|
@@ -13,8 +13,6 @@ Trunk (Unreleased)
|
|
|
|
|
|
|
|
NEW FEATURES
|
|
NEW FEATURES
|
|
|
|
|
|
|
|
- HADOOP-10433. Key Management Server based on KeyProvider API. (tucu)
|
|
|
|
|
-
|
|
|
|
|
HADOOP-9629. Support Windows Azure Storage - Blob as a file system in Hadoop.
|
|
HADOOP-9629. Support Windows Azure Storage - Blob as a file system in Hadoop.
|
|
|
(Dexter Bradshaw, Mostafa Elhemali, Xi Fang, Johannes Klein, David Lao,
|
|
(Dexter Bradshaw, Mostafa Elhemali, Xi Fang, Johannes Klein, David Lao,
|
|
|
Mike Liddell, Chuan Liu, Lengning Liu, Ivan Mitic, Michael Rys,
|
|
Mike Liddell, Chuan Liu, Lengning Liu, Ivan Mitic, Michael Rys,
|
|
@@ -25,9 +23,6 @@ Trunk (Unreleased)
|
|
|
Mike Liddell, Chuan Liu, Lengning Liu, Ivan Mitic, Michael Rys,
|
|
Mike Liddell, Chuan Liu, Lengning Liu, Ivan Mitic, Michael Rys,
|
|
|
Alexander Stojanovich, Brian Swan, and Min Wei via cnauroth)
|
|
Alexander Stojanovich, Brian Swan, and Min Wei via cnauroth)
|
|
|
|
|
|
|
|
- HADOOP-10719. Add generateEncryptedKey and decryptEncryptedKey
|
|
|
|
|
- methods to KeyProvider. (asuresh via tucu)
|
|
|
|
|
-
|
|
|
|
|
IMPROVEMENTS
|
|
IMPROVEMENTS
|
|
|
|
|
|
|
|
HADOOP-8017. Configure hadoop-main pom to get rid of M2E plugin execution
|
|
HADOOP-8017. Configure hadoop-main pom to get rid of M2E plugin execution
|
|
@@ -121,93 +116,15 @@ Trunk (Unreleased)
|
|
|
|
|
|
|
|
HADOOP-9833 move slf4j to version 1.7.5 (Kousuke Saruta via stevel)
|
|
HADOOP-9833 move slf4j to version 1.7.5 (Kousuke Saruta via stevel)
|
|
|
|
|
|
|
|
- HADOOP-10141. Create KeyProvider API to separate encryption key storage
|
|
|
|
|
- from the applications. (omalley)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10201. Add listing to KeyProvider API. (Larry McCay via omalley)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10177. Create CLI tools for managing keys. (Larry McCay via omalley)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10244. TestKeyShell improperly tests the results of delete (Larry
|
|
|
|
|
- McCay via omalley)
|
|
|
|
|
-
|
|
|
|
|
HADOOP-10325. Improve jenkins javadoc warnings from test-patch.sh (cmccabe)
|
|
HADOOP-10325. Improve jenkins javadoc warnings from test-patch.sh (cmccabe)
|
|
|
|
|
|
|
|
HADOOP-10342. Add a new method to UGI to use a Kerberos login subject to
|
|
HADOOP-10342. Add a new method to UGI to use a Kerberos login subject to
|
|
|
build a new UGI. (Larry McCay via omalley)
|
|
build a new UGI. (Larry McCay via omalley)
|
|
|
|
|
|
|
|
- HADOOP-10237. JavaKeyStoreProvider needs to set keystore permissions
|
|
|
|
|
- correctly. (Larry McCay via omalley)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10432. Refactor SSLFactory to expose static method to determine
|
|
|
|
|
- HostnameVerifier. (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10427. KeyProvider implementations should be thread safe. (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10429. KeyStores should have methods to generate the materials
|
|
|
|
|
- themselves, KeyShell should use them. (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10428. JavaKeyStoreProvider should accept keystore password via
|
|
|
|
|
- configuration falling back to ENV VAR. (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10430. KeyProvider Metadata should have an optional description,
|
|
|
|
|
- there should be a method to retrieve the metadata from all keys. (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10534. KeyProvider getKeysMetadata should take a list of names
|
|
|
|
|
- rather than returning all keys. (omalley)
|
|
|
|
|
-
|
|
|
|
|
HADOOP-10563. Remove the dependency of jsp in trunk. (wheat9)
|
|
HADOOP-10563. Remove the dependency of jsp in trunk. (wheat9)
|
|
|
|
|
|
|
|
HADOOP-10485. Remove dead classes in hadoop-streaming. (wheat9)
|
|
HADOOP-10485. Remove dead classes in hadoop-streaming. (wheat9)
|
|
|
|
|
|
|
|
- HADOOP-10696. Add optional attributes to KeyProvider Options and Metadata.
|
|
|
|
|
- (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10695. KMSClientProvider should respect a configurable timeout.
|
|
|
|
|
- (yoderme via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10757. KeyProvider KeyVersion should provide the key name.
|
|
|
|
|
- (asuresh via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10769. Create KeyProvider extension to handle delegation tokens.
|
|
|
|
|
- (Arun Suresh via atm)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10812. Delegate KeyProviderExtension#toString to underlying
|
|
|
|
|
- KeyProvider. (wang)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10736. Add key attributes to the key shell. (Mike Yoder via wang)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10824. Refactor KMSACLs to avoid locking. (Benoy Antony via umamahesh)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10841. EncryptedKeyVersion should have a key name property.
|
|
|
|
|
- (asuresh via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10842. CryptoExtension generateEncryptedKey method should
|
|
|
|
|
- receive the key name. (asuresh via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10750. KMSKeyProviderCache should be in hadoop-common.
|
|
|
|
|
- (asuresh via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10720. KMS: Implement generateEncryptedKey and decryptEncryptedKey
|
|
|
|
|
- in the REST API. (asuresh via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10891. Add EncryptedKeyVersion factory method to
|
|
|
|
|
- KeyProviderCryptoExtension. (wang)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10756. KMS audit log should consolidate successful similar requests.
|
|
|
|
|
- (asuresh via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10793. KeyShell args should use single-dash style. (wang)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10936. Change default KeyProvider bitlength to 128. (wang)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10224. JavaKeyStoreProvider has to protect against corrupting
|
|
|
|
|
- underlying store. (asuresh via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10770. KMS add delegation token support. (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10698. KMS, add proxyuser support. (tucu)
|
|
|
|
|
-
|
|
|
|
|
BUG FIXES
|
|
BUG FIXES
|
|
|
|
|
|
|
|
HADOOP-9451. Fault single-layer config if node group topology is enabled.
|
|
HADOOP-9451. Fault single-layer config if node group topology is enabled.
|
|
@@ -379,22 +296,9 @@ Trunk (Unreleased)
|
|
|
|
|
|
|
|
HADOOP-10044 Improve the javadoc of rpc code (sanjay Radia)
|
|
HADOOP-10044 Improve the javadoc of rpc code (sanjay Radia)
|
|
|
|
|
|
|
|
- HADOOP-10488. TestKeyProviderFactory fails randomly. (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10431. Change visibility of KeyStore.Options getter methods to public. (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10583. bin/hadoop key throws NPE with no args and assorted other fixups. (clamb via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10586. KeyShell doesn't allow setting Options via CLI. (clamb via tucu)
|
|
|
|
|
-
|
|
|
|
|
HADOOP-10625. Trim configuration names when putting/getting them
|
|
HADOOP-10625. Trim configuration names when putting/getting them
|
|
|
to properties. (Wangda Tan via xgong)
|
|
to properties. (Wangda Tan via xgong)
|
|
|
|
|
|
|
|
- HADOOP-10645. TestKMS fails because race condition writing acl files. (tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10611. KMS, keyVersion name should not be assumed to be
|
|
|
|
|
- keyName@versionNumber. (tucu)
|
|
|
|
|
-
|
|
|
|
|
HADOOP-10717. HttpServer2 should load jsp DTD from local jars instead of
|
|
HADOOP-10717. HttpServer2 should load jsp DTD from local jars instead of
|
|
|
going remote. (Dapeng Sun via wheat9)
|
|
going remote. (Dapeng Sun via wheat9)
|
|
|
|
|
|
|
@@ -409,33 +313,12 @@ Trunk (Unreleased)
|
|
|
|
|
|
|
|
HADOOP-10834. Typo in CredentialShell usage. (Benoy Antony via umamahesh)
|
|
HADOOP-10834. Typo in CredentialShell usage. (Benoy Antony via umamahesh)
|
|
|
|
|
|
|
|
- HADOOP-10816. KeyShell returns -1 on error to the shell, should be 1.
|
|
|
|
|
- (Mike Yoder via wang)
|
|
|
|
|
-
|
|
|
|
|
HADOOP-10840. Fix OutOfMemoryError caused by metrics system in Azure File
|
|
HADOOP-10840. Fix OutOfMemoryError caused by metrics system in Azure File
|
|
|
System. (Shanyu Zhao via cnauroth)
|
|
System. (Shanyu Zhao via cnauroth)
|
|
|
|
|
|
|
|
- HADOOP-10826. Iteration on KeyProviderFactory.serviceLoader is
|
|
|
|
|
- thread-unsafe. (benoyantony viat tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10881. Clarify usage of encryption and encrypted encryption
|
|
|
|
|
- key in KeyProviderCryptoExtension. (wang)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10920. site plugin couldn't parse hadoop-kms index.apt.vm.
|
|
|
|
|
- (Akira Ajisaka via wang)
|
|
|
|
|
-
|
|
|
|
|
HADOOP-10925. Compilation fails in native link0 function on Windows.
|
|
HADOOP-10925. Compilation fails in native link0 function on Windows.
|
|
|
(cnauroth)
|
|
(cnauroth)
|
|
|
|
|
|
|
|
- HADOOP-10939. Fix TestKeyProviderFactory testcases to use default 128 bit
|
|
|
|
|
- length keys. (Arun Suresh via wang)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10862. Miscellaneous trivial corrections to KMS classes.
|
|
|
|
|
- (asuresh via tucu)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey
|
|
|
|
|
- performance. (hitliuyi via tucu)
|
|
|
|
|
-
|
|
|
|
|
OPTIMIZATIONS
|
|
OPTIMIZATIONS
|
|
|
|
|
|
|
|
HADOOP-7761. Improve the performance of raw comparisons. (todd)
|
|
HADOOP-7761. Improve the performance of raw comparisons. (todd)
|
|
@@ -498,6 +381,8 @@ Release 2.6.0 - UNRELEASED
|
|
|
|
|
|
|
|
NEW FEATURES
|
|
NEW FEATURES
|
|
|
|
|
|
|
|
|
|
+ HADOOP-10433. Key Management Server based on KeyProvider API. (tucu)
|
|
|
|
|
+
|
|
|
IMPROVEMENTS
|
|
IMPROVEMENTS
|
|
|
|
|
|
|
|
HADOOP-10808. Remove unused native code for munlock. (cnauroth)
|
|
HADOOP-10808. Remove unused native code for munlock. (cnauroth)
|
|
@@ -582,10 +467,91 @@ Release 2.6.0 - UNRELEASED
|
|
|
HADOOP-10975. org.apache.hadoop.util.DataChecksum should support calculating
|
|
HADOOP-10975. org.apache.hadoop.util.DataChecksum should support calculating
|
|
|
checksums in native code (James Thomas via Colin Patrick McCabe)
|
|
checksums in native code (James Thomas via Colin Patrick McCabe)
|
|
|
|
|
|
|
|
|
|
+ HADOOP-10201. Add listing to KeyProvider API. (Larry McCay via omalley)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10177. Create CLI tools for managing keys. (Larry McCay via omalley)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10432. Refactor SSLFactory to expose static method to determine
|
|
|
|
|
+ HostnameVerifier. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10429. KeyStores should have methods to generate the materials
|
|
|
|
|
+ themselves, KeyShell should use them. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10427. KeyProvider implementations should be thread safe. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10428. JavaKeyStoreProvider should accept keystore password via
|
|
|
|
|
+ configuration falling back to ENV VAR. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10430. KeyProvider Metadata should have an optional description,
|
|
|
|
|
+ there should be a method to retrieve the metadata from all keys. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10431. Change visibility of KeyStore.Options getter methods to
|
|
|
|
|
+ public. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10534. KeyProvider getKeysMetadata should take a list of names
|
|
|
|
|
+ rather than returning all keys. (omalley)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10719. Add generateEncryptedKey and decryptEncryptedKey
|
|
|
|
|
+ methods to KeyProvider. (asuresh via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10817. ProxyUsers configuration should support configurable
|
|
|
|
|
+ prefixes. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10881. Clarify usage of encryption and encrypted encryption
|
|
|
|
|
+ key in KeyProviderCryptoExtension. (wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10770. KMS add delegation token support. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10698. KMS, add proxyuser support. (tucu)
|
|
|
|
|
+
|
|
|
OPTIMIZATIONS
|
|
OPTIMIZATIONS
|
|
|
|
|
|
|
|
HADOOP-10838. Byte array native checksumming. (James Thomas via todd)
|
|
HADOOP-10838. Byte array native checksumming. (James Thomas via todd)
|
|
|
|
|
|
|
|
|
|
+ HADOOP-10696. Add optional attributes to KeyProvider Options and Metadata.
|
|
|
|
|
+ (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10695. KMSClientProvider should respect a configurable timeout.
|
|
|
|
|
+ (yoderme via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10757. KeyProvider KeyVersion should provide the key name.
|
|
|
|
|
+ (asuresh via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10769. Create KeyProvider extension to handle delegation tokens.
|
|
|
|
|
+ (Arun Suresh via atm)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10812. Delegate KeyProviderExtension#toString to underlying
|
|
|
|
|
+ KeyProvider. (wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10736. Add key attributes to the key shell. (Mike Yoder via wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10824. Refactor KMSACLs to avoid locking. (Benoy Antony via umamahesh)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10841. EncryptedKeyVersion should have a key name property.
|
|
|
|
|
+ (asuresh via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10842. CryptoExtension generateEncryptedKey method should
|
|
|
|
|
+ receive the key name. (asuresh via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10750. KMSKeyProviderCache should be in hadoop-common.
|
|
|
|
|
+ (asuresh via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10720. KMS: Implement generateEncryptedKey and decryptEncryptedKey
|
|
|
|
|
+ in the REST API. (asuresh via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10891. Add EncryptedKeyVersion factory method to
|
|
|
|
|
+ KeyProviderCryptoExtension. (wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10756. KMS audit log should consolidate successful similar requests.
|
|
|
|
|
+ (asuresh via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10793. KeyShell args should use single-dash style. (wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10936. Change default KeyProvider bitlength to 128. (wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10224. JavaKeyStoreProvider has to protect against corrupting
|
|
|
|
|
+ underlying store. (asuresh via tucu)
|
|
|
|
|
+
|
|
|
BUG FIXES
|
|
BUG FIXES
|
|
|
|
|
|
|
|
HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry
|
|
HADOOP-10781. Unportable getgrouplist() usage breaks FreeBSD (Dmitry
|
|
@@ -621,11 +587,6 @@ Release 2.6.0 - UNRELEASED
|
|
|
HADOOP-10927. Fix CredentialShell help behavior and error codes.
|
|
HADOOP-10927. Fix CredentialShell help behavior and error codes.
|
|
|
(Josh Elser via wang)
|
|
(Josh Elser via wang)
|
|
|
|
|
|
|
|
- HADOOP-10937. Need to set version name correctly before decrypting EEK.
|
|
|
|
|
- (Arun Suresh via wang)
|
|
|
|
|
-
|
|
|
|
|
- HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)
|
|
|
|
|
-
|
|
|
|
|
HADOOP-10933. FileBasedKeyStoresFactory Should use Configuration.getPassword
|
|
HADOOP-10933. FileBasedKeyStoresFactory Should use Configuration.getPassword
|
|
|
for SSL Passwords. (lmccay via tucu)
|
|
for SSL Passwords. (lmccay via tucu)
|
|
|
|
|
|
|
@@ -676,6 +637,49 @@ Release 2.6.0 - UNRELEASED
|
|
|
HADOOP-10968. hadoop native build fails to detect java_libarch on
|
|
HADOOP-10968. hadoop native build fails to detect java_libarch on
|
|
|
ppc64le (Dinar Valeev via Colin Patrick McCabe)
|
|
ppc64le (Dinar Valeev via Colin Patrick McCabe)
|
|
|
|
|
|
|
|
|
|
+ HADOOP-10141. Create KeyProvider API to separate encryption key storage
|
|
|
|
|
+ from the applications. (omalley)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10237. JavaKeyStoreProvider needs to set keystore permissions
|
|
|
|
|
+ correctly. (Larry McCay via omalley)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10244. TestKeyShell improperly tests the results of delete (Larry
|
|
|
|
|
+ McCay via omalley)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10583. bin/hadoop key throws NPE with no args and assorted other fixups. (clamb via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10586. KeyShell doesn't allow setting Options via CLI. (clamb via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10645. TestKMS fails because race condition writing acl files. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10611. KMS, keyVersion name should not be assumed to be
|
|
|
|
|
+ keyName@versionNumber. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10816. KeyShell returns -1 on error to the shell, should be 1.
|
|
|
|
|
+ (Mike Yoder via wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10826. Iteration on KeyProviderFactory.serviceLoader is
|
|
|
|
|
+ thread-unsafe. (benoyantony viat tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10920. site plugin couldn't parse hadoop-kms index.apt.vm.
|
|
|
|
|
+ (Akira Ajisaka via wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10937. Need to set version name correctly before decrypting EEK.
|
|
|
|
|
+ (Arun Suresh via wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10939. Fix TestKeyProviderFactory testcases to use default 128 bit
|
|
|
|
|
+ length keys. (Arun Suresh via wang)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10862. Miscellaneous trivial corrections to KMS classes.
|
|
|
|
|
+ (asuresh via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10967. Improve DefaultCryptoExtension#generateEncryptedKey
|
|
|
|
|
+ performance. (hitliuyi via tucu)
|
|
|
|
|
+
|
|
|
|
|
+ HADOOP-10488. TestKeyProviderFactory fails randomly. (tucu)
|
|
|
|
|
+
|
|
|
Release 2.5.0 - 2014-08-11
|
|
Release 2.5.0 - 2014-08-11
|
|
|
|
|
|
|
|
INCOMPATIBLE CHANGES
|
|
INCOMPATIBLE CHANGES
|
Alejandro Abdelnur