[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13965721#comment-13965721 ] Hudson commented on HADOOP-10429: - FAILURE: Integrated in Hadoop-Hdfs-trunk #1728 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1728/]) HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105) * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Fix For: 3.0.0 > > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13965349#comment-13965349 ] Hudson commented on HADOOP-10429: - FAILURE: Integrated in Hadoop-Mapreduce-trunk #1753 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1753/]) HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105) * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Fix For: 3.0.0 > > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13965244#comment-13965244 ] Hudson commented on HADOOP-10429: - FAILURE: Integrated in Hadoop-Yarn-trunk #535 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/535/]) HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105) * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Fix For: 3.0.0 > > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13964619#comment-13964619 ] Hudson commented on HADOOP-10429: - SUCCESS: Integrated in Hadoop-trunk-Commit #5481 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/5481/]) HADOOP-10429. KeyStores should have methods to generate the materials themselves, KeyShell should use them. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1586105) * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Fix For: 3.0.0 > > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960545#comment-13960545 ] Larry McCay commented on HADOOP-10429: -- +1 [~tucu00]] - thanks! > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960487#comment-13960487 ] Benoy Antony commented on HADOOP-10429: --- reviewed, +1. > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960441#comment-13960441 ] Alejandro Abdelnur commented on HADOOP-10429: - [~lmccay], any further comments or we are good to go? > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13958304#comment-13958304 ] Aaron T. Myers commented on HADOOP-10429: - +1, the latest patch looks good to me. Thanks, Tucu. > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13947774#comment-13947774 ] Larry McCay commented on HADOOP-10429: -- Great. I was trying to read it without applying it. Sorry for the off base comments. I will have more time to apply and review in a few days. On Wed, Mar 26, 2014 at 1:46 AM, Alejandro Abdelnur (JIRA) > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13947572#comment-13947572 ] Alejandro Abdelnur commented on HADOOP-10429: - [~lmccay], agree 100%. The patch adds new methods, but it does not remove the old ones, both work, and the default impl of the new signature uses the old one. This means that if you have a custom provider already, it will work just fine and it will have the new functionality. > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13947418#comment-13947418 ] Larry McCay commented on HADOOP-10429: -- [~tucu00]] - I had given this some thought in the past as well. I think that it is fine to add this but I don't know that we should remove the ability for the consumer to use an arbitrary source for keying material. I would imagine a perhaps adding a separate switch to indicate that you want to delegate it to the provider or not. I can imagine a usecase where a specialized hardware key generator is used but you want to store it in a java keystore. You shouldn't necessarily have to write a new provider for that combination. What do you think? > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10429) KeyStores should have methods to generate the materials themselves, KeyShell should use them
[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13946309#comment-13946309 ] Hadoop QA commented on HADOOP-10429: {color:green}+1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12636530/HADOOP-10429.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-common-project/hadoop-common. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3707//console This message is automatically generated. > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0 >Reporter: Alejandro Abdelnur >Assignee: Alejandro Abdelnur > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)