Behavioral changes denote a marked change in behavior from the previously released
version to this version of Apache Knox.
- Knox token impersonation config
- Summary
- Knox token service has been changed to use the identity assertion provider configuration
for impersonation.
- Previous behaviour
- The token service had its own impersonation configuration.
- New behaviour
- The token service relies on the identity assertion provider for impersonation
configuration.
- PEM file name change
- Summary
- The name of the pem file generated through knoxcli.sh has been changed.
- Previous behaviour
- The name of the file was gateway-identity.pem.
- New behaviour
- The name of the file is now gateway-client-trust.pem.
- Composite authorization provider misconfiguration
- Summary
- Composite authorization provider misconfiguration behavior
- Previous behaviour
-
- If composite.provider.names is empty, the topology would fail deployment.
- If composite.provider.names has an invalid value, the topology would fail
deployment.
- New behaviour
-
- Deployment succeeds, and Knox allows access with no authorization since none is
configured.
- Deployment succeeds, but Knox rejects requests with a HTTP 403 response because the
configuration is present (indicating that authorization is expected) but invalid.
- Inactive topologies
- Summary
- Knox distinguishes inactive topologies from undeployed topologies.
- Previous behaviour
- Requests for topologies which are not yet fully deployed result in HTTP 404 responses.
- New behaviour
- Requests for topologies which are not yet fully deployed result in HTTP 503 responses.