-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathCHANGES
514 lines (494 loc) · 34.3 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.8.0
------------------------------------------------------------------------------
** New Feature
* [KNOX-641] - Support CAS / OAuth / OpenID C / SAML protocols using pac4j - (Jérôme Leleu via lmccay)
** Improvement
* [KNOX-502] - Invalid requests (404s) should be logged and audited
* [KNOX-519] - Prompt user to provide password, rather providing as an argument to knoxcli cmd (J.Andreina via lmccay)
* [KNOX-647] - Rename LDAP artifacts from test to demo
* [KNOX-650] - Add posixGroups support for LDAP groups lookup
* [KNOX-651] - getting rid of warning for missing bundle version
* [KNOX-651] - Moving some tests to integration-test phase
* [KNOX-651] - made the secure tests multi module
* [KNOX-652] - Remove hsso-release module from build
* [KNOX-651] - Attempt number 2 to fix the jenkins build
* [KNOX-651] - Attempt to fix Jenkins build error
* [KNOX-651] - Fixed gateway-test-release module id
* [KNOX-651] - Initial changes to add a 'release' test project
* [KNOX-650] - Add posixGroups support for LDAP groups lookup
* [KNOX-655] - Pac4j Provider Client Selection from client_name Query Parameter (Jérôme Leleu via lmccay)
* [KNOX-658] - updated hadoop dependencies for jdk8 support
* [KNOX-658] - slight change to the way JAXB works in JDK8
* [KNOX-659] - Default Keystore Details in Pac4j Provider SAML Config to Gateway Identity
** Bug
* [KNOX-507] - Deletion of Non existing Alias from a cluster should not be successful (J.Andreina via lmccay)
* [KNOX-589] - Fixing Jericho java.lang.IllegalStateException (Jeffrey E Rodriguez via Sumit Gupta)
* [KNOX-594] - Stopping HS2 'SET-COOKIE' header to go back and managing 'hive.server2.auth' cookie
* [KNOX-656] - Test GatewayLdapPosixGroupFuncTest failing intermittently
* [KNOX-657] - _default Topology Must Redeploy After Restart
* [KNOX-660] - Incompatible Dependencies in Pac4j Provider
* [KNOX-661] - NPE in Pac4j Provider when clientName Parameter is Missing
* [KNOX-662] - Change pac4j-knoxsso.xml Template to Reflect new Requirements
* [KNOX-660] - Revert j2e-pac4j upgrade
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.7.0
------------------------------------------------------------------------------
** New Feature
* [KNOX-476] - implementation for X-Forwarded-* headers support and population
* [KNOX-547] - KnoxCLI adds new validate-topology and list-topologies commands.
* [KNOX-548] - KnoxCLI adds a new system-user-auth-test command to test a topology's system username and password
* [KNOX-549] - Test service connections through Knox with Knox CLI
* [KNOX-549] - New Service-Test API can be added to topology. Accessible via Http call or KnoxCLI
* [KNOX-560] - Test LDAP Authentication+Authorization from KnoxCLI
* [KNOX-565] - Supporting All the Quick Links on Ambari Dashboard to Go Through Knox
* [KNOX-579] - Regex based identity assertion provider with static dictionary lookup
* [KNOX-602] - JWT/SSO Cookie Based Federation Provider
* [KNOX-602] - protect against NPE in audience validation
* [KNOX-604] - Expose configuration of HttpClient's max connections per route setting
* [KNOX-611] - Expose configuration for Jetty's thread pool and connection queue
* [KNOX-624] - Expose configuration for Jetty's request and response buffer sizes
* [KNOX-625] - initial template file for topology using ui proxy services
* [KNOX-634] - CORS Support as Part of WebAppSec Provider
** Improvement
* [KNOX-394] - Request and response URLs must be parsed as literals not templates. Part 2.
* [KNOX-394] - Request and response URLs must be parsed as literals not templates
* [KNOX-534] - auditing shiro authentication exceptions
* [KNOX-538] - Log some important system properties at startup
* [KNOX-539] - add message to identity mapping audit entries
* [KNOX-545] - Simplify Keystore Management for Cluster Scaleout
* [KNOX-546] - Consuming intermediate response during kerberos request dispatching
* [KNOX-566] - Make the Default Ephemeral DH Key Size 2048 for TLS
* [KNOX-553] - Added topology validation from KnoxCLI to TopologyService deployment.
* [KNOX-558] - HttpClient connections are not always returned to the pool for HBase on Windows
* [KNOX-559] - renaming service definition files
* [KNOX-561] - Allow Knox pid directory to be configured via the knox-env.sh file
* [KNOX-573] - KNOX-574 make SecureOnly and MaxAge configurable for SSO
* [KNOX-575] - Adds more logging for ShiroProvider LDAP Authentication.
* [KNOX-576] - CLI user-auth-test should print a message when a user successfully authenticates.
* [KNOX-564] - Topology deployment fails for no configured providers
* [KNOX-570] - added zookeeper lookup capability for HS2 HA
* [KNOX-580] - Initial refactoring out of default HA dispatch
* [KNOX-590] - CLI sys-user-auth-test and user-auth-test have improved messages and work for more Shiro configs
* [KNOX-590] - add more ShiroProvider configuration support to KnoxCLI sys-user-auth-test and user-auth-test
* [KNOX-593] - removed replayBufferSize and CappedBufferHttpEntity references
* [KNOX-593] - Moved SPNEGO code to httpclient
* [KNOX-596] - Add diagnostics to topology deployment
* [KNOX-597] - Improve diagnostic logging of HTTP traffic
* [KNOX-600] - setting all service params as filter params for dispatch
* [KNOX-607] - Fix SSOCookieProvider to Handle null Query Strings
* [KNOX-608] - Improve Knox read and write performance by tuning buffer sizes.
* [KNOX-609] - Add unit tests for the SSOCookieFederationProvider.
* [KNOX-610] - DefaultTokenService issueToken should never return null
* [KNOX-613] - Provide Credential Collector Abstraction to Client Shell
* [KNOX-615] - Domain Cookies cannot Wildcard IP Addresses
* [KNOX-617] - Add the use of CredentialCollectors to Samples
* [KNOX-621] - Simplify KnoxSSO API Resource Path
* [KNOX-622] - Misconfigured providers should cause topology deployment to fail
* [KNOX-635] - open up default whitelist for dev - localhost
* [KNOX-635] - Provide Whitelisting for Redirect Destinations for KnoxSSO
* [KNOX-640] - Make Cookie Domain Configurable
** Bug
* [KNOX-394] - Request and response URLs must be parsed as literals not templates
* [KNOX-423] - XmlFilterReaderTest failed with IBM JVM JAVA
* [KNOX-447] - Incorrect parsing and expansion of valueless query params
* [KNOX-460] - UrlRewriteServletFilterTest failed with IBM JAVA
* [KNOX-544] - Knox process does not exit if startup fails due to credential store issues
* [KNOX-550] - reverting back to original hive kerberos dispatch behavior
* [KNOX-554] - Fixed support for gateway.path change + added support for X-Forward-* headers in admin topology API.
* [KNOX-555] - Prevent dispatch client from attempting retry and redirects
* [KNOX-556] - fix extraneous imports
* [KNOX-556] - provide better diagnostics for keystore failures
* [KNOX-562] - Fix Null pointer exceptions in KnoxCLI LDAP commands
* [KNOX-581] - Hive dispatch not propagating effective principal name
* [KNOX-582] - Query Parameter rewrite does not honor empty string value (jeffreyr via lmccay)
* [KNOX-584] - Fix for UT instability in GatewayBasicFuncTest.testCLIServiceTest
* [KNOX-598] - Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401 error (due to Kerberos Replay attack error)
* [KNOX-598] - Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401 error (due to Kerberos
* [KNOX-599] - Template with {**} in queries are expanded with =null for query params without a value
* [KNOX-601] - Knox test failures on windows
* [KNOX-601] - Knox test failures on windows
* [KNOX-603] - Coverity: Potential resource leak in BaseKeystoreService.createKeystore
* [KNOX-614] - Incorrect URI template expansion with {**} query params #fragments
* [KNOX-616] - XmlUrlRewriteStreamFilter unscapes escaped special characters
* [KNOX-616] - XmlUrlRewriteStreamFilter unscapes escaped special characters
* [KNOX-620] - Jenkins Knox-master-verify failing since #725 due to JDK version issues
* [KNOX-626] - Minor fix to namespace parsing
* [KNOX-623] - Gateway provider rewriter doesn't support boolean attributes in HTML.
* [KNOX-632] - added back configuration for 'replayBufferSize'
* [KNOX-632] - Oozie dispatch failing for secure clusters. Fix tests.
* [KNOX-632] - Oozie dispatch failing for secure clusters
* [KNOX-633] - Upgrade apache commons-collections
* [KNOX-637] - Compilation Error in gateway-service-admin and gateway-test test projects (arshad.mohammad via lmccay)
* [KNOX-636] - IdentityAsserterHttpServletRequestWrapper must override getUserPrincipal
* [KNOX-638] - Hive dispatch failing for secure clusters
* [KNOX-639] - Knoxcli.sh create-master should not allow empty strings
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.6.0
------------------------------------------------------------------------------
** New Feature
* [KNOX-134] - Knox should avoid repeated LDAP authentication even if Shiro session is disabled.
* [KNOX-177] - Simplify service deployment contributor implementation
* [KNOX-185] - Use Shiro AuthenticationInfo caching to avoid repeated ldap bind
* [KNOX-195] - Simple way to introduce new service without requiring code
* [KNOX-473] - Configurable front end URL for simplified load balancer configuration
* [KNOX-481] - Support configuration driven REST API integration (aka Stacks)
* [KNOX-493] - Data and sub data directory should be made configurable. (Andreina J via lmccay)
* [KNOX-500] - Support for Storm REST APIs
* [KNOX-504] - Enable SSL Mutual Authentication
* [KNOX-521] - Enhance Principal Mapping to Handle Dynamic Mappings
* [KNOX-523] - Java 8 Compatibility
* [KNOX-524] - Support LDAP authentication caching
* [KNOX-532] - Update Knox build to use JDK 1.7
** Improvement
* [KNOX-263] - Docs - User Guide list of Services missing straight MapReduce?
* [KNOX-291] - Improve audit for topology deployment process
* [KNOX-458] - Surface Config for Shiro LDAP Connection Pooling
* [KNOX-462] - Proper error message when root tag of topology file incorrect
* [KNOX-466] - Log exception stack traces at INFO level when they reach gateway servlet
* [KNOX-468] - Add default config to optimize LDAP group lookup
* [KNOX-471] - User's guide needs update after trying examples
* [KNOX-480] - KnoxCLI needs to print usage when alias not provided
* [KNOX-491] - Increase default replay buffer size to 8K
* [KNOX-492] - Support service level replayBufferLimit for Ozzie, Hive and HBase
** Bug
* [KNOX-175] - Filter order in generated gateway.xml needs to be consistent
* [KNOX-343] - Knox PID directory does not exists on Ubuntu after reboot
* [KNOX-378] - Knox rewrites numbers in JSON to engineering notation
* [KNOX-464] - Location headers have wrong hostname when used behind load balancer
* [KNOX-465] - Initial audit record can contain leftover principal name
* [KNOX-467] - Unit tests failing on windows
* [KNOX-479] - Remove cacheManager configuration from template files
* [KNOX-494] - knox-env.sh script should print proper warning message , if JAVA is not set. (Andreina J via lmccay)
* [KNOX-501] - Avoid NPE , in case of passing invalid argument to KnoxCli.
* [KNOX-505] - Failure during removing credential from Cluster should exit with proper error message
* [KNOX-525] - Fix ServiceRegistry Persistence to deal with Upgrade from 0.4.0
* [KNOX-526] - Dispatch Refactoring Breaks Upgrade Compatibility
* [KNOX-529] - Wildcard Group Principal Mapping Not Working
* [KNOX-530] - Running Oozie jobs through Knox on a cluster with HDFS HA does not rewrite proper namenode host name.
* [KNOX-531] - Fix extraneous audit entries for wildcard group mappings
** Sub-task
* [KNOX-483] - Implement service configuration
* [KNOX-487] - Add policy information to Service Definitions
* [KNOX-510] - KnoxSSO API
* [KNOX-511] - Picketlink SAML Federation Provider
* [KNOX-533] - Add Version to KnoxSSO URL Patterns
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.5.1
------------------------------------------------------------------------------
** Improvement
* [KNOX-470] - add README and site docs for samples
** Bug
* [KNOX-467] - Unit tests failing on windows. Second attempt.
* [KNOX-467] - Unit tests failing on windows
* [KNOX-466] - Log exception stack traces at INFO level when they reach gateway servlet
* [KNOX-459] - added null checks to the closing of resultEnums to avoid NPEs
* [KNOX-465] - Initial audit record can contain leftover principal name
* [KNOX-459] - fixed LDAP connection leaks in KnoxLdapRealm
* [KNOX-464] - Location headers have wrong hostname when used behind load balancer
* [KNOX-468] - update group lookup topologies to configure cache manager
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.5.0
------------------------------------------------------------------------------
** New Feature
* [KNOX-74] - Support YARN REST API access via the Gateway
* [KNOX-25] - KNOX should support authentication using SPNEGO from browser
** Improvements
* [KNOX-455] - Configuration for Excluding SSL Protocols
* [KNOX-422] - provide support for IBM JVM - via Pascal Oliva
* [KNOX-437] - KnoxLdapContextFactory should be configured by default in all topology files
* [KNOX-88] - Support HDFS HA
* [KNOX-415] - Add some static group entires, associate some users with groups in user.ldif in the bundled Apache DS
* [KNOX-404] - GATEWAY_HOME/conf needs to be added to gateway server classpath
* [KNOX-402] - New GatewayService - TopologyService
* [KNOX-401] - Add service role request attribute
* [KNOX-355] - Support KNOX authentication provider based on hadoop.security.authentication.server.AuthenticationHandler
* [KNOX-353] - adding support for hadoop java client through redirection
* [KNOX-375] - add functional test for KNOX-242 find client bind dn using ldapsearch
** Bug
* [KNOX-451] - WebHDFS HA failover does not account for URL of unsuccessful request
* [KNOX-414] - WebHDFS HA enablement in web.xml is sensitive to order of context listeners
* [KNOX-453] - HDFS HA not working for secure clusters
* [KNOX-450] - WebHDFS HA retry should also handle RetriableException scenarios
* [KNOX-442] - Align DSL with WebHCat REST API changes.
* [KNOX-448] - Remove Reference to ReflectiveOperationException
* [KNOX-446] - Disable unstable unit tests in WebHdfsHaFuncTest
* [KNOX-445] - Fix HaDescriptorManagerTest.testDescriptorStoring to be platform independent.
* [KNOX-444] - KnoxCLI Usability Improvements
* [KNOX-442] - Align Tests with Hive API Change
* [KNOX-441] - Ensure all pom.xml files reference junit so that excludeGroups work
* [KNOX-439] - URL pattern matching fails for default ports HTTP 80 and HTTPS 443
* [KNOX-418] - remove the Pseudo federation provider
* [KNOX-432] - Add Transfer_Encoding to EXCLUDE_HEADERS
* [KNOX-431] - Update ISSUES file for 0.5.0 release
* [KNOX-426] - change assertion provider name to Default
* [KNOX-428] - Prepare pom.xml files for publishing via mvn deploy.
* [KNOX-424] - Fix maven groupId
* [KNOX-432] - Add Transfer_Encoding to EXCLUDE_HEADERS
* [KNOX-410] - TopologyService Incorrect when _default Topology is Deployed
* [KNOX-424] - Fix maven groupId
* [KNOX-426] - change assertion provider name to Default
* [KNOX-425] - rename Pseudo identity assertion provider
* [KNOX-421] - optimize webhdfs file upload
* [KNOX-413] - Yarn responses with TrackingUrl in the body not getting blanked out
* [KNOX-349] - Completes JSON and XML support for PUT/GET of single topology and collection.
* [KNOX-410] - Set topology name back to original value after deploying _default topology
* [KNOX-349] - KNOX API for Topology Management. Support for deploy/undeploy topologies.
* [KNOX-406] - Add provider name to test topologies to prevent intermittent test failures
* [KNOX-403] - Optimize KnoxLdapRealm to reduce number of ldapsearches
* [KNOX-349] - Knox API for Topology Management. Adds default admin topology to install and negative tests.
* [KNOX-349] - Knox API for Topology Management. Initial step only supports GETs for topologies collection and single topology.
* [KNOX-398] - Func test for Knox server info REST API.
* [KNOX-366] - fixed stale pid detection again
* [KNOX-398] - initial contribution for the Knox management API
* [KNOX-396] - gateway.sh and ldap.sh status commands incorrect
* [KNOX-395] - POC for Jersey Topology Service from Knox
* [KNOX-350] - DOAP file for the Knox Project
* [KNOX-391-392] - KnoxLdapRealm should use LdapName.equals for groupDn compare
* [KNOX-389] - Knoxcli.cmd fails when space in JAVA_HOME
* [KNOX-387] - replace JndiLdapRealm with KnoxLdapRelam in unit tests and functional tests
* [KNOX-386] - update topology template files to use KnoxLdapRealm
* [KNOX-385] - removed the config element for path to forward to and derive the path from the default topology name instead
* [KNOX-383] - log computed bind dn and the mechanism to help diagnostics
* [KNOX-382] - fixed extraneous output in shell scripts
* [KNOX-381] - Expansion of authority only URL should not be prefixed with //
* [KNOX-377] - detect stale pid and allow ldap server to restart in its presence
* [KNOX-374] - KnoxLdapRealm does not default values correctly for userSearchBase and groupSearchBase
* [KNOX-373] - add unit tests to verify default values for userSearchBase, groupSearchBase
* [KNOX-372] - add unit tests to check default values for userSearchAttributeName, userObjectClass
* [KNOX-371] - group membership lookup need to use userdn computed by search
* [KNOX-369] - add support for new config param groupSearchBase
* [KNOX-368] - add support for new config param userSearchBase
* [KNOX-370] - add support for new config param userObjectClass
* [KNOX-367] - add support for new config param userSearchAttributeName
* [KNOX-366] - detect stale pid file a allow server start in its presence.
* [KNOX-362] - logging of startup failure due to missing master secret and inability to prompt for one
* [KNOX-361] - implicitly deploy the _default app for forwarding to the default topology
* [KNOX-358] - refactor redirecting servlet into a forwarding servlet
* [KNOX-310] - Parsing of JSON response for rewriting failing
* [KNOX-356] - change redirect servlet to use 307s instead of 302s
* [KNOX-354] - added PseudoAuthFederation Provider to accept user.name as proof of a pre-authenticated authentication event.
* [KNOX-344] - Updated Knox Hive samples to be consistent with Hive 0.13.
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.4.0
------------------------------------------------------------------------------
** Improvements
* [KNOX-193] - document configuration to use AD as authentication source
* [KNOX-211] - Add classes KnoxLdapRealm, KnoxLdapContextFactory
* [KNOX-212] - provide sample topology files to work with KnoxLdapRealm
* [KNOX-214] - ShiroSubjectIdentityAdapter needs to map ldap groups looked up by shiro to java subject principals
* [KNOX-215] - enhance AbstractIdentityAssertionFilter to make use of ldap groups looked up by shiro
* [KNOX-216] - add functional tests to test ldap group lookup and usage
* [KNOX-217] - enhance KnoxLdapGroupRealm to accept password alias in place of plain text password
* [KNOX-221] - provide sample ldif file to work with KnoxLdapRealm
* [KNOX-225] - update sample ldif file with ldapgroups to work with apache ds 2
* [KNOX-230] - provide ldap schema file to allow creation of daynamic groups in apache ds
* [KNOX-231] - shiro realm implementation to support ldap dynamic groups
* [KNOX-232] - add automation test case for ldap dynamic group support
* [KNOX-233] - add a topology template file to illustrate the use of dynamic groups
* [KNOX-234] - add documentation for dynamic groups
* [KNOX-268] - document work around for Knox to Hadoop SPNego authn problem
* [KNOX-21] - Utilize knox.auth cookie to prevent re-authentication for every request from end user
* [KNOX-105] - Command line tooling for CMF provisioning
* [KNOX-165] - Stress testing
* [KNOX-166] - Improve diagnosability of connectivity issues
* [KNOX-167] - Knox passes down incorrect Host header to Hadoop service
* [KNOX-188] - encryptQueryString Password is Recreated when Topology is Changed.
* [KNOX-199] - ExampleHBase.groovy fails with HBase 0.96 due to empty column qualifier REST API incompatibility
* [KNOX-203] - Gateway fails to start when {GATEWAY_HOME}/bin not writable
* [KNOX-205] - Launcher script (gateway.sh) not working when gateway installed via RPM
* [KNOX-206] - User should be able to run gateway.sh script under its own but not root account
* [KNOX-209] - Fix the Location of KEYS File
* [KNOX-213] - Reame PostAuthenticationFilter to ShiroSubjectIdentityAdapter
* [KNOX-219] - Fix NOTICE file for Releases
* [KNOX-220] - Fix JWT POC Code for HSSO
* [KNOX-222] - Remove hadoop-examples.jar from source tree
* [KNOX-223] - generated shiro.ini file does not preserve property order
* [KNOX-226] - Need more Linux friendly installation layout
* [KNOX-229] - some properties of KnoxLdapRealm need to be renamed
* [KNOX-235] - Pre-authenticated SSO/Federation Provider
* [KNOX-244] - Knox run from the directory with spaces in Windows OS
* [KNOX-245] - Knox is missing rewrite rule for WebHCat root path.
* [KNOX-246] - Knox is missing authorization filter for HBase root path.
* [KNOX-247] - Exception in Oozie workflow definition response rewrite
* [KNOX-249] - Fix issues with shell scripts and home directory
* [KNOX-251] - knoxcli.sh reports NullPointerException if not given arguments
* [KNOX-253] - log error message for exception ldapContextFactory.getSystemLdapContext()
* [KNOX-254] - use system password set using knoxcli in KnoxLdapContextFactory
* [KNOX-269] - Set JSSESSIONID cookie as HttpOnly and Secure.
* [KNOX-270] - service level authorization should return 403 on deny
* [KNOX-271] - Audit records duplication when no matching filter was found for requested resource
* [KNOX-280] - Topology undeploy is broken
* [KNOX-281] - Fix the typo in user's guide
* [KNOX-282] - document configuration to look up group membership from ldap
* [KNOX-287] - Update documentation to be consistent with Hive 0.12 configuration
* [KNOX-289] - Remove incubating/incubator from source and build
* [KNOX-292] - Invalid command line arguments don't print usage.
* [KNOX-294] - Add -version support to gateway.sh
* [KNOX-297] - Should not send Knox stack trace to client in error responses
* [KNOX-298] - add a topology template for using Active Directroy as authentication back end
* [KNOX-299] - Cannot update existing master via knoxcli
* [KNOX-301] - Unit tests unstable on different platforms
* [KNOX-306] - Change linux scripts to use /bin/bash
* [KNOX-308] - Windows .cmd scripts not passing parameters to java correctly.
* [KNOX-309] - Attempt to reparse topology files to recover from overlapping write
* [KNOX-311] - Parameters not passed to java properly by knoxcli.sh on Ubuntu.
* [KNOX-312] - PID File Created For Failed Deployments
* [KNOX-313] - WebHdfs service broken for HDFS 2.4.0
* [KNOX-314] - JDBC/HTTP for Hive Requires Specialized Dispatch
* [KNOX-318] - HBase demo scripts fail against recent HBase versions
* [KNOX-319] - Build fails on windows
* [KNOX-322] - Incomplete Documentation for Quick Start
* [KNOX-323] - Update Apache Knox Details Doc
* [KNOX-324] - Obsolete Knox Directory Layout Doc
* [KNOX-325] - Obsolete Docs for Services Supported
* [KNOX-326] - Obsolete Docs for Sandbox Config
* [KNOX-327] - Incomplete/Obsolete Docs for Gateway Details
* [KNOX-328] - Obsolete Docs for Configuration
* [KNOX-329] - Obsolete Docs for KnoxCLI
* [KNOX-330] - Consolidate Authentication, GroupLookup and Shiro Docs
* [KNOX-331] - Obsolete Docs for Secure Clusters
* [KNOX-332] - Clarifications in Docs for Preauth SSO
* [KNOX-333] - Incomplete Docs for HBase
* [KNOX-334] - Obsolete Docs for Hive
* [KNOX-335] - Obsolete Docs for Limitations
* [KNOX-336] - Obsolete Disclaimer in Export Controls Page
* [KNOX-337] - Knox not authenticating with HBase 0.98 in secure mode
* [KNOX-342] - Document configuration for enabled HBase Access Control
* [KNOX-344] - Update documentation/samples to be consistent with Hive 0.13.
* [KNOX-345] - WebHDFS and Oozie not specifying dispatch provider and end up with HiveDispatchProvider
* [KNOX-346] - The knox-env.sh script should prefer JAVA_HOME over java on path.
* [KNOX-347] - Fix Knox DSL documentation
* [KNOX-139] - Move hostmap provider configuration from a rewrite function provider to real provider config
* [KNOX-140] - Support a forced redeploy of topologies
* [KNOX-161] - Support Hive 0.11.0 via JDBC+ODBC/Thrift/HTTP
* [KNOX-174] - support service specific cap for buffering request entities for replay against WWW-authenticate challenge
* [KNOX-202] - Diagnosability/troubleshooting when wrong protocol (http vs https) used
* [KNOX-240] - Update Hadoop dependencies to 2.x
* [KNOX-257] - add a template topology file to illustrate preauth provider
* [KNOX-261] - Better env checking and error messages in gateway.sh
* [KNOX-262] - Improve JRE detection in scripting
* [KNOX-263] - Docs - User Guide list of Services missing straight MapReduce?
* [KNOX-265] - Add master secret generation to knoxcli
* [KNOX-275] - Add topology template file to illustrate use of staticgroup and SLA
* [KNOX-296] - Provide a command line tools to redeploy all topologies
* [KNOX-300] - create a topology file that uses openldap as authen back end
* [KNOX-315] - Add support for service params in topology file
* [KNOX-316] - Create windows service template file for LDAP server.
* [KNOX-320] - Simplify scripts for using Knox on windows
* [KNOX-341] - Knox needs to work with secure Hive asserting authenticated user as doAs
* [KNOX-4] - Extend Shiro Provider to Include Groups
* [KNOX-23] - Generate audit log of all gateway activity
* [KNOX-33] - Provide support for hosting Jersey services for the purposes of protocol mediation of non-REST services
* [KNOX-48] - Cluster topology must not be exposed in datanode redirect query parameters
* [KNOX-54] - Support horizontal scalability of gateway via clustering
* [KNOX-172] - Support ~ to represent user's home directory in WebHDFS
* [KNOX-179] - Simple way to introduce new provider/servlet filters into the chains
* [KNOX-194] - Document Knox HA with Apache HTTP Server + mod_proxy + mod_proxy_balancer
* [KNOX-198] - CSRF header support
* [KNOX-228] - Knox should support dynamic LDAP Groups
* [KNOX-243] - bat/cmd script for the gateway
* [KNOX-248] - XML configuration file to describe how to launch Knox as Windows service
* [KNOX-90] - Support HBase/Stargate for Kerberized cluster
* [KNOX-92] - Support Hive/JDBC/HTTP for Kerberized cluster
* [KNOX-208] - Upgrade ApacheDS for demo LDAP server to ApacheDS 2
* [KNOX-290] - Upgrade Shiro dependency to 1.2.3
* [KNOX-210] - Create functional test template
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.3.0
------------------------------------------------------------------------------
** New Feature
* [KNOX-8] - Support HBase via HBase/Stargate
* [KNOX-9] - Support Hive via JDBC+ODBC/Thrift/HTTP
* [KNOX-11] - Access Token Federation Provider
* [KNOX-27] - Access Kerberos secured Hadoop cluster via gateway using basic auth credentials
* [KNOX-31] - Create lifecycle scripts for gateway server
* [KNOX-50] - Ensure that all cluster topology details are rewritten for Oozie REST APIs
* [KNOX-61] - Create RPM packaging of Knox
* [KNOX-68] - Create start/stop scripts for gateway
* [KNOX-70] - Add unit and functional testing for HBase
* [KNOX-71] - Add unit and functional tests for Hive
* [KNOX-72] - Update site docs for HBase integration
* [KNOX-73] - Update site docs for Hive integration
* [KNOX-82] - Support properties file format for topology files
* [KNOX-85] - Provide Knox client DSL for HBase REST API
* [KNOX-98] - Cover HBase in samples
* [KNOX-99] - Cover Hive in samples
* [KNOX-116] - Add rewrite function so that authenticated username can be used in rewrite rules
* [KNOX-120] - Service Level Authorization Provider with ACLs
* [KNOX-131] - Cleanup noisy test PropertyTopologyBuilderTest
* [KNOX-169] - Test issue for patch test automation via PreCommit-Knox-Build job
** Improvement
* [KNOX-40] - Verify LDAP over SSL
* [KNOX-42] - Change gateway URLs to match service URLs as closely as possible
* [KNOX-45] - Clean up usage and help output from server command line
* [KNOX-49] - Prevent Shiro rememberMe cookie from being returned
* [KNOX-55] - Support finer grain control over what is included in the URL rewrite
* [KNOX-56] - Populate RC directory with CHANGES on people.a.o
* [KNOX-75] - make Knox work with Secure Oozie
* [KNOX-97] - Populate staging and release directories with KEYS
* [KNOX-100] - document steps to make Knox work with secure hadoodp cluster
* [KNOX-101] - Use session instead of hadoop in client DSL samples
* [KNOX-117] - Provide ServletContext attribute access to RewriteFunctionProcessor via UrlRewriteEnvironment
* [KNOX-118] - Provide rewrite functions that resolve service location information
* [KNOX-129] - Document topology file
* [KNOX-141] - Diagnostic debug output when generated SSL keystore info doesn't match environment
* [KNOX-143] - Change "out of the box" setup to use sandbox instead of sample
* [KNOX-153] - Document RPM based install process
* [KNOX-155] - Remove obsolete module gateway-demo
* [KNOX-164] - document hostmap provider properties
* [KNOX-168] - Complete User's Guide for 0.3.0 release
** Bug
* [KNOX-47] - Clean up i18n logging and any System.out or printStackTrace usages
* [KNOX-57] - NPE when GATEWAY_HOME deleted out from underneath a running gateway instance
* [KNOX-58] - NameNode endpoint exposed to gateway clients in runtime exception
* [KNOX-60] - getting started - incorrect path to gateway-site.xml
* [KNOX-69] - Branch expansion for specdir breaks on jenkins
* [KNOX-76] - users.ldif file bundled with knox should not have hadoop service principals
* [KNOX-77] - Need per-service outbound URL rewriting rules
* [KNOX-78] - spnego authorization to cluster is failing
* [KNOX-79] - post parameters are lost while request flows from knox to secure cluster
* [KNOX-81] - Fix naming of release artifacts to include the word incubating
* [KNOX-83] - do not use mapred as end user prinicpal in examples
* [KNOX-84] - use EXAMPLE.COM instead of sample.com in template files for kerberos relam
* [KNOX-89] - Knox doing SPNego with Hadoop for every client request is not scalable
* [KNOX-102] - Update README File
* [KNOX-106] - The Host request header should be rewritten or removed
* [KNOX-107] - Service URLs not rewritten for WebHDFS GET redirects
* [KNOX-108] - Authentication failure submitting job via WebHCAT on Sandbox
* [KNOX-109] - Failed to submit workflow via Oozie against Sandbox HDP2Beta
* [KNOX-111] - Ensure that user identity details are rewritten for Oozie REST APIs
* [KNOX-124] - Fix the OR semantics in AclAuthz
* [KNOX-126] - HiveDeploymentContributor uses wrong external path /hive/api/vi
* [KNOX-127] - Sample topology file (sample.xml) uses inconsistent internal vs external addresses
* [KNOX-128] - Switch all samples to use guest user and home directory
* [KNOX-130] - Throw exception on credential store creation failure
* [KNOX-132] - Cleanup noisy test GatewayBasicFuncTest.testOozieJobSubmission()
* [KNOX-136] - Knox should support configurable session timeout
* [KNOX-137] - Log SSL Certificate Info
* [KNOX-142] - Remove Templeton from user facing config and samples and use WebHCat instead
* [KNOX-144] - Ensure cluster topology details are rewritten for HBase/Stargate REST APIs
* [KNOX-146] - Oozie rewrite rules for NN and JT need to be updated to use hostmap
* [KNOX-147] - Halt Startup when Gateway SSL Cert is Expired
* [KNOX-148] - Add cluster topology details rewrite for XML responses from HBase/Stargate REST APIs
* [KNOX-149] - Changes to AclsAuthz Config and Default Mode
* [KNOX-150] - correct comment on session timeout in sandbox topology file
* [KNOX-151] - add documentation for session timeout configuration
* [KNOX-152] - Dynamic redeploy of topo causes subsequent requests to fail
* [KNOX-154] - INSTALL file is out of date
* [KNOX-156] - file upload through Knox broken
* [KNOX-157] - Knox is not able to process PUT/POST requests with large payload
* [KNOX-158] - EmptyStackException while getting webhcat job queue in secure cluster
* [KNOX-159] - oozie job submission thorugh knox fails for secure cluster
* [KNOX-162] - Support Providing Your own SSL Certificate
* [KNOX-163] - job submission through knox-webchat results in NullPointerException
------------------------------------------------------------------------------
Release Notes - Apache Knox - Version 0.2.0
------------------------------------------------------------------------------
HTTPS Support (Client side)
Oozie Support
Protected DataNode URL query strings
Pluggable Identity Asserters
Principal Mapping
URL Rewriting Enhancements
KnoxShell Client DSL