Commit Graph

71 Commits

Author SHA1 Message Date
Robert Kanter
9fec02c069 HADOOP-11870. [JDK8] AuthenticationFilter, CertificateUtil, SignerSecretProviders, KeyAuthorizationKeyProvider Javadoc issues (rkanter) 2015-04-27 13:25:11 -07:00
Allen Wittenauer
8b69c825e5 HADOOP-11865. Incorrect path mentioned in document for accessing script files (J.Andreina via aw) 2015-04-26 09:55:46 -07:00
Allen Wittenauer
dce8b9c4d0 HADOOP-11637. bash location hard-coded in shell scripts (aw) 2015-02-26 09:29:16 -08:00
Andrew Wang
71385f9b70 HADOOP-11620. Add support for load balancing across a group of KMS for HA. Contributed by Arun Suresh. 2015-02-25 21:16:37 -08:00
Allen Wittenauer
b6fc1f3e43 HADOOP-11593. Convert site documentation from apt to markdown (stragglers) (Masatake Iwasaki via aw) 2015-02-17 21:30:24 -10:00
Allen Wittenauer
43d5caef5e HADOOP-11460. Deprecate shell vars (John Smith via aw) 2015-02-04 16:35:50 -08:00
yliu
ee1e06a3ab HADOOP-11469. KMS should skip default.key.acl and whitelist.key.acl when loading key acl. (Dian Fu via yliu) 2015-01-28 00:07:21 +08:00
Andrew Wang
4b00935643 HADOOP-11482. Use correct UGI when KMSClientProvider is called by a proxy user. Contributed by Arun Suresh. 2015-01-23 12:11:15 -08:00
Akira Ajisaka
aee4500612 HADOOP-11493. Fix some typos in kms-acls.xml description. (Contributed by Charles Lamb) 2015-01-23 11:48:19 +09:00
Allen Wittenauer
0c45946e65 HADOOP-10788. Rewrite kms to use new shell framework (John Smith via aw) 2015-01-02 10:52:47 -08:00
Haohui Mai
1340617535 HADOOP-11378. Fix new findbugs warnings in hadoop-kms. Contributed by Li Lu. 2014-12-09 13:10:03 -08:00
Andrew Wang
74d4bfded9 HADOOP-11368. Fix SSLFactory truststore reloader thread leak in KMSClientProvider. Contributed by Arun Suresh. 2014-12-09 10:47:24 -08:00
Andrew Wang
ddffcd8fac HADOOP-11329. Add JAVA_LIBRARY_PATH to KMS startup options. Contributed by Arun Suresh. 2014-12-08 13:45:19 -08:00
Andrew Wang
9cdaec6a6f HADOOP-11355. When accessing data in HDFS and the key has been deleted, a Null Pointer Exception is shown. Contributed by Arun Suresh. 2014-12-05 12:01:23 -08:00
Andrew Wang
1812241ee1 HADOOP-11342. KMS key ACL should ignore ALL operation for default key ACL and whitelist key ACL. Contributed by Dian Fu. 2014-12-03 12:00:14 -08:00
Andrew Wang
3d48ad7eb4 HADOOP-11344. KMS kms-config.sh sets a default value for the keystore password even in non-ssl setup. Contributed by Arun Suresh. 2014-12-02 19:04:29 -08:00
Andrew Wang
31b4d2daa1 HADOOP-11341. KMS support for whitelist key ACLs. Contributed by Arun Suresh. 2014-12-01 21:53:37 -08:00
Andrew Wang
9fa2990257 HADOOP-11337. KeyAuthorizationKeyProvider access checks need to be done atomically. Contributed by Dian Fu. 2014-12-01 21:21:23 -08:00
Andrew Wang
56f3eecc12 HADOOP-11300. KMS startup scripts must not display the keystore / truststore passwords. Contributed by Arun Suresh. 2014-11-25 15:12:04 -08:00
yliu
61a2510b55 HADOOP-11322. key based ACL check in KMS always check KeyOpType.MANAGEMENT even actual KeyOpType is not MANAGEMENT. (Dian Fu via yliu) 2014-11-25 01:08:40 +08:00
Andrew Wang
bcd402ae38 HADOOP-11312. Fix unit tests to not use uppercase key names. 2014-11-18 10:47:46 -08:00
Karthik Kambatla
87818ef4e7 HADOOP-11217. (Addendum to allow SSLv2Hello) Disable SSLv3 in KMS. (Robert Kanter via kasha) 2014-11-12 18:39:03 -08:00
Aaron T. Myers
ef5af4f8de HADOOP-11187 NameNode - KMS communication fails after a long period of inactivity. Contributed by Arun Suresh. 2014-11-05 18:17:49 -08:00
Aaron T. Myers
8a261e68e4 HADOOP-11272. Allow ZKSignerSecretProvider and ZKDelegationTokenSecretManager to use the same curator client. Contributed by Arun Suresh. 2014-11-05 17:47:22 -08:00
Karthik Kambatla
dbf30e3c0e HADOOP-11260. Patch up Jetty to disable SSLv3. (Mike Yoder via kasha) 2014-11-04 16:18:24 -08:00
Karthik Kambatla
1a78082338 HADOOP-11217. Disable SSLv3 in KMS. (Robert Kanter via kasha) 2014-10-28 17:18:24 -07:00
Aaron T. Myers
0e57aa3bf6 HADOOP-11176. KMSClientProvider authentication fails when both currentUgi and loginUgi are a proxied user. Contributed by Arun Suresh. 2014-10-13 18:09:39 -07:00
Andrew Wang
b2f6197523 HADOOP-11169. Fix DelegationTokenAuthenticatedURL to pass the connection Configurator to the authenticator. (Arun Suresh via wang) 2014-10-07 14:46:59 -07:00
Andrew Wang
2d8e6e2c4a HADOOP-11151. Automatically refresh auth token and retry on auth failure. Contributed by Arun Suresh. 2014-10-02 19:54:57 -07:00
Andrew Wang
a4c9b80a7c HADOOP-11113. Namenode not able to reconnect to KMS after KMS restart. (Arun Suresh via wang) 2014-09-30 16:48:24 -07:00
Andrew Wang
64aef18965 HADOOP-11153. Make number of KMS threads configurable. (wang) 2014-09-29 15:02:29 -07:00
Andrew Wang
1737950d0f HDFS-6987. Move CipherSuite xattr information up to the encryption zone root. Contributed by Zhe Zhang. 2014-09-21 21:29:46 -07:00
Andrew Wang
b6ceef90e5 HADOOP-11112. TestKMSWithZK does not use KEY_PROVIDER_URI. (tucu via wang) 2014-09-19 17:42:00 -07:00
Andrew Wang
adf0b67a71 HADOOP-10970. Cleanup KMS configuration keys. (wang) 2014-09-19 14:59:25 -07:00
Aaron T. Myers
6434572297 HADOOP-11109. Site build is broken. Contributed by Jian He. 2014-09-18 18:00:39 -07:00
Alejandro Abdelnur
fad4cd85b3 KMS: Support for multiple Kerberos principals. (tucu) 2014-09-18 16:03:38 -07:00
Andrew Wang
10e8602f32 HDFS-7004. Update KeyProvider instantiation to create by URI. (wang) 2014-09-17 20:14:40 -07:00
Alejandro Abdelnur
123f20d42f HADOOP-11016. KMS should support signing cookies with zookeeper secret manager. (tucu) 2014-09-17 15:29:17 -07:00
Alejandro Abdelnur
8a7671d753 Revert "HADOOP-11016. KMS should support signing cookies with zookeeper secret manager. (tucu)"
This reverts commit 0a495bef5c.
2014-09-17 11:11:33 -07:00
Alejandro Abdelnur
3f8f860cc6 Revert "HADOOP-10982"
This reverts commit d9a86031a0.
2014-09-17 11:11:15 -07:00
Alejandro Abdelnur
d9a86031a0 HADOOP-10982 2014-09-17 11:08:00 -07:00
Alejandro Abdelnur
0a495bef5c HADOOP-11016. KMS should support signing cookies with zookeeper secret manager. (tucu) 2014-09-17 11:08:00 -07:00
Alejandro Abdelnur
e4ddb6da15 HADOOP-11099. KMS return HTTP UNAUTHORIZED 401 on ACL failure. (tucu) 2014-09-17 11:07:56 -07:00
Alejandro Abdelnur
8cf1052beb HADOOP-11097. kms docs say proxyusers, not proxyuser for config params. (clamb via tucu) 2014-09-16 23:20:35 -07:00
Alejandro Abdelnur
e14e71d5fe HADOOP-11096. KMS: KeyAuthorizationKeyProvider should verify the keyversion belongs to the keyname on decrypt. (tucu) 2014-09-16 23:20:35 -07:00
Alejandro Abdelnur
3e85f5b605 HDFS-7006. Test encryption zones with KMS. (Anthony Young-Garner and tucu) 2014-09-16 14:36:07 -07:00
cnauroth
957414d4cb HADOOP-11088. Unittest TestKeyShell, TestCredShell and TestKMS assume UNIX path separator for JECKS key store path. Contributed by Xiaoyu Yao. 2014-09-12 14:50:07 -07:00
Alejandro Abdelnur
b02a4b4061 HADOOP-10758. KMS: add ACLs on per key basis. (tucu) 2014-09-10 14:26:15 -07:00
Alejandro Abdelnur
df8c84cba8 HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu) 2014-09-08 11:31:30 -07:00
Alejandro Abdelnur
0f3c19c1bb HADOOP-11069. KMSClientProvider should use getAuthenticationMethod() to determine if in proxyuser mode or not. (tucu) 2014-09-05 21:59:12 -07:00