The fix for the filter NPEs has been committed to 1.1.0 and master. I don't believe the other exception is related.
On Thu, Jul 19, 2018 at 4:15 PM larry mccay <lmc...@apache.org> wrote: > @Phil, I see a couple commits land that seem to address the NPE. > Is that correct? > > I have also seen an IllegalStateException during redirect from Admin UI to > KnoxSSO. > Has anyone seen this and/or is working on it - is it related to the NPE? > I don't think it is since I see it more frequently and not always with the > NPEs. > > I'd like to get a new RC cut by end of the week, if possible. > > On Fri, Jul 13, 2018 at 7:57 PM, larry mccay <lmc...@apache.org> wrote: > > > Agreed, Phil. > > I have cut an RC but we need to address this first. I'll hold off on > > announcing it. > > > > On Fri, Jul 13, 2018, 11:36 AM Phil Zampino <pzamp...@apache.org> wrote: > > > >> During some testing of the proposed 1.1.0 code, I've discovered some > NPEs > >> in filters (e.g., AclsAuthorizationFilter, HadoopGroupProviderFilter), > >> which are concerning. > >> > >> I've committed a change to address the AclsAuthorizationFilter, but > seeing > >> similar behavior for the HadoopGroupProviderFilter has increased my > >> concern > >> that there may be a more fundamental problem. > >> In both cases, it seems that the filters are being invoked prior to (or > >> during) their respective init() methods have been invoked. Thus, members > >> which should be initialized in the init() method are not yet > initialized. > >> > >> This can be consistently reproduced, though it is a bit of a pain: > >> > >> - Install Knox (‘ant install-test-home’, or just unzip > knox-1.1.0.zip) > >> - Start the gateway > >> - Access the Admin UI > >> > >> > >> Note that the latest 1.1.0 source has a *fix* for the > >> AclsAuthorizationFilter NPE, but master does not yet have this change. > >> This > >> is important because that change effectively hides the issue. > >> > >> I think we should determine what's happening with this before > >> producing/testing a release candidate. > >> > >> > >> > >> > >> On Sat, Feb 24, 2018 at 12:57 PM larry mccay <lmc...@apache.org> wrote: > >> > >> > All - > >> > > >> > Sorry for the delay on this topic. > >> > > >> > We are going to start of this planning thread with ~85 Unresolved > JIRAs > >> in > >> > either 1.1.0 or 0.15.0 fixVersion. > >> > > >> > project = KNOX AND resolution = Unresolved AND fixVersion in (1.1.0, > >> > 0.15.0) ORDER BY priority DESC, updated DESC > >> > > >> > I will spend some time migrating all 0.15.0 to 1.1.0 to begin with and > >> then > >> > we will need to go through and see what is already taken care of or > can > >> > wait for a 1.2.0 or later. > >> > > >> > I also have a couple KIPs in mind to target larger features/themes for > >> this > >> > release. > >> > > >> > Off the top of my head: > >> > > >> > * I think we need to address some cloud specific usecases and plan to > >> > provide a KIP for that. Hybrid cloud/federated knox instances, Azure > AD > >> > integration, ID mapping from Hadoop user to IAM users/roles, etc. > >> Perhaps > >> > some CASB-like features if they make sense. > >> > > >> > * I also think we need one for articulating a reasonable flow for > >> Logout in > >> > KnoxSSO. There are a lot of little nuances to logout across multiple > >> apps > >> > and between different IDPs. This will require some discussion. > >> > > >> > * Another thing that has been tugging at my interest has been the fact > >> that > >> > we may be able provide some common libraries to help ecosystem > >> applications > >> > uptake the trusted proxy pattern and KnoxSSO. > >> > > >> > Anyway, these are my initial thoughts, please feel free to raise > >> additional > >> > ideas/themes for KIPs, etc. > >> > > >> > I was thinking that we could try and target an end of March or Mid > April > >> > 1.1.0 release. > >> > > >> > Thoughts? > >> > > >> > --larry > >> > > >> > > >
