[jira] [Work logged] (KNOX-3094) Update CM API swagger to 7.13.1

Thu, 20 Feb 2025 10:03:36 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-3094?focusedWorklogId=958000&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-958000
 ]

ASF GitHub Bot logged work on KNOX-3094:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 20/Feb/25 17:26
            Start Date: 20/Feb/25 17:26
    Worklog Time Spent: 10m 
      Work Description: bonampak commented on PR #992:
URL: https://github.com/apache/knox/pull/992#issuecomment-2672185075

   Okhttp 4.x is written in Kotlin and needs the kotlin-stdlib artifacts.
   
   The com.cloudera.api.swagger:cloudera-manager-api-swagger:7.13.1 brings in
   ```
   <gson-fire-version>1.8.5</gson-fire-version>
   <swagger-core-version>2.0.0</swagger-core-version>
   <okhttp-version>4.10.0</okhttp-version>
   <gson-version>2.10.1</gson-version>
   ```
   
   Okhttp 4.10 is not the latest, but the swagger-codegen library only has this 
option.
   
   From the CM part, they would have liked to set the okhttp3 version to 4.12. 
but swagger-codegen is bringing internally version 4.10
   
https://github.com/swagger-api/swagger-codegen/blob/master/modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavaClientCodegen.java#L89
   
   https://github.com/swagger-api/swagger-codegen/issues/12337
   (It seems that openapi-generator with okhttp 4.12 - gson or with httpclient 
5 could be used instead of swagger-codegen.) 
   
   So we need to bump okhttp to 4.12.0, and I was also asked to upgrade 
gson-fire to 1.9.0; the latter has a gson:2.10.1 dependency (we had 2.8.9).
   
   The kotlin libraries are upgraded to 1.9.10 because of dependency 
convergence issues:
   
   ```
   Dependency convergence error for 
org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.21 paths to dependency are:
   +-org.apache.knox:gateway-discovery-cm:2.1.0-SNAPSHOT
     +-com.cloudera.api.swagger:cloudera-manager-api-swagger:7.13.1
       +-com.squareup.okhttp3:logging-interceptor:4.12.0
         +-org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.21
   and
   +-org.apache.knox:gateway-discovery-cm:2.1.0-SNAPSHOT
     +-com.squareup.okhttp3:okhttp:4.12.0
       +-com.squareup.okio:okio:3.6.0
         +-com.squareup.okio:okio-jvm:3.6.0
           +-org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.9.10
   and
   +-org.apache.knox:gateway-discovery-cm:2.1.0-SNAPSHOT
     +-com.squareup.okhttp3:okhttp:4.12.0
       +-org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.21
   ```
   
   https://github.com/square/okhttp/issues/8288
   
   "OkHttp 4.12.0 expects you to use any version of kotlin greater than or 
equal to 1.8.21. We don't rush out a release each time okio releases with a 
newer Kotlin. This isn't a thing we worry about at all." ... "It's already 
fixed in the 5.0 alphas.".
   
   Due to these issues, teams either remain on the latest non-kotlin version or 
remove okhttp:
   https://issues.apache.org/jira/browse/HADOOP-18496 upgrade kotlin-stdlib due 
to CVEs
   https://issues.apache.org/jira/browse/HADOOP-18890 Remove use of okhttp in 
runtime code.
   
   org.jetbrains:annotations also needed to be resolved:
   ```
   Dependency convergence error for org.jetbrains:annotations:16.0.2 paths to 
dependency are:
   +-org.apache.knox:gateway-discovery-cm:2.1.0-SNAPSHOT
     +-org.apache.knox:gateway-server:2.1.0-SNAPSHOT
       +-org.jetbrains.pty4j:pty4j:0.11.4
         +-org.jetbrains:annotations:16.0.2
   and
   +-org.apache.knox:gateway-discovery-cm:2.1.0-SNAPSHOT
     +-com.squareup.okhttp3:okhttp:4.12.0
       +-org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.9.10
         +-org.jetbrains.kotlin:kotlin-stdlib:1.9.10
           +-org.jetbrains:annotations:13.0
   ```
   I excluded it from kotlin-stdlib because by simply adding to 
dependencyManagement would cause it to become a compile-time dependency on 
pty4j.
   
   The okio dependency was pinned to 3.6.0 because of this:
   
   ```
   Dependency convergence error for com.squareup.okio:okio:1.6.0 paths to 
dependency are:
   +-org.apache.knox:gateway-test-release:2.1.0-SNAPSHOT
     +-org.apache.hadoop:hadoop-hdfs-client:3.2.4
       +-com.squareup.okhttp:okhttp:2.7.5
         +-com.squareup.okio:okio:1.6.0
   and
   +-org.apache.knox:gateway-test-release:2.1.0-SNAPSHOT
     +-org.apache.knox:gateway-release:2.1.0-SNAPSHOT
       +-org.apache.knox:gateway-discovery-cm:2.1.0-SNAPSHOT
         +-com.squareup.okhttp3:okhttp:4.12.0
           +-com.squareup.okio:okio:3.6.0
   ```
   hadoop-hdfs-client is a test dependency (so the old okhttp:2.7.5 will not be 
in our release artifact dependencies) and okio is backwards-compatible:
   https://github.com/square/okio/issues/1323
   
   




Issue Time Tracking
-------------------

    Worklog Id:     (was: 958000)
    Time Spent: 50m  (was: 40m)

> Update CM API swagger to 7.13.1
> -------------------------------
>
>                 Key: KNOX-3094
>                 URL: https://issues.apache.org/jira/browse/KNOX-3094
>             Project: Apache Knox
>          Issue Type: Task
>          Components: cm-discovery
>    Affects Versions: 2.1.0
>            Reporter: Tamás Marcinkovics
>            Assignee: Tamás Marcinkovics
>            Priority: Major
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> As a pre-requisite for the CM service discovery update task KNOX-3084, we 
> need to update com.cloudera.api.swagger:cloudera-manager-api-swagger to 
> 7.13.1.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to