You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Dan Burkert (Code Review)" <ge...@cloudera.org> on 2017/03/25 01:09:41 UTC
[kudu-CR] [docs] Add security guide
Hello Jean-Daniel Cryans, Adar Dembo, Todd Lipcon, Alexey Serbin,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/6479
to review the following change.
Change subject: [docs] Add security guide
......................................................................
[docs] Add security guide
Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
---
A docs/security.adoc
1 file changed, 173 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/79/6479/1
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Hello Hao Hao, Alexey Serbin, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/6479
to look at the new patch set (#4).
Change subject: [docs] Add security guide
......................................................................
[docs] Add security guide
Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
---
A docs/security.adoc
1 file changed, 243 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/79/6479/4
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 4
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
[kudu-CR] [docs] Add security guide
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
(20 comments)
http://gerrit.cloudera.org:8080/#/c/6479/1/docs/security.adoc
File docs/security.adoc:
Line 31: access from unwanted users. This guide will explain the security features
> change to 'unauthorized users'?
Done
PS1, Line 38: amongst
> "among"
Done
PS1, Line 40: gaining access to Kudu
> maybe add something like "and securely identifies the connecting user for t
Done
Line 48: but will allow unauthenticated connections. When `disabled`, Kudu will only
> perhaps add a 'NOTE' section saying something about how the 'optional' auth
Done
PS1, Line 51: 1000's
> "thousands"
Done
PS1, Line 54: Master
> We don't usually capitalize this, IIRC.
Done
Line 60: Kudu uses an internal PKI system to issue certificate credentials to servers in
> specify X509
Done
PS1, Line 67: internally issued
> nit: internally-issued
Done
PS1, Line 72: ,
: see <<known-limitations>> for more information.
> punctuation
actually decided to remove this since it's user-facing docs and "in the future" is too fuzzy
PS1, Line 78: when authenticating
> to authenticate
Done
PS1, Line 80: For the most
: part
> Is there any circumstances under which a token is NOT transparent? If no, t
there are some cases (eg when writing integrations with things like spark/impala/drill/etc) where people may need to care, so leaving it. But I don't want to explain the details here since it may distract from the overall docs.
Line 110: web UI HTTPS configuration.
> do we need to mention http basic authentication is also supported, even tho
I noticed that the webserver_password_file flag is not marked as 'stable' yet so I think we should avoid documenting it until it is. Do you mind doing another patch for 1.4 which marks them as stable and adds docs?
Line 113: be redacted. (TODO: explain how to turn this off). Table metadata, such as table
> @Todd, looking at logging.h , just realized we are using the same value of
yea, I think that's a mistake though since you added the ability to group. Let's not document for now and later switch it to a separate 'web' flag.
PS1, Line 115: disabled setting
> disabled by setting
Done
Line 142: # OR, turn off the web UI entirely.
> Would be nice to reformat to emphasize this OR is vs. all of the --webserve
Done
PS1, Line 152: some
> extra some
Done
PS1, Line 156: Long-lived Tokens:: Kudu clients do not yet automatically request fresh tokens
: after initial token expiration, so long-lived clients in secure clusters are not
: supported.
> Does this affect Impala? Or is the lifespan of a Kudu client scoped to an i
Done
PS1, Line 163: externally issued
> externally-issued
Done
PS1, Line 166: Fine-grained Authorization:: Kudu does not have the ability to restrict access
: based on operation type or target (table, column, etc).
> This is the first I'm seeing about authz; I take it some documentation on "
Done
Line 172: Web UI Authentication:: The Kudu web UI lacks authentication, so individual
> At least we support http basic authentication, do we need to be more specif
see above, I think we should mark it stable before documenting?
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.
Hao Hao has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
(4 comments)
http://gerrit.cloudera.org:8080/#/c/6479/1/docs/security.adoc
File docs/security.adoc:
Line 31: access from unwanted users. This guide will explain the security features
change to 'unauthorized users'?
Line 110: web UI HTTPS configuration.
do we need to mention http basic authentication is also supported, even though it is not preferred?
Line 113: be redacted. (TODO: explain how to turn this off). Table metadata, such as table
@Todd, looking at logging.h , just realized we are using the same value of 'log' redaction to manage web UI redaction?
Line 172: Web UI Authentication:: The Kudu web UI lacks authentication, so individual
At least we support http basic authentication, do we need to be more specific here?
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Jean-Daniel Cryans (Code Review)" <ge...@cloudera.org>.
Jean-Daniel Cryans has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 2:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/6479/2/docs/security.adoc
File docs/security.adoc:
Line 213: Kudu has a few known security limitations:
Flume?
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Ambreen Kazi (Code Review)" <ge...@cloudera.org>.
Ambreen Kazi has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 4:
(7 comments)
http://gerrit.cloudera.org:8080/#/c/6479/4/docs/security.adoc
File docs/security.adoc:
PS4, Line 31: will explain
describes
PS4, Line 66: requiring
: certificates be manually deployed on every node.
requiring you to manually deploy certificates on every node.
PS4, Line 168: turned off configuring the
: `--redact` flag
by setting --redact to false?
PS4, Line 220: yet
Remove 'yet'.
PS4, Line 226: yet
Remove.
PS4, Line 229: yet
Remove'.
PS4, Line 242: The
Remove 'the'
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 4
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 3: Code-Review+1
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: No
[kudu-CR] [docs] Add security guide
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 2:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/6479/2/docs/security.adoc
File docs/security.adoc:
PS2, Line 153: row data will
: be redacted
> Maybe just '... row data is redacted'? Why does it necessary to use the fu
I meant 'Why is it necessary to use the future tense?'
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 2:
(30 comments)
http://gerrit.cloudera.org:8080/#/c/6479/2/docs/security.adoc
File docs/security.adoc:
PS2, Line 33: a list of
: security features which are known deficiencies in the security capabilities.
> a list of known deficiencies in Kudu's security capabilities.
Done
Line 40: gaining access to Kudu, and securely identifies the connecting user for
> user or service
Done
PS2, Line 41: the purposes of authorization decisions
> .. for authorization checks.
Done
PS2, Line 53: Secure clusters
: should
> To secure a cluster, always ...
Done
PS2, Line 65: is able to offer
> 1 word - offers
Done
PS2, Line 77: limited to seven days of validi
> rewrite - are only valid for seven days, so that even if a token were compr
Done
PS2, Line 79: the users of
: Kudu
> just 'users'
Done
PS2, Line 80: is able to take
> 1 word - takes
Done
PS2, Line 81: ,
> remove comma
Done
PS2, Line 81: needing to communicate
> 1 word - communicating
Done
PS2, Line 108: When `required`, Kudu will reject unencrypted connections.
> Does it make sense to mention that connections on the same socket address (
Done
PS2, Line 110: Secure clusters
: should
> To secure a cluster, use ..
Done
PS2, Line 117: may
> can
Done
PS2, Line 120: `kudu tserver set_flag`
> describe this in words rather than just the command.
Done
PS2, Line 127: Kudu internally
> Internally, Kudu has ...
Done
PS2, Line 128: may not
> cannot
Done
PS2, Line 131: based on
> using
Done
Line 132: one for each of the two levels. Each access control list specifies a comma-separated
> .. list 'either' specifies a comma ..
Done
PS2, Line 138: A
> lower case
Done
PS2, Line 153: included
> shown/exposed/divulged?
Done
PS2, Line 153: row data will
: be redacted
> Maybe just '... row data is redacted'? Why does it necessary to use the fu
Done
PS2, Line 153: row data will
: be redacted
> I meant 'Why is it necessary to use the future tense?'
Done
PS2, Line 155: will not be redacted
> Maybe just 'is not redacted'?
Done
PS2, Line 155: may
> can
Done
PS2, Line 158: such as `/metrics`
: which may be relied upon by monitoring systems to gather metrics data.
> such as `/metrics`. Monitoring systems rely on these endpoints to gather me
Done
PS2, Line 165: data
: will be redacted
> '... data is redacted ...' ?
Done
Line 166: will be redacted. This feature can be turned off using the `--redact` flag
> by default?
Done
Line 213: Kudu has a few known security limitations:
> Flume?
Done
PS2, Line 224: The principal must be 'kudu'.
> The hard-coded service principal is 'kudu'.
That's true, but this is saying that the administrator must use the 'kudu' principal as well.
Line 238
> I'm not sure what would be the best way of saying that, but, in short, sinc
This is a good point. I'm not 100% sure it's appropriate as a known-issue, since it's by design, and we most likely won't ever change it.
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Adar Dembo (Code Review)" <ge...@cloudera.org>.
Adar Dembo has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
(4 comments)
http://gerrit.cloudera.org:8080/#/c/6479/1/docs/security.adoc
File docs/security.adoc:
PS1, Line 80: For the most
: part
Is there any circumstances under which a token is NOT transparent? If no, then just remove "For the most part".
Line 142: # OR, turn off the web UI entirely.
Would be nice to reformat to emphasize this OR is vs. all of the --webserver settings and not just --webserver-private-key-password-cmd.
PS1, Line 156: Long-lived Tokens:: Kudu clients do not yet automatically request fresh tokens
: after initial token expiration, so long-lived clients in secure clusters are not
: supported.
Does this affect Impala? Or is the lifespan of a Kudu client scoped to an individual query?
PS1, Line 166: Fine-grained Authorization:: Kudu does not have the ability to restrict access
: based on operation type or target (table, column, etc).
This is the first I'm seeing about authz; I take it some documentation on "coarse-grained authz" still needs to be added to this guide?
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.
Hao Hao has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 2:
(3 comments)
http://gerrit.cloudera.org:8080/#/c/6479/1/docs/security.adoc
File docs/security.adoc:
Line 110: connections. When `disabled`, Kudu will never use encryption. Secure clusters
> I noticed that the webserver_password_file flag is not marked as 'stable' y
Yeah, sure. Will create a jira and work on it.
Line 113: == Coarse-Grained Authorization
> yea, I think that's a mistake though since you added the ability to group.
Make sense. Will create a jira for it then.
Line 172: The following configuration parameters should be set on all servers (master and
> see above, I think we should mark it stable before documenting?
Sure.
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Hello Hao Hao, Alexey Serbin, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/6479
to look at the new patch set (#5).
Change subject: [docs] Add security guide
......................................................................
[docs] Add security guide
Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
---
A docs/security.adoc
1 file changed, 243 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/79/6479/5
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 5
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
[kudu-CR] [docs] Add security guide
Posted by "Will Berkeley (Code Review)" <ge...@cloudera.org>.
Will Berkeley has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
(5 comments)
I scanned for spelling, grammar, missing or extra words, etc.
http://gerrit.cloudera.org:8080/#/c/6479/1/docs/security.adoc
File docs/security.adoc:
PS1, Line 54: Master
We don't usually capitalize this, IIRC.
PS1, Line 67: internally issued
nit: internally-issued
PS1, Line 115: disabled setting
disabled by setting
PS1, Line 152: some
extra some
PS1, Line 163: externally issued
externally-issued
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 2:
(7 comments)
http://gerrit.cloudera.org:8080/#/c/6479/2/docs/security.adoc
File docs/security.adoc:
PS2, Line 108: When `required`, Kudu will reject unencrypted connections.
Does it make sense to mention that connections on the same socket address (basically, connections between components on the same node/host) are not encrypted if --rpc_encrypt_loopback_connections is kept false by default?
PS2, Line 153: included
shown/exposed/divulged?
PS2, Line 153: row data will
: be redacted
Maybe just '... row data is redacted'? Why does it necessary to use the future tense?
PS2, Line 155: will not be redacted
Maybe just 'is not redacted'?
PS2, Line 165: data
: will be redacted
'... data is redacted ...' ?
PS2, Line 224: The principal must be 'kudu'.
The hard-coded service principal is 'kudu'.
Line 238
I'm not sure what would be the best way of saying that, but, in short, since the system verifies authn token only when a new connection is being established, an already opened connection could be used even after the corresponding authn token is expired.
Basically, if a client establishes all the necessary connections in the beginning with then-valid authn token and keeps those established connections open, it can work with the system indefinitely long (well, up to the point when those connections are closed due to restart of Kudu server components).
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 4:
(7 comments)
http://gerrit.cloudera.org:8080/#/c/6479/4/docs/security.adoc
File docs/security.adoc:
PS4, Line 31: will explain
> describes
Done
PS4, Line 66: requiring
: certificates be manually deployed on every node.
> requiring you to manually deploy certificates on every node.
Done
PS4, Line 168: turned off configuring the
: `--redact` flag
> by setting --redact to false?
No, it's unfortunately not quite as simple as that. I think we're still actively working on the redact flag, I'm not sure exactly how to document it at this point.
PS4, Line 220: yet
> Remove 'yet'.
Done
PS4, Line 226: yet
> Remove.
Done
PS4, Line 229: yet
> Remove'.
Done
PS4, Line 242: The
> Remove 'the'
Done
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 4
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
(9 comments)
added some notes. will take on doing another rev of this
http://gerrit.cloudera.org:8080/#/c/6479/1/docs/security.adoc
File docs/security.adoc:
PS1, Line 38: amongst
"among"
PS1, Line 40: gaining access to Kudu
maybe add something like "and securely identifies the connecting user for the purposes of authorization decisions" or somesuch
Line 48: but will allow unauthenticated connections. When `disabled`, Kudu will only
perhaps add a 'NOTE' section saying something about how the 'optional' authentication is meant for transitional usage
PS1, Line 51: 1000's
"thousands"
Line 56: TLS/PKI certificates to servers, and temporary authentication tokens to clients.
maybe better to move the scalability section down below the explanation of PKI
Line 60: Kudu uses an internal PKI system to issue certificate credentials to servers in
specify X509
PS1, Line 72: ,
: see <<known-limitations>> for more information.
punctuation
PS1, Line 78: when authenticating
to authenticate
PS1, Line 95: amongst
among
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Mike Percy (Code Review)" <ge...@cloudera.org>.
Mike Percy has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
Need to add a link for this to the TOC in docs/support/jekyll-templates/document.html.erb
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: No
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
I won't be able to make changes to this for the next week, so if anyone wants to push changes and/or merge, please feel free.
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No
[kudu-CR] [docs] Add security guide
Posted by "Ambreen Kazi (Code Review)" <ge...@cloudera.org>.
Ambreen Kazi has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 2:
(4 comments)
http://gerrit.cloudera.org:8080/#/c/6479/2/docs/security.adoc
File docs/security.adoc:
Line 40: gaining access to Kudu, and securely identifies the connecting user for
user or service
PS2, Line 41: the purposes of authorization decisions
.. for authorization checks.
PS2, Line 127: Kudu internally
Internally, Kudu has ...
PS2, Line 128: may not
cannot
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 3:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/6479/3/docs/security.adoc
File docs/security.adoc:
PS3, Line 113: are
> is
Done
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Ambreen Kazi (Code Review)" <ge...@cloudera.org>.
Ambreen Kazi has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 2:
(17 comments)
http://gerrit.cloudera.org:8080/#/c/6479/2/docs/security.adoc
File docs/security.adoc:
PS2, Line 33: a list of
: security features which are known deficiencies in the security capabilities.
a list of known deficiencies in Kudu's security capabilities.
PS2, Line 53: Secure clusters
: should
To secure a cluster, always ...
PS2, Line 65: is able to offer
1 word - offers
PS2, Line 77: limited to seven days of validi
rewrite - are only valid for seven days, so that even if a token were compromised, it ...
PS2, Line 80: is able to take
1 word - takes
PS2, Line 79: the users of
: Kudu
just 'users'
PS2, Line 81: needing to communicate
1 word - communicating
PS2, Line 81: ,
remove comma
PS2, Line 110: Secure clusters
: should
To secure a cluster, use ..
PS2, Line 117: may
can
PS2, Line 120: `kudu tserver set_flag`
describe this in words rather than just the command.
PS2, Line 131: based on
using
Line 132: one for each of the two levels. Each access control list specifies a comma-separated
.. list 'either' specifies a comma ..
PS2, Line 138: A
lower case
PS2, Line 155: may
can
PS2, Line 158: such as `/metrics`
: which may be relied upon by monitoring systems to gather metrics data.
such as `/metrics`. Monitoring systems rely on these endpoints to gather metrics data.
Line 166: will be redacted. This feature can be turned off using the `--redact` flag
by default?
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Hao Hao (Code Review)" <ge...@cloudera.org>.
Hao Hao has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 3: Code-Review+1
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: No
[kudu-CR] [docs] Add security guide
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
Dan's on PTO this week so I'll take care of reviewing and revising this one.
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
I forgot to document coarse grained authz, and in particular the ACLs.
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Hello Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/6479
to look at the new patch set (#3).
Change subject: [docs] Add security guide
......................................................................
[docs] Add security guide
Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
---
A docs/security.adoc
1 file changed, 243 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/79/6479/3
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
[kudu-CR] [docs] Add security guide
Posted by "Will Berkeley (Code Review)" <ge...@cloudera.org>.
Will Berkeley has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 3:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/6479/3/docs/security.adoc
File docs/security.adoc:
PS3, Line 113: are
is
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: Yes
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 1:
Should probably add flume as a known limitation
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No
[kudu-CR] [docs] Add security guide
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has submitted this change and it was merged.
Change subject: [docs] Add security guide
......................................................................
[docs] Add security guide
Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Reviewed-on: http://gerrit.cloudera.org:8080/6479
Tested-by: Kudu Jenkins
Reviewed-by: Todd Lipcon <to...@apache.org>
---
A docs/security.adoc
1 file changed, 243 insertions(+), 0 deletions(-)
Approvals:
Todd Lipcon: Looks good to me, approved
Kudu Jenkins: Verified
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 6
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
[kudu-CR] [docs] Add security guide
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Hello Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/6479
to look at the new patch set (#2).
Change subject: [docs] Add security guide
......................................................................
[docs] Add security guide
Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
---
A docs/security.adoc
1 file changed, 237 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/79/6479/2
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
[kudu-CR] [docs] Add security guide
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has posted comments on this change.
Change subject: [docs] Add security guide
......................................................................
Patch Set 5: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/6479
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5
Gerrit-PatchSet: 5
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Ambreen Kazi <am...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Hao Hao <ha...@cloudera.com>
Gerrit-Reviewer: Jean-Daniel Cryans <jd...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Mike Percy <mp...@apache.org>
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Will Berkeley <wd...@gmail.com>
Gerrit-HasComments: No