You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by ad...@apache.org on 2019/12/10 18:33:56 UTC
[kudu] branch master updated: webserver: tag
webserver_require_spnego as stable
This is an automated email from the ASF dual-hosted git repository.
adar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 22d1f66 webserver: tag webserver_require_spnego as stable
22d1f66 is described below
commit 22d1f66ed1b9ae70a0118fdb6d645e1899878442
Author: Adar Dembo <ad...@cloudera.com>
AuthorDate: Sun Dec 8 21:40:22 2019 -0800
webserver: tag webserver_require_spnego as stable
This is a pretty important piece of "secure" web UI puzzle, and I don't
expect its interface to change in the future.
I also snuck in a change to add webserver_require_spnego to the security
section of /config. Screenshot: https://imgur.com/a/jdDO28I
Change-Id: Ib223431f037dfa9f4c9e3d03b03ce03555b25de7
Reviewed-on: http://gerrit.cloudera.org:8080/14872
Reviewed-by: Grant Henke <gr...@apache.org>
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Tested-by: Adar Dembo <ad...@cloudera.com>
---
src/kudu/server/default_path_handlers.cc | 9 ++++++++-
src/kudu/server/webserver_options.cc | 2 +-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/kudu/server/default_path_handlers.cc b/src/kudu/server/default_path_handlers.cc
index 209d304..cbe33a4 100644
--- a/src/kudu/server/default_path_handlers.cc
+++ b/src/kudu/server/default_path_handlers.cc
@@ -30,7 +30,6 @@
#include <boost/algorithm/string/predicate.hpp>
#include <boost/bind.hpp>
#include <gflags/gflags.h>
-#include <gflags/gflags_declare.h>
#include <glog/logging.h>
#ifdef TCMALLOC_ENABLED
@@ -79,6 +78,7 @@ TAG_FLAG(web_log_bytes, advanced);
TAG_FLAG(web_log_bytes, runtime);
// For configuration dashboard
+DECLARE_bool(webserver_require_spnego);
DECLARE_string(redact);
DECLARE_string(rpc_encryption);
DECLARE_string(rpc_authentication);
@@ -302,6 +302,13 @@ static void ConfigurationHandler(const Webserver::WebRequest& /* req */,
webserver_redaction["secure"] = boost::iequals(FLAGS_redact, "all");
webserver_redaction["id"] = "webserver_redaction";
webserver_redaction["explanation"] = "Configure with --redact. Most secure value is 'all'.";
+
+ EasyJson webserver_spnego = security_configs.PushBack(EasyJson::kObject);
+ webserver_spnego["name"] = "Webserver Kerberos Authentication via SPNEGO";
+ webserver_spnego["value"] = FLAGS_webserver_require_spnego ? "on" : "off";
+ webserver_spnego["secure"] = FLAGS_webserver_require_spnego;
+ webserver_spnego["id"] = "webserver_spnego";
+ webserver_spnego["explanation"] = "Configure with --webserver_require_spnego.";
}
void AddDefaultPathHandlers(Webserver* webserver) {
diff --git a/src/kudu/server/webserver_options.cc b/src/kudu/server/webserver_options.cc
index dc0108a..33237ab 100644
--- a/src/kudu/server/webserver_options.cc
+++ b/src/kudu/server/webserver_options.cc
@@ -112,7 +112,7 @@ TAG_FLAG(webserver_tls_min_protocol, advanced);
DEFINE_bool(webserver_require_spnego, false,
"Require connections to the web server to authenticate via Kerberos "
"using SPNEGO.");
-TAG_FLAG(webserver_require_spnego, evolving);
+TAG_FLAG(webserver_require_spnego, stable);
namespace kudu {