[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16107792#comment-16107792 ] Xiao Chen commented on HADOOP-10758: Thanks for the continuing on this [~lars_francke], and for the interest for a doc patch. I agree the cluster may have security holes exposed, if the ACLs are not configured correctly. The solution IMO, is to make our docs better so people are aware of this, and more unlikely to configure their cluster to expose such holes. I don't see a way of software level 'fix' to stop mis-configurations. Perhaps we can log a warning if MANAGEMENT is open to everyone, to be proactive. [HDFS permission guide|http://hadoop.apache.org/docs/r3.0.0-alpha2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html] may also come in handy for some ideas to improve this. > KMS: add ACLs on per key basis. > --- > > Key: HADOOP-10758 > URL: https://issues.apache.org/jira/browse/HADOOP-10758 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0-alpha1 >Reporter: Alejandro Abdelnur >Assignee: Arun Suresh > Fix For: 2.6.0 > > Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, > HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, > HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch, > HADOOP-10758.9.patch > > > The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16106930#comment-16106930 ] Lars Francke commented on HADOOP-10758: --- Sorry for the long delay. I'll try to get around to a doc patch. On the other issue I'm afraid we'll have to agree to disagree. I think it's a security issue. The real world clusters I see daily are not nearly as well configured or secured as one might think. The root cause often being the entirely missing or outdated documentation/best practices. > KMS: add ACLs on per key basis. > --- > > Key: HADOOP-10758 > URL: https://issues.apache.org/jira/browse/HADOOP-10758 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0-alpha1 >Reporter: Alejandro Abdelnur >Assignee: Arun Suresh > Fix For: 2.6.0 > > Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, > HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, > HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch, > HADOOP-10758.9.patch > > > The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16100719#comment-16100719
]
Xiao Chen commented on HADOOP-10758:
I agree the docs could be improved, please feel free to file follow-on jiras
for that. I'd be happy to review.
{{MANAGEMENT}} ACLs should really be open only for key admins on production.
Besides createKey problems as you mentioned, a malicious user with
{{MANAGEMENT}} could also delete the key, which would result in data loss, or
roll the key enough times to theoretically have the keystore run out of space
etc.
> KMS: add ACLs on per key basis.
> ---
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
>Affects Versions: 3.0.0-alpha1
>Reporter: Alejandro Abdelnur
>Assignee: Arun Suresh
> Fix For: 2.6.0
>
> Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
> HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
> HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch,
> HADOOP-10758.9.patch
>
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16100668#comment-16100668
]
Lars Francke commented on HADOOP-10758:
---
I've read the docs and the code but the docs don't mention {{key.acl.name}} at
all.
Yes it's used for creates only, but imagine someone has the MANAGEMENT ACLs for
key {{foo}}. He can now create _any_ key by just setting {{key.acl.name}} to
{{foo}} for this newly created key. The default ACLs don't even come into play.
And that is because the method {{authorizeCreateKey}} in blindly takes the ACL
to use from the user input. That, in my opinion, is not a good idea.
> KMS: add ACLs on per key basis.
> ---
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
>Affects Versions: 3.0.0-alpha1
>Reporter: Alejandro Abdelnur
>Assignee: Arun Suresh
> Fix For: 2.6.0
>
> Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
> HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
> HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch,
> HADOOP-10758.9.patch
>
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16100552#comment-16100552
]
Xiao Chen commented on HADOOP-10758:
That part of code is only used for CreateKeys, and used for
{quote}
// This method first checks if "key.acl.name" attribute is present as an
// attribute in the provider Options. If yes, use the aclName for any
// subsequent access checks, else use the keyName as the aclName and set it
// as the value of the "key.acl.name" in the key's metadata.
private void authorizeCreateKey(String keyName, Options options,
{quote}
And for creates, it's checked against MANAGEMENT default key acls,
[code|https://github.com/apache/hadoop/blob/branch-3.0.0-alpha1/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java#L131],
which usually should be just the cluster's key admins.
I think this part of the doc might be helpful.
http://hadoop.apache.org/docs/r3.0.0-alpha2/hadoop-kms/index.html#Key_ACLs
> KMS: add ACLs on per key basis.
> ---
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
>Affects Versions: 3.0.0-alpha1
>Reporter: Alejandro Abdelnur
>Assignee: Arun Suresh
> Fix For: 2.6.0
>
> Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
> HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
> HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch,
> HADOOP-10758.9.patch
>
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16100446#comment-16100446
]
Lars Francke commented on HADOOP-10758:
---
Thanks for the reply [~xiaochen] but I don't think it answers my question.
I've looked at the code and that looks like this:
{code:title=KMS.java}
Map attributes = (Map)
jsonKey.get(KMSRESTConstants.ATTRIBUTES_FIELD);
...
KeyProvider.Options options = new
KeyProvider.Options(KMSWebApp.getConfiguration());
...
options.setAttributes(attributes);
{code}
As you can see the {{attributes}} can be set by the user by just adding an
{{attributes}} object to the JSON payload.
Further along this {{options}} object is used as follows:
{code:title=KeyAuthorizationKeyProvider.java}
Map attributes = options.getAttributes();
String aclName = attributes.get(KEY_ACL_NAME);
{code}
So, a user can actually dictate the which ACL is used. He could for example
point it at another key for which he has the necessary ACLs.
> KMS: add ACLs on per key basis.
> ---
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
>Affects Versions: 3.0.0-alpha1
>Reporter: Alejandro Abdelnur
>Assignee: Arun Suresh
> Fix For: 2.6.0
>
> Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
> HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
> HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch,
> HADOOP-10758.9.patch
>
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16100433#comment-16100433
]
Xiao Chen commented on HADOOP-10758:
Thanks for the question [~lars_francke],
Docs could be found at
http://hadoop.apache.org/docs/r3.0.0-alpha2/hadoop-kms/index.html#ACLs_Access_Control_Lists.
The configuration is physically located on KMS server - where normal users
shouldn't have access to. Per the details in the doc, the key {{foo}}'s Key
ACLs are prefixed with {{key.acl.foo}}, so still controlled by admin. (If the
name isn't {{foo}}, then that's used for that name, rather than {{foo}})
> KMS: add ACLs on per key basis.
> ---
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
>Affects Versions: 3.0.0-alpha1
>Reporter: Alejandro Abdelnur
>Assignee: Arun Suresh
> Fix For: 2.6.0
>
> Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
> HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
> HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch,
> HADOOP-10758.9.patch
>
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16099863#comment-16099863 ] Lars Francke commented on HADOOP-10758: --- I know this issue is old but I'm wondering: The user can specify the ACL to check against using the key.acl.name property. That seems a bit insecure to me, no? If I want to make sure that a key with the name "foo" can only be managed by certain users then I have a hard time to enforce that when it is being created with a different key.acl.name. Am I missing something? Is this by design? The fact that the whole attributes field and key.acl.name thing is not documented doesn't help. > KMS: add ACLs on per key basis. > --- > > Key: HADOOP-10758 > URL: https://issues.apache.org/jira/browse/HADOOP-10758 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Affects Versions: 3.0.0-alpha1 >Reporter: Alejandro Abdelnur >Assignee: Arun Suresh > Fix For: 2.6.0 > > Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, > HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, > HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch, > HADOOP-10758.9.patch > > > The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14129905#comment-14129905 ] Hudson commented on HADOOP-10758: - SUCCESS: Integrated in Hadoop-Yarn-trunk #677 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/677/]) HADOOP-10758. KMS: add ACLs on per key basis. (tucu) (tucu: rev b02a4b40610e93eef6559db09a11d287e859446d) * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java * hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-kms/src/site/apt/index.apt.vm * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java * hadoop-common-project/hadoop-kms/src/main/conf/kms-acls.xml * hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java KMS: add ACLs on per key basis. --- Key: HADOOP-10758 URL: https://issues.apache.org/jira/browse/HADOOP-10758 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 3.0.0 Reporter: Alejandro Abdelnur Assignee: Arun Suresh Fix For: 2.6.0 Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch, HADOOP-10758.9.patch The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14130027#comment-14130027 ] Hudson commented on HADOOP-10758: - FAILURE: Integrated in Hadoop-Mapreduce-trunk #1893 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1893/]) HADOOP-10758. KMS: add ACLs on per key basis. (tucu) (tucu: rev b02a4b40610e93eef6559db09a11d287e859446d) * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java * hadoop-common-project/hadoop-kms/src/main/conf/kms-acls.xml * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java * hadoop-common-project/hadoop-kms/src/site/apt/index.apt.vm * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java * hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java KMS: add ACLs on per key basis. --- Key: HADOOP-10758 URL: https://issues.apache.org/jira/browse/HADOOP-10758 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 3.0.0 Reporter: Alejandro Abdelnur Assignee: Arun Suresh Fix For: 2.6.0 Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch, HADOOP-10758.9.patch The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14130050#comment-14130050 ] Hudson commented on HADOOP-10758: - SUCCESS: Integrated in Hadoop-Hdfs-trunk #1868 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1868/]) HADOOP-10758. KMS: add ACLs on per key basis. (tucu) (tucu: rev b02a4b40610e93eef6559db09a11d287e859446d) * hadoop-common-project/hadoop-kms/src/main/conf/kms-acls.xml * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-kms/src/site/apt/index.apt.vm * hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java * hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java * hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java KMS: add ACLs on per key basis. --- Key: HADOOP-10758 URL: https://issues.apache.org/jira/browse/HADOOP-10758 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 3.0.0 Reporter: Alejandro Abdelnur Assignee: Arun Suresh Fix For: 2.6.0 Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch, HADOOP-10758.9.patch The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14128779#comment-14128779
]
Hadoop QA commented on HADOOP-10758:
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12667786/HADOOP-10758.9.patch
against trunk revision 3072c83.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 2 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-common-project/hadoop-kms.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4691//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4691//console
This message is automatically generated.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch,
HADOOP-10758.9.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14129139#comment-14129139 ] Alejandro Abdelnur commented on HADOOP-10758: - +1 KMS: add ACLs on per key basis. --- Key: HADOOP-10758 URL: https://issues.apache.org/jira/browse/HADOOP-10758 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 3.0.0 Reporter: Alejandro Abdelnur Assignee: Arun Suresh Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch, HADOOP-10758.9.patch The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14123645#comment-14123645 ] Alejandro Abdelnur commented on HADOOP-10758: - +1 KMS: add ACLs on per key basis. --- Key: HADOOP-10758 URL: https://issues.apache.org/jira/browse/HADOOP-10758 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 3.0.0 Reporter: Alejandro Abdelnur Assignee: Arun Suresh Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14121775#comment-14121775
]
Hadoop QA commented on HADOOP-10758:
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12666536/HADOOP-10758.8.patch
against trunk revision 1a09536.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 2 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-common-project/hadoop-kms.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4652//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4652//console
This message is automatically generated.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14120491#comment-14120491
]
Alejandro Abdelnur commented on HADOOP-10758:
-
*index.apt.vm*:
* empty line between 'For all...' and 'If no ACL...' paragraphs.
*KeyAuthorizationKeyProvider.java*:
* Use {{String.format()}} in all exception msgs
* Move this class (and test) to KMS module
*KMSACLs.java*:
* instead using a special __DEFAULT__ keyname, why simply have a a
defaultKeyAcls MapKeyOpType, AccessControlList
*KeyAuthorizationProvider.java*:
* doAccessCheck() should use the key name as aclName if the KEY_ACL_NAME attr
is NULL (this to enable older keys with KEY_ACL_NAME to work)
* in the setKeyACLs(), all the splitting of prop name could be done more
readable as:
{code}
int keyNameStarts = KMSConfiguration.KEY_ACL_PREFIX.length();
int keyNameEnds = k.lastIndexOf(.);
if (keyNameStarts = keyNameEnds) {
//LOG WARN 'invalid config $k'
} else {
String keyName = k.substring(keyNameStarts, keyNameEnds);
String keyOp = k.substring(keyNameEnds + 1);
KeyOpType aclType = null;
try {
aclType = KeyOpType.valueOf(keyOp);
} catch (IllegalArgumentException e) {
//LOG WARN ' invalid key operation for $keyName : $aclType
}
}
{code}
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
HADOOP-10758.6.patch, HADOOP-10758.7.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14118382#comment-14118382
]
Alejandro Abdelnur commented on HADOOP-10758:
-
Looks good, just a few minor things:
*KeyAuthorizationKeyProvider.java*:
* shouldn’t {{getExtension()}} and {{getKeyProvider()}} return {{this}}? or is
the intention to return the unguarded entity? if the later, we should log a
warning on the GET call.
* {{doAccessCheck()}}, if the {{KEY_ACL_NAME}} attribute is NULL, shouldn’t we
pass the name of the key? by doing this you can key-acl existing keys via its
name (in the case you enable key-acl after the keys were created).
* {{authorizeCkreateKey()}}, the {{success =...}} predicate assignment could be
done once by doing a refactoring on how the name/attribute is assigned.
*KMSACLs.java*:
* {{setKeyACLs()}}, if name of the key has dots (can it?) then the logic here
will fail as you are expecting 4 elements after split. I think you should look
for postfix without assuming dots, you already filtered the prefix.
* it is not clear to me what is the behavior if no default ACLs are set. are we
assuming '*' or we are requiring explicit ACLs for every key? it seems the
later makes more sense, no? we should log a warning and put that in the docs.
*KMSConstants.java*:
* {{KEY_ACL_PREFIX}} does not seem used.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
HADOOP-10758.6.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14118390#comment-14118390 ] Alejandro Abdelnur commented on HADOOP-10758: - forgot to mention, use String.format() to construct exception messages, it is cleaner to the eye. KMS: add ACLs on per key basis. --- Key: HADOOP-10758 URL: https://issues.apache.org/jira/browse/HADOOP-10758 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 3.0.0 Reporter: Alejandro Abdelnur Assignee: Arun Suresh Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, HADOOP-10758.6.patch The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14119098#comment-14119098
]
Hadoop QA commented on HADOOP-10758:
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12666074/HADOOP-10758.7.patch
against trunk revision 08a9ac7.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 2 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The following test timeouts occurred in
hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms:
org.apache.hadoop.io.compress.TestCodec
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4633//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4633//console
This message is automatically generated.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
HADOOP-10758.6.patch, HADOOP-10758.7.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14119231#comment-14119231 ] Arun Suresh commented on HADOOP-10758: -- The test case failure seems unrelated.. KMS: add ACLs on per key basis. --- Key: HADOOP-10758 URL: https://issues.apache.org/jira/browse/HADOOP-10758 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 3.0.0 Reporter: Alejandro Abdelnur Assignee: Arun Suresh Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch, HADOOP-10758.6.patch, HADOOP-10758.7.patch The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14116688#comment-14116688
]
Hadoop QA commented on HADOOP-10758:
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12665601/HADOOP-10758.5.patch
against trunk revision 258c7d0.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 2 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms:
org.apache.hadoop.crypto.key.kms.server.TestKMS
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4610//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4610//console
This message is automatically generated.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14116882#comment-14116882
]
Hadoop QA commented on HADOOP-10758:
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12665672/HADOOP-10758.6.patch
against trunk revision 258c7d0.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 2 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4611//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4611//console
This message is automatically generated.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
HADOOP-10758.6.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14116071#comment-14116071
]
Alejandro Abdelnur commented on HADOOP-10758:
-
*KeyAuthorizationKeyProvider.java*:
* class javadoc, use HTML markup (for the list), else everything will be
collapsed in one line.
* {{authorizeCreateKey()}} {{checkAccess()}} should throw
{{AuthorizationException}} (it extends {{IOException}}.
* {{warmUpEncryptedKeys()}} should do an initial loop just to check access on
the whole array of names.
* IMO, read methods should be guarded as well, may of them return key material.
In multi-tenancy environments this will be required.
* The constants should be in {{KMSConfiguration}}
*KMSACLs.java*:
* {{setKeyACLs()}}, we shouldn’t set '*' as ACL if an ACL for a key is not
present. Because of a typo you can leave a key avail to everybody. Instead we
should have KEY DEFAULTs.
* KEY DEFAULTs for each operation, we should have them as fallback for keys
that do not have ACLs defined. They can set to a '*' default. At load time, if
the value is the default '*' we should WARN in the logs that the key defaults
are wide open.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch, HADOOP-10758.4.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14113412#comment-14113412
]
Hadoop QA commented on HADOOP-10758:
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12664827/HADOOP-10758.4.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 2 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4565//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4565//console
This message is automatically generated.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch, HADOOP-10758.4.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14111295#comment-14111295
]
Hadoop QA commented on HADOOP-10758:
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12664457/HADOOP-10758.3.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 2 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms:
org.apache.hadoop.metrics2.impl.TestMetricsSystemImpl
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4549//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4549//console
This message is automatically generated.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[ https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14111308#comment-14111308 ] Arun Suresh commented on HADOOP-10758: -- TestCase error seems unrelated to the patch KMS: add ACLs on per key basis. --- Key: HADOOP-10758 URL: https://issues.apache.org/jira/browse/HADOOP-10758 Project: Hadoop Common Issue Type: Improvement Components: security Affects Versions: 3.0.0 Reporter: Alejandro Abdelnur Assignee: Arun Suresh Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch, HADOOP-10758.3.patch The KMS server should enforce ACLs on per key basis. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14111560#comment-14111560
]
Alejandro Abdelnur commented on HADOOP-10758:
-
*index.apt.vm*:
{code}
KMS also supports access control for all non-read operations at the Key level.
All Key Access operations are classified as :
MANAGEMENT - createKey, deleteKey, rolloverNewVersion
GENERATE_EEK - generateEncryptedKey, warmUpEncryptedKeys
DECRYPT_EEK - decryptEncryptedKey;
ALL - all of the above;
{code}
The above will show as a single paragraph, it should be:
{code}
KMS also supports access control for all non-read operations at the Key level.
All Key Access operations are classified as :
* MANAGEMENT - createKey, deleteKey, rolloverNewVersion
* GENERATE_EEK - generateEncryptedKey, warmUpEncryptedKeys
* DECRYPT_EEK - decryptEncryptedKey
* ALL - all of the above
{code}
The line KMS also supports access control for all non-read operations at the
Key level. All Key Access operations are classified as : should read KMS
supports access control on per key basis. A Key can have the following ACLs
types:
The line These can also be defined in the KMS etc/hadoop/kms-acls.xml as
follows
should be Key ACLs are defined in the etc/hadoop/kms-acls.xml
configuration file which is hot-reloadable, for example:
*HotReloadingACLs.java/KeyACLs.java*:
Would be easier to piggyback on the {{KMSACLs}} class which already does
hot-reloading reloading? Then we can have a {{hasAccessToKey(String keyName,
String user, KeyOptType opType)}} method there and use that through out the
code.
*default Key ACLs*:
It seems we should have a set of configs with the default key ACLs. The
{{hasAccessToKey()}} method would fallback to the default Key ACLs if a
specific key ACL is not defined.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
HADOOP-10758.3.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14073913#comment-14073913
]
Hadoop QA commented on HADOOP-10758:
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12657721/HADOOP-10758.2.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms:
org.apache.hadoop.ipc.TestIPC
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4363//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/4363//console
This message is automatically generated.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HADOOP-10758) KMS: add ACLs on per key basis.
[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045379#comment-14045379
]
Alejandro Abdelnur commented on HADOOP-10758:
-
Keys when created could have a special attribute 'key.acl.id'.
The KMS, when a user requests a key, it would assert that the user has access
to it by checking the specified ACL id. For this the KMS would have hot
reloadable ACLs from a key-acls.xml file and using Hadoop {{ACL}} class would
assert access to the key.
This could be implemented as a {{KeyProvider}} proxy class and it would
leverage HADOOP-10750 HADOOP-10757.
KMS: add ACLs on per key basis.
---
Key: HADOOP-10758
URL: https://issues.apache.org/jira/browse/HADOOP-10758
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.0.0
Reporter: Alejandro Abdelnur
Assignee: Arun Suresh
The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
