Re: [VOTE] Release Apache Knox 0.7.0

2015-12-21 Thread Kevin Minder 
+1 (binding)

Here is what I’ve done:
* Verified the signatures
* Cleanly built from source and executed the tests
* Tested WebHdfs, WebHCat, Oozie, HBase, Hive

Found some minor annoyances in the Groovy samples but we will address those in 
the planned 0.8.


On 12/17/15, 2:02 PM, "Kevin Minder"  wrote:

>A candidate for the Apache Knox 0.7.0 release is available at:
>https://dist.apache.org/repos/dist/dev/knox/knox-0.7.0/
>
>The release candidate is a zip archive of the sources (knox-0.7.0-src.zip) in:
>https://git-wip-us.apache.org/repos/asf/knox.git
>Branch v0.7.0 (git checkout -b v0.7.0)
>
>The SHA1 checksum of the archive (knox-0.7.0-src.zip) is 
>f1be8cd2d0b546ca8652fb7d2a5431bd217a0e11.
>The KEYS file for signature validation is available at: 
>https://dist.apache.org/repos/dist/release/knox/KEYS
>
>Please vote on releasing this package as Knox 0.7.0.
>The vote is open for the next 72 hours and passes if a majority of at
>least three +1 Knox PMC votes are cast.
>
>[ ] +1 Release this package as Knox 0.6.0
>[ ] -1 Do not release this package because...

Re: [VOTE] Release Apache Knox 0.7.0

2015-12-21 Thread Sumit Gupta 
+1 (binding)

* verified signatures
* pulled the 0.7.0 source branch, built and ran tests
* tested basic functionality of WebHDFS, WebHCAT, HBase, Yarn
(ResourceManager), Storm
* tested basic HA functionality with between two Hbase instances.
* tested UI services for HDFS, YARN and Hbase (there are some filed JIRAs
for the UI services).



On 12/21/15, 2:50 PM, "larry mccay"  wrote:

>+1 (binding)
>
>* verified signatures
>* pulled sources, build and ran tests
>* tested KnoxSSO with Shiro authentication provider with SSOCookieProvider
>* tested CORS support from an external web application with and without
>KnoxSSO
>* tested various configurations of KnoxSSO whitelisting for redirect
>management
>* webhdfs list, get and put from groovy, curl and nodejs client
>* webhcat job, queue from groovy and nodejs client
>* hive create and populate and query table from LOCAL sample.log file from
>groovy sample
>
>Will file JIRAs to update docs with appropriate jar versions for Hive
>sample and to update the sample with better comments and instructions.
>The doc changes can be made for 0.7.0 but any changes to the samples or
>supporting classes are fine in a follow up release.
>
>
>On Mon, Dec 21, 2015 at 2:35 PM, Kevin Minder
>
>wrote:
>
>> +1 (binding)
>>
>> Here is what I¹ve done:
>> * Verified the signatures
>> * Cleanly built from source and executed the tests
>> * Tested WebHdfs, WebHCat, Oozie, HBase, Hive
>>
>> Found some minor annoyances in the Groovy samples but we will address
>> those in the planned 0.8.
>>
>>
>> On 12/17/15, 2:02 PM, "Kevin Minder" 
>>wrote:
>>
>> >A candidate for the Apache Knox 0.7.0 release is available at:
>> >https://dist.apache.org/repos/dist/dev/knox/knox-0.7.0/
>> >
>> >The release candidate is a zip archive of the sources
>> (knox-0.7.0-src.zip) in:
>> >https://git-wip-us.apache.org/repos/asf/knox.git
>> >Branch v0.7.0 (git checkout -b v0.7.0)
>> >
>> >The SHA1 checksum of the archive (knox-0.7.0-src.zip) is
>> f1be8cd2d0b546ca8652fb7d2a5431bd217a0e11.
>> >The KEYS file for signature validation is available at:
>> https://dist.apache.org/repos/dist/release/knox/KEYS
>> >
>> >Please vote on releasing this package as Knox 0.7.0.
>> >The vote is open for the next 72 hours and passes if a majority of at
>> >least three +1 Knox PMC votes are cast.
>> >
>> >[ ] +1 Release this package as Knox 0.6.0
>> >[ ] -1 Do not release this package because...
>>

[jira] [Updated] (KNOX-641) Support CAS / OAuth / OpenID C / SAML protocols using pac4j

2015-12-21 Thread Larry McCay (JIRA) 

 [ 
https://issues.apache.org/jira/browse/KNOX-641?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated KNOX-641:
-
Fix Version/s: (was: 0.7.0)
   0.8.0

> Support CAS / OAuth / OpenID C / SAML protocols using pac4j
> ---
>
> Key: KNOX-641
> URL: https://issues.apache.org/jira/browse/KNOX-641
> Project: Apache Knox
>  Issue Type: New Feature
>Reporter: Jérôme Leleu
>Assignee: Jérôme Leleu
> Fix For: 0.8.0
>
> Attachments: KNOX-641.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KNOX-641) Support CAS / OAuth / OpenID C / SAML protocols using pac4j

2015-12-21 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/KNOX-641?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jérôme Leleu updated KNOX-641:
--
Attachment: knox641.patch2

Second patch

> Support CAS / OAuth / OpenID C / SAML protocols using pac4j
> ---
>
> Key: KNOX-641
> URL: https://issues.apache.org/jira/browse/KNOX-641
> Project: Apache Knox
>  Issue Type: New Feature
>Reporter: Jérôme Leleu
>Assignee: Jérôme Leleu
> Fix For: 0.8.0
>
> Attachments: KNOX-641.patch, knox641.patch2
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KNOX-641) Support CAS / OAuth / OpenID C / SAML protocols using pac4j

2015-12-21 Thread JIRA 

[ 
https://issues.apache.org/jira/browse/KNOX-641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15067667#comment-15067667
 ] 

Jérôme Leleu commented on KNOX-641:
---

Yes, you get it right: the `testBasicAuth` provider only has pac4j cookies, no 
specific session: it has nothing to do with a SAML IdP or a CAS server. 
Removing pac4j session would not invalidate the KnoxSSO session, nor the SAML / 
CAS / OpenID Connect session. I will update the pull request once more.

> Support CAS / OAuth / OpenID C / SAML protocols using pac4j
> ---
>
> Key: KNOX-641
> URL: https://issues.apache.org/jira/browse/KNOX-641
> Project: Apache Knox
>  Issue Type: New Feature
>Reporter: Jérôme Leleu
>Assignee: Jérôme Leleu
> Fix For: 0.8.0
>
> Attachments: KNOX-641.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KNOX-641) Support CAS / OAuth / OpenID C / SAML protocols using pac4j

2015-12-21 Thread Larry McCay (JIRA) 

[ 
https://issues.apache.org/jira/browse/KNOX-641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15066385#comment-15066385
 ] 

Larry McCay commented on KNOX-641:
--

If my understanding is correct then for testBasicAuth there is no separate 
identity provider cookies because it is only a feature of the pac4j provider. 
Therefore, removing the pac4j session would only invalidate the testBasicAuth 
session - real SAML sessions would still be active, a new pac4j session would 
be created on the next request resulting in a new Knox session cookie. Without 
forcing a new authentication for the enduser. That is, unless someone snuck in 
a testBasicAuth somehow as well.

If that is accurate then I am +1 on the approach.

> Support CAS / OAuth / OpenID C / SAML protocols using pac4j
> ---
>
> Key: KNOX-641
> URL: https://issues.apache.org/jira/browse/KNOX-641
> Project: Apache Knox
>  Issue Type: New Feature
>Reporter: Jérôme Leleu
>Assignee: Jérôme Leleu
> Fix For: 0.7.0
>
> Attachments: KNOX-641.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)