Version 1x release notes

October 7, 2011 - May 10, 2012

 


Release 1.4.5 (9/19/2012 - Bug Fixes)

Bug Fixes

The following bugs were fixed for this release:

  1. Repose will now correctly retrieve a new admin token after the token expires or is invalidated.
  2. Fix spelling error in repose logrotate. 

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. The rate limiting "http-methods" options with ALL and multiple methods in same line (http-methods="GET POST"

Release 1.4.4 (8/1/2012 - Max TTL for Auth Cache on 1.4 Branch)

Bug Fixes

The following bugs were fixed for this release:

  1. The restart option for repose-valve init.d script fails: repose does not actually restart.

New Features

The following features have been added and tested for this release:

  1. Add Config for Max TTL for Auth Cache

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

 


Release 1.4.3 (7/30/2012 - Bug Fixes on 1.4 Branch)

Bug Fixes

The following bugs were fixed for this release:

  1. Client Authorization returns a 200 when an exception occurs communicating with auth service.
  2. NullPointerException in Client Authorization when response from auth service is not 200.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

 


Release 1.4.2 (07/25/2012 - Cache Groups on 1.4 Branch)

New functionality provides enhancements to cache groups for calls to Auth from the Rate Limiting filter.  This will improve performance and reduce the number of calls to Auth.

New Features

The following features have been added and tested for this release:

  1. Added caching of user groups.  This includes the addition of an xml attribute (group-cache-timeout) in client-auth-n.cfg.xml.  This attribute specifies the amount of time (in milliseconds) to cache the user groups.  The attribute is optional and defaults to 10 minutes (600000 milliseconds) if not specified.

Bug Fixes

The following bugs were fixed for this release:

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".


 

Release 1.4.1 (04/19/2012)

New Features

The following features have been added and tested for this release:

Bug Fixes

None.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

  1. Support for LBaaS rate limits json format.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Customers expecting the draft OpenStack json rate limit format will now receive the updated OpenStack rate limit format.

  3. While the service is starting up (for about the first 5 seconds) it will return HTTP 200's like all requests are succeeding. After the service has finished starting it will return correct response codes.


Release 1.4.0 (04/06/2012 - Header-ID Mapping)

New Features

The following features have been added and tested for this release:

  1. Added header-id-mapping component which will allow repose to extract both user and group from headers other than x-pp-user and x-pp-groups.  The values from the specified headers will be copied into the expected identity headers with an appropriate quality value.

Bug Fixes

None.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

  1. Support for LBaaS rate limits json format.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Customers expecting the draft OpenStack json rate limit format will now receive the updated OpenStack rate limit format.

  3. While the service is starting up (for about the first 5 seconds) it will return HTTP 200's like all requests are succeeding. After the service has finished starting it will return correct response codes.

 


Release 1.3.0 (04/04/2012 - External Routing in ROOT.war and Bug Fixes)

Release 1.3.0 provides the ability route externally when using ROOT.war.

New Features

Bug Fixes

The following bugs were fixed for this release:

  1. Now return response code of 503 when a connection exception occurs between Repose and the origin service.
  2. The core web.xml, filter-bundle conffiles, default container.cfg.xml, valve conffiles, and valve default in proxy app now use /etc/repose. 

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

  1. Support for LBaaS rate limits json format.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".

  2. Customers expecting the draft OpenStack json rate limit format will now receive the updated OpenStack rate limit format.

  3. While the service is starting up (for about the first 5 seconds) it will return HTTP 200's like all requests are succeeding. After the service has finished starting it will return correct response codes.

 


Release 1.2.1 (03/14/2012 - Response Message Service Enhancements and Bug Fixes)

Release 1.2.1 provides bug fixes and enhances the Response Message Service.

New Features

  1. Added ability to include Apache HTTPD logging parameters in message bodies of the response messaging service.
  2. Added logging of request/response headers to the http logging filter and response messaging service.
  3. Added formatting of date headers (using ISO_8601 and RFC_1123 formats) for http logging filter and response messaging service.
  4. Added overwrite enumeration to the Response Message Service (RMS) configuration.  This enumeration adds functionality so that the response body only gets overwritten if the body returned is empty.
  5. Added logging of request/response between Repose and the origin service. 
  6. Added logging of the Repose version on system initialization.
  7. Added logging of configuration changes.
  8. Valve Debian changes:
    1. Change ports as follows:
      RUN_PORT=8774
      SHUTDOWN_PORT=8123
    2. Create /var/repose directory.
    3. Create hidden files under /var/log/respose and /var/repose.

Bug Fixes

The following bugs were fixed for this release:

  1. Fixed Null Pointer Exception in the Response Message Service in the case where the accept header is null.  If the accept header is null, the RMS now treats it as wildcard accept header star / star.
  2. Fixed addressing cascade failure in the distributed datastore by enabling nodes to communicate expected remote behavior.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

  1. Improve system state logging.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  2. Customers expecting the draft OpenStack json rate limit format will now receive the updated OpenStack rate limit format.
  3. Repose Debian package has been updated to put the configs in /etc/repose.  The core web.xml, filter-bundle conffiles, default container.cfg.xml, valve conffiles, and valve default in proxy app use /etc/powerapi.  This will not affect deployments where the default configuration location is specified in the command line during Repose start up.

 


Release 1.2.0 (02/29/2012 - Response Message Service and Bug Fixes)

Release 1.2.0 provides the Response Message Service and Distributed Datastore and Rate Limiting bug fixes.

Note: In this release, the change to remove the port as a command line parameter for valve has been reverted.

New Features

The following features have been added and tested for this release:

  1. Response Messaging Service(new):
    • Finished final implementation by improving catch all case
    • Added documentation
  2. Updated Distributed Datastore to add info messages once the distributed datastore configuration is read to give the user and indication of the allow level.
  3. Debian repository updates
    1. Debian Plugin Changes
      1. references to /etc/powerapi now reference /etc/repose
      2. references to /usr/share/powerapi/filters now reference /usr/share/powerapi/filters
      3. references to /etc/powerapi now reference /etc/repose
      4. references to /usr/share/lib/repose now reference /usr/share/lib/repose
      5. log directory has been changed from /var/powerapi/logs to /var/log/repose
    2. Logrotate changes
      1. log files now reference /var/log/repose/*.log
    3. Init script
      1. debianize the init script
      2. script now using directories mentioned above.

Bug Fixes

The following bugs were fixed for this release:

  1. Fix addressing in datastore to account for multiple interfaces representing the local node. This bug is a result of an incorrect assumption that there would be one listen address for Repose. This is not always true and so when names that resolve to addresses that belong to the local machine but don't explicitly match our expectations we would fail incorrectly. This has been fixed by allowing the code to identify if datastore communication is intended for the local node by introspecting the system interfaces.
  2. Fix RateLimiting to provide an empty rate limits object in the case where the user as no rate limits (resulting in a null).  This would produce a NullPointerException in cases where the user did not have any rate limits recorded.
  3. Refactor header quality consumption to allow for defaults and better conform to interface requirements.  This would result in a NullPointerException when the user specifies no Accept type. This bug is related to a work around related to JSON support.
  4. Update rate limiting to honor limit group precedence as specified in the configuration.  Superuser groups would be ignored if a default group is specified after it.
  5. Update rate limiting to comprehend group lists and not just one single 'preferred' group.  This bug manifested itself in the case where a user has multiple groups coming in to the Rate Limiting component. The rate limiting component would only use the "most-qualified" single header but should be consuming all qualified groups.
  6. Fix json translation to escape special characters.
  7. Fix Rate Limiting to use more complex key for accessing the compiled uri-regex pattern.
  8. Fix /limits call where when request with application/xml xml is returned instead of json.
  9. Fix Null Pointer Exception on Repose valve shutdown.
  10. Update the json format returned for /limits call to match the OpenStack standard.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

  1. Content Identity to support rate limiting by user when the user is in the request body.

Known Issues

  1. If the origin service does not support getting absolute limits in xml an exception is thrown with "content not allowed in prologue".
  2. Customers expecting the draft OpenStack json rate limit format will now receive the updated OpenStack rate limit format.

 


Release 1.1.2 (02/17/2012 - Pre-AuthN Rate Limiting by Identity in Request Header)

Release 1.1.2 is focused on completing the identity filters that can provide support to the rate limiting filter and bug fixes.

Warning: In this release, the port is no longer specified on the command line when running valve.  It gets specified in the context.cfg.xml file.  Existing deployments that specify the port on the command line must change the port configuration in order to run this release.

New Features

The following features have been added and tested for this release:

  1. Identity Filters:
    • The Client-Ip filter has been split out into the Header Identity and IP Identity filters
    • Header Identity - User can configure a specific header with which to set X-PP-User and X-PP-Groups
    • IP Identity - X-PP-User will be set to the incoming requests source IP
    • URI Identity Filter - X-PP-User will be set by running configured regexes against the request uri
  2. Servlet Context Router has been renamed to Root Context Router.  This change impacts the following configuration files:
    • servlet-context-router.cfg.xml is renamed to root-context-router.cfg.xml
    • power-proxy.cfg.xml element servlet-context-router renamed to root-context-router
  3. Groups
    • Filters that set and use the X-PP-Groups have been updating to understand quality factors.
    • Rate limiting will now use a group with the highest quality factor when determining applicable rate limits.

Bug Fixes

The following bugs were fixed for this release:

  1. Fixed Versioning so it uses configured base type when determining version by Media Type
  2. Updated Proxy Server program to no longer accept start port as a command line argument. This functionality has been moved exclusively to the container.cfg.xml configuration.
  3. Re-Introduced Rate Limiting JMeter tests to the regression suite.

 


Release 1.1.1 (02/03/2012 - Servlet Context Router, Absolute Limits in JSON, and Bug Fixes)

Release 1.1.1 is focused on the servlet context router used in the ROOT.war deployments and bug fixes including a fix to get absolute limits in JSON.

New Features

The following features have been added and tested for this release:

  1. Updated the core and filter-bundle debian packages to handle upgrades using dpkg's conffile mechanism
  2. Servlet Context Routing (new):
    • Added new filter (ServletContextRoutingFilter) to the ear filter bundle for use in ROOT.war
    • Added unit tests
    • Added documentation (documentation)
  3. Updated Introduction Document
  4. Added debian repo at Debian Repo
  5. Added OpenStack Identity Service Contract Validation
    • Added null checking for required endpoint elements in service catalog: public url and type.
    • Added warning log statements for required endpoint elements in service catalog: public url and type.

Bug Fixes

The following bugs were fixed for this release:

  1. Content-Type is now included in version request responeses.
  2. Fixed issue with versioning not able to route to root context when Repose is deployed with Valve.
  3. Fixed issue with Repose not being able to handle absolute limits response from the origin service in json format.
  4. Fixed issue in ROOT.war deployment by adding containter.cfg.xml option to specify application container port.

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete:

  1. Client Authorization extension to support the use of endpoint type, name, and region in authorization.

 


Release 1.1.0 (01/18/2012 - AuthZ)

Release 1.1.0 is focused on adding the Authorization filter and bug fixes.

New Features

The following features have been added and tested for this release:

  1. Authentication (update):
    • Update Cloud Auth 1.1 Service Client to get username from the token returned from the validate token call (which reduces the number of calls to the Cloud Auth 1.1 service)
  2. Authorization (new):
    • Added new authorization filter to check service catalog
    • Added unit tests
    • Added documentation
  3. Rate Limiting

Bug Fixes

The following bugs were fixed for this release:

  1. Authentication token caching logic has had several updates that ensures that user tokens are correctly validated

 


Release 1.0.6 (01/11/2012 - Bug Fix in AuthN, Updates to Content Normalization and Rate Limiting)

Release 1.0.6 is mainly focused on enhancing the Rate Limiting component.

New Features

The following features have been added and tested for this release:

  1. Content-Normalization (new):

    • Added tests to verify functionality
    • Added configuration example
    • Added documentation
  2. Client IP Identity (new):

    • Added client ip identity filter to set the X-PP-User header with the client IP. This enables rate limiting by IP.
    • Added JMeter tests to the automated regression build for client ip identity filter.
    • Added documentation
  3. CLI Utility (new)

  4. Repose Website (new)

  5. Repose System State Logging (new)

Bug Fixes

The following bugs were fixed for this release:

  • AuthN for Cloud Auth 1.1 will use the Username to get groups rather than Tenant ID.
  • Resolved issue where Repose failed startup when the power-proxy.cfg.xml file was missing.  Repose will now startup without requiring the presence of the power-proxy.cfg.xml file, then validate and load the file when it becomes available.
  • Content-Length will now be updated to include content from absolute limits of an end service.

Release 1.0.5 (12/19/2011 - Updates to Packaging)

Release 1.0.5 is mainly focused on updating the build artifacts.

Bug Fixes

The following bugs were fixed for this release.

  • Debian packages not created on a maven release.

Release 1.0.4 (12/15/2011 - Updates to HTTP Logging Component)

Release 1.0.4 is mainly focused on updating the HTTP Logging Component.

New Features

The following features have been added and tested for this release:

  • External contribution from Jorge Williams.
    • The Problem: Calabash is written to use Saxon 9. The output from a Calabash pipeline is internally Saxon 9 DOMs -- these are very efficient, but only work within the context of Saxon 9. We use parts of the translation component within our document tool system that is based on Saxon 6 which can't deal with the Saxon 9 DOMs, we need output in a more compatible format.
    • The Solution: This patch adds a flag to the CalabashPipelineBuilder called legacySourceOutput. When this is set to true the result DOMs are transformed to W3C doms that can be used anywhere.

Bug Fixes

The following bugs were fixed for this release.

  • Dist data store: Filter now correctly releases resources that get bound to the internal JNDI context
  • Client Authentication Time To Live: Repose now handles the case where the auth service returns a token expiration date that is beyond the Java Integer.MAX_VALUE, by setting the token "time to live" to Integer.MAX_VALUE.
  • The HTTP Logging component now reads and writes all log values and configs using UTF-8.

Release 1.0.3 (12/07/2011 - Updates to Authentication Component)

Release 1.0.3 is mainly focused on updating the Authentication Component and how it interacts with the Cloud Auth 1.1 authentication service.

New Features

The following features have been added and tested for this release.

  1. Routing Component (new):
    • Added default-router to filter bundle web.xml
  2. HTTP Logging Component (new):
  3. Authentication Component (updated):
  4. Mocks:
    • Updated Cloud Auth 1.1 Mock
    • Updated End Service (Origin Service) Mock
    • Added OpenStack Identity Service Mock and Groups Extension
    • Updated webxml to use the new and updated mocks
    • Updated mock tokens to expire in 10 days
    • Added groups to mock users
  5. Core:
    • Finishing up push connector logic; adding a thread pool to request dispatching
  6. Build:
    • Update build to build debian and RPM packages consistently
    • Added jdeb steps to build debian packages for the Filter Bundle
    • Updated deb package script to include empty file in creating the /var/powerapi/logs directory
  7. Maven JMeter Plugin:
    • Made date annotation for jmeter test result names optional
    • Updated jmeter-automation pom to reflect papi-maven-jmeter-plugin

Bug Fixes

The following bugs were fixed for this release.

  1. Client Auth Component: Update auth component so that if credentials are not passed into Repose (acct/tenant id and token id) then Repose just returns a 401.
  2. Client Auth 1.1 Handler returned a null FilterDirector. Fixed.
  3. Client Auth 1.1 Handler not handling the case where the origin service returns a 501 and "Delegated". Fixed.
  4. Client Auth OpenStack module: Case when tenant Id is blank but not null was failing. Updated check for tenant id and token to look for null or blank rather than just null.
  5. Client Alient auth OpenStack module: Case when OpenStack service returns a 501 (not implemented) without WWW-Authenticate header set to Delegated. This was returning a 500 but should return a 501 since the WWW-Authenticate header not set with Delegated.
  6. Client Alient auth OpenStack module: Case when OpenStack service returns a 501 with WWW-Authenticate header set to Delegated. This was not logging but the "Authentication in OpenStack" blueprint said an error should be logged in this case to inform operators of the misconfiguration.
  7. Documentation: in authn-deploy doc, in section "2. Configuration", corrected displayed URL for Rackspace Auth 1.1 doc (lose extra /)
  8. Documentation: in all documents (6 books, 2 included chapters): replaced parameterized PRODNAME, PRODABBREV, PRODEXPAND to say Repose rather than PAPI or Power API

In-Flight Features

New code for these features has been submitted in this release; however, these features are not yet complete.

  1. Translation Component: Added sample configuration and classes to handle translation. The translation component is not functionally complete.
  2. Syslog support: The HTTP Logging Component's configuration file has a placeholder for syslog support, however, this is not functionally complete.

Known Bugs

The following bugs are known and will be fixed in future releases.

  1. DistData Store's Resource Management is not unregistering the datastore from the service.
  2. Class loader allows system calls, meaning filter code can crash system.
  3. The token expiration date is a long but needs to be stored in Repose as an int. If the date is far away, such as 30 days, it is converted to a negative int and Repose fails.
  4. HTTP Logs are output in the operating systems' default character set. If Unicode is not the default, question marks will be put in place of valid characters.
  5. Rate Limiting with Absolute Limits: When Repose receives absolute rate limits from the origin service, the Response Content is updated but not the Response Content Length is not.
  6. Rate Limiting doesn't support absolute limits in JSON: If the client returns absolute limits in JSON, Repose returns a 500.
  7. Deploy Code does not Auto-Clean Directories

Release 1.0.2 (11/1/2011)

Added a basic router to allow Repose to be deployed across multiple nodes. Updated Auth headers to match the Cloud Auth 2.0 headers.


Release 1.0.1 (10/17/2011)

Repackaged to include Valve code and updated Valve documentation.


Release 1.0 (10/07/2011)

Valve for Nova. This release includes a number of fixes to versioning and rate-limiting as well as performance updates for client authentication. This release also includes Repose's first container: valve.