Hi Everyone,
I’ve practiced through the release mechanics so I’ll volunteer for be the
release manager for 0.7.0 assuming we all agree to move forward.
Kevin.
On 12/15/15, 4:29 PM, "larry mccay" <lmc...@apache.org> wrote:
>I will take on the task of merging the lists and prepare a patch for that
>immediately.
>
>On Tue, Dec 15, 2015 at 4:27 PM, Kevin Minder <kevin.min...@hortonworks.com>
>wrote:
>
>> I’m in favor of continuing to stabilize the 0.7.0 branch with the current
>> bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as quickly
>> as possible after that.
>> KNOX-641 ends up providing a wonderful new big feature set and we are
>> going to need to bandwidth to learn/absorb it.
>>
>> BTW here is my take on all of the commits from the branch point for
>> 0.6.0. Seems we are getting better with our CHANGES discipline but there
>> is still a great deal of room for improvement. The CHANGES file has ~30
>> entries for 0.7.0 and the list below has about ~90 entries.
>>
>> [KNOX-639] - Knoxcli.sh create-master should not allow empty strings
>> KNOX-640 - Make Cookie Domain Configurable
>> [KNOX-638] - Hive dispatch failing for secure clusters
>> KNOX-626 Minor fix to namespace parsing
>> KNOX-637 - Compilation Error in gateway-service-admin and gateway-test
>> test projects (arshad.mohammad via lmccay)
>> KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override
>> getUserPrincipal
>> KNOX-635 - open up default whitelist for dev - localhost
>> KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO
>> KNOX-634 - CORS Support as Part of WebAppSec Provider
>> KNOX-632 added back configuration for 'replayBufferSize'
>> KNOX-633: Upgrade apache commons-collections
>> KNOX-632: Oozie dispatch failing for secure clusters. Fix tests.
>> KNOX-632: Oozie dispatch failing for secure clusters
>> KNOX-625 initial template file for topology using ui proxy services
>> KNOX-623: Gateway provider rewriter doesn't support boolean attributes in
>> HTML.
>> KNOX-622 - Misconfigured providers should cause topology deployment to fail
>> KNOX-624: Expose configuration for Jetty's request and response buffer
>> sizes. Fix property names.
>> KNOX-624: Expose configuration for Jetty's request and response buffer
>> sizes
>> KNOX-621 - Simplify KnoxSSO API Resource Path
>> KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK version
>> issues
>> KNOX-394: Request and response URLs must be parsed as literals not
>> templates. Part 2.
>> KNOX-394: Request and response URLs must be parsed as literals not
>> templates
>> KNOX-617 - Add the use of CredentialCollectors to Samples
>> KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters
>> KNOX-611: Expose configuration for Jetty's thread pool and connection queue
>> KNOX-604: Expose configuration of HttpClient's max connections per route
>> setting
>> KNOX-614: Incorrect URI template expansion with {**} query params
>> #fragments
>> KNOX-615 Domain Cookies cannot Wildcard IP Addresses
>> KNOX-613 - Provide Credential Collector Abstraction to Client Shell
>> KNOX-610 - DefaultTokenService issueToken should never return null
>> KNOX-609 - Add unit tests for the SSOCookieFederationProvider.
>> KNOX-608: Improve Knox read and write performance by tuning buffer sizes.
>> KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings
>> KNOX-602 - protect against NPE in audience validation
>> KNOX-603: Coverity: Potential resource leak in
>> BaseKeystoreService.createKeystore
>> KNOX-602 JWT/SSO Cookie Based Federation Provider
>> KNOX-601: Knox test failures on windows
>> KNOX-600 setting all service params as filter params for dispatch
>> KNOX-593 removed replayBufferSize and CappedBufferHttpEntity references
>> KNOX-447: Incorrect parsing and expansion of valueless query params
>> KNOX-599: Template with {**} in queries are expanded with =null for query
>> params without a value
>> KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2
>> causes HTTP 401 error (due to Kerberos
>> KNOX-570 added zookeeper lookup capability for HS2 HA
>> KNOX-596: Add diagnostics to topology depoloyment
>> KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES.
>> KNOX-597: Improve diagnostic logging of HTTP traffic
>> KNOX-593 Moved SPNEGO code to httpclient
>> KNOX-584 Fix for UT instability in GatewayBasicFuncTest.testCLIServiceTest
>> KNOX-590 - add more ShiroProvider configuration support to KnoxCLI
>> sys-user-auth-test and user-auth-test
>> KNOX-582 Query Parameter rewrite does not honor empty string value
>> (jeffreyr via lmccay)
>> KNOX-581: Hive dispatch not propagating effective principal name
>> KNOX-580 Initial refactoring out of default HA dispatch
>> KNOX-579: Regex based identity assertion provider with static dictionary
>> lookup
>> KNOX-576: CLI user-auth-test should print a message when a user
>> successfully authenticates.
>> KNOX-565: Supporting All the Quick Links on Ambari Dashboard to Go Through
>> Knox
>> KNOX-564: NPE for Topology with no Providers Confgured
>> KNOX-575: Add more logging for LDAP Authentication issues with
>> ShiroProvider
>> KNOX-573: KNOX-574 make SecureOnly and MaxAge configurable for SSO
>> KNOX-549: Test service connections through Knox with Knox CLI
>> KNOX-566 - Make the Default Ephemeral DH Key Size 2048 for TLS
>> KNOX-460: UrlRewriteServletFilterTest failed with IBM JAVA
>> KNOX-423: XmlFilterReaderTest failed with IBM JVM JAVA
>> KNOX-548: LDAP Bind in Knox CLI. Fixed help usage.
>> KNOX-562: Fix Null pointer exceptions in KnoxCLI LDAP commands
>> KNOX-548: KnoxCLI adds a new system-user-auth-test command to test a
>> topology's system username and password
>> KNOX-560: Test LDAP Authentication+Authorization from KnoxCLI
>> KNOX-561: Allow Knox pid directory to be configured via the knox-env.sh
>> file
>> KNOX-559 renaming service definition files
>> KNOX-558: HttpClient connections are not always returned to the pool for
>> HBase on Windows
>> KNOX-554: Cannot access topologies through admin API if gateway.path is
>> modified
>> KNOX-556 - fix extraneous imports
>> KNOX-556 - provide better diagnostics for keystore failures
>> KNOX-555: Prevent dispatch client from attempting retry and redirects
>> KNOX-553: Added topology validation from KnoxCLI to TopologyService
>> deployment.
>> KNOX-547: Topology Validation in Knox CLI. Fix schema load from JAR
>> NullPointerException
>> KNOX-547: Topology Validation in Knox CLI
>> KNOX-550 reverting back to original hive kerberos dispatch behavior
>> KNOX-546 Consuming intermediate response during kerberos request
>> dispatching
>> KNOX-545 - Simplify Keystore Management for Cluster Scaleout
>> KNOX-544: Knox process does not exit if startup fails due to credential
>> store issues
>> KNOX-476 implementation for X-Forwarded-* headers support and population
>> KNOX-539 add message to identity mapping audit entries
>> KNOX-538: Log some important system properties at startup
>> KNOX-534 auditing shiro authentication exceptions
>> KNOX-533 - add version component to knoxsso url pattern
>> KNOX-291: Improve audit for topology deployment process
>> KNOX-532: Update root pom.xml maven-compiler-plugin configuration.
>> KNOX-531 fix extraneous audit entries and add additional principal mapping
>> test
>> KNOX-529 - second attempt to get all usecases - missed wildcard plus
>> explicit mappings before
>> KNOX-530 fixed oozie rewrite rules to handle missing port information
>> KNOX-529 - Fix wildcard based principal group mapping
>>
>>
>>
>>
>>
>>
>> On 12/15/15, 3:11 PM, "larry mccay" <lmc...@apache.org> wrote:
>>
>> >Knox dev's -
>> >
>> >We need to start locking down the release for 0.7.0.
>> >In preparation of this, Sumit created a branch a week or so ago and we
>> >should start considering the creation of a release candidate.
>> >
>> >I believe that I have to update the CHANGES file with an entry for a patch
>> >that I cherry picked into 0.7.0 branch and I will look into that shortly.
>> >
>> >Standout features include: KnoxSSO for WebSSO, HA support for numerous
>> >services, diagnostic commands for KnoxCLI, regex based identity
>> >assertion, better control over thread pool, connection queue and
>> >request/response buffers. The ability to proxy Hadoop UIs, CORS support
>> for
>> >cross origin request sharing and more. As well as a number of important
>> bug
>> >fixes.
>> >
>> >We do have an important feature coming from the community - specifically
>> >from Jérôme that will be committed in coming days. KNOX-641 adds a
>> >federation provider that integrates pac4j in order to add: OAuth,
>> Facebook,
>> >CAS, SAML, OpenID Connect. I think that this is an exciting integration
>> >that will require a bit of testing before it can be merged into a release
>> >branch.
>> >
>> >In my opinion, the set of features and improvements that are currently in
>> >the v0.7.0 branch more than justify a new release and delaying that any
>> >longer would be less than ideal.
>> >
>> >Concentrating on defining and testing the usecases that the pac4j provider
>> >will bring to the table post 0.7.0 and coming up with a compelling story
>> >for that feature set can be used to justify a release of its own. I think
>> >that we should target a feature release which we'll call 0.8.0 for now for
>> >a mid January timeframe.
>> >
>> >So, discussion points:
>> >
>> >1. Should we move forward with the 0.7.0 release once the CHANGES file is
>> >updated?
>> >2. Thoughts on holding the pac4j provider out until an early 2016 release
>> >when the main usecases are better defined and tested?
>> >
>> >thanks,
>> >
>> >--larry
>>
