Andrew Wang
|
4b00935643
|
HADOOP-11482. Use correct UGI when KMSClientProvider is called by a proxy user. Contributed by Arun Suresh.
|
2015-01-23 12:11:15 -08:00 |
|
Akira Ajisaka
|
aee4500612
|
HADOOP-11493. Fix some typos in kms-acls.xml description. (Contributed by Charles Lamb)
|
2015-01-23 11:48:19 +09:00 |
|
Allen Wittenauer
|
0c45946e65
|
HADOOP-10788. Rewrite kms to use new shell framework (John Smith via aw)
|
2015-01-02 10:52:47 -08:00 |
|
Haohui Mai
|
1340617535
|
HADOOP-11378. Fix new findbugs warnings in hadoop-kms. Contributed by Li Lu.
|
2014-12-09 13:10:03 -08:00 |
|
Andrew Wang
|
74d4bfded9
|
HADOOP-11368. Fix SSLFactory truststore reloader thread leak in KMSClientProvider. Contributed by Arun Suresh.
|
2014-12-09 10:47:24 -08:00 |
|
Andrew Wang
|
ddffcd8fac
|
HADOOP-11329. Add JAVA_LIBRARY_PATH to KMS startup options. Contributed by Arun Suresh.
|
2014-12-08 13:45:19 -08:00 |
|
Andrew Wang
|
9cdaec6a6f
|
HADOOP-11355. When accessing data in HDFS and the key has been deleted, a Null Pointer Exception is shown. Contributed by Arun Suresh.
|
2014-12-05 12:01:23 -08:00 |
|
Andrew Wang
|
1812241ee1
|
HADOOP-11342. KMS key ACL should ignore ALL operation for default key ACL and whitelist key ACL. Contributed by Dian Fu.
|
2014-12-03 12:00:14 -08:00 |
|
Andrew Wang
|
3d48ad7eb4
|
HADOOP-11344. KMS kms-config.sh sets a default value for the keystore password even in non-ssl setup. Contributed by Arun Suresh.
|
2014-12-02 19:04:29 -08:00 |
|
Andrew Wang
|
31b4d2daa1
|
HADOOP-11341. KMS support for whitelist key ACLs. Contributed by Arun Suresh.
|
2014-12-01 21:53:37 -08:00 |
|
Andrew Wang
|
9fa2990257
|
HADOOP-11337. KeyAuthorizationKeyProvider access checks need to be done atomically. Contributed by Dian Fu.
|
2014-12-01 21:21:23 -08:00 |
|
Andrew Wang
|
56f3eecc12
|
HADOOP-11300. KMS startup scripts must not display the keystore / truststore passwords. Contributed by Arun Suresh.
|
2014-11-25 15:12:04 -08:00 |
|
yliu
|
61a2510b55
|
HADOOP-11322. key based ACL check in KMS always check KeyOpType.MANAGEMENT even actual KeyOpType is not MANAGEMENT. (Dian Fu via yliu)
|
2014-11-25 01:08:40 +08:00 |
|
Andrew Wang
|
bcd402ae38
|
HADOOP-11312. Fix unit tests to not use uppercase key names.
|
2014-11-18 10:47:46 -08:00 |
|
Karthik Kambatla
|
87818ef4e7
|
HADOOP-11217. (Addendum to allow SSLv2Hello) Disable SSLv3 in KMS. (Robert Kanter via kasha)
|
2014-11-12 18:39:03 -08:00 |
|
Aaron T. Myers
|
ef5af4f8de
|
HADOOP-11187 NameNode - KMS communication fails after a long period of inactivity. Contributed by Arun Suresh.
|
2014-11-05 18:17:49 -08:00 |
|
Aaron T. Myers
|
8a261e68e4
|
HADOOP-11272. Allow ZKSignerSecretProvider and ZKDelegationTokenSecretManager to use the same curator client. Contributed by Arun Suresh.
|
2014-11-05 17:47:22 -08:00 |
|
Haohui Mai
|
d794f785de
|
HADOOP-11230. Add missing dependency of bouncycastle for kms, httpfs, hdfs, MR and YARN. Contributed by Robert Kanter.
|
2014-11-04 17:52:03 -08:00 |
|
Karthik Kambatla
|
dbf30e3c0e
|
HADOOP-11260. Patch up Jetty to disable SSLv3. (Mike Yoder via kasha)
|
2014-11-04 16:18:24 -08:00 |
|
Karthik Kambatla
|
1a78082338
|
HADOOP-11217. Disable SSLv3 in KMS. (Robert Kanter via kasha)
|
2014-10-28 17:18:24 -07:00 |
|
Aaron T. Myers
|
0e57aa3bf6
|
HADOOP-11176. KMSClientProvider authentication fails when both currentUgi and loginUgi are a proxied user. Contributed by Arun Suresh.
|
2014-10-13 18:09:39 -07:00 |
|
Andrew Wang
|
b2f6197523
|
HADOOP-11169. Fix DelegationTokenAuthenticatedURL to pass the connection Configurator to the authenticator. (Arun Suresh via wang)
|
2014-10-07 14:46:59 -07:00 |
|
Andrew Wang
|
2d8e6e2c4a
|
HADOOP-11151. Automatically refresh auth token and retry on auth failure. Contributed by Arun Suresh.
|
2014-10-02 19:54:57 -07:00 |
|
Andrew Wang
|
a4c9b80a7c
|
HADOOP-11113. Namenode not able to reconnect to KMS after KMS restart. (Arun Suresh via wang)
|
2014-09-30 16:48:24 -07:00 |
|
Andrew Wang
|
64aef18965
|
HADOOP-11153. Make number of KMS threads configurable. (wang)
|
2014-09-29 15:02:29 -07:00 |
|
Andrew Wang
|
1737950d0f
|
HDFS-6987. Move CipherSuite xattr information up to the encryption zone root. Contributed by Zhe Zhang.
|
2014-09-21 21:29:46 -07:00 |
|
Andrew Wang
|
b6ceef90e5
|
HADOOP-11112. TestKMSWithZK does not use KEY_PROVIDER_URI. (tucu via wang)
|
2014-09-19 17:42:00 -07:00 |
|
Andrew Wang
|
adf0b67a71
|
HADOOP-10970. Cleanup KMS configuration keys. (wang)
|
2014-09-19 14:59:25 -07:00 |
|
Aaron T. Myers
|
6434572297
|
HADOOP-11109. Site build is broken. Contributed by Jian He.
|
2014-09-18 18:00:39 -07:00 |
|
Alejandro Abdelnur
|
fad4cd85b3
|
KMS: Support for multiple Kerberos principals. (tucu)
|
2014-09-18 16:03:38 -07:00 |
|
Andrew Wang
|
10e8602f32
|
HDFS-7004. Update KeyProvider instantiation to create by URI. (wang)
|
2014-09-17 20:14:40 -07:00 |
|
Alejandro Abdelnur
|
123f20d42f
|
HADOOP-11016. KMS should support signing cookies with zookeeper secret manager. (tucu)
|
2014-09-17 15:29:17 -07:00 |
|
Alejandro Abdelnur
|
8a7671d753
|
Revert "HADOOP-11016. KMS should support signing cookies with zookeeper secret manager. (tucu)"
This reverts commit 0a495bef5c .
|
2014-09-17 11:11:33 -07:00 |
|
Alejandro Abdelnur
|
3f8f860cc6
|
Revert "HADOOP-10982"
This reverts commit d9a86031a0 .
|
2014-09-17 11:11:15 -07:00 |
|
Alejandro Abdelnur
|
d9a86031a0
|
HADOOP-10982
|
2014-09-17 11:08:00 -07:00 |
|
Alejandro Abdelnur
|
0a495bef5c
|
HADOOP-11016. KMS should support signing cookies with zookeeper secret manager. (tucu)
|
2014-09-17 11:08:00 -07:00 |
|
Alejandro Abdelnur
|
e4ddb6da15
|
HADOOP-11099. KMS return HTTP UNAUTHORIZED 401 on ACL failure. (tucu)
|
2014-09-17 11:07:56 -07:00 |
|
Alejandro Abdelnur
|
8cf1052beb
|
HADOOP-11097. kms docs say proxyusers, not proxyuser for config params. (clamb via tucu)
|
2014-09-16 23:20:35 -07:00 |
|
Alejandro Abdelnur
|
e14e71d5fe
|
HADOOP-11096. KMS: KeyAuthorizationKeyProvider should verify the keyversion belongs to the keyname on decrypt. (tucu)
|
2014-09-16 23:20:35 -07:00 |
|
Alejandro Abdelnur
|
3e85f5b605
|
HDFS-7006. Test encryption zones with KMS. (Anthony Young-Garner and tucu)
|
2014-09-16 14:36:07 -07:00 |
|
cnauroth
|
957414d4cb
|
HADOOP-11088. Unittest TestKeyShell, TestCredShell and TestKMS assume UNIX path separator for JECKS key store path. Contributed by Xiaoyu Yao.
|
2014-09-12 14:50:07 -07:00 |
|
Alejandro Abdelnur
|
b02a4b4061
|
HADOOP-10758. KMS: add ACLs on per key basis. (tucu)
|
2014-09-10 14:26:15 -07:00 |
|
Alejandro Abdelnur
|
df8c84cba8
|
HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu)
|
2014-09-08 11:31:30 -07:00 |
|
Alejandro Abdelnur
|
0f3c19c1bb
|
HADOOP-11069. KMSClientProvider should use getAuthenticationMethod() to determine if in proxyuser mode or not. (tucu)
|
2014-09-05 21:59:12 -07:00 |
|
Alejandro Abdelnur
|
71c8d735f5
|
HADOOP-11070. Create MiniKMS for testing. (tucu)
|
2014-09-05 21:59:12 -07:00 |
|
cnauroth
|
b44b2ee4ad
|
HADOOP-11063. KMS cannot deploy on Windows, because class names are too long. Contributed by Chris Nauroth.
|
2014-09-04 11:47:18 -07:00 |
|
Alejandro Abdelnur
|
70b218748b
|
HADOOP-11015. Http server/client utils to propagate and recreate Exceptions from server to client. (tucu)
|
2014-09-04 09:11:10 -07:00 |
|
Alejandro Abdelnur
|
d9a03e272a
|
HADOOP-10863. KMS should have a blacklist for decrypting EEKs. (asuresh via tucu)
|
2014-09-03 15:08:55 -07:00 |
|
Alejandro Abdelnur
|
b1dce2aa21
|
HADOOP-10814. Update Tomcat version used by HttpFS and KMS to latest 6.x version. (rkanter via tucu)
|
2014-08-29 11:53:22 -07:00 |
|
Alejandro Abdelnur
|
e932365d6d
|
HADOOP-10698. KMS, add proxyuser support. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1618217 13f79535-47bb-0310-9956-ffa450edef68
|
2014-08-15 15:53:28 +00:00 |
|