Xiao Chen
|
2007e0cf2a
|
HDFS-11210. Enhance key rolling to guarantee new KeyVersion is returned from generateEncryptedKeys after a key is rolled.
|
2017-02-07 20:36:11 -08:00 |
Xiao Chen
|
d88497d44a
|
HADOOP-14047. Require admin to access KMS instrumentation servlets. Contributed by John Zhuge.
|
2017-02-06 13:14:17 -08:00 |
Xiao Chen
|
ebd40056a0
|
HADOOP-13992. KMS should load SSL configuration the same way as SSLFactory. Contributed by John Zhuge.
|
2017-01-27 10:49:26 -08:00 |
Xiaoyu Yao
|
2034315763
|
HADOOP-14029. Fix KMSClientProvider for non-secure proxyuser use case. Contributed by Xiaoyu Yao.
|
2017-01-26 20:34:32 -08:00 |
Xiao Chen
|
9c0a4d3e71
|
HADOOP-13990. Document KMS usage of CredentialProvider API. Contributed by John Zhuge.
|
2017-01-24 21:30:10 -08:00 |
Arun Suresh
|
be529dade1
|
HADOOP-13903. Improvements to KMS logging to help debug authorization errors. (Tristan Stevens via asuresh)
|
2017-01-11 00:26:02 -08:00 |
Xiao Chen
|
5d182949ba
|
HADOOP-13597. Switch KMS from Tomcat to Jetty. Contributed by John Zhuge.
|
2017-01-05 17:21:57 -08:00 |
Xiao Chen
|
30f85d7a88
|
HADOOP-13911. Remove TRUSTSTORE_PASSWORD related scripts from KMS. Contributed by John Zhuge.
|
2016-12-20 16:02:26 -08:00 |
Xiao Chen
|
79d90b810c
|
HADOOP-13827. Add reencryptEncryptedKey interface to KMS.
|
2016-12-06 12:04:04 -08:00 |
Xiao Chen
|
291df5c7fb
|
HADOOP-13847. KMSWebApp should close KeyProviderCryptoExtension. Contributed by John Zhuge.
|
2016-12-05 09:35:17 -08:00 |
Akira Ajisaka
|
00096dcc0c
|
HADOOP-13812. Upgrade Tomcat to 6.0.48. Contributed by John Zhuge.
|
2016-11-29 19:47:02 +09:00 |
Akira Ajisaka
|
67d9f2808e
|
HADOOP-13706. Update jackson from 1.9.13 to 2.x in hadoop-common-project.
|
2016-11-29 14:07:19 +09:00 |
Robert Kanter
|
47ca9e26fb
|
HADOOP-13838. KMSTokenRenewer should close providers (xiaochen via rkanter)
|
2016-11-28 18:08:09 -08:00 |
Akira Ajisaka
|
c65d6b6541
|
HADOOP-13814. Sample configuration of KMS HTTP Authentication signature is misleading. Contributed by Masahiro Tanaka.
|
2016-11-21 11:25:11 +09:00 |
Xiao Chen
|
61c0bedf77
|
HADOOP-13815. TestKMS#testDelegationTokensOpsSimple and TestKMS#testDelegationTokensOpsKerberized Fails in Trunk.
|
2016-11-15 16:26:27 -08:00 |
Xiao Chen
|
7154a20bcb
|
HADOOP-12453. Support decoding KMS Delegation Token with its own Identifier. Contributed by Xiaoyu Yao.
|
2016-11-03 13:09:03 -07:00 |
Xiao Chen
|
b62bc2bbd8
|
HADOOP-13763. KMS REST API Documentation Decrypt URL typo. Contributed by Jeffrey E Rodriguez.
|
2016-10-27 18:05:40 -07:00 |
Robert Kanter
|
5877f20f9c
|
HADOOP-10075. Update jetty dependency to version 9 (rkanter)
|
2016-10-27 16:09:00 -07:00 |
Xiaoyu Yao
|
d0a347984d
|
HADOOP-13749. KMSClientProvider combined with KeyProviderCache can result in wrong UGI being used. Contributed by Xiaoyu Yao.
|
2016-10-23 10:58:36 -07:00 |
Xiao Chen
|
d75cbc5749
|
HADOOP-13693. Remove the message about HTTP OPTIONS in SPNEGO initialization message from kms audit log.
|
2016-10-18 18:24:59 -07:00 |
Xiao Chen
|
65912e4027
|
HADOOP-13669. KMS Server should log exceptions before throwing. Contributed by Suraj Acharya.
|
2016-10-10 12:51:12 -07:00 |
Xiao Chen
|
89bd6d29a6
|
HADOOP-13317. Add logs to KMS server-side to improve supportability. Contributed by Suraj Acharya.
|
2016-09-30 17:51:39 -07:00 |
Xiao Chen
|
fa397e74fe
|
HADOOP-13638. KMS should set UGI's Configuration object properly. Contributed by Wei-Chiu Chuang.
|
2016-09-26 13:00:57 -07:00 |
Xiao Chen
|
ea839bd48e
|
HDFS-10489. Deprecate dfs.encryption.key.provider.uri for HDFS encryption zones. Contributed by Xiao Chen.
|
2016-09-17 22:25:39 -07:00 |
Xiao Chen
|
3476156807
|
HADOOP-13396. Allow pluggable audit loggers in KMS. Contributed by Xiao Chen
|
2016-08-24 10:14:46 -07:00 |
Wei-Chiu Chuang
|
03a9343d57
|
HADOOP-12765. HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections. Contributed by Min Shen.
|
2016-08-19 09:22:49 -07:00 |
Xiao Chen
|
9daa9979a1
|
HADOOP-13437. KMS should reload whitelist and default key ACLs when hot-reloading. Contributed by Xiao Chen.
|
2016-08-15 18:14:45 -07:00 |
Wei-Chiu Chuang
|
db719ef125
|
HADOOP-13190. Mention LoadBalancingKMSClientProvider in KMS HA documentation. Contributed by Wei-Chiu Chuang.
|
2016-08-11 12:27:09 -07:00 |
Wei-Chiu Chuang
|
070548943a
|
HADOOP-13395. Enhance TestKMSAudit. Contributed by Xiao Chen.
|
2016-08-08 15:11:05 -07:00 |
Xiao Chen
|
8ebf2e95d2
|
HADOOP-13381. KMS clients should use KMS Delegation Tokens from current UGI. Contributed by Xiao Chen.
|
2016-07-28 18:24:41 -07:00 |
Andrew Wang
|
771f798edf
|
HADOOP-13251. Authenticate with Kerberos credentials when renewing KMS delegation token. Contributed by Xiao Chen.
|
2016-06-27 18:20:56 -07:00 |
Xiaoyu Yao
|
b1674caa40
|
HADOOP-13255. KMSClientProvider should check and renew tgt when doing delegation token operations. Contributed by Xiao Chen.
|
2016-06-16 15:22:00 -07:00 |
Andrew Wang
|
713cb71820
|
HADOOP-13155. Implement TokenRenewer to renew and cancel delegation tokens in KMS. Contributed by Xiao Chen.
|
2016-06-03 16:48:54 -07:00 |
Kai Zheng
|
916140604f
|
HADOOP-12911. Upgrade Hadoop MiniKDC with Kerby. Contributed by Jiajia Li
|
2016-05-28 14:23:39 +08:00 |
Allen Wittenauer
|
35cf503149
|
HADOOP-13077. Handle special characters in passwords in httpfs.sh (Xiao Chen via aw)
|
2016-05-05 11:33:06 -07:00 |
Andrew Wang
|
6f26b66587
|
HADOOP-13030. Handle special characters in passwords in KMS startup script. Contributed by Xiao Chen.
|
2016-04-27 15:56:16 -07:00 |
Andrew Wang
|
a74580a4d3
|
HADOOP-12811. Change kms server port number which conflicts with HMaster port number. Contributed by Xiao Chen.
|
2016-04-14 11:36:12 -07:00 |
Andrew Wang
|
594c70f779
|
HADOOP-12951. Improve documentation on KMS ACLs and delegation tokens. Contributed by Xiao Chen.
|
2016-04-07 23:50:27 -07:00 |
Allen Wittenauer
|
0a74610d1c
|
HADOOP-11393. Revert HADOOP_PREFIX, go back to HADOOP_HOME (aw)
|
2016-03-31 07:51:05 -07:00 |
Andrew Wang
|
d4df7849a5
|
HADOOP-12962. KMS key names are incorrectly encoded when creating key. Contributed by Xiao Chen.
|
2016-03-25 15:28:53 -07:00 |
Masatake Iwasaki
|
cbd31328a6
|
HADOOP-12470. In-page TOC of documentation should be automatically generated by doxia macro (iwasakims)
|
2016-03-04 14:11:36 +09:00 |
Yongjun Zhang
|
a963baba10
|
HADOOP-12828. Print user when services are started. (Wei-Chiu Chuang via Yongjun Zhang)
|
2016-02-19 09:41:22 -08:00 |
Andrew Wang
|
8fdef0bd9d
|
HADOOP-12699. TestKMS#testKMSProvider intermittently fails during 'test rollover draining'. Contributed by Xiao Chen.
|
2016-02-11 17:20:10 -08:00 |
cnauroth
|
70c756d35e
|
HADOOP-12795. KMS does not log detailed stack trace for unexpected errors. Contributed by Chris Nauroth.
|
2016-02-11 16:52:58 -08:00 |
Zhe Zhang
|
4ef1324ff6
|
HADOOP-12764. Increase default value of KMX maxHttpHeaderSize and make it configurable.
Change-Id: I6e970563c201152e1428feafb8124e61c15a6fc0
|
2016-02-10 09:56:40 -08:00 |
Steve Loughran
|
bac798abfc
|
HADOOP-12597. In kms-site.xml configuration "hadoop.security.keystore.JavaKeyStoreProvider.password" should be updated with new name. (Surendra Singh Lilhore via stevel)
|
2016-01-07 16:00:54 +00:00 |
Xiaoyu Yao
|
ab725cff66
|
HADOOP-12682. Fix TestKMS#testKMSRestart* failure. Contributed by Wei-Chiu Chuang.
|
2015-12-30 10:29:26 -08:00 |
Zhe Zhang
|
f5756a2038
|
HADOOP-12615. Fix NPE in MiniKMS.start(). Contributed by Wei-Chiu Chuang.
Change-Id: Ie3e148bd1401618b1737a577957298bf622891f4
|
2015-12-17 13:24:29 -08:00 |
Haohui Mai
|
66428d33a7
|
HADOOP-11218. Add TLSv1.1,TLSv1.2 to KMS, HttpFS, SSLFactory. Contributed by Vijay Singh.
|
2015-11-22 16:00:34 -08:00 |
Varun Vasudev
|
73b9c7b82b
|
HADOOP-10787. Rename/remove non-HADOOP_*, etc from the shell scripts. Contributed by Allen Wittenauer.
|
2015-11-04 15:56:17 +05:30 |
Haohui Mai
|
7f00fcac77
|
HADOOP-12474. MiniKMS should use random ports for Jetty server by default. Contributed by Mingliang Liu.
|
2015-10-13 13:07:57 -07:00 |
Allen Wittenauer
|
666cafca8d
|
HADOOP-12249. pull argument parsing into a function (aw)
|
2015-07-31 14:32:21 -07:00 |
Colin Patrick Mccabe
|
7dba7005b7
|
HADOOP-11969. ThreadLocal initialization in several classes is not thread safe (Sean Busbey via Colin P. McCabe)
|
2015-05-26 12:15:46 -07:00 |
Robert Kanter
|
9fec02c069
|
HADOOP-11870. [JDK8] AuthenticationFilter, CertificateUtil, SignerSecretProviders, KeyAuthorizationKeyProvider Javadoc issues (rkanter)
|
2015-04-27 13:25:11 -07:00 |
Allen Wittenauer
|
8b69c825e5
|
HADOOP-11865. Incorrect path mentioned in document for accessing script files (J.Andreina via aw)
|
2015-04-26 09:55:46 -07:00 |
Allen Wittenauer
|
dce8b9c4d0
|
HADOOP-11637. bash location hard-coded in shell scripts (aw)
|
2015-02-26 09:29:16 -08:00 |
Andrew Wang
|
71385f9b70
|
HADOOP-11620. Add support for load balancing across a group of KMS for HA. Contributed by Arun Suresh.
|
2015-02-25 21:16:37 -08:00 |
Allen Wittenauer
|
b6fc1f3e43
|
HADOOP-11593. Convert site documentation from apt to markdown (stragglers) (Masatake Iwasaki via aw)
|
2015-02-17 21:30:24 -10:00 |
Allen Wittenauer
|
43d5caef5e
|
HADOOP-11460. Deprecate shell vars (John Smith via aw)
|
2015-02-04 16:35:50 -08:00 |
yliu
|
ee1e06a3ab
|
HADOOP-11469. KMS should skip default.key.acl and whitelist.key.acl when loading key acl. (Dian Fu via yliu)
|
2015-01-28 00:07:21 +08:00 |
Andrew Wang
|
4b00935643
|
HADOOP-11482. Use correct UGI when KMSClientProvider is called by a proxy user. Contributed by Arun Suresh.
|
2015-01-23 12:11:15 -08:00 |
Akira Ajisaka
|
aee4500612
|
HADOOP-11493. Fix some typos in kms-acls.xml description. (Contributed by Charles Lamb)
|
2015-01-23 11:48:19 +09:00 |
Allen Wittenauer
|
0c45946e65
|
HADOOP-10788. Rewrite kms to use new shell framework (John Smith via aw)
|
2015-01-02 10:52:47 -08:00 |
Haohui Mai
|
1340617535
|
HADOOP-11378. Fix new findbugs warnings in hadoop-kms. Contributed by Li Lu.
|
2014-12-09 13:10:03 -08:00 |
Andrew Wang
|
74d4bfded9
|
HADOOP-11368. Fix SSLFactory truststore reloader thread leak in KMSClientProvider. Contributed by Arun Suresh.
|
2014-12-09 10:47:24 -08:00 |
Andrew Wang
|
ddffcd8fac
|
HADOOP-11329. Add JAVA_LIBRARY_PATH to KMS startup options. Contributed by Arun Suresh.
|
2014-12-08 13:45:19 -08:00 |
Andrew Wang
|
9cdaec6a6f
|
HADOOP-11355. When accessing data in HDFS and the key has been deleted, a Null Pointer Exception is shown. Contributed by Arun Suresh.
|
2014-12-05 12:01:23 -08:00 |
Andrew Wang
|
1812241ee1
|
HADOOP-11342. KMS key ACL should ignore ALL operation for default key ACL and whitelist key ACL. Contributed by Dian Fu.
|
2014-12-03 12:00:14 -08:00 |
Andrew Wang
|
3d48ad7eb4
|
HADOOP-11344. KMS kms-config.sh sets a default value for the keystore password even in non-ssl setup. Contributed by Arun Suresh.
|
2014-12-02 19:04:29 -08:00 |
Andrew Wang
|
31b4d2daa1
|
HADOOP-11341. KMS support for whitelist key ACLs. Contributed by Arun Suresh.
|
2014-12-01 21:53:37 -08:00 |
Andrew Wang
|
9fa2990257
|
HADOOP-11337. KeyAuthorizationKeyProvider access checks need to be done atomically. Contributed by Dian Fu.
|
2014-12-01 21:21:23 -08:00 |
Andrew Wang
|
56f3eecc12
|
HADOOP-11300. KMS startup scripts must not display the keystore / truststore passwords. Contributed by Arun Suresh.
|
2014-11-25 15:12:04 -08:00 |
yliu
|
61a2510b55
|
HADOOP-11322. key based ACL check in KMS always check KeyOpType.MANAGEMENT even actual KeyOpType is not MANAGEMENT. (Dian Fu via yliu)
|
2014-11-25 01:08:40 +08:00 |
Andrew Wang
|
bcd402ae38
|
HADOOP-11312. Fix unit tests to not use uppercase key names.
|
2014-11-18 10:47:46 -08:00 |
Karthik Kambatla
|
87818ef4e7
|
HADOOP-11217. (Addendum to allow SSLv2Hello) Disable SSLv3 in KMS. (Robert Kanter via kasha)
|
2014-11-12 18:39:03 -08:00 |
Aaron T. Myers
|
ef5af4f8de
|
HADOOP-11187 NameNode - KMS communication fails after a long period of inactivity. Contributed by Arun Suresh.
|
2014-11-05 18:17:49 -08:00 |
Aaron T. Myers
|
8a261e68e4
|
HADOOP-11272. Allow ZKSignerSecretProvider and ZKDelegationTokenSecretManager to use the same curator client. Contributed by Arun Suresh.
|
2014-11-05 17:47:22 -08:00 |
Karthik Kambatla
|
dbf30e3c0e
|
HADOOP-11260. Patch up Jetty to disable SSLv3. (Mike Yoder via kasha)
|
2014-11-04 16:18:24 -08:00 |
Karthik Kambatla
|
1a78082338
|
HADOOP-11217. Disable SSLv3 in KMS. (Robert Kanter via kasha)
|
2014-10-28 17:18:24 -07:00 |
Aaron T. Myers
|
0e57aa3bf6
|
HADOOP-11176. KMSClientProvider authentication fails when both currentUgi and loginUgi are a proxied user. Contributed by Arun Suresh.
|
2014-10-13 18:09:39 -07:00 |
Andrew Wang
|
b2f6197523
|
HADOOP-11169. Fix DelegationTokenAuthenticatedURL to pass the connection Configurator to the authenticator. (Arun Suresh via wang)
|
2014-10-07 14:46:59 -07:00 |
Andrew Wang
|
2d8e6e2c4a
|
HADOOP-11151. Automatically refresh auth token and retry on auth failure. Contributed by Arun Suresh.
|
2014-10-02 19:54:57 -07:00 |
Andrew Wang
|
a4c9b80a7c
|
HADOOP-11113. Namenode not able to reconnect to KMS after KMS restart. (Arun Suresh via wang)
|
2014-09-30 16:48:24 -07:00 |
Andrew Wang
|
64aef18965
|
HADOOP-11153. Make number of KMS threads configurable. (wang)
|
2014-09-29 15:02:29 -07:00 |
Andrew Wang
|
1737950d0f
|
HDFS-6987. Move CipherSuite xattr information up to the encryption zone root. Contributed by Zhe Zhang.
|
2014-09-21 21:29:46 -07:00 |
Andrew Wang
|
b6ceef90e5
|
HADOOP-11112. TestKMSWithZK does not use KEY_PROVIDER_URI. (tucu via wang)
|
2014-09-19 17:42:00 -07:00 |
Andrew Wang
|
adf0b67a71
|
HADOOP-10970. Cleanup KMS configuration keys. (wang)
|
2014-09-19 14:59:25 -07:00 |
Aaron T. Myers
|
6434572297
|
HADOOP-11109. Site build is broken. Contributed by Jian He.
|
2014-09-18 18:00:39 -07:00 |
Alejandro Abdelnur
|
fad4cd85b3
|
KMS: Support for multiple Kerberos principals. (tucu)
|
2014-09-18 16:03:38 -07:00 |
Andrew Wang
|
10e8602f32
|
HDFS-7004. Update KeyProvider instantiation to create by URI. (wang)
|
2014-09-17 20:14:40 -07:00 |
Alejandro Abdelnur
|
123f20d42f
|
HADOOP-11016. KMS should support signing cookies with zookeeper secret manager. (tucu)
|
2014-09-17 15:29:17 -07:00 |
Alejandro Abdelnur
|
8a7671d753
|
Revert "HADOOP-11016. KMS should support signing cookies with zookeeper secret manager. (tucu)"
This reverts commit 0a495bef5c .
|
2014-09-17 11:11:33 -07:00 |
Alejandro Abdelnur
|
3f8f860cc6
|
Revert "HADOOP-10982"
This reverts commit d9a86031a0 .
|
2014-09-17 11:11:15 -07:00 |
Alejandro Abdelnur
|
d9a86031a0
|
HADOOP-10982
|
2014-09-17 11:08:00 -07:00 |
Alejandro Abdelnur
|
0a495bef5c
|
HADOOP-11016. KMS should support signing cookies with zookeeper secret manager. (tucu)
|
2014-09-17 11:08:00 -07:00 |
Alejandro Abdelnur
|
e4ddb6da15
|
HADOOP-11099. KMS return HTTP UNAUTHORIZED 401 on ACL failure. (tucu)
|
2014-09-17 11:07:56 -07:00 |
Alejandro Abdelnur
|
8cf1052beb
|
HADOOP-11097. kms docs say proxyusers, not proxyuser for config params. (clamb via tucu)
|
2014-09-16 23:20:35 -07:00 |
Alejandro Abdelnur
|
e14e71d5fe
|
HADOOP-11096. KMS: KeyAuthorizationKeyProvider should verify the keyversion belongs to the keyname on decrypt. (tucu)
|
2014-09-16 23:20:35 -07:00 |
Alejandro Abdelnur
|
3e85f5b605
|
HDFS-7006. Test encryption zones with KMS. (Anthony Young-Garner and tucu)
|
2014-09-16 14:36:07 -07:00 |
cnauroth
|
957414d4cb
|
HADOOP-11088. Unittest TestKeyShell, TestCredShell and TestKMS assume UNIX path separator for JECKS key store path. Contributed by Xiaoyu Yao.
|
2014-09-12 14:50:07 -07:00 |