| ------------------------------------------------------------------------------ |
| Release Notes - Apache Knox - Version 0.5.0 |
| ------------------------------------------------------------------------------ |
| ** Bug |
| * [KNOX-410] - TopologyService Incorrect when _default Topology is Deployed |
| |
| ------------------------------------------------------------------------------ |
| Release Notes - Apache Knox - Version 0.4.0 |
| ------------------------------------------------------------------------------ |
| |
| ** Improvements |
| * [KNOX-193] - document configuration to use AD as authentication source |
| * [KNOX-211] - Add classes KnoxLdapRealm, KnoxLdapContextFactory |
| * [KNOX-212] - provide sample topology files to work with KnoxLdapRealm |
| * [KNOX-214] - ShiroSubjectIdentityAdapter needs to map ldap groups looked up by shiro to java subject principals |
| * [KNOX-215] - enhance AbstractIdentityAssertionFilter to make use of ldap groups looked up by shiro |
| * [KNOX-216] - add functional tests to test ldap group lookup and usage |
| * [KNOX-217] - enhance KnoxLdapGroupRealm to accept password alias in place of plain text password |
| * [KNOX-221] - provide sample ldif file to work with KnoxLdapRealm |
| * [KNOX-225] - update sample ldif file with ldapgroups to work with apache ds 2 |
| * [KNOX-230] - provide ldap schema file to allow creation of daynamic groups in apache ds |
| * [KNOX-231] - shiro realm implementation to support ldap dynamic groups |
| * [KNOX-232] - add automation test case for ldap dynamic group support |
| * [KNOX-233] - add a topology template file to illustrate the use of dynamic groups |
| * [KNOX-234] - add documentation for dynamic groups |
| * [KNOX-268] - document work around for Knox to Hadoop SPNego authn problem |
| * [KNOX-21] - Utilize knox.auth cookie to prevent re-authentication for every request from end user |
| * [KNOX-105] - Command line tooling for CMF provisioning |
| * [KNOX-165] - Stress testing |
| * [KNOX-166] - Improve diagnosability of connectivity issues |
| * [KNOX-167] - Knox passes down incorrect Host header to Hadoop service |
| * [KNOX-188] - encryptQueryString Password is Recreated when Topology is Changed. |
| * [KNOX-199] - ExampleHBase.groovy fails with HBase 0.96 due to empty column qualifier REST API incompatibility |
| * [KNOX-203] - Gateway fails to start when {GATEWAY_HOME}/bin not writable |
| * [KNOX-205] - Launcher script (gateway.sh) not working when gateway installed via RPM |
| * [KNOX-206] - User should be able to run gateway.sh script under its own but not root account |
| * [KNOX-209] - Fix the Location of KEYS File |
| * [KNOX-213] - Reame PostAuthenticationFilter to ShiroSubjectIdentityAdapter |
| * [KNOX-219] - Fix NOTICE file for Releases |
| * [KNOX-220] - Fix JWT POC Code for HSSO |
| * [KNOX-222] - Remove hadoop-examples.jar from source tree |
| * [KNOX-223] - generated shiro.ini file does not preserve property order |
| * [KNOX-226] - Need more Linux friendly installation layout |
| * [KNOX-229] - some properties of KnoxLdapRealm need to be renamed |
| * [KNOX-235] - Pre-authenticated SSO/Federation Provider |
| * [KNOX-244] - Knox run from the directory with spaces in Windows OS |
| * [KNOX-245] - Knox is missing rewrite rule for WebHCat root path. |
| * [KNOX-246] - Knox is missing authorization filter for HBase root path. |
| * [KNOX-247] - Exception in Oozie workflow definition response rewrite |
| * [KNOX-249] - Fix issues with shell scripts and home directory |
| * [KNOX-251] - knoxcli.sh reports NullPointerException if not given arguments |
| * [KNOX-253] - log error message for exception ldapContextFactory.getSystemLdapContext() |
| * [KNOX-254] - use system password set using knoxcli in KnoxLdapContextFactory |
| * [KNOX-269] - Set JSSESSIONID cookie as HttpOnly and Secure. |
| * [KNOX-270] - service level authorization should return 403 on deny |
| * [KNOX-271] - Audit records duplication when no matching filter was found for requested resource |
| * [KNOX-280] - Topology undeploy is broken |
| * [KNOX-281] - Fix the typo in user's guide |
| * [KNOX-282] - document configuration to look up group membership from ldap |
| * [KNOX-287] - Update documentation to be consistent with Hive 0.12 configuration |
| * [KNOX-289] - Remove incubating/incubator from source and build |
| * [KNOX-292] - Invalid command line arguments don't print usage. |
| * [KNOX-294] - Add -version support to gateway.sh |
| * [KNOX-297] - Should not send Knox stack trace to client in error responses |
| * [KNOX-298] - add a topology template for using Active Directroy as authentication back end |
| * [KNOX-299] - Cannot update existing master via knoxcli |
| * [KNOX-301] - Unit tests unstable on different platforms |
| * [KNOX-306] - Change linux scripts to use /bin/bash |
| * [KNOX-308] - Windows .cmd scripts not passing parameters to java correctly. |
| * [KNOX-309] - Attempt to reparse topology files to recover from overlapping write |
| * [KNOX-311] - Parameters not passed to java properly by knoxcli.sh on Ubuntu. |
| * [KNOX-312] - PID File Created For Failed Deployments |
| * [KNOX-313] - WebHdfs service broken for HDFS 2.4.0 |
| * [KNOX-314] - JDBC/HTTP for Hive Requires Specialized Dispatch |
| * [KNOX-318] - HBase demo scripts fail against recent HBase versions |
| * [KNOX-319] - Build fails on windows |
| * [KNOX-322] - Incomplete Documentation for Quick Start |
| * [KNOX-323] - Update Apache Knox Details Doc |
| * [KNOX-324] - Obsolete Knox Directory Layout Doc |
| * [KNOX-325] - Obsolete Docs for Services Supported |
| * [KNOX-326] - Obsolete Docs for Sandbox Config |
| * [KNOX-327] - Incomplete/Obsolete Docs for Gateway Details |
| * [KNOX-328] - Obsolete Docs for Configuration |
| * [KNOX-329] - Obsolete Docs for KnoxCLI |
| * [KNOX-330] - Consolidate Authentication, GroupLookup and Shiro Docs |
| * [KNOX-331] - Obsolete Docs for Secure Clusters |
| * [KNOX-332] - Clarifications in Docs for Preauth SSO |
| * [KNOX-333] - Incomplete Docs for HBase |
| * [KNOX-334] - Obsolete Docs for Hive |
| * [KNOX-335] - Obsolete Docs for Limitations |
| * [KNOX-336] - Obsolete Disclaimer in Export Controls Page |
| * [KNOX-337] - Knox not authenticating with HBase 0.98 in secure mode |
| * [KNOX-342] - Document configuration for enabled HBase Access Control |
| * [KNOX-344] - Update documentation/samples to be consistent with Hive 0.13. |
| * [KNOX-345] - WebHDFS and Oozie not specifying dispatch provider and end up with HiveDispatchProvider |
| * [KNOX-346] - The knox-env.sh script should prefer JAVA_HOME over java on path. |
| * [KNOX-347] - Fix Knox DSL documentation |
| * [KNOX-139] - Move hostmap provider configuration from a rewrite function provider to real provider config |
| * [KNOX-140] - Support a forced redeploy of topologies |
| * [KNOX-161] - Support Hive 0.11.0 via JDBC+ODBC/Thrift/HTTP |
| * [KNOX-174] - support service specific cap for buffering request entities for replay against WWW-authenticate challenge |
| * [KNOX-202] - Diagnosability/troubleshooting when wrong protocol (http vs https) used |
| * [KNOX-240] - Update Hadoop dependencies to 2.x |
| * [KNOX-257] - add a template topology file to illustrate preauth provider |
| * [KNOX-261] - Better env checking and error messages in gateway.sh |
| * [KNOX-262] - Improve JRE detection in scripting |
| * [KNOX-263] - Docs - User Guide list of Services missing straight MapReduce? |
| * [KNOX-265] - Add master secret generation to knoxcli |
| * [KNOX-275] - Add topology template file to illustrate use of staticgroup and SLA |
| * [KNOX-296] - Provide a command line tools to redeploy all topologies |
| * [KNOX-300] - create a topology file that uses openldap as authen back end |
| * [KNOX-315] - Add support for service params in topology file |
| * [KNOX-316] - Create windows service template file for LDAP server. |
| * [KNOX-320] - Simplify scripts for using Knox on windows |
| * [KNOX-341] - Knox needs to work with secure Hive asserting authenticated user as doAs |
| * [KNOX-4] - Extend Shiro Provider to Include Groups |
| * [KNOX-23] - Generate audit log of all gateway activity |
| * [KNOX-33] - Provide support for hosting Jersey services for the purposes of protocol mediation of non-REST services |
| * [KNOX-48] - Cluster topology must not be exposed in datanode redirect query parameters |
| * [KNOX-54] - Support horizontal scalability of gateway via clustering |
| * [KNOX-172] - Support ~ to represent user's home directory in WebHDFS |
| * [KNOX-179] - Simple way to introduce new provider/servlet filters into the chains |
| * [KNOX-194] - Document Knox HA with Apache HTTP Server + mod_proxy + mod_proxy_balancer |
| * [KNOX-198] - CSRF header support |
| * [KNOX-228] - Knox should support dynamic LDAP Groups |
| * [KNOX-243] - bat/cmd script for the gateway |
| * [KNOX-248] - XML configuration file to describe how to launch Knox as Windows service |
| * [KNOX-90] - Support HBase/Stargate for Kerberized cluster |
| * [KNOX-92] - Support Hive/JDBC/HTTP for Kerberized cluster |
| * [KNOX-208] - Upgrade ApacheDS for demo LDAP server to ApacheDS 2 |
| * [KNOX-290] - Upgrade Shiro dependency to 1.2.3 |
| * [KNOX-210] - Create functional test template |
| |
| ------------------------------------------------------------------------------ |
| Release Notes - Apache Knox - Version 0.3.0 |
| ------------------------------------------------------------------------------ |
| |
| ** New Feature |
| * [KNOX-8] - Support HBase via HBase/Stargate |
| * [KNOX-9] - Support Hive via JDBC+ODBC/Thrift/HTTP |
| * [KNOX-11] - Access Token Federation Provider |
| * [KNOX-27] - Access Kerberos secured Hadoop cluster via gateway using basic auth credentials |
| * [KNOX-31] - Create lifecycle scripts for gateway server |
| * [KNOX-50] - Ensure that all cluster topology details are rewritten for Oozie REST APIs |
| * [KNOX-61] - Create RPM packaging of Knox |
| * [KNOX-68] - Create start/stop scripts for gateway |
| * [KNOX-70] - Add unit and functional testing for HBase |
| * [KNOX-71] - Add unit and functional tests for Hive |
| * [KNOX-72] - Update site docs for HBase integration |
| * [KNOX-73] - Update site docs for Hive integration |
| * [KNOX-82] - Support properties file format for topology files |
| * [KNOX-85] - Provide Knox client DSL for HBase REST API |
| * [KNOX-98] - Cover HBase in samples |
| * [KNOX-99] - Cover Hive in samples |
| * [KNOX-116] - Add rewrite function so that authenticated username can be used in rewrite rules |
| * [KNOX-120] - Service Level Authorization Provider with ACLs |
| * [KNOX-131] - Cleanup noisy test PropertyTopologyBuilderTest |
| * [KNOX-169] - Test issue for patch test automation via PreCommit-Knox-Build job |
| |
| ** Improvement |
| * [KNOX-40] - Verify LDAP over SSL |
| * [KNOX-42] - Change gateway URLs to match service URLs as closely as possible |
| * [KNOX-45] - Clean up usage and help output from server command line |
| * [KNOX-49] - Prevent Shiro rememberMe cookie from being returned |
| * [KNOX-55] - Support finer grain control over what is included in the URL rewrite |
| * [KNOX-56] - Populate RC directory with CHANGES on people.a.o |
| * [KNOX-75] - make Knox work with Secure Oozie |
| * [KNOX-97] - Populate staging and release directories with KEYS |
| * [KNOX-100] - document steps to make Knox work with secure hadoodp cluster |
| * [KNOX-101] - Use session instead of hadoop in client DSL samples |
| * [KNOX-117] - Provide ServletContext attribute access to RewriteFunctionProcessor via UrlRewriteEnvironment |
| * [KNOX-118] - Provide rewrite functions that resolve service location information |
| * [KNOX-129] - Document topology file |
| * [KNOX-141] - Diagnostic debug output when generated SSL keystore info doesn't match environment |
| * [KNOX-143] - Change "out of the box" setup to use sandbox instead of sample |
| * [KNOX-153] - Document RPM based install process |
| * [KNOX-155] - Remove obsolete module gateway-demo |
| * [KNOX-164] - document hostmap provider properties |
| * [KNOX-168] - Complete User's Guide for 0.3.0 release |
| |
| ** Bug |
| * [KNOX-47] - Clean up i18n logging and any System.out or printStackTrace usages |
| * [KNOX-57] - NPE when GATEWAY_HOME deleted out from underneath a running gateway instance |
| * [KNOX-58] - NameNode endpoint exposed to gateway clients in runtime exception |
| * [KNOX-60] - getting started - incorrect path to gateway-site.xml |
| * [KNOX-69] - Branch expansion for specdir breaks on jenkins |
| * [KNOX-76] - users.ldif file bundled with knox should not have hadoop service principals |
| * [KNOX-77] - Need per-service outbound URL rewriting rules |
| * [KNOX-78] - spnego authorization to cluster is failing |
| * [KNOX-79] - post parameters are lost while request flows from knox to secure cluster |
| * [KNOX-81] - Fix naming of release artifacts to include the word incubating |
| * [KNOX-83] - do not use mapred as end user prinicpal in examples |
| * [KNOX-84] - use EXAMPLE.COM instead of sample.com in template files for kerberos relam |
| * [KNOX-89] - Knox doing SPNego with Hadoop for every client request is not scalable |
| * [KNOX-102] - Update README File |
| * [KNOX-106] - The Host request header should be rewritten or removed |
| * [KNOX-107] - Service URLs not rewritten for WebHDFS GET redirects |
| * [KNOX-108] - Authentication failure submitting job via WebHCAT on Sandbox |
| * [KNOX-109] - Failed to submit workflow via Oozie against Sandbox HDP2Beta |
| * [KNOX-111] - Ensure that user identity details are rewritten for Oozie REST APIs |
| * [KNOX-124] - Fix the OR semantics in AclAuthz |
| * [KNOX-126] - HiveDeploymentContributor uses wrong external path /hive/api/vi |
| * [KNOX-127] - Sample topology file (sample.xml) uses inconsistent internal vs external addresses |
| * [KNOX-128] - Switch all samples to use guest user and home directory |
| * [KNOX-130] - Throw exception on credential store creation failure |
| * [KNOX-132] - Cleanup noisy test GatewayBasicFuncTest.testOozieJobSubmission() |
| * [KNOX-136] - Knox should support configurable session timeout |
| * [KNOX-137] - Log SSL Certificate Info |
| * [KNOX-142] - Remove Templeton from user facing config and samples and use WebHCat instead |
| * [KNOX-144] - Ensure cluster topology details are rewritten for HBase/Stargate REST APIs |
| * [KNOX-146] - Oozie rewrite rules for NN and JT need to be updated to use hostmap |
| * [KNOX-147] - Halt Startup when Gateway SSL Cert is Expired |
| * [KNOX-148] - Add cluster topology details rewrite for XML responses from HBase/Stargate REST APIs |
| * [KNOX-149] - Changes to AclsAuthz Config and Default Mode |
| * [KNOX-150] - correct comment on session timeout in sandbox topology file |
| * [KNOX-151] - add documentation for session timeout configuration |
| * [KNOX-152] - Dynamic redeploy of topo causes subsequent requests to fail |
| * [KNOX-154] - INSTALL file is out of date |
| * [KNOX-156] - file upload through Knox broken |
| * [KNOX-157] - Knox is not able to process PUT/POST requests with large payload |
| * [KNOX-158] - EmptyStackException while getting webhcat job queue in secure cluster |
| * [KNOX-159] - oozie job submission thorugh knox fails for secure cluster |
| * [KNOX-162] - Support Providing Your own SSL Certificate |
| * [KNOX-163] - job submission through knox-webchat results in NullPointerException |
| |
| ------------------------------------------------------------------------------ |
| Release Notes - Apache Knox - Version 0.2.0 |
| ------------------------------------------------------------------------------ |
| HTTPS Support (Client side) |
| Oozie Support |
| Protected DataNode URL query strings |
| Pluggable Identity Asserters |
| Principal Mapping |
| URL Rewriting Enhancements |
| KnoxShell Client DSL |
| |