diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index c697be1c51..6c20271504 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -13,8 +13,6 @@ Trunk (Unreleased) NEW FEATURES - HADOOP-10433. Key Management Server based on KeyProvider API. (tucu) - HADOOP-9629. Support Windows Azure Storage - Blob as a file system in Hadoop. (Dexter Bradshaw, Mostafa Elhemali, Xi Fang, Johannes Klein, David Lao, Mike Liddell, Chuan Liu, Lengning Liu, Ivan Mitic, Michael Rys, @@ -25,9 +23,6 @@ Trunk (Unreleased) Mike Liddell, Chuan Liu, Lengning Liu, Ivan Mitic, Michael Rys, Alexander Stojanovich, Brian Swan, and Min Wei via cnauroth) - HADOOP-10719. Add generateEncryptedKey and decryptEncryptedKey - methods to KeyProvider. (asuresh via tucu) - IMPROVEMENTS HADOOP-8017. Configure hadoop-main pom to get rid of M2E plugin execution @@ -121,93 +116,15 @@ Trunk (Unreleased) HADOOP-9833 move slf4j to version 1.7.5 (Kousuke Saruta via stevel) - HADOOP-10141. Create KeyProvider API to separate encryption key storage - from the applications. (omalley) - - HADOOP-10201. Add listing to KeyProvider API. (Larry McCay via omalley) - - HADOOP-10177. Create CLI tools for managing keys. (Larry McCay via omalley) - - HADOOP-10244. TestKeyShell improperly tests the results of delete (Larry - McCay via omalley) - HADOOP-10325. Improve jenkins javadoc warnings from test-patch.sh (cmccabe) HADOOP-10342. Add a new method to UGI to use a Kerberos login subject to build a new UGI. (Larry McCay via omalley) - HADOOP-10237. JavaKeyStoreProvider needs to set keystore permissions - correctly. (Larry McCay via omalley) - - HADOOP-10432. Refactor SSLFactory to expose static method to determine - HostnameVerifier. (tucu) - - HADOOP-10427. KeyProvider implementations should be thread safe. (tucu) - - HADOOP-10429. KeyStores should have methods to generate the materials - themselves, KeyShell should use them. (tucu) - - HADOOP-10428. JavaKeyStoreProvider should accept keystore password via - configuration falling back to ENV VAR. (tucu) - - HADOOP-10430. KeyProvider Metadata should have an optional description, - there should be a method to retrieve the metadata from all keys. (tucu) - - HADOOP-10534. KeyProvider getKeysMetadata should take a list of names - rather than returning all keys. (omalley) - HADOOP-10563. Remove the dependency of jsp in trunk. (wheat9) HADOOP-10485. Remove dead classes in hadoop-streaming. (wheat9) - HADOOP-10696. Add optional attributes to KeyProvider Options and Metadata. - (tucu) - - HADOOP-10695. KMSClientProvider should respect a configurable timeout. - (yoderme via tucu) - - HADOOP-10757. KeyProvider KeyVersion should provide the key name. - (asuresh via tucu) - - HADOOP-10769. Create KeyProvider extension to handle delegation tokens. - (Arun Suresh via atm) - - HADOOP-10812. Delegate KeyProviderExtension#toString to underlying - KeyProvider. (wang) - - HADOOP-10736. Add key attributes to the key shell. (Mike Yoder via wang) - - HADOOP-10824. Refactor KMSACLs to avoid locking. (Benoy Antony via umamahesh) - - HADOOP-10841. EncryptedKeyVersion should have a key name property. - (asuresh via tucu) - - HADOOP-10842. CryptoExtension generateEncryptedKey method should - receive the key name. (asuresh via tucu) - - HADOOP-10750. KMSKeyProviderCache should be in hadoop-common. - (asuresh via tucu) - - HADOOP-10720. KMS: Implement generateEncryptedKey and decryptEncryptedKey - in the REST API. (asuresh via tucu) - - HADOOP-10891. Add EncryptedKeyVersion factory method to - KeyProviderCryptoExtension. (wang) - - HADOOP-10756. KMS audit log should consolidate successful similar requests. - (asuresh via tucu) - - HADOOP-10793. KeyShell args should use single-dash style. (wang) - - HADOOP-10936. Change default KeyProvider bitlength to 128. (wang) - - HADOOP-10224. JavaKeyStoreProvider has to protect against corrupting - underlying store. (asuresh via tucu) - - HADOOP-10770. KMS add delegation token support. (tucu) - - HADOOP-10698. KMS, add proxyuser support. (tucu) - BUG FIXES HADOOP-9451. Fault single-layer config if node group topology is enabled. @@ -379,22 +296,9 @@ Trunk (Unreleased) HADOOP-10044 Improve the javadoc of rpc code (sanjay Radia) - HADOOP-10488. TestKeyProviderFactory fails randomly. (tucu) - - HADOOP-10431. Change visibility of KeyStore.Options getter methods to public. (tucu) - - HADOOP-10583. bin/hadoop key throws NPE with no args and assorted other fixups. (clamb via tucu) - - HADOOP-10586. KeyShell doesn't allow setting Options via CLI. (clamb via tucu) - HADOOP-10625. Trim configuration names when putting/getting them to properties. (Wangda Tan via xgong) - HADOOP-10645. TestKMS fails because race condition writing acl files. (tucu) - - HADOOP-10611. KMS, keyVersion name should not be assumed to be - keyName@versionNumber. (tucu) - HADOOP-10717. HttpServer2 should load jsp DTD from local jars instead of going remote. (Dapeng Sun via wheat9) @@ -409,33 +313,12 @@ Trunk (Unreleased) HADOOP-10834. Typo in CredentialShell usage. (Benoy Antony via umamahesh) - HADOOP-10816. KeyShell returns -1 on error to the shell, should be 1. - (Mike Yoder via wang) - HADOOP-10840. Fix OutOfMemoryError caused by metrics system in Azure File System. (Shanyu Zhao via cnauroth) - HADOOP-10826. Iteration on KeyProviderFactory.serviceLoader is - thread-unsafe. (benoyantony viat tucu) - - HADOOP-10881. Clarify usage of encryption and encrypted encryption - key in KeyProviderCryptoExtension. (wang) - - HADOOP-10920. site plugin couldn't parse hadoop-kms index.apt.vm. - (Akira Ajisaka via wang) - HADOOP-10925. Compilation fails in native link0 function on Windows. (cnauroth) - HADOOP-10939. Fix TestKeyProviderFactory testcases to use default 128 bit - length keys. (Arun Suresh via wang) - - HADOOP-10862. Miscellaneous trivial corrections to KMS classes. - (asuresh via tucu) - - HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey - performance. (hitliuyi via tucu) - OPTIMIZATIONS HADOOP-7761. Improve the performance of raw comparisons. (todd) @@ -498,6 +381,8 @@ Release 2.6.0 - UNRELEASED NEW FEATURES + HADOOP-10433. Key Management Server based on KeyProvider API. (tucu) + IMPROVEMENTS HADOOP-10808. Remove unused native code for munlock. (cnauroth) @@ -582,10 +467,91 @@ Release 2.6.0 - UNRELEASED HADOOP-10975. org.apache.hadoop.util.DataChecksum should support calculating checksums in native code (James Thomas via Colin Patrick McCabe) + HADOOP-10201. Add listing to KeyProvider API. (Larry McCay via omalley) + + HADOOP-10177. Create CLI tools for managing keys. (Larry McCay via omalley) + + HADOOP-10432. Refactor SSLFactory to expose static method to determine + HostnameVerifier. (tucu) + + HADOOP-10429. KeyStores should have methods to generate the materials + themselves, KeyShell should use them. (tucu) + + HADOOP-10427. KeyProvider implementations should be thread safe. (tucu) + + HADOOP-10428. JavaKeyStoreProvider should accept keystore password via + configuration falling back to ENV VAR. (tucu) + + HADOOP-10430. KeyProvider Metadata should have an optional description, + there should be a method to retrieve the metadata from all keys. (tucu) + + HADOOP-10431. Change visibility of KeyStore.Options getter methods to + public. (tucu) + + HADOOP-10534. KeyProvider getKeysMetadata should take a list of names + rather than returning all keys. (omalley) + + HADOOP-10719. Add generateEncryptedKey and decryptEncryptedKey + methods to KeyProvider. (asuresh via tucu) + + HADOOP-10817. ProxyUsers configuration should support configurable + prefixes. (tucu) + + HADOOP-10881. Clarify usage of encryption and encrypted encryption + key in KeyProviderCryptoExtension. (wang) + + HADOOP-10770. KMS add delegation token support. (tucu) + + HADOOP-10698. KMS, add proxyuser support. (tucu) + OPTIMIZATIONS HADOOP-10838. Byte array native checksumming. (James Thomas via todd) + HADOOP-10696. Add optional attributes to KeyProvider Options and Metadata. + (tucu) + + HADOOP-10695. KMSClientProvider should respect a configurable timeout. + (yoderme via tucu) + + HADOOP-10757. KeyProvider KeyVersion should provide the key name. + (asuresh via tucu) + + HADOOP-10769. Create KeyProvider extension to handle delegation tokens. + (Arun Suresh via atm) + + HADOOP-10812. Delegate KeyProviderExtension#toString to underlying + KeyProvider. (wang) + + HADOOP-10736. Add key attributes to the key shell. (Mike Yoder via wang) + + HADOOP-10824. Refactor KMSACLs to avoid locking. (Benoy Antony via umamahesh) + + HADOOP-10841. EncryptedKeyVersion should have a key name property. + (asuresh via tucu) + + HADOOP-10842. CryptoExtension generateEncryptedKey method should + receive the key name. (asuresh via tucu) + + HADOOP-10750. KMSKeyProviderCache should be in hadoop-common. + (asuresh via tucu) + + HADOOP-10720. KMS: Implement generateEncryptedKey and decryptEncryptedKey + in the REST API. (asuresh via tucu) + + HADOOP-10891. Add EncryptedKeyVersion factory method to + KeyProviderCryptoExtension. (wang) + + HADOOP-10756. KMS audit log should consolidate successful similar requests. + (asuresh via tucu) + + HADOOP-10793. KeyShell args should use single-dash style. (wang) + + HADOOP-10936. Change default KeyProvider bitlength to 128. (wang) + + HADOOP-10224. JavaKeyStoreProvider has to protect against corrupting + underlying store. (asuresh via tucu) + BUG FIXES HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry @@ -621,11 +587,6 @@ Release 2.6.0 - UNRELEASED HADOOP-10927. Fix CredentialShell help behavior and error codes. (Josh Elser via wang) - HADOOP-10937. Need to set version name correctly before decrypting EEK. - (Arun Suresh via wang) - - HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu) - HADOOP-10933. FileBasedKeyStoresFactory Should use Configuration.getPassword for SSL Passwords. (lmccay via tucu) @@ -676,6 +637,49 @@ Release 2.6.0 - UNRELEASED HADOOP-10968. hadoop native build fails to detect java_libarch on ppc64le (Dinar Valeev via Colin Patrick McCabe) + HADOOP-10141. Create KeyProvider API to separate encryption key storage + from the applications. (omalley) + + HADOOP-10237. JavaKeyStoreProvider needs to set keystore permissions + correctly. (Larry McCay via omalley) + + HADOOP-10244. TestKeyShell improperly tests the results of delete (Larry + McCay via omalley) + + HADOOP-10583. bin/hadoop key throws NPE with no args and assorted other fixups. (clamb via tucu) + + HADOOP-10586. KeyShell doesn't allow setting Options via CLI. (clamb via tucu) + + HADOOP-10645. TestKMS fails because race condition writing acl files. (tucu) + + HADOOP-10611. KMS, keyVersion name should not be assumed to be + keyName@versionNumber. (tucu) + + HADOOP-10816. KeyShell returns -1 on error to the shell, should be 1. + (Mike Yoder via wang) + + HADOOP-10826. Iteration on KeyProviderFactory.serviceLoader is + thread-unsafe. (benoyantony viat tucu) + + HADOOP-10920. site plugin couldn't parse hadoop-kms index.apt.vm. + (Akira Ajisaka via wang) + + HADOOP-10937. Need to set version name correctly before decrypting EEK. + (Arun Suresh via wang) + + HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu) + + HADOOP-10939. Fix TestKeyProviderFactory testcases to use default 128 bit + length keys. (Arun Suresh via wang) + + HADOOP-10862. Miscellaneous trivial corrections to KMS classes. + (asuresh via tucu) + + HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey + performance. (hitliuyi via tucu) + + HADOOP-10488. TestKeyProviderFactory fails randomly. (tucu) + Release 2.5.0 - 2014-08-11 INCOMPATIBLE CHANGES