------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.13.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-976] - Add Jupyter Kernel Gateway Service Definitions (Jesus Alvarez via lmccay) * [KNOX-626] - NameNode UI through Knox has various tabs not working * [KNOX-975] - Add NodeManager Service Definition * [KNOX-982] - Datanode JMX REST Knox service * [KNOX-974] - Update HDFS UI services * [KNOX-973] - Update Yarn UI services * [KNOX-786] - Spark Thriftserver UI support through Knox (Chandana Mirashi via lmccay) * [KNOX-981] - Make Topology Instance Available in WebContext for Runtime Access * [KNOX-788] - Apache Atlas Admin UI Support through Knox (Nixon Rodrigues via Sandeep More) * [KNOX-789] - Apache Atlas REST API support (Nixon Rodrigues via Sandeep More) * [KNOX-940] - Support REST access exposing metrics (Mohammad Kamrul Islam via Sandeep More) * [KNOX-932] - Option to remove the server-name from HTTP-header response (Lawrence McCay IV via lmccay) * [KNOX-768] - Apache Kafka REST API Support (Rick Kellogg via Sandeep More) * [KNOX-751] - Need rewrite function to capture href information from single page host to rewrite output of node hosts (Jeffrey E Rodriguez via lmccay) * [KNOX-928] - Support Default Topology Feature and some misc fixes * [KNOX-928] - Topology Port Mapping Feature * [KNOX-938] - JWTProvider to accept Query Param as well as Bearer Token * [KNOX-390] - extended to include proxy provided headers such as X-Forwarded-For * [KNOX-390] - Include client IP and HTTP verb in audit log ** Improvement * [KNOX-909] - Ambari rewrite update for SmartSense * [KNOX-910] - Move from SHA-1 to SHA-256 (Jeffrey E Rodriguez via Sandeep More) * [KNOX-917] - Fix Pig view in Ambari (Gaurav Nagar via Sandeep More) * [KNOX-920] - Make avatica service use default policies * [KNOX-923] - Add ClientData to KnoxToken Service to Include in JSON Response * [KNOX-911] - Ability to scope cookies to a given Path (Attila Kanto via lmccay) * [KNOX-892] - Fix FindBugs "Dodgy Code" issues (Colm O hEigeartaigh via lmccay) * [KNOX-816] - Make private inner classes static (Colm O hEigeartaigh via lmccay) * [KNOX-849] - Fix SimplePrincipalMapper and CommonIdentityAssertionFilter * [KNOX-930] - ScopingCookies Feature Logging too Much * [KNOX-939] - Missing Licenses Element in POM files * [KNOX-937] - Remove redundant type information from Collections (Colm O hEigeartaigh via Sandeep More) * [KNOX-944] - Make PBE Hashing, Iteration Count and Salt Configurable and Manageable * [KNOX-942] - Remove extraneous spaces around '=' (Colm O hEigeartaigh via lmccay) * [KNOX-948] - Refactor AbstractJWTFilter implementations (Colm O hEigeartaigh via lmccay) * [KNOX-928] - minor fix for templating of ConcurrentHashMap usage * [KNOX-952] - Add common tests for the two JWT filters (Colm O hEigeartaigh via lmccay) * [KNOX-946] - Spelling (Colm O hEigeartaigh via Sandeep More) * [KNOX-954] - Properly handle parsing errors for JWT tokens * [KNOX-956] - Consolidate ldif files in gateway-tests (Colm O hEigeartaigh via Sandeep More) * [KNOX-957] - Remove hard-coded versions from gateway-test-release (Colm O hEigeartaigh via Sandeep More) * [KNOX-947] - SSOCookieProvider to be configurable for signature verification key/PEM * [KNOX-958] - Consolidate test config/drivers (Colm O hEigeartaigh via Sandeep More) * [KNOX-759] - jansi dependency causes issues starting knox shell (Colm O hEigeartaigh via lmccay) * [KNOX-964] - upgrade to httpclient 4.5.3 to avoid licensing issues HTTPCLIENT-1743/LEGAL-240 (Jeffrey E Rodriguez via lmccay) * [KNOX-965] - SecureQueryDecryptProcessor decode call could return null thus it would get a NPE (Jeffrey E Rodriguez via lmccay) * [KNOX-967] - Duplicate dependencies defined in root pom (Colm O hEigeartaigh via lmccay ) * [KNOX-776] - Rewrite rule handling for Websockets (Jesus Alvarez via Sandeep More) * [KNOX-977] - Exclude extraneous bundle.map in admin-ui file from release * [KNOX-789] - Add specific policy definition to Atlas (Nixon Rodrigues via lmccay) * [KNOX-972] - Update Hbase UI service (Jeffrey E Rodriguez via lmccay) * [KNOX-986] - JMX Metric Reporter and OutOfMemory Issues (Zsombor Gegesy via Sandeep More) ** Bug * [KNOX-908] - Update copyright in NOTICE file * [KNOX-918] - Static Member for redirectToUrl in Shiro RedirectToFilter * [KNOX-913] - Invalid login.jsp redirect for Ranger Admin UI * [KNOX-936] - On websocket error properly close all the sessions and containers. * [KNOX-933] - PicketLink Provider must set Secure and HTTPOnly flags on Cookie (Krishna Pandey via lmccay) * [KNOX-950] - Fix a bug that prevents wss:// protocol from connection to websocket backend. * [KNOX-960] - Fix build failures * [KNOX-966] - NPE when Shiro is misconfigured (Rob Vesse via lmccay) * [KNOX-754] - Revert KNOX-754 scope change to just the Location header" * [KNOX-690] - Revert KNOX-690 fixing the encoding/decoding in the parser and template * [KNOX-949] - WeBHDFS proxy replaces %20 encoded spaces in URL with + encoding * [KNOX-995] - KnoxSSO Form IDP Issue with Firefox * [KNOX-992] - Add README for the knoxshell distribution (Colm O hEigeartaigh and lmccay via lmccay) * [KNOX-993] - The samples README for knoxshell references the 0.5.0 userguide * [KNOX-994] - Introducing a new variable that enhances the function, needed for Zeppelin / fix ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.12.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-841] - Proxy support for Solr UI and API * [KNOX-719] - YARN RM HA implementation for REST API and UI (Jeffrey E Rodriguez and Sumit Gupta) * [KNOX-848] - Support for Gremlin Server REST (Shi Wang via Sumit Gupta) * [KNOX-861] - Support for pluggable validator for Header pre authentication provider (Mohammad Kamrul Islam via Sandeep More) * [KNOX-850] - KnoxToken API for Acquiring a Knox Access Token * [KNOX-710] - Support Zeppelin UI through Knox * [KNOX-865] - Added a release module for KnoxShell * [KNOX-881] - Add KnoxSh init, list and destroy to knoxshell.sh ** Improvement * [KNOX-841] - Changed version number for Solr proxy support * [KNOX-890] - Make IdleTimeout Configurable in Knox Gateway Server (make default 5 mins) * [KNOX-890] - Make IdleTimeout Configurable in Knox Gateway Server * [KNOX-845] - refactoring for the release tests * [KNOX-868] - Add /ext/native to java.library.path in gateway.sh (Mohammad Kamrul Islam via Sandeep More) * [KNOX-869] - Support for multiple pre-auth validaors (Mohammad Kamrul Islam via Sandeep More) * [KNOX-839] - new ant tasks to help with admin-ui development * [KNOX-873] - JWTFederationFilter must Validate Expected Audiences * [KNOX-874] - Updated hadoop dependency in root pom * [KNOX-864] - Making gateway and ldap scripts upstart compatible (Attila Kanto via Sumit Gupta) * [KNOX-854] - Consolidate DocumentBuilderFactory calls + enable SECURE_PROCESSING (Colm O hEigeartaigh via Sumit Gupta) * [KNOX-828] - Adding truncate for HBase table in KnoxShell (Vincent Devillers via Sumit Gupta) * [KNOX-845] - Added webhdfs groovy shell tests using MiniDFSCluster * [KNOX-806] - Implement Closeable for deallocable resources (Vincent Devillers via Sumit Gupta) * [KNOX-805] - ability to define custom HttpClient (Vincent Devillers via Sumit Gupta) * [KNOX-809] - Enhance the 'put' in HFDS for ClientDSL (Vincent Devillers via Sumit Gupta) * [KNOX-810] - Add status in HDFS for ClientDSL (Vincent Devillers via Sumit Gupta) * [KNOX-813] - Added rename in HDFS for ClientDSL (Vincent Devillers/Khanh Maudoux via Sumit Gupta) * [KNOX-858] - Simplifying Hamcrest dependencies (Colm O hEigeartaigh via Sumit Gupta) ** Bug * [KNOX-876] - Fix FindBugs "Experimental" issues (Colm O hEigeartaigh via lmccay) * [KNOX-883] - Fix FindBugs "Correctness" issues (Colm O hEigeartaigh via lmccay) * [KNOX-730] - pac4jRequestedUrl = null after saml2 assertion is parsed * [KNOX-879] - Fix url encoding issue for KnoxSSO * [KNOX-875] - Added version element to topology schema (Jeffrey E Rodriguez via Sandeep More) * [KNOX-866] - Fix validate-topology cli command (Richard Ding via Sandeep More) * [KNOX-863] - Consolidate TransformerFactory calls + enable (Colm O hEigeartaigh via Sandeep More) * [KNOX-877] - Coverity Scan Cleanup * [KNOX-871] - Fix FindBugs - Malicious code vulnerability (Colm O hEigeartaigh via Sandeep More) * [KNOX-769] - Fix SecureClusterTest for Java 1.7 * [KNOX-867] - Fix FindBugs, bad practice issues (Colm O hEigeartaigh via Sandeep More) * [KNOX-838] - Admin UI title change * [KNOX-820] - Changed the originalUrl parsing so that multiple query params get included * [KNOX-859] - Added rule for app.*.js, extensions, jax, and components (Prabhjyot Singh via Sandeep More) * [KNOX-855] - Add application/x-javascript mime type to the list of compressed resources and make it configurable * [KNOX-836] - Fix for websocket termination based on message size (Sandeep More via Sumit Gupta) * [KNOX-903] - KnoxShell allows self signed certs to be used without any checks * [KNOX-900] - In the WebsocketMultipleConnectionTest before sending data check whether the socket is active * [KNOX-897] - X-Forwarded-Port incorrectly defaults to the one configured for Knox if standard ports (80 and 443) are used (Attila Kanto via Sandeep More) * [KNOX-901] - Finding free ports for namenode * [KNOX-902] - Fix the hardcoded knoxsso topology name (Attila Kanto via Sandeep More) * [KNOX-904] - Reverting back httpclient to 4.5.1 due to bug in 4.5.2 * [KNOX-905] - added httpclient properties to knoxshell log4j properties file * [KNOX-906] - Log WARN of Removed Impersonation Params * [KNOX-907] - Ambari Hive 2.0 view fix ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.11.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-643] - Initial metrics api and implementation * [KNOX-237] - Hadoop Group Mapping as a Knox Provider (Sandeep More via lmccay) * [KNOX-817] - Gateway service definition for Avatica (Josh Elser via lmccay) * [KNOX-528] - Support for Apache SOLR REST APIs (Kevin Risden, John McParland via lmccay) * [KNOX-758] - Druid services (Nishant Bangarwa via Sumit Gupta) * [KNOX-749] - Initial admin UI source project and productized distribution ** Improvement * [KNOX-744] - Logout for KnoxSSO WebSSO API * [KNOX-795] - Make KnoxSSO Cookie Name Configurable * [KNOX-763] - Added rewrite filter apply capability to text values in html content ** Bug * [KNOX-779] - Exclude older org.codehaus.jackson dependencies from build cycle * [KNOX-785] - Update Apache Shiro dependency (Colm O hEigeartaigh via lmccay) * [KNOX-780] - Remove dependency on SNAPSHOT version of hadoop-common-test jar * [KNOX-790] - URL parameters with empty/null value are ignored (Nishant Bangarwa via lmccay) * [KNOX-713] - Knox Shell HDFS.get.Response is Package Private * [KNOX-792] - Fix FindBugs "performance" issues - Colm O hEigeartaigh via lmccay * [KNOX-812] - WebSSOResource doesn't make use of target audiences * [KNOX-803] - Adding rewrite rules for Map Reduce History Server UI (Shi Wang via lmccay) * [KNOX-820] - Knox query processing: If the originalUrl value has "ampersand"(&) in it, the value after ampersand is ignored. * [KNOX-826] - Need favicon icon for Admin UI * [KNOX-757] - shiro related log4j properties (John McParland via Sumit Gupta) * [KNOX-784] - Fix for httpclientconnection metric naming conflict * [KNOX-763] - Added import rewrite function for html content containing @import * [KNOX-763] - Missing function files * [KNOX-767] - Fix for CDATA handling (Jeffrey E Rodriguez via Sumit Gupta) * [KNOX-791] - XML attribute special character fix and unit test (Sandeep More via Sumit Gupta) * [KNOX-818] - created new jaxb beans for REST API * [KNOX-804] - custom cache manager class * [KNOX-824] - Added WebAppSec provider capability to Jersey service deployments * [KNOX-825] - setting to turn off directory browsing * [KNOX-826] - added the icon to the source project as well * [KNOX-827] - added manager topology * [KNOX-830] - Admin UI Fails to Authenticate with KnoxSSO ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.10.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-752] - Implementation of initial websocket support (Sandeep More via Sumit Gupta) * [KNOX-537] - Linux PAM Authentication Provider (jeffreyr97/hkropp via lmccay) ** Improvement * [KNOX-743] - Add submitSqoop via knox shell api * [KNOX-729] - added filter apply capability to html content * [KNOX-764] - initial service definition registry service * [KNOX-644] - Limit/page results of LDAP group membership search (Kevin Risden via lmccay) * [KNOX-733] - Add support for custom truststore to Knox shell client ** Bug * [KNOX-723] - Adding html content based filter for main page trailing slash issue * [KNOX-765] - Namenode UI fails to download few js and css (Mohammad Kamrul Islam via lmccay) * [KNOX-629] - Misleading output for system-user-auth-test when userSearchBase used * [KNOX-753] - Update References to Docs in README for Latest Release * [KNOX-762] - Remove dependency on httpcomponents httpclient 4.5.2 * [KNOX-756] - Build failure with "ant release" * [KNOX-754] - encoding response headers * [KNOX-732] - Knox does not recompress javascript resources (Sandeep More via lmccay) * [KNOX-748] - Fix Resource Leak in X509CertificateUtil.writeCertificateToJKS (Sandeep More via lmccay) * [KNOX-750] - Change test-patch to attempt -p0 and -p1 patches before failing * [KNOX-740] - Address new coverity scan issues (Sandeep More via lmccay) * [KNOX-742] - Export Commands in KnoxCLI for the gateway-identity Public Cert * [KNOX-690] - quick unit test for toEncodedString method * [KNOX-690] - fixing the encoding/decoding in the parser and template * [KNOX-508] - knox to uptake Apache DS 2.0.0-M16 or later ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.9.1 ------------------------------------------------------------------------------ ** New Feature ** Improvement * [KNOX-711] Added the ability to scope rewrite rules ** Bug * [KNOX-705] - Views in Ambari UI don't render when proxied by the AMBARIUI service * [KNOX-705] - Improvement on 404 error messages with ambari views * [KNOX-705] - rules to support view changes in Ambari * [KNOX-712] - submitPig does not allow multiple argument via arg() (Pierre Regazzoni via lmccay) * [KNOX-713] - Knox Shell HDFS.get.Request is Package Private (Chris Snow via lmccay) * [KNOX-714] - Remove Permissive MIT License from NOTICE File * [KNOX-715] - submitJava should allow multiple argument via arg() (Pierre Regazzoni via lmccay) * [KNOX-716] - replayBufferSize is kept in bytes * [KNOX-717] - changed the location header in RANGERUI rewrite to be more specific * [KNOX-721] - added rewrite rules to take care of no slash url * [KNOX-721] - added rewrite rules to take care of no slash url * [KNOX-721] - Loosening up the match criteria as the Location header coming back from Ranger is not always correct * [KNOX-722] - Null Pointer Exception while Knox SSO configured for OKTA/SAML v2 * [KNOX-722] - changed KnoxSessionStore to not base64 empty cookie value * [KNOX-722] - Null Pointer Exception while Knox SSO configured for OKTA/SAML v2 * [KNOX-723] - qualifying the login page resources with the frontend path * [KNOX-724] - ambari view fixes * [KNOX-725] - defining policy chain for ambari and ranger services * [KNOX-726] - Clean up Skipped Unit Tests * [KNOX-731] - added ranger and ambari services to topology ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.9.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-66] - Ambari REST API support * [KNOX-668] - Ranger UI proxy support with related REST API support changes * [KNOX-669] - Adding support for anonymous authentication * [KNOX-670] - Knox should be able to host simple web apps * [KNOX-673] - Ambari UI proxy support with related REST API support changes * [KNOX-674] - Expose Jetty's SSL cipher suite configuration via gateway-site.xml * [KNOX-692] - Enable Jetty's JSP support in Knox hosted applications. * [KNOX-686] - Default Form based SSO IDP as an Application * [KNOX-697] - Identity asserter provider that supports case mapping for users and groups * [KNOX-700] - Add Clickjacking Protection to WebAppSec Provider ** Improvement * [KNOX-630] - KnoxSSO Needs to Populate Configured Audiences * [KNOX-631] - Config Driven Keystore for Signing and Validation Certs in KnoxSSO * [KNOX-662] - Change pac4j-knoxsso.xml Template to Reflect new Requirements * [KNOX-667] - Added maven profile and updated ant targets * [KNOX-667] - changed nested release profile to match 'package' profile * [KNOX-677] - Upgrade to latest Groovy * [KNOX-675] - Upgrade Knox's Jetty dependency to latest 9.x * [KNOX-674] - Expose Jetty's SSL cipher suite configuration via gateway-site.xml * [KNOX-675] - Upgrade Knox's Jetty dependency to latest 9.x * [KNOX-675] - Upgrade Knox's Jetty dependency to latest 9.x. Fix circular dependency. * [KNOX-676] - Knox build failures. Attempt 1. * [KNOX-676] - Knox build failures. Attempt 2. * [KNOX-676] - Knox build failures. Attempt 3. * [KNOX-677] - Upgrade to latest Groovy. (via Colm O hEigeartaigh) * [KNOX-678] - Malformed UTF-8 characters in JSON Response * [KNOX-679] - Make ResponseCookieFilter Configurable * [KNOX-680] - Update Knox's HttpClient dependency to latest version * [KNOX-680] - Revert - Update Knox's HttpClient dependency to latest version" * [KNOX-688] - KnoxSSO Authentication should not result in a valid JSESSIONID * [KNOX-692] - Enable Jetty's JSP support in Knox hosted applications. * [KNOX-693] - KnoxSSO Token Expiration should be Optional * [KNOX-693] - added test for SSOCookieProvider and no expiry time * [KNOX-694] - Enhance LDAP user search configurability * [KNOX-695] - Expose configuration of HttpClient's connection and socket timeout settings * [KNOX-697] - Identity asserter provider that supports case mapping for users and groups * [KNOX-699] - External meta-data for simple hosted web apps * [KNOX-701] - KnoxSSO Redirect Back to External App has CORS Problem for Form IDP * [KNOX-702] - Templates for AD and Application Hosting Topologies ** Bug * [KNOX-169] - Test issue for patch test automation via PreCommit-Knox-Build job * [KNOX-658] - adding additional dependency as provided * [KNOX-660] - Incompatible Dependencies in Pac4j Provider * [KNOX-660] - Revert j2e-pac4j upgrade * [KNOX-661] - NPE in Pac4j Provider when clientName Parameter is Missing * [KNOX-665] - Credential Collectors and Samples Prompting with Double Colons * [KNOX-681] - A PUT with Content-Type application/xml but no body causes NullPointerException * [KNOX-681] - Revert - A PUT with Content-Type application/xml but no body causes NullPointerException" * [KNOX-683] - Test failing due to port conflicts * [KNOX-684] - Increase test timeouts for failing tests * [KNOX-684] - Increase test timeouts for failing tests. Part 2. * [KNOX-685] - Knox tests cleanup after Jetty 9 upgrade * [KNOX-687] - Address new Coverity Scan issues * [KNOX-689] - Applications Deployment Contributor can't find service.xml * [KNOX-689] - Revert - Applications Deployment Contributor can't find service.xml * [KNOX-704] - Remove bogus sleep() from knoxauth redirecting.html * [KNOX-706] - KnoxSSO Default IDP must not require specific URL * [KNOX-707] - Enter Key within KnoxSSO Default IDP Form does not Submit * [KNOX-708] - Wrong CSS link in KnoxAuth Application's redirecting.html * [KNOX-709] - HBase request URLs must not be URL encoded ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.8.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-641] - Support CAS / OAuth / OpenID C / SAML protocols using pac4j - (Jérôme Leleu via lmccay) ** Improvement * [KNOX-502] - Invalid requests (404s) should be logged and audited * [KNOX-519] - Prompt user to provide password, rather providing as an argument to knoxcli cmd (J.Andreina via lmccay) * [KNOX-647] - Rename LDAP artifacts from test to demo * [KNOX-650] - Add posixGroups support for LDAP groups lookup * [KNOX-651] - getting rid of warning for missing bundle version * [KNOX-651] - Moving some tests to integration-test phase * [KNOX-651] - made the secure tests multi module * [KNOX-652] - Remove hsso-release module from build * [KNOX-651] - Attempt number 2 to fix the jenkins build * [KNOX-651] - Attempt to fix Jenkins build error * [KNOX-651] - Fixed gateway-test-release module id * [KNOX-651] - Initial changes to add a 'release' test project * [KNOX-650] - Add posixGroups support for LDAP groups lookup * [KNOX-655] - Pac4j Provider Client Selection from client_name Query Parameter (Jérôme Leleu via lmccay) * [KNOX-658] - updated hadoop dependencies for jdk8 support * [KNOX-658] - slight change to the way JAXB works in JDK8 * [KNOX-659] - Default Keystore Details in Pac4j Provider SAML Config to Gateway Identity ** Bug * [KNOX-507] - Deletion of Non existing Alias from a cluster should not be successful (J.Andreina via lmccay) * [KNOX-589] - Fixing Jericho java.lang.IllegalStateException (Jeffrey E Rodriguez via Sumit Gupta) * [KNOX-594] - Stopping HS2 'SET-COOKIE' header to go back and managing 'hive.server2.auth' cookie * [KNOX-656] - Test GatewayLdapPosixGroupFuncTest failing intermittently * [KNOX-657] - _default Topology Must Redeploy After Restart * [KNOX-660] - Incompatible Dependencies in Pac4j Provider * [KNOX-661] - NPE in Pac4j Provider when clientName Parameter is Missing * [KNOX-662] - Change pac4j-knoxsso.xml Template to Reflect new Requirements * [KNOX-660] - Revert j2e-pac4j upgrade ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.7.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-476] - implementation for X-Forwarded-* headers support and population * [KNOX-547] - KnoxCLI adds new validate-topology and list-topologies commands. * [KNOX-548] - KnoxCLI adds a new system-user-auth-test command to test a topology's system username and password * [KNOX-549] - Test service connections through Knox with Knox CLI * [KNOX-549] - New Service-Test API can be added to topology. Accessible via Http call or KnoxCLI * [KNOX-560] - Test LDAP Authentication+Authorization from KnoxCLI * [KNOX-565] - Supporting All the Quick Links on Ambari Dashboard to Go Through Knox * [KNOX-579] - Regex based identity assertion provider with static dictionary lookup * [KNOX-602] - JWT/SSO Cookie Based Federation Provider * [KNOX-602] - protect against NPE in audience validation * [KNOX-604] - Expose configuration of HttpClient's max connections per route setting * [KNOX-611] - Expose configuration for Jetty's thread pool and connection queue * [KNOX-624] - Expose configuration for Jetty's request and response buffer sizes * [KNOX-625] - initial template file for topology using ui proxy services * [KNOX-634] - CORS Support as Part of WebAppSec Provider ** Improvement * [KNOX-394] - Request and response URLs must be parsed as literals not templates. Part 2. * [KNOX-394] - Request and response URLs must be parsed as literals not templates * [KNOX-534] - auditing shiro authentication exceptions * [KNOX-538] - Log some important system properties at startup * [KNOX-539] - add message to identity mapping audit entries * [KNOX-545] - Simplify Keystore Management for Cluster Scaleout * [KNOX-546] - Consuming intermediate response during kerberos request dispatching * [KNOX-566] - Make the Default Ephemeral DH Key Size 2048 for TLS * [KNOX-553] - Added topology validation from KnoxCLI to TopologyService deployment. * [KNOX-558] - HttpClient connections are not always returned to the pool for HBase on Windows * [KNOX-559] - renaming service definition files * [KNOX-561] - Allow Knox pid directory to be configured via the knox-env.sh file * [KNOX-573] - KNOX-574 make SecureOnly and MaxAge configurable for SSO * [KNOX-575] - Adds more logging for ShiroProvider LDAP Authentication. * [KNOX-576] - CLI user-auth-test should print a message when a user successfully authenticates. * [KNOX-564] - Topology deployment fails for no configured providers * [KNOX-570] - added zookeeper lookup capability for HS2 HA * [KNOX-580] - Initial refactoring out of default HA dispatch * [KNOX-590] - CLI sys-user-auth-test and user-auth-test have improved messages and work for more Shiro configs * [KNOX-590] - add more ShiroProvider configuration support to KnoxCLI sys-user-auth-test and user-auth-test * [KNOX-593] - removed replayBufferSize and CappedBufferHttpEntity references * [KNOX-593] - Moved SPNEGO code to httpclient * [KNOX-596] - Add diagnostics to topology deployment * [KNOX-597] - Improve diagnostic logging of HTTP traffic * [KNOX-600] - setting all service params as filter params for dispatch * [KNOX-607] - Fix SSOCookieProvider to Handle null Query Strings * [KNOX-608] - Improve Knox read and write performance by tuning buffer sizes. * [KNOX-609] - Add unit tests for the SSOCookieFederationProvider. * [KNOX-610] - DefaultTokenService issueToken should never return null * [KNOX-613] - Provide Credential Collector Abstraction to Client Shell * [KNOX-615] - Domain Cookies cannot Wildcard IP Addresses * [KNOX-617] - Add the use of CredentialCollectors to Samples * [KNOX-621] - Simplify KnoxSSO API Resource Path * [KNOX-622] - Misconfigured providers should cause topology deployment to fail * [KNOX-635] - open up default whitelist for dev - localhost * [KNOX-635] - Provide Whitelisting for Redirect Destinations for KnoxSSO * [KNOX-640] - Make Cookie Domain Configurable ** Bug * [KNOX-394] - Request and response URLs must be parsed as literals not templates * [KNOX-423] - XmlFilterReaderTest failed with IBM JVM JAVA * [KNOX-447] - Incorrect parsing and expansion of valueless query params * [KNOX-460] - UrlRewriteServletFilterTest failed with IBM JAVA * [KNOX-544] - Knox process does not exit if startup fails due to credential store issues * [KNOX-550] - reverting back to original hive kerberos dispatch behavior * [KNOX-554] - Fixed support for gateway.path change + added support for X-Forward-* headers in admin topology API. * [KNOX-555] - Prevent dispatch client from attempting retry and redirects * [KNOX-556] - fix extraneous imports * [KNOX-556] - provide better diagnostics for keystore failures * [KNOX-562] - Fix Null pointer exceptions in KnoxCLI LDAP commands * [KNOX-581] - Hive dispatch not propagating effective principal name * [KNOX-582] - Query Parameter rewrite does not honor empty string value (jeffreyr via lmccay) * [KNOX-584] - Fix for UT instability in GatewayBasicFuncTest.testCLIServiceTest * [KNOX-598] - Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401 error (due to Kerberos Replay attack error) * [KNOX-598] - Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401 error (due to Kerberos * [KNOX-599] - Template with {**} in queries are expanded with =null for query params without a value * [KNOX-601] - Knox test failures on windows * [KNOX-601] - Knox test failures on windows * [KNOX-603] - Coverity: Potential resource leak in BaseKeystoreService.createKeystore * [KNOX-614] - Incorrect URI template expansion with {**} query params #fragments * [KNOX-616] - XmlUrlRewriteStreamFilter unscapes escaped special characters * [KNOX-616] - XmlUrlRewriteStreamFilter unscapes escaped special characters * [KNOX-620] - Jenkins Knox-master-verify failing since #725 due to JDK version issues * [KNOX-626] - Minor fix to namespace parsing * [KNOX-623] - Gateway provider rewriter doesn't support boolean attributes in HTML. * [KNOX-632] - added back configuration for 'replayBufferSize' * [KNOX-632] - Oozie dispatch failing for secure clusters. Fix tests. * [KNOX-632] - Oozie dispatch failing for secure clusters * [KNOX-633] - Upgrade apache commons-collections * [KNOX-637] - Compilation Error in gateway-service-admin and gateway-test test projects (arshad.mohammad via lmccay) * [KNOX-636] - IdentityAsserterHttpServletRequestWrapper must override getUserPrincipal * [KNOX-638] - Hive dispatch failing for secure clusters * [KNOX-639] - Knoxcli.sh create-master should not allow empty strings ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.6.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-134] - Knox should avoid repeated LDAP authentication even if Shiro session is disabled. * [KNOX-177] - Simplify service deployment contributor implementation * [KNOX-185] - Use Shiro AuthenticationInfo caching to avoid repeated ldap bind * [KNOX-195] - Simple way to introduce new service without requiring code * [KNOX-473] - Configurable front end URL for simplified load balancer configuration * [KNOX-481] - Support configuration driven REST API integration (aka Stacks) * [KNOX-493] - Data and sub data directory should be made configurable. (Andreina J via lmccay) * [KNOX-500] - Support for Storm REST APIs * [KNOX-504] - Enable SSL Mutual Authentication * [KNOX-521] - Enhance Principal Mapping to Handle Dynamic Mappings * [KNOX-523] - Java 8 Compatibility * [KNOX-524] - Support LDAP authentication caching * [KNOX-532] - Update Knox build to use JDK 1.7 ** Improvement * [KNOX-263] - Docs - User Guide list of Services missing straight MapReduce? * [KNOX-291] - Improve audit for topology deployment process * [KNOX-458] - Surface Config for Shiro LDAP Connection Pooling * [KNOX-462] - Proper error message when root tag of topology file incorrect * [KNOX-466] - Log exception stack traces at INFO level when they reach gateway servlet * [KNOX-468] - Add default config to optimize LDAP group lookup * [KNOX-471] - User's guide needs update after trying examples * [KNOX-480] - KnoxCLI needs to print usage when alias not provided * [KNOX-491] - Increase default replay buffer size to 8K * [KNOX-492] - Support service level replayBufferLimit for Ozzie, Hive and HBase ** Bug * [KNOX-175] - Filter order in generated gateway.xml needs to be consistent * [KNOX-343] - Knox PID directory does not exists on Ubuntu after reboot * [KNOX-378] - Knox rewrites numbers in JSON to engineering notation * [KNOX-464] - Location headers have wrong hostname when used behind load balancer * [KNOX-465] - Initial audit record can contain leftover principal name * [KNOX-467] - Unit tests failing on windows * [KNOX-479] - Remove cacheManager configuration from template files * [KNOX-494] - knox-env.sh script should print proper warning message , if JAVA is not set. (Andreina J via lmccay) * [KNOX-501] - Avoid NPE , in case of passing invalid argument to KnoxCli. * [KNOX-505] - Failure during removing credential from Cluster should exit with proper error message * [KNOX-525] - Fix ServiceRegistry Persistence to deal with Upgrade from 0.4.0 * [KNOX-526] - Dispatch Refactoring Breaks Upgrade Compatibility * [KNOX-529] - Wildcard Group Principal Mapping Not Working * [KNOX-530] - Running Oozie jobs through Knox on a cluster with HDFS HA does not rewrite proper namenode host name. * [KNOX-531] - Fix extraneous audit entries for wildcard group mappings ** Sub-task * [KNOX-483] - Implement service configuration * [KNOX-487] - Add policy information to Service Definitions * [KNOX-510] - KnoxSSO API * [KNOX-511] - Picketlink SAML Federation Provider * [KNOX-533] - Add Version to KnoxSSO URL Patterns ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.5.1 ------------------------------------------------------------------------------ ** Improvement * [KNOX-470] - add README and site docs for samples ** Bug * [KNOX-467] - Unit tests failing on windows. Second attempt. * [KNOX-467] - Unit tests failing on windows * [KNOX-466] - Log exception stack traces at INFO level when they reach gateway servlet * [KNOX-459] - added null checks to the closing of resultEnums to avoid NPEs * [KNOX-465] - Initial audit record can contain leftover principal name * [KNOX-459] - fixed LDAP connection leaks in KnoxLdapRealm * [KNOX-464] - Location headers have wrong hostname when used behind load balancer * [KNOX-468] - update group lookup topologies to configure cache manager ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.5.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-74] - Support YARN REST API access via the Gateway * [KNOX-25] - KNOX should support authentication using SPNEGO from browser ** Improvements * [KNOX-455] - Configuration for Excluding SSL Protocols * [KNOX-422] - provide support for IBM JVM - via Pascal Oliva * [KNOX-437] - KnoxLdapContextFactory should be configured by default in all topology files * [KNOX-88] - Support HDFS HA * [KNOX-415] - Add some static group entires, associate some users with groups in user.ldif in the bundled Apache DS * [KNOX-404] - GATEWAY_HOME/conf needs to be added to gateway server classpath * [KNOX-402] - New GatewayService - TopologyService * [KNOX-401] - Add service role request attribute * [KNOX-355] - Support KNOX authentication provider based on hadoop.security.authentication.server.AuthenticationHandler * [KNOX-353] - adding support for hadoop java client through redirection * [KNOX-375] - add functional test for KNOX-242 find client bind dn using ldapsearch ** Bug * [KNOX-451] - WebHDFS HA failover does not account for URL of unsuccessful request * [KNOX-414] - WebHDFS HA enablement in web.xml is sensitive to order of context listeners * [KNOX-453] - HDFS HA not working for secure clusters * [KNOX-450] - WebHDFS HA retry should also handle RetriableException scenarios * [KNOX-442] - Align DSL with WebHCat REST API changes. * [KNOX-448] - Remove Reference to ReflectiveOperationException * [KNOX-446] - Disable unstable unit tests in WebHdfsHaFuncTest * [KNOX-445] - Fix HaDescriptorManagerTest.testDescriptorStoring to be platform independent. * [KNOX-444] - KnoxCLI Usability Improvements * [KNOX-442] - Align Tests with Hive API Change * [KNOX-441] - Ensure all pom.xml files reference junit so that excludeGroups work * [KNOX-439] - URL pattern matching fails for default ports HTTP 80 and HTTPS 443 * [KNOX-418] - remove the Pseudo federation provider * [KNOX-432] - Add Transfer_Encoding to EXCLUDE_HEADERS * [KNOX-431] - Update ISSUES file for 0.5.0 release * [KNOX-426] - change assertion provider name to Default * [KNOX-428] - Prepare pom.xml files for publishing via mvn deploy. * [KNOX-424] - Fix maven groupId * [KNOX-432] - Add Transfer_Encoding to EXCLUDE_HEADERS * [KNOX-410] - TopologyService Incorrect when _default Topology is Deployed * [KNOX-424] - Fix maven groupId * [KNOX-426] - change assertion provider name to Default * [KNOX-425] - rename Pseudo identity assertion provider * [KNOX-421] - optimize webhdfs file upload * [KNOX-413] - Yarn responses with TrackingUrl in the body not getting blanked out * [KNOX-349] - Completes JSON and XML support for PUT/GET of single topology and collection. * [KNOX-410] - Set topology name back to original value after deploying _default topology * [KNOX-349] - KNOX API for Topology Management. Support for deploy/undeploy topologies. * [KNOX-406] - Add provider name to test topologies to prevent intermittent test failures * [KNOX-403] - Optimize KnoxLdapRealm to reduce number of ldapsearches * [KNOX-349] - Knox API for Topology Management. Adds default admin topology to install and negative tests. * [KNOX-349] - Knox API for Topology Management. Initial step only supports GETs for topologies collection and single topology. * [KNOX-398] - Func test for Knox server info REST API. * [KNOX-366] - fixed stale pid detection again * [KNOX-398] - initial contribution for the Knox management API * [KNOX-396] - gateway.sh and ldap.sh status commands incorrect * [KNOX-395] - POC for Jersey Topology Service from Knox * [KNOX-350] - DOAP file for the Knox Project * [KNOX-391-392] - KnoxLdapRealm should use LdapName.equals for groupDn compare * [KNOX-389] - Knoxcli.cmd fails when space in JAVA_HOME * [KNOX-387] - replace JndiLdapRealm with KnoxLdapRelam in unit tests and functional tests * [KNOX-386] - update topology template files to use KnoxLdapRealm * [KNOX-385] - removed the config element for path to forward to and derive the path from the default topology name instead * [KNOX-383] - log computed bind dn and the mechanism to help diagnostics * [KNOX-382] - fixed extraneous output in shell scripts * [KNOX-381] - Expansion of authority only URL should not be prefixed with // * [KNOX-377] - detect stale pid and allow ldap server to restart in its presence * [KNOX-374] - KnoxLdapRealm does not default values correctly for userSearchBase and groupSearchBase * [KNOX-373] - add unit tests to verify default values for userSearchBase, groupSearchBase * [KNOX-372] - add unit tests to check default values for userSearchAttributeName, userObjectClass * [KNOX-371] - group membership lookup need to use userdn computed by search * [KNOX-369] - add support for new config param groupSearchBase * [KNOX-368] - add support for new config param userSearchBase * [KNOX-370] - add support for new config param userObjectClass * [KNOX-367] - add support for new config param userSearchAttributeName * [KNOX-366] - detect stale pid file a allow server start in its presence. * [KNOX-362] - logging of startup failure due to missing master secret and inability to prompt for one * [KNOX-361] - implicitly deploy the _default app for forwarding to the default topology * [KNOX-358] - refactor redirecting servlet into a forwarding servlet * [KNOX-310] - Parsing of JSON response for rewriting failing * [KNOX-356] - change redirect servlet to use 307s instead of 302s * [KNOX-354] - added PseudoAuthFederation Provider to accept user.name as proof of a pre-authenticated authentication event. * [KNOX-344] - Updated Knox Hive samples to be consistent with Hive 0.13. ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.4.0 ------------------------------------------------------------------------------ ** Improvements * [KNOX-193] - document configuration to use AD as authentication source * [KNOX-211] - Add classes KnoxLdapRealm, KnoxLdapContextFactory * [KNOX-212] - provide sample topology files to work with KnoxLdapRealm * [KNOX-214] - ShiroSubjectIdentityAdapter needs to map ldap groups looked up by shiro to java subject principals * [KNOX-215] - enhance AbstractIdentityAssertionFilter to make use of ldap groups looked up by shiro * [KNOX-216] - add functional tests to test ldap group lookup and usage * [KNOX-217] - enhance KnoxLdapGroupRealm to accept password alias in place of plain text password * [KNOX-221] - provide sample ldif file to work with KnoxLdapRealm * [KNOX-225] - update sample ldif file with ldapgroups to work with apache ds 2 * [KNOX-230] - provide ldap schema file to allow creation of daynamic groups in apache ds * [KNOX-231] - shiro realm implementation to support ldap dynamic groups * [KNOX-232] - add automation test case for ldap dynamic group support * [KNOX-233] - add a topology template file to illustrate the use of dynamic groups * [KNOX-234] - add documentation for dynamic groups * [KNOX-268] - document work around for Knox to Hadoop SPNego authn problem * [KNOX-21] - Utilize knox.auth cookie to prevent re-authentication for every request from end user * [KNOX-105] - Command line tooling for CMF provisioning * [KNOX-165] - Stress testing * [KNOX-166] - Improve diagnosability of connectivity issues * [KNOX-167] - Knox passes down incorrect Host header to Hadoop service * [KNOX-188] - encryptQueryString Password is Recreated when Topology is Changed. * [KNOX-199] - ExampleHBase.groovy fails with HBase 0.96 due to empty column qualifier REST API incompatibility * [KNOX-203] - Gateway fails to start when {GATEWAY_HOME}/bin not writable * [KNOX-205] - Launcher script (gateway.sh) not working when gateway installed via RPM * [KNOX-206] - User should be able to run gateway.sh script under its own but not root account * [KNOX-209] - Fix the Location of KEYS File * [KNOX-213] - Reame PostAuthenticationFilter to ShiroSubjectIdentityAdapter * [KNOX-219] - Fix NOTICE file for Releases * [KNOX-220] - Fix JWT POC Code for HSSO * [KNOX-222] - Remove hadoop-examples.jar from source tree * [KNOX-223] - generated shiro.ini file does not preserve property order * [KNOX-226] - Need more Linux friendly installation layout * [KNOX-229] - some properties of KnoxLdapRealm need to be renamed * [KNOX-235] - Pre-authenticated SSO/Federation Provider * [KNOX-244] - Knox run from the directory with spaces in Windows OS * [KNOX-245] - Knox is missing rewrite rule for WebHCat root path. * [KNOX-246] - Knox is missing authorization filter for HBase root path. * [KNOX-247] - Exception in Oozie workflow definition response rewrite * [KNOX-249] - Fix issues with shell scripts and home directory * [KNOX-251] - knoxcli.sh reports NullPointerException if not given arguments * [KNOX-253] - log error message for exception ldapContextFactory.getSystemLdapContext() * [KNOX-254] - use system password set using knoxcli in KnoxLdapContextFactory * [KNOX-269] - Set JSSESSIONID cookie as HttpOnly and Secure. * [KNOX-270] - service level authorization should return 403 on deny * [KNOX-271] - Audit records duplication when no matching filter was found for requested resource * [KNOX-280] - Topology undeploy is broken * [KNOX-281] - Fix the typo in user's guide * [KNOX-282] - document configuration to look up group membership from ldap * [KNOX-287] - Update documentation to be consistent with Hive 0.12 configuration * [KNOX-289] - Remove incubating/incubator from source and build * [KNOX-292] - Invalid command line arguments don't print usage. * [KNOX-294] - Add -version support to gateway.sh * [KNOX-297] - Should not send Knox stack trace to client in error responses * [KNOX-298] - add a topology template for using Active Directroy as authentication back end * [KNOX-299] - Cannot update existing master via knoxcli * [KNOX-301] - Unit tests unstable on different platforms * [KNOX-306] - Change linux scripts to use /bin/bash * [KNOX-308] - Windows .cmd scripts not passing parameters to java correctly. * [KNOX-309] - Attempt to reparse topology files to recover from overlapping write * [KNOX-311] - Parameters not passed to java properly by knoxcli.sh on Ubuntu. * [KNOX-312] - PID File Created For Failed Deployments * [KNOX-313] - WebHdfs service broken for HDFS 2.4.0 * [KNOX-314] - JDBC/HTTP for Hive Requires Specialized Dispatch * [KNOX-318] - HBase demo scripts fail against recent HBase versions * [KNOX-319] - Build fails on windows * [KNOX-322] - Incomplete Documentation for Quick Start * [KNOX-323] - Update Apache Knox Details Doc * [KNOX-324] - Obsolete Knox Directory Layout Doc * [KNOX-325] - Obsolete Docs for Services Supported * [KNOX-326] - Obsolete Docs for Sandbox Config * [KNOX-327] - Incomplete/Obsolete Docs for Gateway Details * [KNOX-328] - Obsolete Docs for Configuration * [KNOX-329] - Obsolete Docs for KnoxCLI * [KNOX-330] - Consolidate Authentication, GroupLookup and Shiro Docs * [KNOX-331] - Obsolete Docs for Secure Clusters * [KNOX-332] - Clarifications in Docs for Preauth SSO * [KNOX-333] - Incomplete Docs for HBase * [KNOX-334] - Obsolete Docs for Hive * [KNOX-335] - Obsolete Docs for Limitations * [KNOX-336] - Obsolete Disclaimer in Export Controls Page * [KNOX-337] - Knox not authenticating with HBase 0.98 in secure mode * [KNOX-342] - Document configuration for enabled HBase Access Control * [KNOX-344] - Update documentation/samples to be consistent with Hive 0.13. * [KNOX-345] - WebHDFS and Oozie not specifying dispatch provider and end up with HiveDispatchProvider * [KNOX-346] - The knox-env.sh script should prefer JAVA_HOME over java on path. * [KNOX-347] - Fix Knox DSL documentation * [KNOX-139] - Move hostmap provider configuration from a rewrite function provider to real provider config * [KNOX-140] - Support a forced redeploy of topologies * [KNOX-161] - Support Hive 0.11.0 via JDBC+ODBC/Thrift/HTTP * [KNOX-174] - support service specific cap for buffering request entities for replay against WWW-authenticate challenge * [KNOX-202] - Diagnosability/troubleshooting when wrong protocol (http vs https) used * [KNOX-240] - Update Hadoop dependencies to 2.x * [KNOX-257] - add a template topology file to illustrate preauth provider * [KNOX-261] - Better env checking and error messages in gateway.sh * [KNOX-262] - Improve JRE detection in scripting * [KNOX-263] - Docs - User Guide list of Services missing straight MapReduce? * [KNOX-265] - Add master secret generation to knoxcli * [KNOX-275] - Add topology template file to illustrate use of staticgroup and SLA * [KNOX-296] - Provide a command line tools to redeploy all topologies * [KNOX-300] - create a topology file that uses openldap as authen back end * [KNOX-315] - Add support for service params in topology file * [KNOX-316] - Create windows service template file for LDAP server. * [KNOX-320] - Simplify scripts for using Knox on windows * [KNOX-341] - Knox needs to work with secure Hive asserting authenticated user as doAs * [KNOX-4] - Extend Shiro Provider to Include Groups * [KNOX-23] - Generate audit log of all gateway activity * [KNOX-33] - Provide support for hosting Jersey services for the purposes of protocol mediation of non-REST services * [KNOX-48] - Cluster topology must not be exposed in datanode redirect query parameters * [KNOX-54] - Support horizontal scalability of gateway via clustering * [KNOX-172] - Support ~ to represent user's home directory in WebHDFS * [KNOX-179] - Simple way to introduce new provider/servlet filters into the chains * [KNOX-194] - Document Knox HA with Apache HTTP Server + mod_proxy + mod_proxy_balancer * [KNOX-198] - CSRF header support * [KNOX-228] - Knox should support dynamic LDAP Groups * [KNOX-243] - bat/cmd script for the gateway * [KNOX-248] - XML configuration file to describe how to launch Knox as Windows service * [KNOX-90] - Support HBase/Stargate for Kerberized cluster * [KNOX-92] - Support Hive/JDBC/HTTP for Kerberized cluster * [KNOX-208] - Upgrade ApacheDS for demo LDAP server to ApacheDS 2 * [KNOX-290] - Upgrade Shiro dependency to 1.2.3 * [KNOX-210] - Create functional test template ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.3.0 ------------------------------------------------------------------------------ ** New Feature * [KNOX-8] - Support HBase via HBase/Stargate * [KNOX-9] - Support Hive via JDBC+ODBC/Thrift/HTTP * [KNOX-11] - Access Token Federation Provider * [KNOX-27] - Access Kerberos secured Hadoop cluster via gateway using basic auth credentials * [KNOX-31] - Create lifecycle scripts for gateway server * [KNOX-50] - Ensure that all cluster topology details are rewritten for Oozie REST APIs * [KNOX-61] - Create RPM packaging of Knox * [KNOX-68] - Create start/stop scripts for gateway * [KNOX-70] - Add unit and functional testing for HBase * [KNOX-71] - Add unit and functional tests for Hive * [KNOX-72] - Update site docs for HBase integration * [KNOX-73] - Update site docs for Hive integration * [KNOX-82] - Support properties file format for topology files * [KNOX-85] - Provide Knox client DSL for HBase REST API * [KNOX-98] - Cover HBase in samples * [KNOX-99] - Cover Hive in samples * [KNOX-116] - Add rewrite function so that authenticated username can be used in rewrite rules * [KNOX-120] - Service Level Authorization Provider with ACLs * [KNOX-131] - Cleanup noisy test PropertyTopologyBuilderTest * [KNOX-169] - Test issue for patch test automation via PreCommit-Knox-Build job ** Improvement * [KNOX-40] - Verify LDAP over SSL * [KNOX-42] - Change gateway URLs to match service URLs as closely as possible * [KNOX-45] - Clean up usage and help output from server command line * [KNOX-49] - Prevent Shiro rememberMe cookie from being returned * [KNOX-55] - Support finer grain control over what is included in the URL rewrite * [KNOX-56] - Populate RC directory with CHANGES on people.a.o * [KNOX-75] - make Knox work with Secure Oozie * [KNOX-97] - Populate staging and release directories with KEYS * [KNOX-100] - document steps to make Knox work with secure hadoodp cluster * [KNOX-101] - Use session instead of hadoop in client DSL samples * [KNOX-117] - Provide ServletContext attribute access to RewriteFunctionProcessor via UrlRewriteEnvironment * [KNOX-118] - Provide rewrite functions that resolve service location information * [KNOX-129] - Document topology file * [KNOX-141] - Diagnostic debug output when generated SSL keystore info doesn't match environment * [KNOX-143] - Change "out of the box" setup to use sandbox instead of sample * [KNOX-153] - Document RPM based install process * [KNOX-155] - Remove obsolete module gateway-demo * [KNOX-164] - document hostmap provider properties * [KNOX-168] - Complete User's Guide for 0.3.0 release ** Bug * [KNOX-47] - Clean up i18n logging and any System.out or printStackTrace usages * [KNOX-57] - NPE when GATEWAY_HOME deleted out from underneath a running gateway instance * [KNOX-58] - NameNode endpoint exposed to gateway clients in runtime exception * [KNOX-60] - getting started - incorrect path to gateway-site.xml * [KNOX-69] - Branch expansion for specdir breaks on jenkins * [KNOX-76] - users.ldif file bundled with knox should not have hadoop service principals * [KNOX-77] - Need per-service outbound URL rewriting rules * [KNOX-78] - spnego authorization to cluster is failing * [KNOX-79] - post parameters are lost while request flows from knox to secure cluster * [KNOX-81] - Fix naming of release artifacts to include the word incubating * [KNOX-83] - do not use mapred as end user prinicpal in examples * [KNOX-84] - use EXAMPLE.COM instead of sample.com in template files for kerberos relam * [KNOX-89] - Knox doing SPNego with Hadoop for every client request is not scalable * [KNOX-102] - Update README File * [KNOX-106] - The Host request header should be rewritten or removed * [KNOX-107] - Service URLs not rewritten for WebHDFS GET redirects * [KNOX-108] - Authentication failure submitting job via WebHCAT on Sandbox * [KNOX-109] - Failed to submit workflow via Oozie against Sandbox HDP2Beta * [KNOX-111] - Ensure that user identity details are rewritten for Oozie REST APIs * [KNOX-124] - Fix the OR semantics in AclAuthz * [KNOX-126] - HiveDeploymentContributor uses wrong external path /hive/api/vi * [KNOX-127] - Sample topology file (sample.xml) uses inconsistent internal vs external addresses * [KNOX-128] - Switch all samples to use guest user and home directory * [KNOX-130] - Throw exception on credential store creation failure * [KNOX-132] - Cleanup noisy test GatewayBasicFuncTest.testOozieJobSubmission() * [KNOX-136] - Knox should support configurable session timeout * [KNOX-137] - Log SSL Certificate Info * [KNOX-142] - Remove Templeton from user facing config and samples and use WebHCat instead * [KNOX-144] - Ensure cluster topology details are rewritten for HBase/Stargate REST APIs * [KNOX-146] - Oozie rewrite rules for NN and JT need to be updated to use hostmap * [KNOX-147] - Halt Startup when Gateway SSL Cert is Expired * [KNOX-148] - Add cluster topology details rewrite for XML responses from HBase/Stargate REST APIs * [KNOX-149] - Changes to AclsAuthz Config and Default Mode * [KNOX-150] - correct comment on session timeout in sandbox topology file * [KNOX-151] - add documentation for session timeout configuration * [KNOX-152] - Dynamic redeploy of topo causes subsequent requests to fail * [KNOX-154] - INSTALL file is out of date * [KNOX-156] - file upload through Knox broken * [KNOX-157] - Knox is not able to process PUT/POST requests with large payload * [KNOX-158] - EmptyStackException while getting webhcat job queue in secure cluster * [KNOX-159] - oozie job submission thorugh knox fails for secure cluster * [KNOX-162] - Support Providing Your own SSL Certificate * [KNOX-163] - job submission through knox-webchat results in NullPointerException ------------------------------------------------------------------------------ Release Notes - Apache Knox - Version 0.2.0 ------------------------------------------------------------------------------ HTTPS Support (Client side) Oozie Support Protected DataNode URL query strings Pluggable Identity Asserters Principal Mapping URL Rewriting Enhancements KnoxShell Client DSL