[ https://issues.apache.org/jira/browse/KAFKA-1686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14964807#comment-14964807 ]
ASF GitHub Bot commented on KAFKA-1686: --------------------------------------- GitHub user ijuma opened a pull request: https://github.com/apache/kafka/pull/334 KAFKA-1686; Implement SASL/Kerberos This PR implements SASL/Kerberos which was originally submitted by @harshach as https://github.com/apache/kafka/pull/191. I've been submitting PRs to Harsha's branch with fixes and improvements and he has integrated all, but the most recent one. I'm creating this PR so that the Jenkins can run the tests on the branch (they pass locally). You can merge this pull request into a Git repository by running: $ git pull https://github.com/ijuma/kafka KAFKA-1686-V1 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/kafka/pull/334.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #334 ---- commit 82737e5bb71f67271d90c059dede74935f8a5e56 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-08-31T23:07:15Z KAFKA-1686. Implement SASL/Kerberos. commit a3417d7f2c558c0082799b117a3c62c706ad519d Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-09-03T03:31:34Z KAFKA-1686. Implement SASL/Kerberos. commit 8f718ce6b03a9c86712dc8f960af2b739b8ed510 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-09-03T04:10:40Z KAFKA-1686. Implement SASL/Kerberos. commit aa928952305a31c5b6e2bac705d350f94c9f7501 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-09-03T13:48:47Z Added licesense. commit f178107b516af414162634fc7253cedd2a6a3bf5 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-09-03T13:57:57Z KAFKA-1686. Implement SASL/Kerberos. commit 71b6fdbc841cffd5279eb2044c4da69acc172626 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-10-03T23:09:23Z Merge remote-tracking branch 'refs/remotes/origin/trunk' into KAFKA-1686-V1 commit 9d260c67472296d752f74bc04eefb1e95b6b9746 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-10-04T18:36:52Z KAFKA-1686. Fixes after the merge. commit 5723dd2a392a307cfd6484c1f3f7c32cc8891940 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-10-09T06:43:51Z KAFKA-1686. Addressing comments. commit 8cf30d0b3a0aefa08cb9d86d59f0f16d810d7481 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-09T07:36:19Z Merge remote-tracking branch 'apache/trunk' into KAFKA-1686-V1 * apache/trunk: KAFKA-2596: reject commits from unknown groups with positive generations MINOR: typing ProcessorDef KAFKA-2477: Fix a race condition between log append and fetch that causes OffsetOutOfRangeException. KAFKA-2428: Add sanity check in KafkaConsumer for the timeouts Kafka-2587: Only notification handler will update the cache and all verifications will use waitUntilTrue. KAFKA-2419; Garbage collect unused sensors KAFKA-2534: Fixes and unit tests for SSLTransportLayer buffer overflow KAFKA-2476: Add Decimal, Date, and Timestamp logical types. KAFKA-2474: Add caching of JSON schema conversions to JsonConverter KAFKA-2482: Allow sink tasks to get their current assignment, as well as pause and resume topic partitions. KAFKA-2573: Mirror maker system test hangs and eventually fails KAFKA-2599: Fix Metadata.getClusterForCurrentTopics throws NPE TRIVIAL: remove TODO in KafkaConsumer after KAFKA-2120 HOTFIX: Persistent store in ProcessorStateManagerTest KAFKA-2604; Remove `completeAll` and improve timeout passed to `Selector.poll` from `NetworkClient.poll` KAFKA-2601; ConsoleProducer tool shows stacktrace on invalid command parameters commit 2596c4a668f7095f4cfce36b34504c50f4603631 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-09T12:21:05Z Remove unused code, fix formatting and minor javadoc tweaks commit 2919bc3ae474b3e27ca5cb0c75e4cff0fee9ca93 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-09T12:23:17Z Fix bad merge in `TestUtils` commit 9ed1a2635d97c290e42b723ce8db2bf60c1c6440 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-09T12:23:46Z Remove -XX:-MaxFDLimit from `gradle.properties` commit 2d2fcecb7bda62519d36d4f71a955cf55c8bbd2a Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-09T12:36:06Z Support `SSLSASL` in `ChannelBuilders`, reduce duplication in `TestUtils` and clean-up `SaslTestHarness` commit 6a13667232c2946ed92fdebcb467f27d6adf075f Author: Harsha <harsh...@users.noreply.github.com> Date: 2015-10-09T14:16:30Z Merge pull request #1 from ijuma/KAFKA-1686-V1 Merge trunk and a few improvements and fixes commit 32ab6f468505edf10be686905019c4d202663f72 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-10-09T22:21:26Z KAFKA-1686. Added SaslConsumerTest, fixed a bug in SecurityProtocol. commit 58064b46a7ddbb7d2293e33c7b66c35f76043588 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-10-09T22:33:11Z KAFKA-1686. removing unnecessary logs. commit dc05e079cbbdbcc6e3f1613b720545a3a8531d94 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-11T11:36:50Z Merge remote-tracking branch 'apache/trunk' into KAFKA-1686-V1 * apache/trunk: MINOR: Use the correct processor id in the processor thread name KAFKA-2614; No more clients can connect after `TooManyConnectionsException` threshold (max.connections.per.ip) is reached MINOR: putting back kstream stateful transform methods MINOR: Fix exception message in Copycat's Time logical type. KAFKA-2600: Align Kafka Streams' interfaces with Java 8 functional interfaces KAFKA-2622: Add Time logical type for Copycat. commit 9e6ba51a54e467177d1c724e1f3ecab264d7a837 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-12T14:11:37Z A number of code clean-ups * Address some of Jun's and Parth's comments * Make fields final * Reduce scope of variables where possible * Remove unused fields and methods * Fix javadoc * Fix formatting and naming issues commit fc40c986ddd8f9653ca96c8f683074f0114f8590 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-12T14:12:38Z Return non-anonymous `KafkaPrincipal` in `SaslClientAuthenticator.principal` commit e80cad9298a2c0491b811c16113685b8a0df2084 Author: Harsha <harsh...@users.noreply.github.com> Date: 2015-10-13T01:02:59Z Merge pull request #2 from ijuma/KAFKA-1686-V1 Merge trunk, address some feedback and code clean-ups commit 1d53bcea1c2e95585ec474cd52f4cf87104ef940 Author: Sriharsha Chintalapani <har...@hortonworks.com> Date: 2015-10-13T05:11:08Z KAFKA-1686. Added default sasl configs , addressed reviews. commit e637120467c530ecf559eb2e6278e55fab655551 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-13T15:13:35Z Simplify `Shell` by removing unused functionality and other clean-ups. commit a3bd8d25a575b0fabf0811fd448d96a677f2ed4c Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-13T15:13:50Z Config clean-ups commit 6dea484dd3a20468fde9aef318446eb761446d4a Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-13T15:14:39Z Tweak logging and make fields final in `Login` commit d5768c8fb55f0f71fd7f067fc532aae708209416 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-13T16:03:47Z Minor simplification of `SaslClientAuthenticator.complete` as per Jun's comment commit 37980d736cdaa60e938ada28b00653c4688aaec6 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-13T16:04:40Z Tweak assignment of `Login.lastLogin` commit ae430bebc6ddc04afac50b1be0c82b0c2faebb88 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-13T16:11:49Z Remove `currentWallTime()` and `currentElapsedTime()` from `Time` for now Add private methods to `Login` instead as it's the only class where they are used. commit 190fe8613558258d4f478fa380cbfc2d868a876c Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-13T16:38:59Z Rename SSLSASL to SASL_SSL and PLAINTEXTSASL to SASL_PLAIN commit 06353e427244a331d66dee087a6d7e6e1aace22e Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-13T16:50:51Z Merge remote-tracking branch 'apache/trunk' into KAFKA-1686-V1 * apache/trunk: KAFKA-2637; Cipher suite setting should be configurable for SSL Closes #206 . *WONT FIX* - no new release planned for 0.8.2 branch closes pr #206. *WONT FIX* - no new release planned for 0.8.2 branch KAFKA-2613; Make maxParallelForks configurable via Gradle config so it can be turned down on shared build infrastructure. KAFKA-2581: Run some existing ducktape tests with SSL KAFKA-2203: Getting Java8 to relax about javadoc and let our build pass KAFKA-2443 KAFKA-2567; Expose windowSize on Rate; - Throttle time should not return NaN KAFKA-2633; Default logging from tools to Stderr commit ba29a432585c3dbe19c53e16b9ea12f6d4917bc0 Author: Ismael Juma <ism...@juma.me.uk> Date: 2015-10-13T17:33:11Z Call `removeInterestOps` when we complete. ---- > Implement SASL/Kerberos > ----------------------- > > Key: KAFKA-1686 > URL: https://issues.apache.org/jira/browse/KAFKA-1686 > Project: Kafka > Issue Type: Sub-task > Components: security > Affects Versions: 0.8.2.1 > Reporter: Jay Kreps > Assignee: Sriharsha Chintalapani > Priority: Blocker > Fix For: 0.9.0.0 > > > Implement SASL/Kerberos authentication. > To do this we will need to introduce a new SASLRequest and SASLResponse pair > to the client protocol. This request and response will each have only a > single byte[] field and will be used to handle the SASL challenge/response > cycle. Doing this will initialize the SaslServer instance and associate it > with the session in a manner similar to KAFKA-1684. > When using integrity or encryption mechanisms with SASL we will need to wrap > and unwrap bytes as in KAFKA-1684 so the same interface that covers the > SSLEngine will need to also cover the SaslServer instance. -- This message was sent by Atlassian JIRA (v6.3.4#6332)