Re: [DISCUSS] Preparing for 0.7.0 Release
errr - rc1 that is... On Thu, Dec 17, 2015 at 2:14 PM, larry mccay wrote: > Great! > > We can start a VOTE for releasing rc0 then? > > > On Thu, Dec 17, 2015 at 2:03 PM, Kevin Minder < > kevin.min...@hortonworks.com> wrote: > >> Ok since this seems to have quieted down with no objections I’ve created >> RC1. >> >> >> >> >> On 12/16/15, 11:33 AM, "Kevin Minder" >> wrote: >> >> >Hi Everyone, >> >I’ve practiced through the release mechanics so I’ll volunteer for be >> the release manager for 0.7.0 assuming we all agree to move forward. >> >Kevin. >> > >> > >> > >> > >> >On 12/15/15, 4:29 PM, "larry mccay" wrote: >> > >> >>I will take on the task of merging the lists and prepare a patch for >> that >> >>immediately. >> >> >> >>On Tue, Dec 15, 2015 at 4:27 PM, Kevin Minder < >> kevin.min...@hortonworks.com> >> >>wrote: >> >> >> >>> I’m in favor of continuing to stabilize the 0.7.0 branch with the >> current >> >>> bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as >> quickly >> >>> as possible after that. >> >>> KNOX-641 ends up providing a wonderful new big feature set and we are >> >>> going to need to bandwidth to learn/absorb it. >> >>> >> >>> BTW here is my take on all of the commits from the branch point for >> >>> 0.6.0. Seems we are getting better with our CHANGES discipline but >> there >> >>> is still a great deal of room for improvement. The CHANGES file has >> ~30 >> >>> entries for 0.7.0 and the list below has about ~90 entries. >> >>> >> >>> [KNOX-639] - Knoxcli.sh create-master should not allow empty strings >> >>> KNOX-640 - Make Cookie Domain Configurable >> >>> [KNOX-638] - Hive dispatch failing for secure clusters >> >>> KNOX-626 Minor fix to namespace parsing >> >>> KNOX-637 - Compilation Error in gateway-service-admin and gateway-test >> >>> test projects (arshad.mohammad via lmccay) >> >>> KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override >> >>> getUserPrincipal >> >>> KNOX-635 - open up default whitelist for dev - localhost >> >>> KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO >> >>> KNOX-634 - CORS Support as Part of WebAppSec Provider >> >>> KNOX-632 added back configuration for 'replayBufferSize' >> >>> KNOX-633: Upgrade apache commons-collections >> >>> KNOX-632: Oozie dispatch failing for secure clusters. Fix tests. >> >>> KNOX-632: Oozie dispatch failing for secure clusters >> >>> KNOX-625 initial template file for topology using ui proxy services >> >>> KNOX-623: Gateway provider rewriter doesn't support boolean >> attributes in >> >>> HTML. >> >>> KNOX-622 - Misconfigured providers should cause topology deployment >> to fail >> >>> KNOX-624: Expose configuration for Jetty's request and response buffer >> >>> sizes. Fix property names. >> >>> KNOX-624: Expose configuration for Jetty's request and response buffer >> >>> sizes >> >>> KNOX-621 - Simplify KnoxSSO API Resource Path >> >>> KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK >> version >> >>> issues >> >>> KNOX-394: Request and response URLs must be parsed as literals not >> >>> templates. Part 2. >> >>> KNOX-394: Request and response URLs must be parsed as literals not >> >>> templates >> >>> KNOX-617 - Add the use of CredentialCollectors to Samples >> >>> KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special >> characters >> >>> KNOX-611: Expose configuration for Jetty's thread pool and connection >> queue >> >>> KNOX-604: Expose configuration of HttpClient's max connections per >> route >> >>> setting >> >>> KNOX-614: Incorrect URI template expansion with {**} query params >> >>> #fragments >> >>> KNOX-615 Domain Cookies cannot Wildcard IP Addresses >> >>> KNOX-613 - Provide Credential Collector Abstraction to Client Shell >> >>> KNOX-610 - DefaultTokenService issueToken should never return null >> >>> KNOX-609 - Add unit tests for the SSOCookieFederationProvider. >> >>> KNOX-608: Improve Knox read and write performance by tuning buffer >> sizes. >> >>> KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings >> >>> KNOX-602 - protect against NPE in audience validation >> >>> KNOX-603: Coverity: Potential resource leak in >> >>> BaseKeystoreService.createKeystore >> >>> KNOX-602 JWT/SSO Cookie Based Federation Provider >> >>> KNOX-601: Knox test failures on windows >> >>> KNOX-600 setting all service params as filter params for dispatch >> >>> KNOX-593 removed replayBufferSize and CappedBufferHttpEntity >> references >> >>> KNOX-447: Incorrect parsing and expansion of valueless query params >> >>> KNOX-599: Template with {**} in queries are expanded with =null for >> query >> >>> params without a value >> >>> KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 >> >>> causes HTTP 401 error (due to Kerberos >> >>> KNOX-570 added zookeeper lookup capability for HS2 HA >> >>> KNOX-596: Add diagnostics to topology depoloyment >> >>> KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES. >> >>> KNOX-597:
Re: [DISCUSS] Preparing for 0.7.0 Release
Great! We can start a VOTE for releasing rc0 then? On Thu, Dec 17, 2015 at 2:03 PM, Kevin Minder wrote: > Ok since this seems to have quieted down with no objections I’ve created > RC1. > > > > > On 12/16/15, 11:33 AM, "Kevin Minder" > wrote: > > >Hi Everyone, > >I’ve practiced through the release mechanics so I’ll volunteer for be the > release manager for 0.7.0 assuming we all agree to move forward. > >Kevin. > > > > > > > > > >On 12/15/15, 4:29 PM, "larry mccay" wrote: > > > >>I will take on the task of merging the lists and prepare a patch for that > >>immediately. > >> > >>On Tue, Dec 15, 2015 at 4:27 PM, Kevin Minder < > kevin.min...@hortonworks.com> > >>wrote: > >> > >>> I’m in favor of continuing to stabilize the 0.7.0 branch with the > current > >>> bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as > quickly > >>> as possible after that. > >>> KNOX-641 ends up providing a wonderful new big feature set and we are > >>> going to need to bandwidth to learn/absorb it. > >>> > >>> BTW here is my take on all of the commits from the branch point for > >>> 0.6.0. Seems we are getting better with our CHANGES discipline but > there > >>> is still a great deal of room for improvement. The CHANGES file has > ~30 > >>> entries for 0.7.0 and the list below has about ~90 entries. > >>> > >>> [KNOX-639] - Knoxcli.sh create-master should not allow empty strings > >>> KNOX-640 - Make Cookie Domain Configurable > >>> [KNOX-638] - Hive dispatch failing for secure clusters > >>> KNOX-626 Minor fix to namespace parsing > >>> KNOX-637 - Compilation Error in gateway-service-admin and gateway-test > >>> test projects (arshad.mohammad via lmccay) > >>> KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override > >>> getUserPrincipal > >>> KNOX-635 - open up default whitelist for dev - localhost > >>> KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO > >>> KNOX-634 - CORS Support as Part of WebAppSec Provider > >>> KNOX-632 added back configuration for 'replayBufferSize' > >>> KNOX-633: Upgrade apache commons-collections > >>> KNOX-632: Oozie dispatch failing for secure clusters. Fix tests. > >>> KNOX-632: Oozie dispatch failing for secure clusters > >>> KNOX-625 initial template file for topology using ui proxy services > >>> KNOX-623: Gateway provider rewriter doesn't support boolean attributes > in > >>> HTML. > >>> KNOX-622 - Misconfigured providers should cause topology deployment to > fail > >>> KNOX-624: Expose configuration for Jetty's request and response buffer > >>> sizes. Fix property names. > >>> KNOX-624: Expose configuration for Jetty's request and response buffer > >>> sizes > >>> KNOX-621 - Simplify KnoxSSO API Resource Path > >>> KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK > version > >>> issues > >>> KNOX-394: Request and response URLs must be parsed as literals not > >>> templates. Part 2. > >>> KNOX-394: Request and response URLs must be parsed as literals not > >>> templates > >>> KNOX-617 - Add the use of CredentialCollectors to Samples > >>> KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters > >>> KNOX-611: Expose configuration for Jetty's thread pool and connection > queue > >>> KNOX-604: Expose configuration of HttpClient's max connections per > route > >>> setting > >>> KNOX-614: Incorrect URI template expansion with {**} query params > >>> #fragments > >>> KNOX-615 Domain Cookies cannot Wildcard IP Addresses > >>> KNOX-613 - Provide Credential Collector Abstraction to Client Shell > >>> KNOX-610 - DefaultTokenService issueToken should never return null > >>> KNOX-609 - Add unit tests for the SSOCookieFederationProvider. > >>> KNOX-608: Improve Knox read and write performance by tuning buffer > sizes. > >>> KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings > >>> KNOX-602 - protect against NPE in audience validation > >>> KNOX-603: Coverity: Potential resource leak in > >>> BaseKeystoreService.createKeystore > >>> KNOX-602 JWT/SSO Cookie Based Federation Provider > >>> KNOX-601: Knox test failures on windows > >>> KNOX-600 setting all service params as filter params for dispatch > >>> KNOX-593 removed replayBufferSize and CappedBufferHttpEntity references > >>> KNOX-447: Incorrect parsing and expansion of valueless query params > >>> KNOX-599: Template with {**} in queries are expanded with =null for > query > >>> params without a value > >>> KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 > >>> causes HTTP 401 error (due to Kerberos > >>> KNOX-570 added zookeeper lookup capability for HS2 HA > >>> KNOX-596: Add diagnostics to topology depoloyment > >>> KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES. > >>> KNOX-597: Improve diagnostic logging of HTTP traffic > >>> KNOX-593 Moved SPNEGO code to httpclient > >>> KNOX-584 Fix for UT instability in > GatewayBasicFuncTest.testCLIServiceTest > >>> KNOX-590 - add more ShiroProvider configuration support
Re: [DISCUSS] Preparing for 0.7.0 Release
Ok since this seems to have quieted down with no objections I’ve created RC1. On 12/16/15, 11:33 AM, "Kevin Minder" wrote: >Hi Everyone, >I’ve practiced through the release mechanics so I’ll volunteer for be the >release manager for 0.7.0 assuming we all agree to move forward. >Kevin. > > > > >On 12/15/15, 4:29 PM, "larry mccay" wrote: > >>I will take on the task of merging the lists and prepare a patch for that >>immediately. >> >>On Tue, Dec 15, 2015 at 4:27 PM, Kevin Minder >>wrote: >> >>> I’m in favor of continuing to stabilize the 0.7.0 branch with the current >>> bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as quickly >>> as possible after that. >>> KNOX-641 ends up providing a wonderful new big feature set and we are >>> going to need to bandwidth to learn/absorb it. >>> >>> BTW here is my take on all of the commits from the branch point for >>> 0.6.0. Seems we are getting better with our CHANGES discipline but there >>> is still a great deal of room for improvement. The CHANGES file has ~30 >>> entries for 0.7.0 and the list below has about ~90 entries. >>> >>> [KNOX-639] - Knoxcli.sh create-master should not allow empty strings >>> KNOX-640 - Make Cookie Domain Configurable >>> [KNOX-638] - Hive dispatch failing for secure clusters >>> KNOX-626 Minor fix to namespace parsing >>> KNOX-637 - Compilation Error in gateway-service-admin and gateway-test >>> test projects (arshad.mohammad via lmccay) >>> KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override >>> getUserPrincipal >>> KNOX-635 - open up default whitelist for dev - localhost >>> KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO >>> KNOX-634 - CORS Support as Part of WebAppSec Provider >>> KNOX-632 added back configuration for 'replayBufferSize' >>> KNOX-633: Upgrade apache commons-collections >>> KNOX-632: Oozie dispatch failing for secure clusters. Fix tests. >>> KNOX-632: Oozie dispatch failing for secure clusters >>> KNOX-625 initial template file for topology using ui proxy services >>> KNOX-623: Gateway provider rewriter doesn't support boolean attributes in >>> HTML. >>> KNOX-622 - Misconfigured providers should cause topology deployment to fail >>> KNOX-624: Expose configuration for Jetty's request and response buffer >>> sizes. Fix property names. >>> KNOX-624: Expose configuration for Jetty's request and response buffer >>> sizes >>> KNOX-621 - Simplify KnoxSSO API Resource Path >>> KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK version >>> issues >>> KNOX-394: Request and response URLs must be parsed as literals not >>> templates. Part 2. >>> KNOX-394: Request and response URLs must be parsed as literals not >>> templates >>> KNOX-617 - Add the use of CredentialCollectors to Samples >>> KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters >>> KNOX-611: Expose configuration for Jetty's thread pool and connection queue >>> KNOX-604: Expose configuration of HttpClient's max connections per route >>> setting >>> KNOX-614: Incorrect URI template expansion with {**} query params >>> #fragments >>> KNOX-615 Domain Cookies cannot Wildcard IP Addresses >>> KNOX-613 - Provide Credential Collector Abstraction to Client Shell >>> KNOX-610 - DefaultTokenService issueToken should never return null >>> KNOX-609 - Add unit tests for the SSOCookieFederationProvider. >>> KNOX-608: Improve Knox read and write performance by tuning buffer sizes. >>> KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings >>> KNOX-602 - protect against NPE in audience validation >>> KNOX-603: Coverity: Potential resource leak in >>> BaseKeystoreService.createKeystore >>> KNOX-602 JWT/SSO Cookie Based Federation Provider >>> KNOX-601: Knox test failures on windows >>> KNOX-600 setting all service params as filter params for dispatch >>> KNOX-593 removed replayBufferSize and CappedBufferHttpEntity references >>> KNOX-447: Incorrect parsing and expansion of valueless query params >>> KNOX-599: Template with {**} in queries are expanded with =null for query >>> params without a value >>> KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 >>> causes HTTP 401 error (due to Kerberos >>> KNOX-570 added zookeeper lookup capability for HS2 HA >>> KNOX-596: Add diagnostics to topology depoloyment >>> KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES. >>> KNOX-597: Improve diagnostic logging of HTTP traffic >>> KNOX-593 Moved SPNEGO code to httpclient >>> KNOX-584 Fix for UT instability in GatewayBasicFuncTest.testCLIServiceTest >>> KNOX-590 - add more ShiroProvider configuration support to KnoxCLI >>> sys-user-auth-test and user-auth-test >>> KNOX-582 Query Parameter rewrite does not honor empty string value >>> (jeffreyr via lmccay) >>> KNOX-581: Hive dispatch not propagating effective principal name >>> KNOX-580 Initial refactoring out of default HA dispatch >>> KNOX-579: Regex based identity assertion provider with static dictionary
Re: [DISCUSS] Preparing for 0.7.0 Release
Thanks, Kevin! On Wed, Dec 16, 2015 at 11:33 AM, Kevin Minder wrote: > Hi Everyone, > I’ve practiced through the release mechanics so I’ll volunteer for be the > release manager for 0.7.0 assuming we all agree to move forward. > Kevin. > > > > > On 12/15/15, 4:29 PM, "larry mccay" wrote: > > >I will take on the task of merging the lists and prepare a patch for that > >immediately. > > > >On Tue, Dec 15, 2015 at 4:27 PM, Kevin Minder < > kevin.min...@hortonworks.com> > >wrote: > > > >> I’m in favor of continuing to stabilize the 0.7.0 branch with the > current > >> bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as > quickly > >> as possible after that. > >> KNOX-641 ends up providing a wonderful new big feature set and we are > >> going to need to bandwidth to learn/absorb it. > >> > >> BTW here is my take on all of the commits from the branch point for > >> 0.6.0. Seems we are getting better with our CHANGES discipline but > there > >> is still a great deal of room for improvement. The CHANGES file has ~30 > >> entries for 0.7.0 and the list below has about ~90 entries. > >> > >> [KNOX-639] - Knoxcli.sh create-master should not allow empty strings > >> KNOX-640 - Make Cookie Domain Configurable > >> [KNOX-638] - Hive dispatch failing for secure clusters > >> KNOX-626 Minor fix to namespace parsing > >> KNOX-637 - Compilation Error in gateway-service-admin and gateway-test > >> test projects (arshad.mohammad via lmccay) > >> KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override > >> getUserPrincipal > >> KNOX-635 - open up default whitelist for dev - localhost > >> KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO > >> KNOX-634 - CORS Support as Part of WebAppSec Provider > >> KNOX-632 added back configuration for 'replayBufferSize' > >> KNOX-633: Upgrade apache commons-collections > >> KNOX-632: Oozie dispatch failing for secure clusters. Fix tests. > >> KNOX-632: Oozie dispatch failing for secure clusters > >> KNOX-625 initial template file for topology using ui proxy services > >> KNOX-623: Gateway provider rewriter doesn't support boolean attributes > in > >> HTML. > >> KNOX-622 - Misconfigured providers should cause topology deployment to > fail > >> KNOX-624: Expose configuration for Jetty's request and response buffer > >> sizes. Fix property names. > >> KNOX-624: Expose configuration for Jetty's request and response buffer > >> sizes > >> KNOX-621 - Simplify KnoxSSO API Resource Path > >> KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK > version > >> issues > >> KNOX-394: Request and response URLs must be parsed as literals not > >> templates. Part 2. > >> KNOX-394: Request and response URLs must be parsed as literals not > >> templates > >> KNOX-617 - Add the use of CredentialCollectors to Samples > >> KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters > >> KNOX-611: Expose configuration for Jetty's thread pool and connection > queue > >> KNOX-604: Expose configuration of HttpClient's max connections per route > >> setting > >> KNOX-614: Incorrect URI template expansion with {**} query params > >> #fragments > >> KNOX-615 Domain Cookies cannot Wildcard IP Addresses > >> KNOX-613 - Provide Credential Collector Abstraction to Client Shell > >> KNOX-610 - DefaultTokenService issueToken should never return null > >> KNOX-609 - Add unit tests for the SSOCookieFederationProvider. > >> KNOX-608: Improve Knox read and write performance by tuning buffer > sizes. > >> KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings > >> KNOX-602 - protect against NPE in audience validation > >> KNOX-603: Coverity: Potential resource leak in > >> BaseKeystoreService.createKeystore > >> KNOX-602 JWT/SSO Cookie Based Federation Provider > >> KNOX-601: Knox test failures on windows > >> KNOX-600 setting all service params as filter params for dispatch > >> KNOX-593 removed replayBufferSize and CappedBufferHttpEntity references > >> KNOX-447: Incorrect parsing and expansion of valueless query params > >> KNOX-599: Template with {**} in queries are expanded with =null for > query > >> params without a value > >> KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 > >> causes HTTP 401 error (due to Kerberos > >> KNOX-570 added zookeeper lookup capability for HS2 HA > >> KNOX-596: Add diagnostics to topology depoloyment > >> KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES. > >> KNOX-597: Improve diagnostic logging of HTTP traffic > >> KNOX-593 Moved SPNEGO code to httpclient > >> KNOX-584 Fix for UT instability in > GatewayBasicFuncTest.testCLIServiceTest > >> KNOX-590 - add more ShiroProvider configuration support to KnoxCLI > >> sys-user-auth-test and user-auth-test > >> KNOX-582 Query Parameter rewrite does not honor empty string value > >> (jeffreyr via lmccay) > >> KNOX-581: Hive dispatch not propagating effective principal name > >> KNOX-580 Initial refactoring out of default HA
Re: [DISCUSS] Preparing for 0.7.0 Release
Hi Everyone, I’ve practiced through the release mechanics so I’ll volunteer for be the release manager for 0.7.0 assuming we all agree to move forward. Kevin. On 12/15/15, 4:29 PM, "larry mccay" wrote: >I will take on the task of merging the lists and prepare a patch for that >immediately. > >On Tue, Dec 15, 2015 at 4:27 PM, Kevin Minder >wrote: > >> I’m in favor of continuing to stabilize the 0.7.0 branch with the current >> bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as quickly >> as possible after that. >> KNOX-641 ends up providing a wonderful new big feature set and we are >> going to need to bandwidth to learn/absorb it. >> >> BTW here is my take on all of the commits from the branch point for >> 0.6.0. Seems we are getting better with our CHANGES discipline but there >> is still a great deal of room for improvement. The CHANGES file has ~30 >> entries for 0.7.0 and the list below has about ~90 entries. >> >> [KNOX-639] - Knoxcli.sh create-master should not allow empty strings >> KNOX-640 - Make Cookie Domain Configurable >> [KNOX-638] - Hive dispatch failing for secure clusters >> KNOX-626 Minor fix to namespace parsing >> KNOX-637 - Compilation Error in gateway-service-admin and gateway-test >> test projects (arshad.mohammad via lmccay) >> KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override >> getUserPrincipal >> KNOX-635 - open up default whitelist for dev - localhost >> KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO >> KNOX-634 - CORS Support as Part of WebAppSec Provider >> KNOX-632 added back configuration for 'replayBufferSize' >> KNOX-633: Upgrade apache commons-collections >> KNOX-632: Oozie dispatch failing for secure clusters. Fix tests. >> KNOX-632: Oozie dispatch failing for secure clusters >> KNOX-625 initial template file for topology using ui proxy services >> KNOX-623: Gateway provider rewriter doesn't support boolean attributes in >> HTML. >> KNOX-622 - Misconfigured providers should cause topology deployment to fail >> KNOX-624: Expose configuration for Jetty's request and response buffer >> sizes. Fix property names. >> KNOX-624: Expose configuration for Jetty's request and response buffer >> sizes >> KNOX-621 - Simplify KnoxSSO API Resource Path >> KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK version >> issues >> KNOX-394: Request and response URLs must be parsed as literals not >> templates. Part 2. >> KNOX-394: Request and response URLs must be parsed as literals not >> templates >> KNOX-617 - Add the use of CredentialCollectors to Samples >> KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters >> KNOX-611: Expose configuration for Jetty's thread pool and connection queue >> KNOX-604: Expose configuration of HttpClient's max connections per route >> setting >> KNOX-614: Incorrect URI template expansion with {**} query params >> #fragments >> KNOX-615 Domain Cookies cannot Wildcard IP Addresses >> KNOX-613 - Provide Credential Collector Abstraction to Client Shell >> KNOX-610 - DefaultTokenService issueToken should never return null >> KNOX-609 - Add unit tests for the SSOCookieFederationProvider. >> KNOX-608: Improve Knox read and write performance by tuning buffer sizes. >> KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings >> KNOX-602 - protect against NPE in audience validation >> KNOX-603: Coverity: Potential resource leak in >> BaseKeystoreService.createKeystore >> KNOX-602 JWT/SSO Cookie Based Federation Provider >> KNOX-601: Knox test failures on windows >> KNOX-600 setting all service params as filter params for dispatch >> KNOX-593 removed replayBufferSize and CappedBufferHttpEntity references >> KNOX-447: Incorrect parsing and expansion of valueless query params >> KNOX-599: Template with {**} in queries are expanded with =null for query >> params without a value >> KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 >> causes HTTP 401 error (due to Kerberos >> KNOX-570 added zookeeper lookup capability for HS2 HA >> KNOX-596: Add diagnostics to topology depoloyment >> KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES. >> KNOX-597: Improve diagnostic logging of HTTP traffic >> KNOX-593 Moved SPNEGO code to httpclient >> KNOX-584 Fix for UT instability in GatewayBasicFuncTest.testCLIServiceTest >> KNOX-590 - add more ShiroProvider configuration support to KnoxCLI >> sys-user-auth-test and user-auth-test >> KNOX-582 Query Parameter rewrite does not honor empty string value >> (jeffreyr via lmccay) >> KNOX-581: Hive dispatch not propagating effective principal name >> KNOX-580 Initial refactoring out of default HA dispatch >> KNOX-579: Regex based identity assertion provider with static dictionary >> lookup >> KNOX-576: CLI user-auth-test should print a message when a user >> successfully authenticates. >> KNOX-565: Supporting All the Quick Links on Ambari Dashboard to Go Through >> Knox >> KNOX-564: NPE for Topology
Re: [DISCUSS] Preparing for 0.7.0 Release
Vow. A lot of cool and major features have been done. Definitely time for release mile stone. Thanks Dilli On Tue, Dec 15, 2015 at 4:57 PM, larry mccay wrote: > Okay - CHANGES has been updated in both master and v0.7.0. > > We should be ready for a release candidate now. > > On Tue, Dec 15, 2015 at 4:29 PM, larry mccay wrote: > > > I will take on the task of merging the lists and prepare a patch for that > > immediately. > > > > On Tue, Dec 15, 2015 at 4:27 PM, Kevin Minder < > > kevin.min...@hortonworks.com> wrote: > > > >> I’m in favor of continuing to stabilize the 0.7.0 branch with the > current > >> bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as > quickly > >> as possible after that. > >> KNOX-641 ends up providing a wonderful new big feature set and we are > >> going to need to bandwidth to learn/absorb it. > >> > >> BTW here is my take on all of the commits from the branch point for > >> 0.6.0. Seems we are getting better with our CHANGES discipline but > there > >> is still a great deal of room for improvement. The CHANGES file has ~30 > >> entries for 0.7.0 and the list below has about ~90 entries. > >> > >> [KNOX-639] - Knoxcli.sh create-master should not allow empty strings > >> KNOX-640 - Make Cookie Domain Configurable > >> [KNOX-638] - Hive dispatch failing for secure clusters > >> KNOX-626 Minor fix to namespace parsing > >> KNOX-637 - Compilation Error in gateway-service-admin and gateway-test > >> test projects (arshad.mohammad via lmccay) > >> KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override > >> getUserPrincipal > >> KNOX-635 - open up default whitelist for dev - localhost > >> KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO > >> KNOX-634 - CORS Support as Part of WebAppSec Provider > >> KNOX-632 added back configuration for 'replayBufferSize' > >> KNOX-633: Upgrade apache commons-collections > >> KNOX-632: Oozie dispatch failing for secure clusters. Fix tests. > >> KNOX-632: Oozie dispatch failing for secure clusters > >> KNOX-625 initial template file for topology using ui proxy services > >> KNOX-623: Gateway provider rewriter doesn't support boolean attributes > in > >> HTML. > >> KNOX-622 - Misconfigured providers should cause topology deployment to > >> fail > >> KNOX-624: Expose configuration for Jetty's request and response buffer > >> sizes. Fix property names. > >> KNOX-624: Expose configuration for Jetty's request and response buffer > >> sizes > >> KNOX-621 - Simplify KnoxSSO API Resource Path > >> KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK > >> version issues > >> KNOX-394: Request and response URLs must be parsed as literals not > >> templates. Part 2. > >> KNOX-394: Request and response URLs must be parsed as literals not > >> templates > >> KNOX-617 - Add the use of CredentialCollectors to Samples > >> KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters > >> KNOX-611: Expose configuration for Jetty's thread pool and connection > >> queue > >> KNOX-604: Expose configuration of HttpClient's max connections per route > >> setting > >> KNOX-614: Incorrect URI template expansion with {**} query params > >> #fragments > >> KNOX-615 Domain Cookies cannot Wildcard IP Addresses > >> KNOX-613 - Provide Credential Collector Abstraction to Client Shell > >> KNOX-610 - DefaultTokenService issueToken should never return null > >> KNOX-609 - Add unit tests for the SSOCookieFederationProvider. > >> KNOX-608: Improve Knox read and write performance by tuning buffer > sizes. > >> KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings > >> KNOX-602 - protect against NPE in audience validation > >> KNOX-603: Coverity: Potential resource leak in > >> BaseKeystoreService.createKeystore > >> KNOX-602 JWT/SSO Cookie Based Federation Provider > >> KNOX-601: Knox test failures on windows > >> KNOX-600 setting all service params as filter params for dispatch > >> KNOX-593 removed replayBufferSize and CappedBufferHttpEntity references > >> KNOX-447: Incorrect parsing and expansion of valueless query params > >> KNOX-599: Template with {**} in queries are expanded with =null for > query > >> params without a value > >> KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 > >> causes HTTP 401 error (due to Kerberos > >> KNOX-570 added zookeeper lookup capability for HS2 HA > >> KNOX-596: Add diagnostics to topology depoloyment > >> KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES. > >> KNOX-597: Improve diagnostic logging of HTTP traffic > >> KNOX-593 Moved SPNEGO code to httpclient > >> KNOX-584 Fix for UT instability in > GatewayBasicFuncTest.testCLIServiceTest > >> KNOX-590 - add more ShiroProvider configuration support to KnoxCLI > >> sys-user-auth-test and user-auth-test > >> KNOX-582 Query Parameter rewrite does not honor empty string value > >> (jeffreyr via lmccay) > >> KNOX-581: Hive dispatch not propagating effective principal name > >> KNO
Re: [DISCUSS] Preparing for 0.7.0 Release
Okay - CHANGES has been updated in both master and v0.7.0. We should be ready for a release candidate now. On Tue, Dec 15, 2015 at 4:29 PM, larry mccay wrote: > I will take on the task of merging the lists and prepare a patch for that > immediately. > > On Tue, Dec 15, 2015 at 4:27 PM, Kevin Minder < > kevin.min...@hortonworks.com> wrote: > >> I’m in favor of continuing to stabilize the 0.7.0 branch with the current >> bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as quickly >> as possible after that. >> KNOX-641 ends up providing a wonderful new big feature set and we are >> going to need to bandwidth to learn/absorb it. >> >> BTW here is my take on all of the commits from the branch point for >> 0.6.0. Seems we are getting better with our CHANGES discipline but there >> is still a great deal of room for improvement. The CHANGES file has ~30 >> entries for 0.7.0 and the list below has about ~90 entries. >> >> [KNOX-639] - Knoxcli.sh create-master should not allow empty strings >> KNOX-640 - Make Cookie Domain Configurable >> [KNOX-638] - Hive dispatch failing for secure clusters >> KNOX-626 Minor fix to namespace parsing >> KNOX-637 - Compilation Error in gateway-service-admin and gateway-test >> test projects (arshad.mohammad via lmccay) >> KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override >> getUserPrincipal >> KNOX-635 - open up default whitelist for dev - localhost >> KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO >> KNOX-634 - CORS Support as Part of WebAppSec Provider >> KNOX-632 added back configuration for 'replayBufferSize' >> KNOX-633: Upgrade apache commons-collections >> KNOX-632: Oozie dispatch failing for secure clusters. Fix tests. >> KNOX-632: Oozie dispatch failing for secure clusters >> KNOX-625 initial template file for topology using ui proxy services >> KNOX-623: Gateway provider rewriter doesn't support boolean attributes in >> HTML. >> KNOX-622 - Misconfigured providers should cause topology deployment to >> fail >> KNOX-624: Expose configuration for Jetty's request and response buffer >> sizes. Fix property names. >> KNOX-624: Expose configuration for Jetty's request and response buffer >> sizes >> KNOX-621 - Simplify KnoxSSO API Resource Path >> KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK >> version issues >> KNOX-394: Request and response URLs must be parsed as literals not >> templates. Part 2. >> KNOX-394: Request and response URLs must be parsed as literals not >> templates >> KNOX-617 - Add the use of CredentialCollectors to Samples >> KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters >> KNOX-611: Expose configuration for Jetty's thread pool and connection >> queue >> KNOX-604: Expose configuration of HttpClient's max connections per route >> setting >> KNOX-614: Incorrect URI template expansion with {**} query params >> #fragments >> KNOX-615 Domain Cookies cannot Wildcard IP Addresses >> KNOX-613 - Provide Credential Collector Abstraction to Client Shell >> KNOX-610 - DefaultTokenService issueToken should never return null >> KNOX-609 - Add unit tests for the SSOCookieFederationProvider. >> KNOX-608: Improve Knox read and write performance by tuning buffer sizes. >> KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings >> KNOX-602 - protect against NPE in audience validation >> KNOX-603: Coverity: Potential resource leak in >> BaseKeystoreService.createKeystore >> KNOX-602 JWT/SSO Cookie Based Federation Provider >> KNOX-601: Knox test failures on windows >> KNOX-600 setting all service params as filter params for dispatch >> KNOX-593 removed replayBufferSize and CappedBufferHttpEntity references >> KNOX-447: Incorrect parsing and expansion of valueless query params >> KNOX-599: Template with {**} in queries are expanded with =null for query >> params without a value >> KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 >> causes HTTP 401 error (due to Kerberos >> KNOX-570 added zookeeper lookup capability for HS2 HA >> KNOX-596: Add diagnostics to topology depoloyment >> KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES. >> KNOX-597: Improve diagnostic logging of HTTP traffic >> KNOX-593 Moved SPNEGO code to httpclient >> KNOX-584 Fix for UT instability in GatewayBasicFuncTest.testCLIServiceTest >> KNOX-590 - add more ShiroProvider configuration support to KnoxCLI >> sys-user-auth-test and user-auth-test >> KNOX-582 Query Parameter rewrite does not honor empty string value >> (jeffreyr via lmccay) >> KNOX-581: Hive dispatch not propagating effective principal name >> KNOX-580 Initial refactoring out of default HA dispatch >> KNOX-579: Regex based identity assertion provider with static dictionary >> lookup >> KNOX-576: CLI user-auth-test should print a message when a user >> successfully authenticates. >> KNOX-565: Supporting All the Quick Links on Ambari Dashboard to Go >> Through Knox >> KNOX-564: NPE for Topology with
Re: [DISCUSS] Preparing for 0.7.0 Release
I will take on the task of merging the lists and prepare a patch for that immediately. On Tue, Dec 15, 2015 at 4:27 PM, Kevin Minder wrote: > I’m in favor of continuing to stabilize the 0.7.0 branch with the current > bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as quickly > as possible after that. > KNOX-641 ends up providing a wonderful new big feature set and we are > going to need to bandwidth to learn/absorb it. > > BTW here is my take on all of the commits from the branch point for > 0.6.0. Seems we are getting better with our CHANGES discipline but there > is still a great deal of room for improvement. The CHANGES file has ~30 > entries for 0.7.0 and the list below has about ~90 entries. > > [KNOX-639] - Knoxcli.sh create-master should not allow empty strings > KNOX-640 - Make Cookie Domain Configurable > [KNOX-638] - Hive dispatch failing for secure clusters > KNOX-626 Minor fix to namespace parsing > KNOX-637 - Compilation Error in gateway-service-admin and gateway-test > test projects (arshad.mohammad via lmccay) > KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override > getUserPrincipal > KNOX-635 - open up default whitelist for dev - localhost > KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO > KNOX-634 - CORS Support as Part of WebAppSec Provider > KNOX-632 added back configuration for 'replayBufferSize' > KNOX-633: Upgrade apache commons-collections > KNOX-632: Oozie dispatch failing for secure clusters. Fix tests. > KNOX-632: Oozie dispatch failing for secure clusters > KNOX-625 initial template file for topology using ui proxy services > KNOX-623: Gateway provider rewriter doesn't support boolean attributes in > HTML. > KNOX-622 - Misconfigured providers should cause topology deployment to fail > KNOX-624: Expose configuration for Jetty's request and response buffer > sizes. Fix property names. > KNOX-624: Expose configuration for Jetty's request and response buffer > sizes > KNOX-621 - Simplify KnoxSSO API Resource Path > KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK version > issues > KNOX-394: Request and response URLs must be parsed as literals not > templates. Part 2. > KNOX-394: Request and response URLs must be parsed as literals not > templates > KNOX-617 - Add the use of CredentialCollectors to Samples > KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters > KNOX-611: Expose configuration for Jetty's thread pool and connection queue > KNOX-604: Expose configuration of HttpClient's max connections per route > setting > KNOX-614: Incorrect URI template expansion with {**} query params > #fragments > KNOX-615 Domain Cookies cannot Wildcard IP Addresses > KNOX-613 - Provide Credential Collector Abstraction to Client Shell > KNOX-610 - DefaultTokenService issueToken should never return null > KNOX-609 - Add unit tests for the SSOCookieFederationProvider. > KNOX-608: Improve Knox read and write performance by tuning buffer sizes. > KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings > KNOX-602 - protect against NPE in audience validation > KNOX-603: Coverity: Potential resource leak in > BaseKeystoreService.createKeystore > KNOX-602 JWT/SSO Cookie Based Federation Provider > KNOX-601: Knox test failures on windows > KNOX-600 setting all service params as filter params for dispatch > KNOX-593 removed replayBufferSize and CappedBufferHttpEntity references > KNOX-447: Incorrect parsing and expansion of valueless query params > KNOX-599: Template with {**} in queries are expanded with =null for query > params without a value > KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 > causes HTTP 401 error (due to Kerberos > KNOX-570 added zookeeper lookup capability for HS2 HA > KNOX-596: Add diagnostics to topology depoloyment > KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES. > KNOX-597: Improve diagnostic logging of HTTP traffic > KNOX-593 Moved SPNEGO code to httpclient > KNOX-584 Fix for UT instability in GatewayBasicFuncTest.testCLIServiceTest > KNOX-590 - add more ShiroProvider configuration support to KnoxCLI > sys-user-auth-test and user-auth-test > KNOX-582 Query Parameter rewrite does not honor empty string value > (jeffreyr via lmccay) > KNOX-581: Hive dispatch not propagating effective principal name > KNOX-580 Initial refactoring out of default HA dispatch > KNOX-579: Regex based identity assertion provider with static dictionary > lookup > KNOX-576: CLI user-auth-test should print a message when a user > successfully authenticates. > KNOX-565: Supporting All the Quick Links on Ambari Dashboard to Go Through > Knox > KNOX-564: NPE for Topology with no Providers Confgured > KNOX-575: Add more logging for LDAP Authentication issues with > ShiroProvider > KNOX-573: KNOX-574 make SecureOnly and MaxAge configurable for SSO > KNOX-549: Test service connections through Knox with Knox CLI > KNOX-566 - Make the Default Ephemeral DH Key Size 2048
Re: [DISCUSS] Preparing for 0.7.0 Release
I’m in favor of continuing to stabilize the 0.7.0 branch with the current bits we have and then doing an 0.8.0 with the new KNOX-641 stuff as quickly as possible after that. KNOX-641 ends up providing a wonderful new big feature set and we are going to need to bandwidth to learn/absorb it. BTW here is my take on all of the commits from the branch point for 0.6.0. Seems we are getting better with our CHANGES discipline but there is still a great deal of room for improvement. The CHANGES file has ~30 entries for 0.7.0 and the list below has about ~90 entries. [KNOX-639] - Knoxcli.sh create-master should not allow empty strings KNOX-640 - Make Cookie Domain Configurable [KNOX-638] - Hive dispatch failing for secure clusters KNOX-626 Minor fix to namespace parsing KNOX-637 - Compilation Error in gateway-service-admin and gateway-test test projects (arshad.mohammad via lmccay) KNOX-636 - IdentityAsserterHttpServletRequestWrapper must override getUserPrincipal KNOX-635 - open up default whitelist for dev - localhost KNOX-635 - Provide Whitelisting for Redirect Destinations for KnoxSSO KNOX-634 - CORS Support as Part of WebAppSec Provider KNOX-632 added back configuration for 'replayBufferSize' KNOX-633: Upgrade apache commons-collections KNOX-632: Oozie dispatch failing for secure clusters. Fix tests. KNOX-632: Oozie dispatch failing for secure clusters KNOX-625 initial template file for topology using ui proxy services KNOX-623: Gateway provider rewriter doesn't support boolean attributes in HTML. KNOX-622 - Misconfigured providers should cause topology deployment to fail KNOX-624: Expose configuration for Jetty's request and response buffer sizes. Fix property names. KNOX-624: Expose configuration for Jetty's request and response buffer sizes KNOX-621 - Simplify KnoxSSO API Resource Path KNOX-620: Jenkins Knox-master-verify failing since #725 due to JDK version issues KNOX-394: Request and response URLs must be parsed as literals not templates. Part 2. KNOX-394: Request and response URLs must be parsed as literals not templates KNOX-617 - Add the use of CredentialCollectors to Samples KNOX-616: XmlUrlRewriteStreamFilter unscapes escaped special characters KNOX-611: Expose configuration for Jetty's thread pool and connection queue KNOX-604: Expose configuration of HttpClient's max connections per route setting KNOX-614: Incorrect URI template expansion with {**} query params #fragments KNOX-615 Domain Cookies cannot Wildcard IP Addresses KNOX-613 - Provide Credential Collector Abstraction to Client Shell KNOX-610 - DefaultTokenService issueToken should never return null KNOX-609 - Add unit tests for the SSOCookieFederationProvider. KNOX-608: Improve Knox read and write performance by tuning buffer sizes. KNOX-607 - Fix SSOCookieProvider to Handle null Query Strings KNOX-602 - protect against NPE in audience validation KNOX-603: Coverity: Potential resource leak in BaseKeystoreService.createKeystore KNOX-602 JWT/SSO Cookie Based Federation Provider KNOX-601: Knox test failures on windows KNOX-600 setting all service params as filter params for dispatch KNOX-593 removed replayBufferSize and CappedBufferHttpEntity references KNOX-447: Incorrect parsing and expansion of valueless query params KNOX-599: Template with {**} in queries are expanded with =null for query params without a value KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401 error (due to Kerberos KNOX-570 added zookeeper lookup capability for HS2 HA KNOX-596: Add diagnostics to topology depoloyment KNOX-597: Improve diagnostic logging of HTTP traffic. Update CHANGES. KNOX-597: Improve diagnostic logging of HTTP traffic KNOX-593 Moved SPNEGO code to httpclient KNOX-584 Fix for UT instability in GatewayBasicFuncTest.testCLIServiceTest KNOX-590 - add more ShiroProvider configuration support to KnoxCLI sys-user-auth-test and user-auth-test KNOX-582 Query Parameter rewrite does not honor empty string value (jeffreyr via lmccay) KNOX-581: Hive dispatch not propagating effective principal name KNOX-580 Initial refactoring out of default HA dispatch KNOX-579: Regex based identity assertion provider with static dictionary lookup KNOX-576: CLI user-auth-test should print a message when a user successfully authenticates. KNOX-565: Supporting All the Quick Links on Ambari Dashboard to Go Through Knox KNOX-564: NPE for Topology with no Providers Confgured KNOX-575: Add more logging for LDAP Authentication issues with ShiroProvider KNOX-573: KNOX-574 make SecureOnly and MaxAge configurable for SSO KNOX-549: Test service connections through Knox with Knox CLI KNOX-566 - Make the Default Ephemeral DH Key Size 2048 for TLS KNOX-460: UrlRewriteServletFilterTest failed with IBM JAVA KNOX-423: XmlFilterReaderTest failed with IBM JVM JAVA KNOX-548: LDAP Bind in Knox CLI. Fixed help usage. KNOX-562: Fix Null pointer exceptions in KnoxCLI LDAP commands KNOX-548: KnoxCLI adds a new system-user-auth-test command to test
[DISCUSS] Preparing for 0.7.0 Release
Knox dev's - We need to start locking down the release for 0.7.0. In preparation of this, Sumit created a branch a week or so ago and we should start considering the creation of a release candidate. I believe that I have to update the CHANGES file with an entry for a patch that I cherry picked into 0.7.0 branch and I will look into that shortly. Standout features include: KnoxSSO for WebSSO, HA support for numerous services, diagnostic commands for KnoxCLI, regex based identity assertion, better control over thread pool, connection queue and request/response buffers. The ability to proxy Hadoop UIs, CORS support for cross origin request sharing and more. As well as a number of important bug fixes. We do have an important feature coming from the community - specifically from Jérôme that will be committed in coming days. KNOX-641 adds a federation provider that integrates pac4j in order to add: OAuth, Facebook, CAS, SAML, OpenID Connect. I think that this is an exciting integration that will require a bit of testing before it can be merged into a release branch. In my opinion, the set of features and improvements that are currently in the v0.7.0 branch more than justify a new release and delaying that any longer would be less than ideal. Concentrating on defining and testing the usecases that the pac4j provider will bring to the table post 0.7.0 and coming up with a compelling story for that feature set can be used to justify a release of its own. I think that we should target a feature release which we'll call 0.8.0 for now for a mid January timeframe. So, discussion points: 1. Should we move forward with the 0.7.0 release once the CHANGES file is updated? 2. Thoughts on holding the pac4j provider out until an early 2016 release when the main usecases are better defined and tested? thanks, --larry