Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-1682

Security for Kafka

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 0.10.1.0
    • None
    • security
    • None

    Description

      Parent ticket for security. Wiki and discussion is here:
      https://cwiki.apache.org/confluence/display/KAFKA/Security

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. ATLAS-82 Secure kafka calls

          • Major - Major loss of function.
          • Resolved
          relates to

          New Feature - A new feature of the product, which has yet to be developed. KAFKA-1810 Add IP Filtering / Whitelists-Blacklists

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          1.
          		 Implement a "session" concept in the socket server Sub-task Resolved Gwen Shapira
          2.
          		 Implement TLS/SSL authentication Sub-task Resolved Harsha
          3.
          		 Implement TLS/SSL tests Sub-task Resolved Harsha
          4.
          		 Implement SASL/Kerberos Sub-task Resolved Harsha
          5.
          		 SASL unit tests Sub-task Resolved sriharsha chintalapani
          6.
          		 Add authorization interface and naive implementation Sub-task Resolved Parth Brahmbhatt
          7.
          		 add authentication layer and initial JKS x509 implementation for brokers, producers and consumer for network communication Sub-task Resolved Ivan Lyutov
          8.
          		 Add SSL support to Kafka Broker, Producer and Consumer Sub-task Resolved Harsha
          9.
          		 new java consumer needs ssl support as a client Sub-task Resolved Harsha
          10.
          		 Authenticate connection to Zookeeper Sub-task Resolved Parth Brahmbhatt
          11.
          		 Refactor brokers to allow listening on multiple ports and IPs Sub-task Resolved Gwen Shapira
          12.
          		 Create extendable channel interface and default implementations Sub-task Resolved Gwen Shapira
          13.
          		 Move kafka.network over to using the network classes in org.apache.kafka.common.network Sub-task Resolved Gwen Shapira
          14.
          		 KafkaAuthorizer: Add all public entities, config changes and changes to KafkaAPI and kafkaServer to allow pluggable authorizer implementation. Sub-task Resolved Parth Brahmbhatt
          15.
          		 KafkaAuthorizer: Add simpleACLAuthorizer implementation. Sub-task Resolved Parth Brahmbhatt
          16.
          		 KafkaAuthorizer: Add CLI for Acl management. Sub-task Resolved Parth Brahmbhatt
          17.
          		 Kafka Auditing functionality Sub-task Open Parth Brahmbhatt
          18.
          		 remove usage of BlockingChannel in the broker Sub-task Resolved Ismael Juma
          19.
          		 Ducktape tests for SSL/TLS Sub-task Resolved Geoff Anderson
          20.
          		 Test SSL/TLS impact on performance Sub-task Resolved Ben Stopford
          21.
          		 Use `NetworkClient` instead of `SimpleConsumer` to fetch data from replica Sub-task Resolved Ismael Juma
          22.
          		 SSL/TLS in official docs Sub-task Resolved Harsha
          23.
          		 Disable SSLv3 for ssl.enabledprotocols config on client & broker side Sub-task Resolved Ismael Juma
          24.
          		 Unauthorized clients should not be able to join groups Sub-task Resolved Jason Gustafson
          25.
          		 Run some existing ducktape tests with SSL-enabled clients and brokers Sub-task Resolved Rajini Sivaram
          26.
          		 ConsumerMetdata authorization error not returned to user Sub-task Resolved Jason Gustafson
          27.
          		 Add Test with authorizer for producer and consumer Sub-task Resolved Parth Brahmbhatt
          28.
          		 Metrics for SSL handshake Sub-task Open Unassigned
          29.
          		 Refactoring of ZkUtils Sub-task Resolved Flavio Paiva Junqueira
          30.
          		 Add tests for ZK authentication Sub-task Resolved Flavio Paiva Junqueira
          31.
          		 Upgrade path for ZK authentication Sub-task Resolved Flavio Paiva Junqueira
          32.
          		 Run relevant ducktape tests with SASL_PLAINTEXT and SASL_SSL Sub-task Resolved Rajini Sivaram
          33.
          		 Run mirror maker tests in ducktape with SSL and SASL Sub-task Resolved Rajini Sivaram
          34.
          		 Run replication tests in ducktape with SSL for clients Sub-task Resolved Rajini Sivaram
          35.
          		 Implement SASL/PLAIN Sub-task Resolved Rajini Sivaram
          36.
          		 SASL/Kerberos follow-up Sub-task Resolved Ismael Juma
          37.
          		 SASL authentication in official docs Sub-task Resolved Harsha
          38.
          		 Authorization section in official docs Sub-task Resolved Parth Brahmbhatt
          39.
          		 Protect passwords from logging Sub-task Resolved Jakub Nowak
          40.
          		 Improve handling of authorization failure during metadata refresh Sub-task Resolved Jason Gustafson
          41.
          		 Add ducktape tests for SASL/Kerberos Sub-task Open Unassigned
          42.
          		 Run relevant ducktape tests with SASL/PLAIN and multiple mechanisms Sub-task Resolved Rajini Sivaram
          43.
          		 SaslClientAuthenticator no longer needs KerberosNameParser in constructor Sub-task Resolved Ismael Juma
          44.
          		 Document ZooKeeper authentication Sub-task Resolved Flavio Paiva Junqueira
          45.
          		 Add group support for authorizer acls Sub-task In Progress Parth Brahmbhatt

          Activity

            People

              Unassigned Unassigned
              jkreps Jay Kreps
              Votes:
              27 Vote for this issue
              Watchers:
              71 Start watching this issue

              Dates

                Created:
                Updated: