Fixed Issues in Apache Knox

Review the list of Knox issues that are resolved in Cloudera Runtime 7.2.6.

CDPD-19110: Prevent knox from passing hadoop.auth cookie to browser.
This issue is now resolved.
OPSAPS-57448: IDBroker does not export correct RDC configuration in HA.
The RDC configs is now correctly exported when IDBroker is in HA mode. This issue is now resolved.

Apache patch information

Apache patches in this release. These patches do not have an associated Cloudera bug ID.

  • KNOX-2406 Use dependency bom for dependency management
  • KNOX-2392 Simple file-based TokenStateService implementation
  • KNOX-2389 AliasBasedTokenStateService stops processing persisted journal entries if one is malformed
  • KNOX-2377 Address potential loss of token state
  • KNOX-2384 Token Service should return expiration from token when renewal disabled
  • KNOX-2381 racking UI of flink session is broken in YARNUIV2
  • KNOX-2378 AliasBasedTokenStateService log message is misleading
  • KNOX-2376 Ensure all HBASEJARS IN rules are for /hbase/jars and not /hbase/maven
  • KNOX-2368 CM Cluster Configuration Monitor Does Not Support Rolling Restart Events
  • KNOX-2351 Catching any errors while monitoring CM configuration changes
  • KNOX-2367 Fix rewrite rules for HDFS UI fonts and bootstrap.min.css.map
  • KNOX-2348 Fix knoxcli when kerberos auth is used
  • KNOX-2357 Descriptor handler should not default discovery type to Ambari unless there is discovery configuration
  • ODX-107 KNOX-2354 An HBASEJARS service which can proxy HBase jars hosted by t…
  • KNOX-1998 WebHDFS rewrite.xml does not have rewrite rule for Location field in json
  • KNOX-2352 Knox Token State Eviction Should Be Based on Expiration and Extended Default Grace Period
  • KNOX-2355:Update Atlas rewrite.xml for new UI changes
  • KNOX-2304 CM discovery cluster config monitor needs to be aware of …
  • KNOX-2316 Knox Token State Eviction Must Consider Maximum Token Lifetime
  • KNOX-2314 NPE from topology Service equals implementation when no URLs
  • KNOX-2301 and KNOX-2302 Trigger discovery for descriptors at gateway start time
  • KNOX-2287 KnoxCLI convert topology to provider and descriptor
  • KNOX-2298 ClouderaManager cluster config monitor should stop monitoring unreferenced clusters
  • KNOX-2266 Tokens Should Include a Unique Identifier
  • KNOX-2212 Token permissiveness validation
  • KNOX-2230 Token State Service should throw UnknownTokenException instead of IllegalArgumentException
  • KNOX-2237 CM service discovery should default the http path of Hive URLs when the associated property is not set
  • KNOX-2233 DefaultKeystoreService getCredentialForCluster uses cache without synchronization
  • KNOX-2214 Reaping of expired Knox tokens
  • KNOX-2228 JWTFilter should handle unknown token exception from token state service
  • KNOX-2210 Gateway-level configuration for server-managed Knox token state
  • KNOX-2215 Token service should return a 403 response when the renewer is not white-listed
  • KNOX-2209 Improve logging for Knox token handling
  • KNOX-2153 CM discovery – Monitor Cloudera Manager
  • KNOX-2156 CM discovery – KUDUUI discovery
  • KNOX-2152 Disable Ambari cluster configuration monitoring by default
  • KNOX-2151 HIVE_ON_TEZ HS2 Discovery doesn't work
  • KNOX-1970 CM discovery – Add Impala HS2 to auto discovery
  • KNOX-1932 CM discovery – WEBHCAT URLs not discovered
  • KNOX-1921 CM discovery – Hue Load balancer HTTP/HTTPS scheme
  • KNOX-1935 CM discovery – Hue should not have both LB and non LB
  • KNOX-1962 CM discovery – Avoid reading krb5 login config multiple t…
  • KNOX-2144 Alias API KnoxShell support should provide response types better than raw JSON
  • KNOX-1410 Knox Shell support for remote Alias management
  • KNOX-2127 ZooKeeperAliasService mishandles mixed-case alias keys properly
  • KNOX-2105 KnoxShell support for token renewal and revocation
  • KNOX-2071 Configurable maximum token lifetime for TokenStateService
  • KNOX-2066 Composite Authz Provider
  • KNOX-2067 KnoxToken service support for renewal and revocation