateTokens(impersonated: boolean, tokens: KnoxToken[]) {
+ if (impersonated) {
Review Comment:
Fixed.
##
knox-token-management-ui/token-management/app/token.management.component.ts:
##
@@ -42,6 +55,53 @@ export class TokenManagementComponent implements OnInit {
}
constructor(private tokenManagementService: TokenManagementService) {
+let isMatch: (record: KnoxToken, filter: String, impersonated:
boolean) => boolean = (record, filter, impersonated) => {
+ let normalizedFilter = filter.trim().toLocaleLowerCase();
+ let matchesTokenId =
record.tokenId.toLocaleLowerCase().includes(normalizedFilter);
+ let matchesComment = record.metadata.comment &&
record.metadata.comment.toLocaleLowerCase().includes(normalizedFilter);
+ let matchesCustomMetadata = false;
+ if (record.metadata.customMetadataMap) {
+for (let entry of
Array.from(Object.entries(record.metadata.customMetadataMap))) {
+ if (entry[0].toLocaleLowerCase().includes(normalizedFilter)
|| entry[1].toLocaleLowerCase().includes(normalizedFilter)) {
+ matchesCustomMetadata = true;
+ break;
+ }
+}
+ } else {
+matchesCustomMetadata = true; // nothing to match
+ }
+
+ let matchesImpersonatedUserName = false; // doAs username should be
checked only if impersonation is enabled
+ if (impersonated) {
+ matchesImpersonatedUserName =
record.metadata.userName.toLocaleLowerCase().includes(normalizedFilter);
+ }
+
+ return matchesTokenId || matchesComment || matchesCustomMetadata ||
matchesImpersonatedUserName;
+};
+
+this.knoxTokens.filterPredicate = function (record, filter) {
+ return isMatch(record, filter, false);
+};
+
+this.doAsKnoxTokens.filterPredicate = function (record, filter) {
+ return isMatch(record, filter, true);
+};
+
+this.knoxTokens.sortingDataAccessor = (item, property) => {
+ switch(property) {
+ case 'metadata.comment': return item.metadata.comment;
+ default: return item[property];
+ }
+};
+
+this.doAsKnoxTokens.sortingDataAccessor = (item, property) => {
+ let normalizedPropertyName = property.replace('impersonation.',
'');
Review Comment:
Fixed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] zeroflag commented on a diff in pull request #713: KNOX-2859 - Token Management UI improvements
zeroflag commented on code in PR #713:
URL: https://github.com/apache/knox/pull/713#discussion_r1064559699
##
knox-token-management-ui/token-management/app/token.management.component.ts:
##
@@ -42,6 +55,53 @@ export class TokenManagementComponent implements OnInit {
}
constructor(private tokenManagementService: TokenManagementService) {
+let isMatch: (record: KnoxToken, filter: String, impersonated:
boolean) => boolean = (record, filter, impersonated) => {
+ let normalizedFilter = filter.trim().toLocaleLowerCase();
+ let matchesTokenId =
record.tokenId.toLocaleLowerCase().includes(normalizedFilter);
+ let matchesComment = record.metadata.comment &&
record.metadata.comment.toLocaleLowerCase().includes(normalizedFilter);
+ let matchesCustomMetadata = false;
+ if (record.metadata.customMetadataMap) {
+for (let entry of
Array.from(Object.entries(record.metadata.customMetadataMap))) {
+ if (entry[0].toLocaleLowerCase().includes(normalizedFilter)
|| entry[1].toLocaleLowerCase().includes(normalizedFilter)) {
+ matchesCustomMetadata = true;
+ break;
+ }
+}
+ } else {
+matchesCustomMetadata = true; // nothing to match
+ }
+
+ let matchesImpersonatedUserName = false; // doAs username should be
checked only if impersonation is enabled
+ if (impersonated) {
+ matchesImpersonatedUserName =
record.metadata.userName.toLocaleLowerCase().includes(normalizedFilter);
+ }
+
+ return matchesTokenId || matchesComment || matchesCustomMetadata ||
matchesImpersonatedUserName;
+};
+
+this.knoxTokens.filterPredicate = function (record, filter) {
+ return isMatch(record, filter, false);
+};
+
+this.doAsKnoxTokens.filterPredicate = function (record, filter) {
+ return isMatch(record, filter, true);
+};
+
+this.knoxTokens.sortingDataAccessor = (item, property) => {
+ switch(property) {
+ case 'metadata.comment': return item.metadata.comment;
+ default: return item[property];
+ }
+};
+
+this.doAsKnoxTokens.sortingDataAccessor = (item, property) => {
+ let normalizedPropertyName = property.replace('impersonation.',
'');
Review Comment:
nit: wrong indentation
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] zeroflag commented on a diff in pull request #713: KNOX-2859 - Token Management UI improvements
zeroflag commented on code in PR #713:
URL: https://github.com/apache/knox/pull/713#discussion_r1064559462
##
knox-token-management-ui/token-management/app/token.management.component.ts:
##
@@ -57,13 +117,29 @@ export class TokenManagementComponent implements OnInit {
}
fetchAllKnoxTokens(): void {
-this.fetchKnoxTokens(true);
this.fetchKnoxTokens(false);
+this.fetchKnoxTokens(true);
}
fetchKnoxTokens(impersonated: boolean): void {
this.tokenManagementService.getKnoxTokens(this.userName, impersonated)
-.then(tokens => impersonated ? this.doAsKnoxTokens = tokens :
this.knoxTokens = tokens);
+.then(tokens => this.populateTokens(impersonated, tokens));
+}
+
+populateTokens(impersonated: boolean, tokens: KnoxToken[]) {
+ if (impersonated) {
Review Comment:
nit: missing indentation
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] zeroflag opened a new pull request, #714: KNOX-2862 - Setup idle timeout for SSO cookie to 15 minutes
zeroflag opened a new pull request, #714: URL: https://github.com/apache/knox/pull/714 ## What changes were proposed in this pull request? Fedramp mandates this to be 15 minutes. ## How was this patch tested? * Logged in at knox ui * Extracted and checked the "exp" field from the hadoop-jwt cookie -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 opened a new pull request, #713: KNOX-2859 - Token Management UI improvements
smolnar82 opened a new pull request, #713: URL: https://github.com/apache/knox/pull/713 ## What changes were proposed in this pull request? Replaced the old Angular2 Datatable with a more modern Material Table implementation and configured filtering, sorting, and pagination on both tables on the Token Management UI. ## How was this patch tested? Manual testing with a huge amount of tokens created (2k) to ensure the new implementation still performs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] moresandeep merged pull request #712: KNOX-2861 upgrade CM API version
moresandeep merged PR #712: URL: https://github.com/apache/knox/pull/712 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] moresandeep opened a new pull request, #712: KNOX-2861 upgrade CM API version
moresandeep opened a new pull request, #712: URL: https://github.com/apache/knox/pull/712 ## What changes were proposed in this pull request? Upgrade CM API version -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] opened a new pull request, #711: Bump json5 from 2.2.1 to 2.2.3 in /gateway-admin-ui
dependabot[bot] opened a new pull request, #711: URL: https://github.com/apache/knox/pull/711 Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. Release notes Sourced from https://github.com/json5/json5/releases;>json5's releases. v2.2.3 Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Changelog Sourced from https://github.com/json5/json5/blob/main/CHANGELOG.md;>json5's changelog. v2.2.3 [https://github.com/json5/json5/tree/v2.2.3;>code, https://github.com/json5/json5/compare/v2.2.2...v2.2.3;>diff] Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 [https://github.com/json5/json5/tree/v2.2.2;>code, https://github.com/json5/json5/compare/v2.2.1...v2.2.2;>diff] Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Commits https://github.com/json5/json5/commit/c3a75242772a5026a49c4017a16d9b3543b62776;>c3a7524 2.2.3 https://github.com/json5/json5/commit/94fd06d82eeed225fa172f6fb2ca27375cbd2e39;>94fd06d docs: update CHANGELOG for v2.2.3 https://github.com/json5/json5/commit/3b8cebf0c474a8b20c78bd75c89cca0c4dce84ce;>3b8cebf docs(security): use GitHub security advisories https://github.com/json5/json5/commit/f0fd9e194dde282caff114a110f4fac635f3a62c;>f0fd9e1 docs: publish a security policy https://github.com/json5/json5/commit/6a91a05fffeda16ff6b3b5008b6b340d42d31ec0;>6a91a05 docs(template): bug - bug report https://github.com/json5/json5/commit/14f8cb186e8abdfaccf6527171da7b1224374650;>14f8cb1 2.2.2 https://github.com/json5/json5/commit/10cc7ca9169b59c5e0f5afc03dbd870cd06bcc46;>10cc7ca docs: update CHANGELOG for v2.2.2 https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8;>7774c10 fix: add proto to objects and arrays https://github.com/json5/json5/commit/edde30abd8b22facf2c06c72586b9f6edf12700d;>edde30a Readme: slight tweak to intro https://github.com/json5/json5/commit/97286f8bd542c89dcee096bc05dd28ed2dfc1e16;>97286f8 Improve example in readme Additional commits viewable in https://github.com/json5/json5/compare/v2.2.1...v2.2.3;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs
[GitHub] [knox] dependabot[bot] opened a new pull request, #710: Bump json5 from 2.2.1 to 2.2.3 in /knox-token-generation-ui
dependabot[bot] opened a new pull request, #710: URL: https://github.com/apache/knox/pull/710 Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. Release notes Sourced from https://github.com/json5/json5/releases;>json5's releases. v2.2.3 Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Changelog Sourced from https://github.com/json5/json5/blob/main/CHANGELOG.md;>json5's changelog. v2.2.3 [https://github.com/json5/json5/tree/v2.2.3;>code, https://github.com/json5/json5/compare/v2.2.2...v2.2.3;>diff] Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 [https://github.com/json5/json5/tree/v2.2.2;>code, https://github.com/json5/json5/compare/v2.2.1...v2.2.2;>diff] Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Commits https://github.com/json5/json5/commit/c3a75242772a5026a49c4017a16d9b3543b62776;>c3a7524 2.2.3 https://github.com/json5/json5/commit/94fd06d82eeed225fa172f6fb2ca27375cbd2e39;>94fd06d docs: update CHANGELOG for v2.2.3 https://github.com/json5/json5/commit/3b8cebf0c474a8b20c78bd75c89cca0c4dce84ce;>3b8cebf docs(security): use GitHub security advisories https://github.com/json5/json5/commit/f0fd9e194dde282caff114a110f4fac635f3a62c;>f0fd9e1 docs: publish a security policy https://github.com/json5/json5/commit/6a91a05fffeda16ff6b3b5008b6b340d42d31ec0;>6a91a05 docs(template): bug - bug report https://github.com/json5/json5/commit/14f8cb186e8abdfaccf6527171da7b1224374650;>14f8cb1 2.2.2 https://github.com/json5/json5/commit/10cc7ca9169b59c5e0f5afc03dbd870cd06bcc46;>10cc7ca docs: update CHANGELOG for v2.2.2 https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8;>7774c10 fix: add proto to objects and arrays https://github.com/json5/json5/commit/edde30abd8b22facf2c06c72586b9f6edf12700d;>edde30a Readme: slight tweak to intro https://github.com/json5/json5/commit/97286f8bd542c89dcee096bc05dd28ed2dfc1e16;>97286f8 Improve example in readme Additional commits viewable in https://github.com/json5/json5/compare/v2.2.1...v2.2.3;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs
[GitHub] [knox] dependabot[bot] opened a new pull request, #709: Bump json5 from 2.2.1 to 2.2.3 in /knox-webshell-ui
dependabot[bot] opened a new pull request, #709: URL: https://github.com/apache/knox/pull/709 Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. Release notes Sourced from https://github.com/json5/json5/releases;>json5's releases. v2.2.3 Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Changelog Sourced from https://github.com/json5/json5/blob/main/CHANGELOG.md;>json5's changelog. v2.2.3 [https://github.com/json5/json5/tree/v2.2.3;>code, https://github.com/json5/json5/compare/v2.2.2...v2.2.3;>diff] Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 [https://github.com/json5/json5/tree/v2.2.2;>code, https://github.com/json5/json5/compare/v2.2.1...v2.2.2;>diff] Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Commits https://github.com/json5/json5/commit/c3a75242772a5026a49c4017a16d9b3543b62776;>c3a7524 2.2.3 https://github.com/json5/json5/commit/94fd06d82eeed225fa172f6fb2ca27375cbd2e39;>94fd06d docs: update CHANGELOG for v2.2.3 https://github.com/json5/json5/commit/3b8cebf0c474a8b20c78bd75c89cca0c4dce84ce;>3b8cebf docs(security): use GitHub security advisories https://github.com/json5/json5/commit/f0fd9e194dde282caff114a110f4fac635f3a62c;>f0fd9e1 docs: publish a security policy https://github.com/json5/json5/commit/6a91a05fffeda16ff6b3b5008b6b340d42d31ec0;>6a91a05 docs(template): bug - bug report https://github.com/json5/json5/commit/14f8cb186e8abdfaccf6527171da7b1224374650;>14f8cb1 2.2.2 https://github.com/json5/json5/commit/10cc7ca9169b59c5e0f5afc03dbd870cd06bcc46;>10cc7ca docs: update CHANGELOG for v2.2.2 https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8;>7774c10 fix: add proto to objects and arrays https://github.com/json5/json5/commit/edde30abd8b22facf2c06c72586b9f6edf12700d;>edde30a Readme: slight tweak to intro https://github.com/json5/json5/commit/97286f8bd542c89dcee096bc05dd28ed2dfc1e16;>97286f8 Improve example in readme Additional commits viewable in https://github.com/json5/json5/compare/v2.2.1...v2.2.3;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs
[GitHub] [knox] dependabot[bot] opened a new pull request, #708: Bump json5 from 2.2.1 to 2.2.3 in /knox-homepage-ui
dependabot[bot] opened a new pull request, #708: URL: https://github.com/apache/knox/pull/708 Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. Release notes Sourced from https://github.com/json5/json5/releases;>json5's releases. v2.2.3 Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Changelog Sourced from https://github.com/json5/json5/blob/main/CHANGELOG.md;>json5's changelog. v2.2.3 [https://github.com/json5/json5/tree/v2.2.3;>code, https://github.com/json5/json5/compare/v2.2.2...v2.2.3;>diff] Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 [https://github.com/json5/json5/tree/v2.2.2;>code, https://github.com/json5/json5/compare/v2.2.1...v2.2.2;>diff] Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Commits https://github.com/json5/json5/commit/c3a75242772a5026a49c4017a16d9b3543b62776;>c3a7524 2.2.3 https://github.com/json5/json5/commit/94fd06d82eeed225fa172f6fb2ca27375cbd2e39;>94fd06d docs: update CHANGELOG for v2.2.3 https://github.com/json5/json5/commit/3b8cebf0c474a8b20c78bd75c89cca0c4dce84ce;>3b8cebf docs(security): use GitHub security advisories https://github.com/json5/json5/commit/f0fd9e194dde282caff114a110f4fac635f3a62c;>f0fd9e1 docs: publish a security policy https://github.com/json5/json5/commit/6a91a05fffeda16ff6b3b5008b6b340d42d31ec0;>6a91a05 docs(template): bug - bug report https://github.com/json5/json5/commit/14f8cb186e8abdfaccf6527171da7b1224374650;>14f8cb1 2.2.2 https://github.com/json5/json5/commit/10cc7ca9169b59c5e0f5afc03dbd870cd06bcc46;>10cc7ca docs: update CHANGELOG for v2.2.2 https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8;>7774c10 fix: add proto to objects and arrays https://github.com/json5/json5/commit/edde30abd8b22facf2c06c72586b9f6edf12700d;>edde30a Readme: slight tweak to intro https://github.com/json5/json5/commit/97286f8bd542c89dcee096bc05dd28ed2dfc1e16;>97286f8 Improve example in readme Additional commits viewable in https://github.com/json5/json5/compare/v2.2.1...v2.2.3;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs
[GitHub] [knox] dependabot[bot] opened a new pull request, #707: Bump json5 from 2.2.1 to 2.2.3 in /knox-token-management-ui
dependabot[bot] opened a new pull request, #707: URL: https://github.com/apache/knox/pull/707 Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. Release notes Sourced from https://github.com/json5/json5/releases;>json5's releases. v2.2.3 Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Changelog Sourced from https://github.com/json5/json5/blob/main/CHANGELOG.md;>json5's changelog. v2.2.3 [https://github.com/json5/json5/tree/v2.2.3;>code, https://github.com/json5/json5/compare/v2.2.2...v2.2.3;>diff] Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (https://github-redirect.dependabot.com/json5/json5/issues/299;>#299) v2.2.2 [https://github.com/json5/json5/tree/v2.2.2;>code, https://github.com/json5/json5/compare/v2.2.1...v2.2.2;>diff] Fix: Properties with the name __proto__ are added to objects and arrays. (https://github-redirect.dependabot.com/json5/json5/issues/199;>#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (https://github-redirect.dependabot.com/json5/json5/issues/295;>#295). Commits https://github.com/json5/json5/commit/c3a75242772a5026a49c4017a16d9b3543b62776;>c3a7524 2.2.3 https://github.com/json5/json5/commit/94fd06d82eeed225fa172f6fb2ca27375cbd2e39;>94fd06d docs: update CHANGELOG for v2.2.3 https://github.com/json5/json5/commit/3b8cebf0c474a8b20c78bd75c89cca0c4dce84ce;>3b8cebf docs(security): use GitHub security advisories https://github.com/json5/json5/commit/f0fd9e194dde282caff114a110f4fac635f3a62c;>f0fd9e1 docs: publish a security policy https://github.com/json5/json5/commit/6a91a05fffeda16ff6b3b5008b6b340d42d31ec0;>6a91a05 docs(template): bug - bug report https://github.com/json5/json5/commit/14f8cb186e8abdfaccf6527171da7b1224374650;>14f8cb1 2.2.2 https://github.com/json5/json5/commit/10cc7ca9169b59c5e0f5afc03dbd870cd06bcc46;>10cc7ca docs: update CHANGELOG for v2.2.2 https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8;>7774c10 fix: add proto to objects and arrays https://github.com/json5/json5/commit/edde30abd8b22facf2c06c72586b9f6edf12700d;>edde30a Readme: slight tweak to intro https://github.com/json5/json5/commit/97286f8bd542c89dcee096bc05dd28ed2dfc1e16;>97286f8 Improve example in readme Additional commits viewable in https://github.com/json5/json5/compare/v2.2.1...v2.2.3;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs
[GitHub] [knox] smolnar82 merged pull request #706: KNOX-2860 - Build the knox-webshell-ui project the same way as we build other UIs
smolnar82 merged PR #706: URL: https://github.com/apache/knox/pull/706 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #706: KNOX-2860 - Build the knox-webshell-ui project the same way as we build other UIs
smolnar82 commented on code in PR #706:
URL: https://github.com/apache/knox/pull/706#discussion_r1060716025
##
knox-webshell-ui/angular.json:
##
@@ -54,18 +54,8 @@
},
"configurations": {
"production": {
- "budgets": [
-{
- "type": "initial",
- "maximumWarning": "500kb",
- "maximumError": "1mb"
-},
-{
- "type": "anyComponentStyle",
- "maximumWarning": "2kb",
- "maximumError": "4kb"
-}
- ],
+ "buildOptimizer": false,
+ "aot": false,
Review Comment:
We have the same config in AdminUI and TokenManagementUI and there were no
complaints so far about their performance. It's true that we may want AOT to be
turned on, but I think it has to be in the scope of a different JIRA; right now
fixing the build is more important.
What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] zeroflag commented on a diff in pull request #706: KNOX-2860 - Build the knox-webshell-ui project the same way as we build other UIs
zeroflag commented on code in PR #706:
URL: https://github.com/apache/knox/pull/706#discussion_r1060709664
##
knox-webshell-ui/angular.json:
##
@@ -54,18 +54,8 @@
},
"configurations": {
"production": {
- "budgets": [
-{
- "type": "initial",
- "maximumWarning": "500kb",
- "maximumError": "1mb"
-},
-{
- "type": "anyComponentStyle",
- "maximumWarning": "2kb",
- "maximumError": "4kb"
-}
- ],
+ "buildOptimizer": false,
+ "aot": false,
Review Comment:
How does disabling ahead of time compilation affects the runtime performance?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 opened a new pull request, #706: KNOX-2860 - Build the knox-webshell-ui project the same way as we build other UIs
smolnar82 opened a new pull request, #706: URL: https://github.com/apache/knox/pull/706 ## What changes were proposed in this pull request? I modified the Angular settings within `knox-webshell-ui` to conform to the same configuration we have in other UI projects. ## How was this patch tested? Built the entire Knox deliverable locally and asked @zeroflag to do the same with my patch before I opened this PR. After that I tested that WebShell is actually working. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on pull request #659: fix validation errors of getPID: return 0 when the process started
smolnar82 commented on PR #659: URL: https://github.com/apache/knox/pull/659#issuecomment-1369060888 Let's close this now and have it re-opened once @anyorey has time to reply to the above question and can rebase this PR on top of the current `master` branch. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 closed pull request #659: fix validation errors of getPID: return 0 when the process started
smolnar82 closed pull request #659: fix validation errors of getPID: return 0 when the process started URL: https://github.com/apache/knox/pull/659 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #638: KNOX-2809 - Fix dispatch ha-class for HDFSUI high available.
smolnar82 commented on code in PR #638:
URL: https://github.com/apache/knox/pull/638#discussion_r1060110657
##
gateway-spi/src/main/java/org/apache/knox/gateway/util/URLUtils.java:
##
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.knox.gateway.util;
+
+import java.net.URI;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
+
+public class URLUtils {
+
+ /**
+ * A method that decode url and concat query params, return result as URI.
+ *
+ * @param encoded encoded url
+ * @param queryStr query params
+ * @return decoded URI
+ */
+ public static URI getDecodeUri(String encoded, String queryStr) {
+String decoded;
+try {
+ decoded = URLDecoder.decode(encoded, StandardCharsets.UTF_8.name());
+} catch (final Exception e) {
+ /* fall back in case of exception */
+ decoded = encoded;
+}
+
+final StringBuilder str = new StringBuilder(decoded);
+if (queryStr != null) {
Review Comment:
You may want to check for being `not blank` here
(`StringUtils.isNotBlank(queryStr)`). Even if this is not null, it may be a
blank string that makes no sense to append at the end of the decoded URI.
##
gateway-spi/src/test/java/org/apache/knox/gateway/util/URLUtilsTest.java:
##
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.knox.gateway.util;
+
+import org.junit.Test;
+
+import java.net.URI;
+
+import static org.junit.Assert.assertEquals;
+
+public class URLUtilsTest {
Review Comment:
Please add other test cases with null and empty query strings.
##
gateway-spi/src/main/java/org/apache/knox/gateway/util/URLUtils.java:
##
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.knox.gateway.util;
+
+import java.net.URI;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
+
+public class URLUtils {
+
+ /**
+ * A method that decode url and concat query params, return result as URI.
+ *
+ * @param encoded encoded url
+ * @param queryStr query params
+ * @return decoded URI
+ */
+ public static URI getDecodeUri(String encoded, String queryStr) {
Review Comment:
nit: I think there is a typo here; it should be `getDecodedUri` (note the
`d` at the end of `Decoded`)or the method name should be changed to a verb:
`decodeUri`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure
[GitHub] [knox] Flamingo93 commented on a diff in pull request #638: KNOX-2809 - Fix dispatch ha-class for HDFSUI high available.
Flamingo93 commented on code in PR #638:
URL: https://github.com/apache/knox/pull/638#discussion_r1056955169
##
gateway-service-webhdfs/src/main/java/org/apache/knox/gateway/hdfs/dispatch/HdfsUIHaDispatch.java:
##
@@ -26,6 +30,26 @@ public HdfsUIHaDispatch() throws ServletException {
super();
}
+ @Override
+ public URI getDispatchUrl(final HttpServletRequest request) {
+String decoded;
+
+try {
+ decoded = URLDecoder.decode(request.getRequestURL().toString(),
StandardCharsets.UTF_8.name() );
+} catch (final Exception e) {
+ /* fall back in case of exception */
+ decoded = request.getRequestURL().toString();
+}
+
+final StringBuilder str = new StringBuilder(decoded);
+final String query = request.getQueryString();
+if ( query != null ) {
+ str.append('?');
+ str.append(query);
+}
+return URI.create(str.toString());
+ }
+
Review Comment:
@smolnar82 sorry for late.
I create a util class for dispatch url processing as your recommendation.
Thanks for your recommendation and patience.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 merged pull request #705: KNOX-2857 - Fixed typo in some of the config names
smolnar82 merged PR #705: URL: https://github.com/apache/knox/pull/705 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 opened a new pull request, #705: KNOX-2857 - Fixed typo in some of the config names
smolnar82 opened a new pull request, #705: URL: https://github.com/apache/knox/pull/705 ## What changes were proposed in this pull request? Fixed typos ## How was this patch tested? Manual verification. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 merged pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 merged PR #681: URL: https://github.com/apache/knox/pull/681 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] pzampino commented on pull request #659: fix validation errors of getPID: return 0 when the process started
pzampino commented on PR #659: URL: https://github.com/apache/knox/pull/659#issuecomment-1359926050 @anyorey Are you experiencing deletion/modification of the Knox PID files as a regular occurrence? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1053077654
##
gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/filter/AclsAuthorizationFilter.java:
##
@@ -128,19 +124,19 @@ protected boolean
enforceAclAuthorizationPolicy(ServletRequest request,
boolean groupAccess = false;
boolean ipAddrAccess;
-Subject subject = Subject.getSubject(AccessController.getContext());
-Principal primaryPrincipal =
(Principal)subject.getPrincipals(PrimaryPrincipal.class).toArray()[0];
-log.primaryPrincipal(primaryPrincipal.getName());
-Object[] impersonations =
subject.getPrincipals(ImpersonatedPrincipal.class).toArray();
-if (impersonations.length > 0) {
- log.impersonatedPrincipal(((Principal)impersonations[0]).getName());
- userAccess = checkUserAcls((Principal)impersonations[0]);
+final Subject subject = SubjectUtils.getCurrentSubject();
Review Comment:
Done.
##
gateway-provider-identity-assertion-common/pom.xml:
##
@@ -97,7 +97,14 @@
org.jboss.shrinkwrap
shrinkwrap-api
-
+
+org.apache.hadoop
+hadoop-common
+
+
+com.google.guava
+guava
Review Comment:
Done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1053077074
##
gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java:
##
@@ -200,12 +202,12 @@ protected void doFilter(FilterChain filterChain,
HttpServletRequest request, Htt
HttpServletRequest proxyRequest = null;
final String remoteUser = request.getRemoteUser();
if (!ignoreDoAs(remoteUser)) {
- final String doAsUser = request.getParameter(QUERY_PARAMETER_DOAS);
+ final String doAsUser =
request.getParameter(AuthFilterUtils.QUERY_PARAMETER_DOAS);
if (doAsUser != null && !doAsUser.equals(remoteUser)) {
LOG.hadoopAuthDoAsUser(doAsUser, remoteUser, request.getRemoteAddr());
if (request.getUserPrincipal() != null) {
try {
-proxyRequest = AuthFilterUtils.getProxyRequest(request, doAsUser,
topologyName, HadoopAuthDeploymentContributor.NAME);
+proxyRequest = AuthFilterUtils.getProxyRequest(request,
request.getUserPrincipal().getName(), doAsUser, topologyName,
HadoopAuthDeploymentContributor.NAME);
Review Comment:
Done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681: URL: https://github.com/apache/knox/pull/681#discussion_r1053077392 ## gateway-release/home/conf/topologies/homepage.xml: ## @@ -60,6 +60,24 @@ identity-assertion Default true + Review Comment: Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1053069990
##
gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java:
##
@@ -200,12 +202,12 @@ protected void doFilter(FilterChain filterChain,
HttpServletRequest request, Htt
HttpServletRequest proxyRequest = null;
final String remoteUser = request.getRemoteUser();
if (!ignoreDoAs(remoteUser)) {
- final String doAsUser = request.getParameter(QUERY_PARAMETER_DOAS);
+ final String doAsUser =
request.getParameter(AuthFilterUtils.QUERY_PARAMETER_DOAS);
if (doAsUser != null && !doAsUser.equals(remoteUser)) {
LOG.hadoopAuthDoAsUser(doAsUser, remoteUser, request.getRemoteAddr());
if (request.getUserPrincipal() != null) {
try {
-proxyRequest = AuthFilterUtils.getProxyRequest(request, doAsUser,
topologyName, HadoopAuthDeploymentContributor.NAME);
+proxyRequest = AuthFilterUtils.getProxyRequest(request,
request.getUserPrincipal().getName(), doAsUser, topologyName,
HadoopAuthDeploymentContributor.NAME);
Review Comment:
@pzampino is right. It's not guaranteed that we'll use the principal name
from the request when this method is called. In this particular case, this is
true, but we have to keep the `remoteUserName` parameter so that clients can
explicitly set it based on their needs.
To make it even cleaner, I'll add a method overloading that will only have
the `request` parameter and use it to get the user principal from it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1053069990
##
gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java:
##
@@ -200,12 +202,12 @@ protected void doFilter(FilterChain filterChain,
HttpServletRequest request, Htt
HttpServletRequest proxyRequest = null;
final String remoteUser = request.getRemoteUser();
if (!ignoreDoAs(remoteUser)) {
- final String doAsUser = request.getParameter(QUERY_PARAMETER_DOAS);
+ final String doAsUser =
request.getParameter(AuthFilterUtils.QUERY_PARAMETER_DOAS);
if (doAsUser != null && !doAsUser.equals(remoteUser)) {
LOG.hadoopAuthDoAsUser(doAsUser, remoteUser, request.getRemoteAddr());
if (request.getUserPrincipal() != null) {
try {
-proxyRequest = AuthFilterUtils.getProxyRequest(request, doAsUser,
topologyName, HadoopAuthDeploymentContributor.NAME);
+proxyRequest = AuthFilterUtils.getProxyRequest(request,
request.getUserPrincipal().getName(), doAsUser, topologyName,
HadoopAuthDeploymentContributor.NAME);
Review Comment:
@pzampino is right. It's not guaranteed that we'll use the principal name
from the request when this method is called. In this particular case, this is
true, but we may keep the `remoteUserName` parameter.
To make it even cleaner, I'll add a method overloading that will only have
the `request` parameter and use it to get the user principal from it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681: URL: https://github.com/apache/knox/pull/681#discussion_r1053066261 ## gateway-provider-identity-assertion-common/pom.xml: ## @@ -97,7 +97,14 @@ org.jboss.shrinkwrap shrinkwrap-api - + +org.apache.hadoop +hadoop-common + + +com.google.guava +guava Review Comment: hadoop-common is needed due to the newly introduced logic: AuthoriztionException is thrown in case proxyuser-based impersonation is not authorized. To mitigate this I'll create our own exception and util classes in gateway-spi (where we already have everything in place) and propagate/use these new exception/class down the line. Guava was added because of the `@VisibleForTesting` annotation which we really do not need, so I'll remove it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681: URL: https://github.com/apache/knox/pull/681#discussion_r1052987748 ## gateway-release/home/conf/topologies/homepage.xml: ## @@ -60,6 +60,24 @@ identity-assertion Default true + Review Comment: Nice catch; I'll fix it soon (the comment remained there from testing). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1052987528
##
gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/filter/AclsAuthorizationFilter.java:
##
@@ -128,19 +124,19 @@ protected boolean
enforceAclAuthorizationPolicy(ServletRequest request,
boolean groupAccess = false;
boolean ipAddrAccess;
-Subject subject = Subject.getSubject(AccessController.getContext());
-Principal primaryPrincipal =
(Principal)subject.getPrincipals(PrimaryPrincipal.class).toArray()[0];
-log.primaryPrincipal(primaryPrincipal.getName());
-Object[] impersonations =
subject.getPrincipals(ImpersonatedPrincipal.class).toArray();
-if (impersonations.length > 0) {
- log.impersonatedPrincipal(((Principal)impersonations[0]).getName());
- userAccess = checkUserAcls((Principal)impersonations[0]);
+final Subject subject = SubjectUtils.getCurrentSubject();
Review Comment:
Nice catch; I'll fix it soon.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] pzampino commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
pzampino commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1052256852
##
gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java:
##
@@ -200,12 +202,12 @@ protected void doFilter(FilterChain filterChain,
HttpServletRequest request, Htt
HttpServletRequest proxyRequest = null;
final String remoteUser = request.getRemoteUser();
if (!ignoreDoAs(remoteUser)) {
- final String doAsUser = request.getParameter(QUERY_PARAMETER_DOAS);
+ final String doAsUser =
request.getParameter(AuthFilterUtils.QUERY_PARAMETER_DOAS);
if (doAsUser != null && !doAsUser.equals(remoteUser)) {
LOG.hadoopAuthDoAsUser(doAsUser, remoteUser, request.getRemoteAddr());
if (request.getUserPrincipal() != null) {
try {
-proxyRequest = AuthFilterUtils.getProxyRequest(request, doAsUser,
topologyName, HadoopAuthDeploymentContributor.NAME);
+proxyRequest = AuthFilterUtils.getProxyRequest(request,
request.getUserPrincipal().getName(), doAsUser, topologyName,
HadoopAuthDeploymentContributor.NAME);
Review Comment:
@moresandeep, That's making an assumption that the principal name is ALWAYS
gotten from the request.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 merged pull request #704: KNOX-2855:Added Hbase UI proxying for prometheus end points
smolnar82 merged PR #704: URL: https://github.com/apache/knox/pull/704 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] moresandeep commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
moresandeep commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1051587615
##
gateway-provider-identity-assertion-common/pom.xml:
##
@@ -97,7 +97,14 @@
org.jboss.shrinkwrap
shrinkwrap-api
-
+
+org.apache.hadoop
+hadoop-common
+
+
+com.google.guava
+guava
Review Comment:
Looks like the guava dependency is used for testing, if so perhaps just
changing the scope to testing might work?
##
gateway-provider-security-hadoopauth/src/main/java/org/apache/knox/gateway/hadoopauth/filter/HadoopAuthFilter.java:
##
@@ -200,12 +202,12 @@ protected void doFilter(FilterChain filterChain,
HttpServletRequest request, Htt
HttpServletRequest proxyRequest = null;
final String remoteUser = request.getRemoteUser();
if (!ignoreDoAs(remoteUser)) {
- final String doAsUser = request.getParameter(QUERY_PARAMETER_DOAS);
+ final String doAsUser =
request.getParameter(AuthFilterUtils.QUERY_PARAMETER_DOAS);
if (doAsUser != null && !doAsUser.equals(remoteUser)) {
LOG.hadoopAuthDoAsUser(doAsUser, remoteUser, request.getRemoteAddr());
if (request.getUserPrincipal() != null) {
try {
-proxyRequest = AuthFilterUtils.getProxyRequest(request, doAsUser,
topologyName, HadoopAuthDeploymentContributor.NAME);
+proxyRequest = AuthFilterUtils.getProxyRequest(request,
request.getUserPrincipal().getName(), doAsUser, topologyName,
HadoopAuthDeploymentContributor.NAME);
Review Comment:
nit: we are passing the request object, so
request.getUserPrincipal().getName() can be deduced from it, additional param
seems redundant.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] lmccay commented on pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
lmccay commented on PR #681: URL: https://github.com/apache/knox/pull/681#issuecomment-1356376592 This is a much larger change than I anticipated, @smolnar82! This has obviously been a lot of work. Thank you for it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] lmccay commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
lmccay commented on code in PR #681: URL: https://github.com/apache/knox/pull/681#discussion_r1051440369 ## gateway-provider-identity-assertion-common/pom.xml: ## @@ -97,7 +97,14 @@ org.jboss.shrinkwrap shrinkwrap-api - + +org.apache.hadoop +hadoop-common + + +com.google.guava +guava Review Comment: Does this also mean that ALL identity assertion providers now have a dependency on hadoop common? That is a rather heavy dependency if not needed. Guava is also problematic with mixed versions and stuff. If this wasn't already a dependency then we will need to be careful with things like Ranger Knox plugin coming into the mix. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] lmccay commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
lmccay commented on code in PR #681: URL: https://github.com/apache/knox/pull/681#discussion_r1051439950 ## gateway-release/home/conf/topologies/homepage.xml: ## @@ -60,6 +60,24 @@ identity-assertion Default true + Review Comment: Why is this commented out here, just a convenience? Will these comment survive an admin ui read/save? ## gateway-release/home/conf/topologies/homepage.xml: ## @@ -60,6 +60,24 @@ identity-assertion Default true + Review Comment: If impersonation.enabled defaults to false then why do we need to comment them out? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] pzampino commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
pzampino commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1051151340
##
gateway-provider-identity-assertion-common/pom.xml:
##
@@ -97,7 +97,14 @@
org.jboss.shrinkwrap
shrinkwrap-api
-
+
+org.apache.hadoop
+hadoop-common
+
+
+com.google.guava
+guava
Review Comment:
This is needed by hadoop-common?
##
gateway-provider-security-authz-acls/src/main/java/org/apache/knox/gateway/filter/AclsAuthorizationFilter.java:
##
@@ -128,19 +124,19 @@ protected boolean
enforceAclAuthorizationPolicy(ServletRequest request,
boolean groupAccess = false;
boolean ipAddrAccess;
-Subject subject = Subject.getSubject(AccessController.getContext());
-Principal primaryPrincipal =
(Principal)subject.getPrincipals(PrimaryPrincipal.class).toArray()[0];
-log.primaryPrincipal(primaryPrincipal.getName());
-Object[] impersonations =
subject.getPrincipals(ImpersonatedPrincipal.class).toArray();
-if (impersonations.length > 0) {
- log.impersonatedPrincipal(((Principal)impersonations[0]).getName());
- userAccess = checkUserAcls((Principal)impersonations[0]);
+final Subject subject = SubjectUtils.getCurrentSubject();
Review Comment:
Could this be simplified to
`
effectivePrincipalName = SubjectUtils.getCurrentEffectivePrincipalName();
log.effectivePrincipal(effectivePrincipalName);
userAccess = checkUserAcls(effectivePrincipalName);
`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] vaijosh opened a new pull request, #704: KNOX-2855:Added Hbase UI proxying for prometheus end points
vaijosh opened a new pull request, #704: URL: https://github.com/apache/knox/pull/704 (It is very **important** that you created an Apache Knox JIRA for this change and that the PR title/commit message includes the Apache Knox JIRA ID!) ## What changes were proposed in this pull request? In HBASE-20904 we added support for /prometheus endpoints under Hbase WebUI. So in this PR added configurations to make sure that /prometheus endpoints works fine through the proxy. ## How was this patch tested? Copied the patched files "rewrite.xml" and "service.xml" into knox directory and restarted the knox. When opened the Hbase WebUI, the /prometheus endpoint started working as expected. Earlier it used to give 404 error without proxying configurations. (Please explain how this patch was tested. For instance: running automated unit/integration tests, manual tests. Please write down your test steps as detailed as possible) (If this patch involves UI changes, please attach a screen-shot; otherwise, remove this) Please review [Knox Contributing Process](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-GithubWorkflow) before opening a pull request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on PR #681: URL: https://github.com/apache/knox/pull/681#issuecomment-1348486921 @pzampino @moresandeep @lmccay - please take a review of these changes whenever you'll have time. Thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1045689517
##
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java:
##
@@ -176,6 +172,6 @@ private Subject createSubjectFromToken(JWTToken token) {
// To modify the Principals Set, the caller must have
AuthPermission("modifyPrincipals").
// To modify the public credential Set, the caller must have
AuthPermission("modifyPublicCredentials").
// To modify the private credential Set, the caller must have
AuthPermission("modifyPrivateCredentials").
-return new javax.security.auth.Subject(true, principals, emptySet,
emptySet);
+return new javax.security.auth.Subject(true, principals,
Collections.emptySet(), Collections.emptySet());
Review Comment:
This is a valid question. The answer is that it's even better than the
implementation before due to the very same reason you described: once this
subject is created, the principals cannot be modified. In lower layers, like in
identity assertion, if someone wants to proceed with different principals, a
new Subject has to be created and call `Subject.doAs`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] zeroflag commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
zeroflag commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1045683325
##
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AccessTokenFederationFilter.java:
##
@@ -176,6 +172,6 @@ private Subject createSubjectFromToken(JWTToken token) {
// To modify the Principals Set, the caller must have
AuthPermission("modifyPrincipals").
// To modify the public credential Set, the caller must have
AuthPermission("modifyPublicCredentials").
// To modify the private credential Set, the caller must have
AuthPermission("modifyPrivateCredentials").
-return new javax.security.auth.Subject(true, principals, emptySet,
emptySet);
+return new javax.security.auth.Subject(true, principals,
Collections.emptySet(), Collections.emptySet());
Review Comment:
LGTM with one note.
I'm not sure if it's a real problem, but since we're using
`Collections.emptySet()` here, this means that adding a new principal after
this point (e.g.: `subject.getPrincipals().add()`) to the subject might fail
because the `Collection.emptySet()` is unmodifiable. Unlike the `new
HashSet<>();`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1045668894
##
gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java:
##
@@ -187,21 +219,46 @@ public void doFilter(ServletRequest request,
ServletResponse response, FilterCha
}
String principalName = getPrincipalName(subject);
+String mappedPrincipalName = null;
+try {
+ mappedPrincipalName = handleProxyUserImpersonation(request,
principalName);
+} catch(AuthorizationException e) {
+ LOG.hadoopAuthProxyUserFailed(e);
+ HttpExceptionUtils.createServletExceptionResponse((HttpServletResponse)
response, HttpServletResponse.SC_FORBIDDEN, e);
+ return;
+}
-String mappedPrincipalName = mapUserPrincipalBase(principalName);
+// mapping principal name using user principal mapping (if configured)
+mappedPrincipalName = mapUserPrincipalBase(mappedPrincipalName);
mappedPrincipalName = mapUserPrincipal(mappedPrincipalName);
+
String[] mappedGroups = mapGroupPrincipalsBase(mappedPrincipalName,
subject);
String[] groups = mapGroupPrincipals(mappedPrincipalName, subject);
String[] virtualGroups = virtualGroupMapper.mapGroups(mappedPrincipalName,
combine(subject, groups), request).toArray(new String[0]);
groups = combineGroupMappings(mappedGroups, groups);
groups = combineGroupMappings(virtualGroups, groups);
-HttpServletRequestWrapper wrapper = wrapHttpServletRequest(
-request, mappedPrincipalName);
+HttpServletRequestWrapper wrapper = wrapHttpServletRequest(request,
mappedPrincipalName);
+
continueChainAsPrincipal(wrapper, response, chain, mappedPrincipalName,
unique(groups));
}
+ private String handleProxyUserImpersonation(ServletRequest request, String
principalName) throws AuthorizationException {
+if (impersonationEnabled) {
+ final String doAsUser =
request.getParameter(AuthFilterUtils.QUERY_PARAMETER_DOAS);
+ if (doAsUser != null && !doAsUser.equals(principalName)) {
+LOG.hadoopAuthDoAsUser(doAsUser, principalName,
request.getRemoteAddr());
+if (principalName != null) {
+ AuthFilterUtils.authorizeImpersonationRequest((HttpServletRequest)
request, principalName, doAsUser, topologyName, ROLE);
+ LOG.hadoopAuthProxyUserSuccess();
+ return doAsUser;
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on a diff in pull request #681: KNOX-2839 - Identity assertion provider handles Hadoop ProxyUser auth using the 'doAs' query parameter
smolnar82 commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1044360473
##
gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java:
##
@@ -720,19 +705,21 @@ private Response getAuthenticationToken() {
String createdBy = null;
// checking the doAs user only makes sense if tokens are managed (this is
where we store the userName information)
// and if impersonation is enabled
-if (impersonationEnabled && tokenStateService != null) {
- final String doAsUser = request.getParameter(QUERY_PARAMETER_DOAS);
- if (doAsUser != null && !doAsUser.equals(userName)) {
-try {
- //this call will authorize the doAs request
- AuthFilterUtils.authorizeImpersonationRequest(request, doAsUser,
getTopologyName(), TokenServiceDeploymentContributor.ROLE);
- createdBy = userName;
- userName = doAsUser;
- log.tokenImpersonationSuccess(createdBy, doAsUser);
-} catch (AuthorizationException e) {
- log.tokenImpersonationFailed(e);
- return Response.status(Response.Status.FORBIDDEN).entity("{ \"" +
e.getMessage() + "\" }").build();
+if (tokenStateService != null) {
+ final String realUserName = (String)
request.getAttribute(AuthFilterUtils.REAL_USER_NAME_ATTRIBUTE);
+ final Subject subject = SubjectUtils.getCurrentSubject();
+ if (subject != null && SubjectUtils.isImpersonating(subject)) {
+String primaryPrincipalName =
SubjectUtils.getPrimaryPrincipalName(subject);
+String impersonatedPrincipalName =
SubjectUtils.getImpersonatedPrincipalName(subject);
+if (!primaryPrincipalName.equals(impersonatedPrincipalName)) {
+ createdBy = primaryPrincipalName;
+ userName = impersonatedPrincipalName;
+ log.tokenImpersonationSuccess(createdBy, userName);
Review Comment:
This is now fixed above in HadoopAuthFilter as we discussed offline.
##
gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java:
##
@@ -187,21 +219,46 @@ public void doFilter(ServletRequest request,
ServletResponse response, FilterCha
}
String principalName = getPrincipalName(subject);
+String mappedPrincipalName = null;
+try {
+ mappedPrincipalName = handleProxyUserImpersonation(request,
principalName);
+} catch(AuthorizationException e) {
+ LOG.hadoopAuthProxyUserFailed(e);
+ HttpExceptionUtils.createServletExceptionResponse((HttpServletResponse)
response, HttpServletResponse.SC_FORBIDDEN, e);
+ return;
+}
-String mappedPrincipalName = mapUserPrincipalBase(principalName);
+// mapping principal name using user principal mapping (if configured)
+mappedPrincipalName = mapUserPrincipalBase(mappedPrincipalName);
mappedPrincipalName = mapUserPrincipal(mappedPrincipalName);
+
String[] mappedGroups = mapGroupPrincipalsBase(mappedPrincipalName,
subject);
String[] groups = mapGroupPrincipals(mappedPrincipalName, subject);
String[] virtualGroups = virtualGroupMapper.mapGroups(mappedPrincipalName,
combine(subject, groups), request).toArray(new String[0]);
groups = combineGroupMappings(mappedGroups, groups);
groups = combineGroupMappings(virtualGroups, groups);
-HttpServletRequestWrapper wrapper = wrapHttpServletRequest(
-request, mappedPrincipalName);
+HttpServletRequestWrapper wrapper = wrapHttpServletRequest(request,
mappedPrincipalName);
+
continueChainAsPrincipal(wrapper, response, chain, mappedPrincipalName,
unique(groups));
}
+ private String handleProxyUserImpersonation(ServletRequest request, String
principalName) throws AuthorizationException {
+if (impersonationEnabled) {
+ final String doAsUser =
request.getParameter(AuthFilterUtils.QUERY_PARAMETER_DOAS);
+ if (doAsUser != null && !doAsUser.equals(principalName)) {
+LOG.hadoopAuthDoAsUser(doAsUser, principalName,
request.getRemoteAddr());
+if (principalName != null) {
+ AuthFilterUtils.authorizeImpersonationRequest((HttpServletRequest)
request, principalName, doAsUser, topologyName, ROLE);
+ LOG.hadoopAuthProxyUserSuccess();
Review Comment:
We have that information in 3 lines above. This is "just" another
complementary log entry that helps us while debugging to see if proxy user
authorization succeeded.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [knox] smolnar82 merged pull request #702: Bump protobuf-java from 3.16.1 to 3.16.3
smolnar82 merged PR #702: URL: https://github.com/apache/knox/pull/702 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 merged pull request #703: KNOX-2853 - Bumps hsqldb from 2.4.0 to 2.7.1.
smolnar82 merged PR #703: URL: https://github.com/apache/knox/pull/703 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] commented on pull request #700: Bump hsqldb from 2.4.0 to 2.7.1
dependabot[bot] commented on PR #700: URL: https://github.com/apache/knox/pull/700#issuecomment-1342552660 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on pull request #700: Bump hsqldb from 2.4.0 to 2.7.1
smolnar82 commented on PR #700: URL: https://github.com/apache/knox/pull/700#issuecomment-1342552542 Fixed in #703 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 closed pull request #700: Bump hsqldb from 2.4.0 to 2.7.1
smolnar82 closed pull request #700: Bump hsqldb from 2.4.0 to 2.7.1 URL: https://github.com/apache/knox/pull/700 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 opened a new pull request, #703: KNOX-2853 - Bumps hsqldb from 2.4.0 to 2.7.1.
smolnar82 opened a new pull request, #703: URL: https://github.com/apache/knox/pull/703 See #700 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] opened a new pull request, #702: Bump protobuf-java from 3.16.1 to 3.16.3
dependabot[bot] opened a new pull request, #702: URL: https://github.com/apache/knox/pull/702 Bumps [protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.16.1 to 3.16.3. Release notes Sourced from https://github.com/protocolbuffers/protobuf/releases;>protobuf-java's releases. Protobuf Release v3.16.3 Java Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. Move proto wireformat parsing functionality from the private parsing constructor to the Builder class. Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. This release addresses a https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2;>Security Advisory for Java users Commits https://github.com/protocolbuffers/protobuf/commit/b8c2488f480bbe3d66b9874c2fcd434201caa48a;>b8c2488 Updating version.json and repo version numbers to: 16.3 https://github.com/protocolbuffers/protobuf/commit/42e47e5a3fa7219b136f6a5de7c74a89a79245c6;>42e47e5 Refactoring Java parsing (3.16.x) (https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/10668;>#10668) https://github.com/protocolbuffers/protobuf/commit/98884a8a293488375e10480e5ff1c1f76de9ec8f;>98884a8 Merge pull request https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/10556;>#10556 from deannagarcia/3.16.x https://github.com/protocolbuffers/protobuf/commit/450b648f288f9a6def073f08e3300233bb46c5dd;>450b648 Cherrypick ruby fixes for monterey https://github.com/protocolbuffers/protobuf/commit/b17bb392b46a7bc9d09ae075dc5e8557e246698d;>b17bb39 Merge pull request https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/10548;>#10548 from protocolbuffers/3.16.x-202209131829 https://github.com/protocolbuffers/protobuf/commit/c18f5e71d86063fd6cea2c47cd7ab4131db5c9e2;>c18f5e7 Updating changelog https://github.com/protocolbuffers/protobuf/commit/6f4e81791d390cba199184c378e75da40a4965f0;>6f4e817 Updating version.json and repo version numbers to: 16.2 https://github.com/protocolbuffers/protobuf/commit/a7d4e94a4666b722695d9c55ac842d4a3735699e;>a7d4e94 Merge pull request https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/10547;>#10547 from deannagarcia/3.16.x https://github.com/protocolbuffers/protobuf/commit/55815e423bb82cc828836bbd60c79c1f9a195763;>55815e4 Apply patch https://github.com/protocolbuffers/protobuf/commit/152d7bf809dcb24fd9d417d66cf2b270b3654369;>152d7bf Update version.json with lts: true (https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/10535;>#10535) Additional commits viewable in https://github.com/protocolbuffers/protobuf/compare/v3.16.1...v3.16.3;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen
[GitHub] [knox] MrtnBalazs merged pull request #701: KNOX-2852 - Bumped decode-uri-component in angular projects and schematics in webshell-ui
MrtnBalazs merged PR #701: URL: https://github.com/apache/knox/pull/701 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on pull request #600: KNOX-2763 Fix for NPE arising due to missing CompositeAuthz provider names
smolnar82 commented on PR #600: URL: https://github.com/apache/knox/pull/600#issuecomment-1342444953 Closing this because it's the same as #597 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 closed pull request #600: KNOX-2763 Fix for NPE arising due to missing CompositeAuthz provider names
smolnar82 closed pull request #600: KNOX-2763 Fix for NPE arising due to missing CompositeAuthz provider names URL: https://github.com/apache/knox/pull/600 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] commented on pull request #689: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-token-management-ui
dependabot[bot] commented on PR #689: URL: https://github.com/apache/knox/pull/689#issuecomment-1342430461 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs commented on pull request #689: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-token-management-ui
MrtnBalazs commented on PR #689: URL: https://github.com/apache/knox/pull/689#issuecomment-1342430332 Fixed in #701 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs closed pull request #689: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-token-management-ui
MrtnBalazs closed pull request #689: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-token-management-ui URL: https://github.com/apache/knox/pull/689 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs closed pull request #691: Bump decode-uri-component from 0.2.0 to 0.2.2 in /gateway-admin-ui
MrtnBalazs closed pull request #691: Bump decode-uri-component from 0.2.0 to 0.2.2 in /gateway-admin-ui URL: https://github.com/apache/knox/pull/691 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] commented on pull request #691: Bump decode-uri-component from 0.2.0 to 0.2.2 in /gateway-admin-ui
dependabot[bot] commented on PR #691: URL: https://github.com/apache/knox/pull/691#issuecomment-1342428368 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs commented on pull request #691: Bump decode-uri-component from 0.2.0 to 0.2.2 in /gateway-admin-ui
MrtnBalazs commented on PR #691: URL: https://github.com/apache/knox/pull/691#issuecomment-1342428238 Fixed in #701 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] commented on pull request #692: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-webshell-ui
dependabot[bot] commented on PR #692: URL: https://github.com/apache/knox/pull/692#issuecomment-1342427168 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs commented on pull request #692: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-webshell-ui
MrtnBalazs commented on PR #692: URL: https://github.com/apache/knox/pull/692#issuecomment-1342427072 Fixed in #701 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs closed pull request #692: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-webshell-ui
MrtnBalazs closed pull request #692: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-webshell-ui URL: https://github.com/apache/knox/pull/692 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] commented on pull request #693: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-token-generation-ui
dependabot[bot] commented on PR #693: URL: https://github.com/apache/knox/pull/693#issuecomment-1342426680 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs closed pull request #693: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-token-generation-ui
MrtnBalazs closed pull request #693: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-token-generation-ui URL: https://github.com/apache/knox/pull/693 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs commented on pull request #693: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-token-generation-ui
MrtnBalazs commented on PR #693: URL: https://github.com/apache/knox/pull/693#issuecomment-1342426587 Fixed in #701 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] commented on pull request #694: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-homepage-ui
dependabot[bot] commented on PR #694: URL: https://github.com/apache/knox/pull/694#issuecomment-1342426040 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs closed pull request #694: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-homepage-ui
MrtnBalazs closed pull request #694: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-homepage-ui URL: https://github.com/apache/knox/pull/694 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs commented on pull request #694: Bump decode-uri-component from 0.2.0 to 0.2.2 in /knox-homepage-ui
MrtnBalazs commented on PR #694: URL: https://github.com/apache/knox/pull/694#issuecomment-1342425692 Fixed in #701 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] commented on pull request #695: Bump lodash and @angular-eslint/schematics in /knox-webshell-ui
dependabot[bot] commented on PR #695: URL: https://github.com/apache/knox/pull/695#issuecomment-1342425288 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs commented on pull request #695: Bump lodash and @angular-eslint/schematics in /knox-webshell-ui
MrtnBalazs commented on PR #695: URL: https://github.com/apache/knox/pull/695#issuecomment-1342425154 Fixed in #701 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs closed pull request #695: Bump lodash and @angular-eslint/schematics in /knox-webshell-ui
MrtnBalazs closed pull request #695: Bump lodash and @angular-eslint/schematics in /knox-webshell-ui URL: https://github.com/apache/knox/pull/695 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] commented on pull request #697: Bump minimatch and @angular-eslint/schematics in /knox-webshell-ui
dependabot[bot] commented on PR #697: URL: https://github.com/apache/knox/pull/697#issuecomment-1342424874 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs commented on pull request #697: Bump minimatch and @angular-eslint/schematics in /knox-webshell-ui
MrtnBalazs commented on PR #697: URL: https://github.com/apache/knox/pull/697#issuecomment-1342424792 Fixed in #701 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs closed pull request #697: Bump minimatch and @angular-eslint/schematics in /knox-webshell-ui
MrtnBalazs closed pull request #697: Bump minimatch and @angular-eslint/schematics in /knox-webshell-ui URL: https://github.com/apache/knox/pull/697 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] MrtnBalazs opened a new pull request, #701: KNOX-2852 - Bumped decode-uri-component in angular projects and schematics in webshell-ui
MrtnBalazs opened a new pull request, #701: URL: https://github.com/apache/knox/pull/701 ## What changes were proposed in this pull request? The `@angular-eslint/schematics` dependency was upgraded from `1.2.0` to `15.1.0` in Webshell-UI. The `decode-uri-component` in all angular projects was upgraded from `0.2.0` to `0.2.2`. ## How was this patch tested? I have done the following manual tests on the UI: Homepage: * Tried the links * Mouse on service name -> description shows up * When UI services are clicked they navigate to UI URL * When API services are clicked description shows up * Dropdown menus open and close * New topologies appear under the topologies menu Token-generation: * set server-managed to true and false * set impersonation to true and false * set lifespan.input.enabled to true and false * tried to generate token over the max lifespan limit -> generate anyway/adjust lifetime * generated tokens until reached token limit * authenticated with a generated token Token-management: * generated normal token * generated impersonated token * disabled impersonation * set server-managed to false * disabled and revoked the created tokens Admin-ui: * Created, deleted, modified service definitions * Created, deleted, modified provider configuration * Created, deleted, modified descriptor * Copied, deleted, modified topology WebShell-UI: * Configured webshell and link appeared on homepage * Signed in to knox with the user tom (who is a user on my local computer) and was able to connect to my computer -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] commented on pull request #690: Bump postgresql from 42.4.1 to 42.4.3
dependabot[bot] commented on PR #690: URL: https://github.com/apache/knox/pull/690#issuecomment-1341081545 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 closed pull request #690: Bump postgresql from 42.4.1 to 42.4.3
smolnar82 closed pull request #690: Bump postgresql from 42.4.1 to 42.4.3 URL: https://github.com/apache/knox/pull/690 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 commented on pull request #690: Bump postgresql from 42.4.1 to 42.4.3
smolnar82 commented on PR #690: URL: https://github.com/apache/knox/pull/690#issuecomment-1341081375 Fixed in #688 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] zeroflag merged pull request #687: KNOX-2848: Prevent overwriting generated descriptors/providers
zeroflag merged PR #687: URL: https://github.com/apache/knox/pull/687 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] dependabot[bot] opened a new pull request, #700: Bump hsqldb from 2.4.0 to 2.7.1
dependabot[bot] opened a new pull request, #700: URL: https://github.com/apache/knox/pull/700 Bumps hsqldb from 2.4.0 to 2.7.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/knox/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 merged pull request #696: Bump commons-text from 1.9 to 1.10.0
smolnar82 merged PR #696: URL: https://github.com/apache/knox/pull/696 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [knox] smolnar82 closed pull request #659: fix validation errors of getPID: return 0 when the process started
smolnar82 closed pull request #659: fix validation errors of getPID: return 0 when the process started URL: https://github.com/apache/knox/pull/659 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
