### What is this PR for?
Support encrypting passwords using a private key
### What type of PR is it?
Improvement
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-2952
### How should this be tested?
- Set the env variable `ZEPPELIN_CREDENTIALS_ENCRYPT_KEY=something`
- Save a few credentials
- Check that the `credentials.json` file is storing encrypted passwords
- Restart server using the same env variable for `ZEPPELIN_CREDENTIALS_ENCRYPT_KEY`
- The credentials should still be decryptable
### Questions:
* Does the licenses files need update?
No
* Is there breaking changes for older versions?
No
* Does this needs documentation?
Yes
Author: Herval Freire <hfreire@twitter.com>
Closes#2599 from herval/encrypt-credentials and squashes the following commits:
e5857d8 [Herval Freire] missing license
1d4bc04 [Herval Freire] documentation....?
82ae8f4 [Herval Freire] added license
c3e0ead [Herval Freire] encrypt credentials.json with AES
### What is this PR for?
This is a refactoring PR of ZEPPELIN-1515. Because hadoop's FileSystem API not only works with hdfs, but also other hadoop compatible filesystem. So in this PR I rename it to `FileSystemNotebookRepo`
### What type of PR is it?
[Refactoring]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-2933
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Jeff Zhang <zjffdu@apache.org>
Closes#2588 from zjffdu/ZEPPELIN-2933 and squashes the following commits:
45d1e9b [Jeff Zhang] ZEPPELIN-2993. Code Refactoring of ZEPPELIN-1515 follow up
### What is this PR for?
The idea of this PR is to provide a new kind of user : Runner.
Basically, what it does is that it just removes write authorization and allow user to read and run note.
### What type of PR is it?
[Feature]
### Todos
* [ ] - Task
### What is the Jira issue?
[ZEPPELIN-2848] https://issues.apache.org/jira/browse/ZEPPELIN-2848
### How should this be tested?
- Log in as admin
- Create new notebook and create a paragraph with the interpreter you want
- Assign runner right to user1
- Log in as user1
- Try to run the paragraph (should work)
- Try to modify the paragraph (should fail)
- Log in as user2
- Try to run the paragraph (should fail)
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? Yes
* Does this needs documentation? No
Author: Paolo Genissel <paolo.genissel-monsallier@1000mercis.com>
Author: gfalcone <paologenissel@gmail.com>
Author: Paolo Genissel <paologenissel@gmail.com>
Closes#2526 from gfalcone/new_type_runner and squashes the following commits:
96bba66 [gfalcone] Fix typo on notebook_authorization.md
8ab4512 [gfalcone] Update notebook_authorization.md
22a1eb3 [Paolo Genissel] Fixed typo
d621792 [Paolo Genissel] Fix NotebookSecurityRestApiTest
a67af0f [Paolo Genissel] Fix test
5c43ca9 [Paolo Genissel] Added new type of user
### What is this PR for?
Adding a section in Shiro Authentication about how to enable secure cookie via Shiro. Shiro do support configuring 'HttpOnly' flag in response cookie. A Zeppelin user, who is security conscious, should know how to enable this in Zeppelin's Shiro configuration.
### What type of PR is it?
Documentation
### What is the Jira issue?
ZEPPELIN-2873
### How should this be tested?
Doc changes. CI test should pass.
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Vipin Rathor <v.rathor@gmail.com>
Closes#2545 from VipinRathor/ZEPPELIN-2873 and squashes the following commits:
c7b7995 [Vipin Rathor] Updated doc as per the review comments.
fec8d7e [Vipin Rathor] ZEPPELIN-2873 - Add documentation on Zeppelin Shiro's abliity to configure secure cookie
### What is this PR for?
This PR is trying to add hdfs as another implementation for `NotebookRepo`. There's another PR about using webhdfs to implement that. Actually hdfs client library is compatibility cross major versions. See http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/Compatibility.html#Wire_compatibility, if using webhdfs, the code become more complicated and may lose some features of hdfs.
This PR is also required for HA of zeppelin, so that multiple zeppelin instances can share notes via hdfs. I add hadoop-client in pom file. So zeppelin will package hadoop client jar into its binary distribution. This is because zeppelin may be installed in a gateway machine where no hadoop is installed (only hadoop configuration file is existed in this machine) And since the hadoop client will work with multiple versions of hadoop, so it is fine to package into binary distribution. Spark also package hadoop client jar in its binary distribution.
### What type of PR is it?
[Feature]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-1515
### How should this be tested?
Unit test is added. Also manually verify it in a single node cluster.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Jeff Zhang <zjffdu@apache.org>
Closes#2455 from zjffdu/ZEPPELIN-1515 and squashes the following commits:
b3e83ab [Jeff Zhang] ZEPPELIN-1515. Notebook: HDFS as a backend storage (Read & Write Mode)
### What is this PR for?
At compile time Zeppelin is downloading several external resources.
I want to be able to provide alternative URLs to compile when internet is not available(i.e. behind corporate proxy).
### What type of PR is it?
[Improvement]
### What is the Jira issue?
[ZEPPELIN-2766]
### How should this be tested?
```
mvn -DskipTests -Dplugin.frontend.downloadRoot=<alernative-url> -Dplugin.frontend.nodeDownloadRoot=<alernative-url> -Dplugin.frontend.yarnDownloadRoot=<alernative-url> -Dplugin.frontend.npmDownloadRoot=<alernative-url> -Dpypi.repo.url=<alernative-url> clean package
```
### Questions:
* Does the licenses files need update? NO
* Is there breaking changes for older versions? NO
* Does this needs documentation? NO
Author: andrea <andrea.peruffo1982@gmail.com>
Closes#2483 from andreaTP/softCodeRepos and squashes the following commits:
6894bcd5 [andrea] added docs for additional configurations
647417c3 [andrea] fix typo
1e5fd85f [andrea] remove deprecated downloadRoot
0aea864a [andrea] Keep online resources configurable
### What is this PR for?
This PR adds support for such a configuration which can give access to user who belongs to "any of" the roles defined in Shiro configuration. By default, as per Shiro implementation, user is allowed only when he/she belongs to "all" the roles defined.
This PR fixes the problem for static users/roles in Shiro as well as Active Directory and/or LDAP based user-group-roles mapping.
### What type of PR is it?
Improvement
### TODO
* [x] - Add documentation
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-2825
### How should this be tested?
Add the following in shiro.ini:
[main]
...
anyofroles = org.apache.zeppelin.utils.AnyOfRolesAuthorizationFilter
[urls]
...
/api/interpreter/** = authc, **anyofroles**[admin, role1]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
### Screenshots (if appropriate)
Not applicable
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? Yes
Author: Vipin Rathor <v.rathor@gmail.com>
Closes#2515 from VipinRathor/ZEPPELIN-2825 and squashes the following commits:
01deb25b0 [Vipin Rathor] ZEPPELIN-2825 - Added license header
2105810f7 [Vipin Rathor] ZEPPELIN-2825 - Fix formatting for doc changes
95a9b4f41 [Vipin Rathor] ZEPPELIN-2825 - Fix formatting in doc changes
3f49d8413 [Vipin Rathor] ZEPPELIN-2825 - Add documentation for supporting any of the Shiro roles
c5fc9deac [Vipin Rathor] ZEPPELIN-2825 - Fix Zeppelin to support any of the Shiro roles
### What is this PR for?
The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
Note: The Strict-Transport-Security header is ignored by the browser when your site is accessed using HTTP; this is because an attacker may intercept HTTP connections and inject the header or remove it. When your site is accessed over HTTPS with no certificate errors, the browser knows your site is HTTPS capable and will honor the Strict-Transport-Security header.
The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
### What type of PR is it?
[Bug Fix | Improvement ]
### What is the Jira issue?
* [ZEPPELIN-2775](https://issues.apache.org/jira/browse/ZEPPELIN-2775)
### How should this be tested?
Make a curl call to Zeppelin? Go to Chrome Browser and select "More Tools" -> "Developer Tools" from the right-side menu. Under Network Section, select any request and check for "Response Headers". You should see below headers along with existing ones.
> strict-transport-security:max-age=631138519
> x-xss-protection:1; mode=block
<img width="1436" alt="screen shot 2017-07-14 at 8 19 14 pm" src="https://user-images.githubusercontent.com/6433184/28217231-16ce6cee-68d2-11e7-91aa-77ad083612c7.png">
### Questions:
* Does this needs documentation?
Author: krishna-pandey <krish.pandey21@gmail.com>
Closes#2492 from krishna-pandey/ZEPPELIN-2775 and squashes the following commits:
7d9978e49 [krishna-pandey] Modified Documentation as per review.
6733289ed [krishna-pandey] Adding documentation for HTTP Security Headers
754d2d71e [krishna-pandey] Supplying String instead of Int (required for Response Header)
468231cc6 [krishna-pandey] Added configurable Strict-Transport-Security and X-XSS-Protection Headers
The github preview is fine but the html on https://zeppelin.apache.org/docs/0.8.0-SNAPSHOT/security/shiroauthentication.html#ldap is not displaying the code fragment correctly.
### What is this PR for?
Fixes the documentation orientation for shiro LDAPRealm
### What type of PR is it?
[Documentation]
### Todos
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-2804
### How should this be tested?
Build the documentation and verify that the problem as stated in image is resolved.
### Screenshots (if appropriate)
<img width="856" alt="screen shot 2017-07-21 at 10 08 04 am" src="https://user-images.githubusercontent.com/5103613/28454775-c91fbe1e-6dfc-11e7-9601-6279be44f124.png">
### Questions:
* Does the licenses files need update? N
* Is there breaking changes for older versions? N
* Does this needs documentation? N
Author: Sohaib Iftikhar <sohaib1692@gmail.com>
Closes#2500 from sohaibiftikhar/patch-1 and squashes the following commits:
94e18433 [Sohaib Iftikhar] Fixed documentation for shiro LDAPRealm
### What is this PR for?
fix: broken image URLs in 0.8.0-SNAPSHOT doc
using the path `/asset` (the absolute path) for image URLs is actually invalid. That's because each version has its own image directory. So they should use the relative path. `{{BASE_PATH}}`
```
➜ asf-zeppelin tree site | grep asset
├── assets # root asset, we shouldn't use it in versioned doc.
│ │ ├── assets
│ │ ├── assets
│ │ ├── assets
│ │ ├── assets
│ │ ├── assets
│ │ ├── assets
│ │ ├── assets
│ │ ├── assets
│ │ ├── assets
│ ├── assets
```
### What type of PR is it?
[Bug Fix]
### Todos
DONE
### What is the Jira issue?
[ZEPPELIN-2707](https://issues.apache.org/jira/browse/ZEPPELIN-2707)
### How should this be tested?
1. cd `docs/`
2. build: `bundle exec jekyll build --safe`
3. check whether links in `_site` include `/docs/0.8.0-SNAPSHOT` as prefix or not
### Screenshots (if appropriate)
#### Current
http://zeppelin.apache.org/docs/0.8.0-SNAPSHOT/usage/interpreter/overview.html
#### After
### Questions:
* Does the licenses files need update? - NO
* Is there breaking changes for older versions? - NO
* Does this needs documentation? - NO
Author: 1ambda <1amb4a@gmail.com>
Closes#2450 from 1ambda/ZEPPELIN-2707/should-use-its-own-asset-directory and squashes the following commits:
fb70214a [1ambda] fix: Use its own asset dir
### What is this PR for?
Integrating Open ID connect login into Zeppelin leveraging Shiro(already present) and Pac4J( that needs to be in the classpath).
Modifications done here should not affect any existing mechanisms but simply integrates and enable new once.
### What type of PR is it?
[Improvement]
### What is the Jira issue?
[ZEPPELIN-2598]
### Questions:
* Does the licenses files need update?
* Is there breaking changes for older versions?
* Does this needs documentation?
Author: andrea <andrea.peruffo1982@gmail.com>
Closes#2373 from andreaTP/keycloak and squashes the following commits:
2d5af6d [andrea] merge with master
31270f2 [andrea] Merge remote-tracking branch 'apache/master' into keycloak
80c375d [andrea] fixed style issues on master
7ec8cdd [andrea] reverted to a minimum
545686d [andrea] fix username after direct login
03bbe30 [andrea] updates
4ce9121 [andrea] Enabling authentication with OpenId connect
### What is this PR for?
Improving documentation page. Please check *TODO* and *Screenshots* sections for detail.
The motivation is described in [the JIRA ticket](https://issues.apache.org/jira/browse/ZEPPELIN-2583) and discussion is ongoing on the mailing list.
### What type of PR is it?
[Improvement | Documentation]
### Todos
* [x] - improved the navbar style
* [x] - improved the main page
* [x] - re-organized content structure
* [x] - added tutorial pages: `spark_with_zeppelin.md`, `python_with_zeppelin.md`, `sql_with_zeppelin.md` for overview
* [x] - added `multi_user_support.md` page to provide overview
* [x] - added the empty `interpreter_binding_mode` page. This will be handed in the different issue: [ZEPPELIN-2582](https://issues.apache.org/jira/browse/ZEPPELIN-2582)
* [x] - added the empty `trouble_shooting` page. This can be filled in the following PRs.
* [x] - added the empty `useful_developer_tools` page. This can be filled in the following PRs.
### What is the Jira issue?
[ZEPPELIN-2596](https://issues.apache.org/jira/browse/ZEPPELIN-2596)
### How should this be tested?
1. checkout
2. `cd docs`
3. `bundle install` (make sure that you have ruby 2.1.0+ and bundle)
4. `bundle exec jekyll serve --watch`
5. open `localhost:4000`
### Screenshots (if appropriate)
#### better navbar: before
#### better navbar: after
#### improved main page: before
#### improved main page: after
#### organized content structure: before
#### organized content structure: after
### Questions:
* Does the licenses files need update? - NO
* Is there breaking changes for older versions? - NO
* Does this needs documentation? - related with docs
Author: 1ambda <1amb4a@gmail.com>
Closes#2371 from 1ambda/updating-version-doc and squashes the following commits:
eb02fa967 [1ambda] fix: navbar focus color applies after folding
026379ed6 [1ambda] fix: Remove docs/.listen_test
a7dd4737b [1ambda] fix: sora's comment 1.2
18c5058f7 [1ambda] fix: resolve description in python_with_zeppelin.md
d3ad67c73 [1ambda] fix: sora's comment 4
d133dbbcc [1ambda] fix: resolve sora's comment 3
513c6ff2c [1ambda] fix: resolve sora's comment 1.1
4c2946928 [1ambda] fix: resovle sora's comment 2
1c3946ac6 [1ambda] fix: sora's comment 1
4d6e4267f [1ambda] fix: Resolve sola's comment 3
d0524cafe [1ambda] fix: Set less shadow for nav
5f1f998ba [1ambda] docs: Add useful_develop_tools.md
9dfd62c74 [1ambda] fix: Typo in installation.md
30f7d7e06 [1ambda] fix: Typo in helium ctrl
d6877e792 [1ambda] docs: Add python_with_zeppelin.md
7027e96c0 [1ambda] docs: Improve python conda, docker doc style
e55b50a9d [1ambda] fix: Invalid URLs
75ddeeaff [1ambda] docs: replace URIs in interpreter
5b43993a4 [1ambda] docs: Add sql_with_zeppelin
053794e84 [1ambda] docs: Add spark_with_zeppelin.md
d4d88b9c7 [1ambda] docs: Improve proxy doc
b46cdd126 [1ambda] docs: Add empty interpreter_binding_mode.md
06fcb239e [1ambda] docs: Add empty personalized_mode.md
4991cf0a7 [1ambda] docs: Update upgrading.md
53142b7a0 [1ambda] fix: Simplify install.md
8a5c1e721 [1ambda] docs: Add multi_user_support.md
34095775e [1ambda] fix: Increase font size to 15px
a03b04b33 [1ambda] fix: Remove sample text from trouble_shooting.md
199842590 [1ambda] fix: Remove docker doc link
66a2a7d26 [1ambda] docs: Improve impersonation page
0a6e3fc1d [1ambda] docs: Improve install doc
ccd999ed5 [1ambda] docs: Improve helium doc
f8d742d08 [1ambda] fix: an invalid link in navbar
b7aa5f884 [1ambda] fix: URLs in development
61a175d94 [1ambda] docs: Update install.md
4c56de5c4 [1ambda] fix: URLs in setup
0b1d63513 [1ambda] fix: URLs in quickstart
28970a4fe [1ambda] feat: Add docs/usage
735946bca [1ambda] feat: rename /quickstart
b351cf237 [1ambda] fix: Add missing links
b70770b4f [1ambda] feat: Change URLs in nav, index
94e80aef6 [1ambda] fix: doens't display navbar version in small
6e0cab110 [1ambda] feat: Update doc section names
b9ce256ff [1ambda] feat: Hide version in navbar when md
f8bab52be [1ambda] fix: Better image display in index.md
eeb37d5b5 [1ambda] fix: Add RL padding for mobile browser
ceb60b5ee [1ambda] feat: Style collapsed nav for mobile browser
4ebafb4b6 [1ambda] commit
