Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.10.1.0
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      Parent ticket for security. Wiki and discussion is here:
      https://cwiki.apache.org/confluence/display/KAFKA/Security

        Attachments

          Issue Links

          1.
          Implement a "session" concept in the socket server Sub-task Resolved Gwen Shapira
          2.
          Implement TLS/SSL authentication Sub-task Resolved Sriharsha Chintalapani
          3.
          Implement TLS/SSL tests Sub-task Resolved Sriharsha Chintalapani
          4.
          Implement SASL/Kerberos Sub-task Resolved Sriharsha Chintalapani
          5.
          SASL unit tests Sub-task Resolved sriharsha chintalapani
          6.
          Add authorization interface and naive implementation Sub-task Resolved Parth Brahmbhatt
          7.
          add authentication layer and initial JKS x509 implementation for brokers, producers and consumer for network communication Sub-task Resolved Ivan Lyutov
          8.
          Add SSL support to Kafka Broker, Producer and Consumer Sub-task Resolved Sriharsha Chintalapani
          9.
          new java consumer needs ssl support as a client Sub-task Resolved Sriharsha Chintalapani
          10.
          Authenticate connection to Zookeeper Sub-task Resolved Parth Brahmbhatt
          11.
          Refactor brokers to allow listening on multiple ports and IPs Sub-task Resolved Gwen Shapira
          12.
          Create extendable channel interface and default implementations Sub-task Resolved Gwen Shapira
          13.
          Move kafka.network over to using the network classes in org.apache.kafka.common.network Sub-task Resolved Gwen Shapira
          14.
          KafkaAuthorizer: Add all public entities, config changes and changes to KafkaAPI and kafkaServer to allow pluggable authorizer implementation. Sub-task Resolved Parth Brahmbhatt
          15.
          KafkaAuthorizer: Add simpleACLAuthorizer implementation. Sub-task Resolved Parth Brahmbhatt
          16.
          KafkaAuthorizer: Add CLI for Acl management. Sub-task Resolved Parth Brahmbhatt
          17.
          Kafka Auditing functionality Sub-task Open Parth Brahmbhatt
          18.
          remove usage of BlockingChannel in the broker Sub-task Resolved Ismael Juma
          19.
          Ducktape tests for SSL/TLS Sub-task Resolved Geoff Anderson
          20.
          Test SSL/TLS impact on performance Sub-task Resolved Ben Stopford
          21.
          Use `NetworkClient` instead of `SimpleConsumer` to fetch data from replica Sub-task Resolved Ismael Juma
          22.
          SSL/TLS in official docs Sub-task Resolved Sriharsha Chintalapani
          23.
          Disable SSLv3 for ssl.enabledprotocols config on client & broker side Sub-task Resolved Ismael Juma
          24.
          Unauthorized clients should not be able to join groups Sub-task Resolved Jason Gustafson
          25.
          Run some existing ducktape tests with SSL-enabled clients and brokers Sub-task Resolved Rajini Sivaram
          26.
          ConsumerMetdata authorization error not returned to user Sub-task Resolved Jason Gustafson
          27.
          Add Test with authorizer for producer and consumer Sub-task Resolved Parth Brahmbhatt
          28.
          Metrics for SSL handshake Sub-task Open Unassigned
          29.
          Refactoring of ZkUtils Sub-task Resolved Flavio Junqueira
          30.
          Add tests for ZK authentication Sub-task Resolved Flavio Junqueira
          31.
          Upgrade path for ZK authentication Sub-task Resolved Flavio Junqueira
          32.
          Run relevant ducktape tests with SASL_PLAINTEXT and SASL_SSL Sub-task Resolved Rajini Sivaram
          33.
          Run mirror maker tests in ducktape with SSL and SASL Sub-task Resolved Rajini Sivaram
          34.
          Run replication tests in ducktape with SSL for clients Sub-task Resolved Rajini Sivaram
          35.
          Implement SASL/PLAIN Sub-task Resolved Rajini Sivaram
          36.
          SASL/Kerberos follow-up Sub-task Resolved Ismael Juma
          37.
          SASL authentication in official docs Sub-task Resolved Sriharsha Chintalapani
          38.
          Authorization section in official docs Sub-task Resolved Parth Brahmbhatt
          39.
          Protect passwords from logging Sub-task Resolved Jakub Nowak
          40.
          Improve handling of authorization failure during metadata refresh Sub-task Resolved Jason Gustafson
          41.
          Add ducktape tests for SASL/Kerberos Sub-task Open Unassigned
          42.
          Run relevant ducktape tests with SASL/PLAIN and multiple mechanisms Sub-task Resolved Rajini Sivaram
          43.
          SaslClientAuthenticator no longer needs KerberosNameParser in constructor Sub-task Resolved Ismael Juma
          44.
          Document ZooKeeper authentication Sub-task Resolved Flavio Junqueira
          45.
          Add group support for authorizer acls Sub-task In Progress Parth Brahmbhatt

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jkreps Jay Kreps
              • Votes:
                27 Vote for this issue
                Watchers:
                71 Start watching this issue

                Dates

                • Created:
                  Updated: