> On May 24, 2016, 12:03 a.m., Michael Han wrote: > > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java, line > > 32 > > <https://reviews.apache.org/r/47354/diff/3/?file=1388781#file1388781line32> > > > > I am tempted to rename this variable to QUORUM_SERVER_SASL_REQUIRED so > > it is consistent just like other configuration variables where the value of > > the variable and its name literally match. There are also other places in > > code where we could replace 'auth' with 'sasl', for example: > > quorumServerAuthRequired -> quorumServerSaslRequired > > > > Not sure what others think about this. > > Rakesh R wrote: > With this jira we are introducing sasl based authentication but in future > quorum can support ssl based authentication way. I have chosen the word > 'auth' considering this case and I thought 'auth' is more generic. Does this > makes sense to you?
Yes, this makes sense. I agree that QUORUM_SERVER_AUTH_REQUIRED should be used so it can cover both SASL and SSL authentication (and others, if any.). I am wondering though if we should change the value to be "quorum.auth.serverRequireAuth" instead of "quorum.auth.serverRequireSasl" accordingly - since the name is generic, should the value also be generic? > On May 24, 2016, 12:03 a.m., Michael Han wrote: > > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthClient.java, > > line 34 > > <https://reviews.apache.org/r/47354/diff/3/?file=1388782#file1388782line34> > > > > Similar to the comment on QuorumAuthServer::authenticate interface, we > > could provide some clarifications on the return value and the exception > > throwed for a user of this interface. Also the > > QuorumAuthClient::authenticate will never return false under current > > implementation. > > Rakesh R wrote: > QuorumAuthServer and QuorumAuthClient are interfaces. I have defined the > interfaces and written javadoc in a generic way. I think, I could have added > javadoc for the implementation classes(SaslQuorumAuthServer, > NullQuorumAuthServer, SaslQuorumAuthClient, NullQuorumAuthClient) detailing > the specific cases. I will add javadocs for the implementations. Whats your > opinion? Yeah that should work. I think my main concern was that the interface doc should mention that a throw of SaslException also means authentication failure, because when I was reading the code it was not clear to me what should I rely on to decide authentication sucess or fail, until I read the implementation. - Michael ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47354/#review134426 ----------------------------------------------------------- On May 20, 2016, 3:10 a.m., Rakesh R wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47354/ > ----------------------------------------------------------- > > (Updated May 20, 2016, 3:10 a.m.) > > > Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul > Gutierrez Segales. > > > Bugs: ZOOKEEPER-1045 > https://issues.apache.org/jira/browse/ZOOKEEPER-1045 > > > Repository: zookeeper-git > > > Description > ------- > > Quorum mutual authentication using SASL mechanism - Digest/Kerberos > > > Diffs > ----- > > build.xml ab254b2 > ivy.xml 95b0e5a > src/java/main/org/apache/zookeeper/Login.java a214c9c > src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa > src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce > > src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java > 2fbd6ed > src/java/main/org/apache/zookeeper/server/quorum/Leader.java 40c6748 > src/java/main/org/apache/zookeeper/server/quorum/Learner.java c73a8ee > src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java > 8a748c7 > src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java > 20e5f16 > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java > 8ae820d > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java > e9c8007 > > src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthClient.java > PRE-CREATION > > src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java > PRE-CREATION > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java > PRE-CREATION > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthClient.java > PRE-CREATION > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java > PRE-CREATION > src/java/main/org/apache/zookeeper/server/quorum/auth/README.md > PRE-CREATION > > src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthClient.java > PRE-CREATION > > src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java > PRE-CREATION > src/java/main/org/apache/zookeeper/util/SecurityUtils.java PRE-CREATION > src/java/test/data/kerberos/minikdc-krb5.conf PRE-CREATION > src/java/test/data/kerberos/minikdc.ldiff PRE-CREATION > src/java/test/org/apache/zookeeper/server/quorum/CnxManagerTest.java > 831d3ed > > src/java/test/org/apache/zookeeper/server/quorum/FLEBackwardElectionRoundTest.java > c1259d1 > src/java/test/org/apache/zookeeper/server/quorum/FLECompatibilityTest.java > 72e4fc9 > src/java/test/org/apache/zookeeper/server/quorum/FLEDontCareTest.java > a4c0cb0 > src/java/test/org/apache/zookeeper/server/quorum/FLELostMessageTest.java > 39a53ca > src/java/test/org/apache/zookeeper/server/quorum/LearnerTest.java 2ae57ce > src/java/test/org/apache/zookeeper/server/quorum/QuorumCnxManagerTest.java > PRE-CREATION > src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerTestBase.java > ef552db > src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java ab8ce42 > > src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosSecurityTestcase.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosTestUtils.java > PRE-CREATION > src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java > PRE-CREATION > src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java > PRE-CREATION > src/java/test/org/apache/zookeeper/test/FLEPredicateTest.java 8088505 > src/zookeeper.jute 6521e54 > > Diff: https://reviews.apache.org/r/47354/diff/ > > > Testing > ------- > > Added unit test cases to verify the changes. > > > Thanks, > > Rakesh R > >
