Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-1682

Security for Kafka

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 0.10.1.0
    • None
    • security
    • None

    Description

      Parent ticket for security. Wiki and discussion is here:
      https://cwiki.apache.org/confluence/display/KAFKA/Security

      Attachments

        Issue Links

        1.
        Implement a "session" concept in the socket server Sub-task Resolved Gwen Shapira Actions
        2.
        Implement TLS/SSL authentication Sub-task Resolved Harsha Actions
        3.
        Implement TLS/SSL tests Sub-task Resolved Harsha Actions
        4.
        Implement SASL/Kerberos Sub-task Resolved Harsha Actions
        5.
        SASL unit tests Sub-task Resolved sriharsha chintalapani Actions
        6.
        Add authorization interface and naive implementation Sub-task Resolved Parth Brahmbhatt Actions
        7.
        add authentication layer and initial JKS x509 implementation for brokers, producers and consumer for network communication Sub-task Resolved Ivan Lyutov Actions
        8.
        Add SSL support to Kafka Broker, Producer and Consumer Sub-task Resolved Harsha Actions
        9.
        new java consumer needs ssl support as a client Sub-task Resolved Harsha Actions
        10.
        Authenticate connection to Zookeeper Sub-task Resolved Parth Brahmbhatt Actions
        11.
        Refactor brokers to allow listening on multiple ports and IPs Sub-task Resolved Gwen Shapira Actions
        12.
        Create extendable channel interface and default implementations Sub-task Resolved Gwen Shapira Actions
        13.
        Move kafka.network over to using the network classes in org.apache.kafka.common.network Sub-task Resolved Gwen Shapira Actions
        14.
        KafkaAuthorizer: Add all public entities, config changes and changes to KafkaAPI and kafkaServer to allow pluggable authorizer implementation. Sub-task Resolved Parth Brahmbhatt Actions
        15.
        KafkaAuthorizer: Add simpleACLAuthorizer implementation. Sub-task Resolved Parth Brahmbhatt Actions
        16.
        KafkaAuthorizer: Add CLI for Acl management. Sub-task Resolved Parth Brahmbhatt Actions
        17.
        Kafka Auditing functionality Sub-task Open Parth Brahmbhatt Actions
        18.
        remove usage of BlockingChannel in the broker Sub-task Resolved Ismael Juma Actions
        19.
        Ducktape tests for SSL/TLS Sub-task Resolved Geoff Anderson Actions
        20.
        Test SSL/TLS impact on performance Sub-task Resolved Ben Stopford Actions
        21.
        Use `NetworkClient` instead of `SimpleConsumer` to fetch data from replica Sub-task Resolved Ismael Juma Actions
        22.
        SSL/TLS in official docs Sub-task Resolved Harsha Actions
        23.
        Disable SSLv3 for ssl.enabledprotocols config on client & broker side Sub-task Resolved Ismael Juma Actions
        24.
        Unauthorized clients should not be able to join groups Sub-task Resolved Jason Gustafson Actions
        25.
        Run some existing ducktape tests with SSL-enabled clients and brokers Sub-task Resolved Rajini Sivaram Actions
        26.
        ConsumerMetdata authorization error not returned to user Sub-task Resolved Jason Gustafson Actions
        27.
        Add Test with authorizer for producer and consumer Sub-task Resolved Parth Brahmbhatt Actions
        28.
        Metrics for SSL handshake Sub-task Open Unassigned Actions
        29.
        Refactoring of ZkUtils Sub-task Resolved Flavio Paiva Junqueira Actions
        30.
        Add tests for ZK authentication Sub-task Resolved Flavio Paiva Junqueira Actions
        31.
        Upgrade path for ZK authentication Sub-task Resolved Flavio Paiva Junqueira Actions
        32.
        Run relevant ducktape tests with SASL_PLAINTEXT and SASL_SSL Sub-task Resolved Rajini Sivaram Actions
        33.
        Run mirror maker tests in ducktape with SSL and SASL Sub-task Resolved Rajini Sivaram Actions
        34.
        Run replication tests in ducktape with SSL for clients Sub-task Resolved Rajini Sivaram Actions
        35.
        Implement SASL/PLAIN Sub-task Resolved Rajini Sivaram Actions
        36.
        SASL/Kerberos follow-up Sub-task Resolved Ismael Juma Actions
        37.
        SASL authentication in official docs Sub-task Resolved Harsha Actions
        38.
        Authorization section in official docs Sub-task Resolved Parth Brahmbhatt Actions
        39.
        Protect passwords from logging Sub-task Resolved Jakub Nowak Actions
        40.
        Improve handling of authorization failure during metadata refresh Sub-task Resolved Jason Gustafson Actions
        41.
        Add ducktape tests for SASL/Kerberos Sub-task Open Unassigned Actions
        42.
        Run relevant ducktape tests with SASL/PLAIN and multiple mechanisms Sub-task Resolved Rajini Sivaram Actions
        43.
        SaslClientAuthenticator no longer needs KerberosNameParser in constructor Sub-task Resolved Ismael Juma Actions
        44.
        Document ZooKeeper authentication Sub-task Resolved Flavio Paiva Junqueira Actions
        45.
        Add group support for authorizer acls Sub-task In Progress Parth Brahmbhatt Actions

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            jkreps Jay Kreps

            Dates

              Created:
              Updated:

              Slack

                Issue deployment