Agreed, Phil. I have cut an RC but we need to address this first. I'll hold off on announcing it.
On Fri, Jul 13, 2018, 11:36 AM Phil Zampino <pzamp...@apache.org> wrote: > During some testing of the proposed 1.1.0 code, I've discovered some NPEs > in filters (e.g., AclsAuthorizationFilter, HadoopGroupProviderFilter), > which are concerning. > > I've committed a change to address the AclsAuthorizationFilter, but seeing > similar behavior for the HadoopGroupProviderFilter has increased my concern > that there may be a more fundamental problem. > In both cases, it seems that the filters are being invoked prior to (or > during) their respective init() methods have been invoked. Thus, members > which should be initialized in the init() method are not yet initialized. > > This can be consistently reproduced, though it is a bit of a pain: > > - Install Knox (‘ant install-test-home’, or just unzip knox-1.1.0.zip) > - Start the gateway > - Access the Admin UI > > > Note that the latest 1.1.0 source has a *fix* for the > AclsAuthorizationFilter NPE, but master does not yet have this change. This > is important because that change effectively hides the issue. > > I think we should determine what's happening with this before > producing/testing a release candidate. > > > > > On Sat, Feb 24, 2018 at 12:57 PM larry mccay <lmc...@apache.org> wrote: > > > All - > > > > Sorry for the delay on this topic. > > > > We are going to start of this planning thread with ~85 Unresolved JIRAs > in > > either 1.1.0 or 0.15.0 fixVersion. > > > > project = KNOX AND resolution = Unresolved AND fixVersion in (1.1.0, > > 0.15.0) ORDER BY priority DESC, updated DESC > > > > I will spend some time migrating all 0.15.0 to 1.1.0 to begin with and > then > > we will need to go through and see what is already taken care of or can > > wait for a 1.2.0 or later. > > > > I also have a couple KIPs in mind to target larger features/themes for > this > > release. > > > > Off the top of my head: > > > > * I think we need to address some cloud specific usecases and plan to > > provide a KIP for that. Hybrid cloud/federated knox instances, Azure AD > > integration, ID mapping from Hadoop user to IAM users/roles, etc. Perhaps > > some CASB-like features if they make sense. > > > > * I also think we need one for articulating a reasonable flow for Logout > in > > KnoxSSO. There are a lot of little nuances to logout across multiple apps > > and between different IDPs. This will require some discussion. > > > > * Another thing that has been tugging at my interest has been the fact > that > > we may be able provide some common libraries to help ecosystem > applications > > uptake the trusted proxy pattern and KnoxSSO. > > > > Anyway, these are my initial thoughts, please feel free to raise > additional > > ideas/themes for KIPs, etc. > > > > I was thinking that we could try and target an end of March or Mid April > > 1.1.0 release. > > > > Thoughts? > > > > --larry > > >
