Commit Graph

236 Commits

Author SHA1 Message Date
Eric Yang
a9d96948ed HADOOP-15922. Fixed doAsUser decoding for DelegationTokenAuthenticationFilter.
Contributed by He Xiaoqiao
2018-11-26 13:49:19 -05:00
Wei-Chiu Chuang
cd2158456d HADOOP-15418. Hadoop KMSAuthenticationFilter needs to use getPropsByPrefix instead of iterator to avoid ConcurrentModificationException. Contributed by lqjack and Suma Shivaprasad 2018-10-18 17:28:28 -07:00
Xiao Chen
5ec86b445c HADOOP-14445. Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances.
Contributed by Daryn Sharp, Xiao Chen, Rushabh S Shah.
2018-10-12 09:35:52 -07:00
Akira Ajisaka
6fa3feb577
HADOOP-15832. Upgrade BouncyCastle to 1.60. Contributed by Robert Kanter. 2018-10-10 10:16:57 +09:00
Vidura Mudalige
a30b1d1824
HADOOP-15818. Fix deprecated maven-surefire-plugin configuration in hadoop-kms module
This closes #425

Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2018-10-09 12:55:34 +09:00
Yiqun Lin
81f635f47f HADOOP-15817. Reuse Object Mapper in KMSJSONReader. Contributed by Jonathan Eagles. 2018-10-04 10:30:30 +08:00
Sunil G
58fa96b697 Changed version in trunk to 3.3.0-SNAPSHOT. 2018-10-02 22:41:41 +05:30
Wei-Chiu Chuang
e780556ae9 HADOOP-15696. KMS performance regression due to too many open file descriptors after Jetty migration. Contributed by Wei-Chiu Chuang. 2018-09-05 09:52:35 -07:00
Kitti Nanasi
781437c219 HADOOP-15698. KMS log4j is not initialized properly at startup. Contributed by Kitti Nanasi. 2018-08-29 22:07:49 -07:00
Xiao Chen
b94c8874e2 HADOOP-15638. KMS Accept Queue Size default changed from 500 to 128 in Hadoop 3.x. Contributed by Wei-Chiu Chuang. 2018-08-13 10:40:31 -07:00
Xiao Chen
895845e9b0 HADOOP-15581. Set default jetty log level to INFO in KMS. Contributed by Kitti Nanasi. 2018-07-09 12:06:50 -07:00
Todd Lipcon
7a3c6e9c3c HADOOP-15550. Avoid static initialization of ObjectMappers 2018-06-25 15:36:45 -07:00
Wei-Chiu Chuang
32671d8713 HADOOP-14783. [KMS] Add missing configuration properties into kms-default.xml. Contributed by Chetna Chaudhari. 2018-05-31 16:09:33 -07:00
Wei-Chiu Chuang
438ef4951a HADOOP-15455. Incorrect debug message in KMSACL#hasAccess. Contributed by Yuen-Kuei Hsueh. 2018-05-28 17:32:32 -07:00
Xiao Chen
a3a1552c33 Revert "HADOOP-14445. Delegation tokens are not shared between KMS instances. Contributed by Xiao Chen and Rushabh S Shah."
This reverts commit 583fa6ed48.

 Conflicts:
	hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSTokenRenewer.java
	hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
2018-05-07 13:32:27 -07:00
Ewan Higgs
84ecfe3ceb
HADOOP-14188. Remove the usage of org.mockito.internal.util.reflection.Whitebox
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2018-04-27 19:21:37 +09:00
Xiao Chen
583fa6ed48 HADOOP-14445. Delegation tokens are not shared between KMS instances. Contributed by Xiao Chen and Rushabh S Shah. 2018-04-10 15:38:25 -07:00
Xiao Chen
c22d62b338 HADOOP-15313. TestKMS should close providers. 2018-03-26 15:59:32 -07:00
Xiao Chen
21c6661461 HADOOP-15234. Throw meaningful message on null when initializing KMSWebApp. Contributed by fang zhenyi. 2018-03-15 20:17:16 -07:00
Xiao Chen
a906a22645 HADOOP-15280. TestKMS.testWebHDFSProxyUserKerb and TestKMS.testWebHDFSProxyUserSimple fail in trunk. Contributed by Bharat Viswanadham. 2018-03-08 10:17:02 -08:00
Ajay Kumar
3dc30bc24e
HADOOP-15286. Remove unused imports from TestKMSWithZK.java
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
2018-03-04 07:12:52 -08:00
Ray Chiang
923e1773e1 HADOOP-14652. Update metrics-core version to 3.2.4. (rchiang) 2018-03-01 15:36:10 -08:00
Arpit Agarwal
2fa7963c3d HADOOP-15254. Correct the wrong word spelling 'intialize'. Contributed by fang zhenyi. 2018-02-24 14:41:55 -08:00
Wangda Tan
60f9e60b3b Preparing for 3.2.0 development
Change-Id: I6d0e01f3d665d26573ef2b957add1cf0cddf7938
2018-02-11 11:17:38 +08:00
Steve Loughran
996796f104 HADOOP-15214. Make Hadoop compatible with Guava 21.0.
Contributed by Igor Dvorzhak
2018-02-08 10:55:54 -08:00
Jason Lowe
f8af0e2feb HADOOP-15085. Output streams closed with IOUtils suppressing write errors. Contributed by Jim Brennan 2017-12-14 10:18:08 -06:00
Wei-Chiu Chuang
97c70c7ac6 HADOOP-14880. [KMS] Document&test missing KMS client side configs. Contributed by Gabor Bota. 2017-10-19 06:02:13 -07:00
Xiao Chen
86ee0c5e4e HADOOP-14944. Add JvmMetrics to KMS. 2017-10-17 19:06:45 -07:00
Xiao Chen
b7ff624c76 HADOOP-14949. TestKMS#testACLs fails intermittently. 2017-10-16 14:19:31 -07:00
Akira Ajisaka
c9b525bd94
YARN-6943. Update Yarn to YARN in documentation. Contributed by Chetna Chaudhari. 2017-10-04 07:01:54 +09:00
Xiao Chen
06df6ab254 HADOOP-14095. Document caveats about the default JavaKeyStoreProvider in KMS. 2017-09-29 19:34:29 -07:00
Andrew Wang
0d419c984f Preparing for 3.1.0 development 2017-09-01 11:53:48 -07:00
Allen Wittenauer
a3fee475f7
HADOOP-14414. Calling maven-site-plugin directly for docs profile is unnecessary (Andras Bokor via aw) 2017-09-01 08:38:30 -07:00
Xiao Chen
4ec5acc704 HADOOP-14705. Add batched interface reencryptEncryptedKeys to KMS. 2017-08-22 07:47:39 -07:00
Sean Mackrory
1a1bf6b7d0 HADOOP-13595. Rework hadoop_usage to be broken up by clients/daemons/etc. Contributed by Allen Wittenauer. 2017-08-02 12:25:05 -06:00
John Zhuge
946dd25675 HADOOP-14608. KMS JMX servlet path not backwards compatible. Contributed by John Zhuge. 2017-07-05 11:16:56 -07:00
Andrew Wang
af2773f609 Updating version for 3.0.0-beta1 development 2017-06-29 17:57:40 -07:00
Xiao Chen
fb5ee3fafb HADOOP-14515. Addendum. Specifically configure zookeeper-related log levels in KMS log4j. 2017-06-27 23:49:09 -07:00
Xiao Chen
15964ef147 HADOOP-14515. Specifically configure zookeeper-related log levels in KMS log4j. 2017-06-19 23:12:02 -07:00
Xiao Chen
c4b5c32669 HADOOP-13854. KMS should log error details in KMSExceptionsProvider. 2017-06-08 22:35:31 -07:00
Brahma Reddy Battula
62857be211 HADOOP-14456. Modifier 'static' is redundant for inner enums. Contributed by ZhangBing Lin. 2017-05-31 01:07:58 +08:00
Andrew Wang
16ad896d5c Update maven version for 3.0.0-alpha4 development 2017-05-26 14:09:44 -07:00
Akira Ajisaka
b7d769d020
HADOOP-14359. Remove unnecessary shading of commons-httpclient. Contributed by Wei-Chiu Chuang. 2017-05-01 15:22:28 +09:00
John Zhuge
a9f07e0d3e HADOOP-14317. KMSWebServer$deprecateEnv may leak secret. Contributed by John Zhuge. 2017-04-18 09:29:16 -07:00
John Zhuge
570827a819 HADOOP-14052. Fix dead link in KMS document. Contributed by Christina Vu.
Change-Id: I7093f443d93927184196f62f02cc106a2c89e9cf
2017-03-08 23:50:15 -08:00
Andrew Wang
ec839b94c0 HDFS-11441. Add escaping to error message in KMS web UI. Contributed by Aaron T. Myers. 2017-03-06 10:47:15 -08:00
Akira Ajisaka
258342e76c HADOOP-14118. move jets3t into a dependency on hadoop-aws JAR. 2017-02-28 13:47:44 +09:00
Xiao Chen
2007e0cf2a HDFS-11210. Enhance key rolling to guarantee new KeyVersion is returned from generateEncryptedKeys after a key is rolled. 2017-02-07 20:36:11 -08:00
Xiao Chen
d88497d44a HADOOP-14047. Require admin to access KMS instrumentation servlets. Contributed by John Zhuge. 2017-02-06 13:14:17 -08:00
Xiao Chen
ebd40056a0 HADOOP-13992. KMS should load SSL configuration the same way as SSLFactory. Contributed by John Zhuge. 2017-01-27 10:49:26 -08:00
Xiaoyu Yao
2034315763 HADOOP-14029. Fix KMSClientProvider for non-secure proxyuser use case. Contributed by Xiaoyu Yao. 2017-01-26 20:34:32 -08:00
Xiao Chen
9c0a4d3e71 HADOOP-13990. Document KMS usage of CredentialProvider API. Contributed by John Zhuge. 2017-01-24 21:30:10 -08:00
Andrew Wang
5d8b80ea9b Preparing for 3.0.0-alpha3 development 2017-01-19 15:50:07 -08:00
Andrew Wang
5f336512d0 HADOOP-13961. Fix compilation failure from missing hadoop-kms test jar. Contributed by Sangjin Lee and John Zhuge. 2017-01-11 15:48:50 -08:00
Arun Suresh
be529dade1 HADOOP-13903. Improvements to KMS logging to help debug authorization errors. (Tristan Stevens via asuresh) 2017-01-11 00:26:02 -08:00
Xiao Chen
5d182949ba HADOOP-13597. Switch KMS from Tomcat to Jetty. Contributed by John Zhuge. 2017-01-05 17:21:57 -08:00
Xiao Chen
30f85d7a88 HADOOP-13911. Remove TRUSTSTORE_PASSWORD related scripts from KMS. Contributed by John Zhuge. 2016-12-20 16:02:26 -08:00
Xiao Chen
79d90b810c HADOOP-13827. Add reencryptEncryptedKey interface to KMS. 2016-12-06 12:04:04 -08:00
Xiao Chen
291df5c7fb HADOOP-13847. KMSWebApp should close KeyProviderCryptoExtension. Contributed by John Zhuge. 2016-12-05 09:35:17 -08:00
Akira Ajisaka
00096dcc0c HADOOP-13812. Upgrade Tomcat to 6.0.48. Contributed by John Zhuge. 2016-11-29 19:47:02 +09:00
Akira Ajisaka
67d9f2808e HADOOP-13706. Update jackson from 1.9.13 to 2.x in hadoop-common-project. 2016-11-29 14:07:19 +09:00
Robert Kanter
47ca9e26fb HADOOP-13838. KMSTokenRenewer should close providers (xiaochen via rkanter) 2016-11-28 18:08:09 -08:00
Akira Ajisaka
209e805430 HADOOP-13506. Redundant groupid warning in child projects. Contributed by Kai Sasaki. 2016-11-28 14:34:57 +09:00
Akira Ajisaka
c65d6b6541 HADOOP-13814. Sample configuration of KMS HTTP Authentication signature is misleading. Contributed by Masahiro Tanaka. 2016-11-21 11:25:11 +09:00
Xiao Chen
61c0bedf77 HADOOP-13815. TestKMS#testDelegationTokensOpsSimple and TestKMS#testDelegationTokensOpsKerberized Fails in Trunk. 2016-11-15 16:26:27 -08:00
Xiao Chen
7154a20bcb HADOOP-12453. Support decoding KMS Delegation Token with its own Identifier. Contributed by Xiaoyu Yao. 2016-11-03 13:09:03 -07:00
Xiao Chen
b62bc2bbd8 HADOOP-13763. KMS REST API Documentation Decrypt URL typo. Contributed by Jeffrey E Rodriguez. 2016-10-27 18:05:40 -07:00
Robert Kanter
5877f20f9c HADOOP-10075. Update jetty dependency to version 9 (rkanter) 2016-10-27 16:09:00 -07:00
Xiao Chen
09ef97dccb HADOOP-13669. Addendum patch 2 for KMS Server should log exceptions before throwing. 2016-10-25 09:59:12 -07:00
Xiaoyu Yao
d0a347984d HADOOP-13749. KMSClientProvider combined with KeyProviderCache can result in wrong UGI being used. Contributed by Xiaoyu Yao. 2016-10-23 10:58:36 -07:00
Xiao Chen
d75cbc5749 HADOOP-13693. Remove the message about HTTP OPTIONS in SPNEGO initialization message from kms audit log. 2016-10-18 18:24:59 -07:00
Xiao Chen
ae51b11f78 HADOOP-13669. Addendum patch for KMS Server should log exceptions before throwing. 2016-10-13 22:32:08 -07:00
Xiao Chen
65912e4027 HADOOP-13669. KMS Server should log exceptions before throwing. Contributed by Suraj Acharya. 2016-10-10 12:51:12 -07:00
Xiao Chen
89bd6d29a6 HADOOP-13317. Add logs to KMS server-side to improve supportability. Contributed by Suraj Acharya. 2016-09-30 17:51:39 -07:00
Xiao Chen
fa397e74fe HADOOP-13638. KMS should set UGI's Configuration object properly. Contributed by Wei-Chiu Chuang. 2016-09-26 13:00:57 -07:00
Xiao Chen
ea839bd48e HDFS-10489. Deprecate dfs.encryption.key.provider.uri for HDFS encryption zones. Contributed by Xiao Chen. 2016-09-17 22:25:39 -07:00
Xiao Chen
3476156807 HADOOP-13396. Allow pluggable audit loggers in KMS. Contributed by Xiao Chen 2016-08-24 10:14:46 -07:00
Wei-Chiu Chuang
03a9343d57 HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen. 2016-08-19 09:22:49 -07:00
Xiao Chen
9daa9979a1 HADOOP-13437. KMS should reload whitelist and default key ACLs when hot-reloading. Contributed by Xiao Chen. 2016-08-15 18:14:45 -07:00
Wei-Chiu Chuang
db719ef125 HADOOP-13190. Mention LoadBalancingKMSClientProvider in KMS HA documentation. Contributed by Wei-Chiu Chuang. 2016-08-11 12:27:09 -07:00
Wei-Chiu Chuang
070548943a HADOOP-13395. Enhance TestKMSAudit. Contributed by Xiao Chen. 2016-08-08 15:11:05 -07:00
Xiao Chen
8ebf2e95d2 HADOOP-13381. KMS clients should use KMS Delegation Tokens from current UGI. Contributed by Xiao Chen. 2016-07-28 18:24:41 -07:00
Andrew Wang
da456ffd62 Preparing for 3.0.0-alpha2 development 2016-07-15 19:04:17 -07:00
Andrew Wang
771f798edf HADOOP-13251. Authenticate with Kerberos credentials when renewing KMS delegation token. Contributed by Xiao Chen. 2016-06-27 18:20:56 -07:00
Xiaoyu Yao
b1674caa40 HADOOP-13255. KMSClientProvider should check and renew tgt when doing delegation token operations. Contributed by Xiao Chen. 2016-06-16 15:22:00 -07:00
Andrew Wang
713cb71820 HADOOP-13155. Implement TokenRenewer to renew and cancel delegation tokens in KMS. Contributed by Xiao Chen. 2016-06-03 16:48:54 -07:00
Kai Zheng
916140604f HADOOP-12911. Upgrade Hadoop MiniKDC with Kerby. Contributed by Jiajia Li 2016-05-28 14:23:39 +08:00
Andrew Wang
3c5c57af28 HADOOP-13142. Change project version from 3.0.0 to 3.0.0-alpha1. 2016-05-12 18:27:28 -07:00
Andrew Wang
ca5613af91 Revert "Update project version to 3.0.0-alpha1-SNAPSHOT."
This reverts commit 6b53802cba.
2016-05-12 15:32:45 -07:00
Andrew Wang
6b53802cba Update project version to 3.0.0-alpha1-SNAPSHOT. 2016-05-12 11:05:05 -07:00
Allen Wittenauer
35cf503149 HADOOP-13077. Handle special characters in passwords in httpfs.sh (Xiao Chen via aw) 2016-05-05 11:33:06 -07:00
Andrew Wang
6f26b66587 HADOOP-13030. Handle special characters in passwords in KMS startup script. Contributed by Xiao Chen. 2016-04-27 15:56:16 -07:00
Andrew Wang
a74580a4d3 HADOOP-12811. Change kms server port number which conflicts with HMaster port number. Contributed by Xiao Chen. 2016-04-14 11:36:12 -07:00
Andrew Wang
594c70f779 HADOOP-12951. Improve documentation on KMS ACLs and delegation tokens. Contributed by Xiao Chen. 2016-04-07 23:50:27 -07:00
Allen Wittenauer
0a74610d1c HADOOP-11393. Revert HADOOP_PREFIX, go back to HADOOP_HOME (aw) 2016-03-31 07:51:05 -07:00
Andrew Wang
d4df7849a5 HADOOP-12962. KMS key names are incorrectly encoded when creating key. Contributed by Xiao Chen. 2016-03-25 15:28:53 -07:00
Masatake Iwasaki
cbd31328a6 HADOOP-12470. In-page TOC of documentation should be automatically generated by doxia macro (iwasakims) 2016-03-04 14:11:36 +09:00
Yongjun Zhang
a963baba10 HADOOP-12828. Print user when services are started. (Wei-Chiu Chuang via Yongjun Zhang) 2016-02-19 09:41:22 -08:00
Andrew Wang
8fdef0bd9d HADOOP-12699. TestKMS#testKMSProvider intermittently fails during 'test rollover draining'. Contributed by Xiao Chen. 2016-02-11 17:20:10 -08:00
cnauroth
70c756d35e HADOOP-12795. KMS does not log detailed stack trace for unexpected errors. Contributed by Chris Nauroth. 2016-02-11 16:52:58 -08:00