merge TINKERPOP-2023
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/e937a3a5 Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/e937a3a5 Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/e937a3a5 Branch: refs/heads/master Commit: e937a3a50a45d23dac114529c5062391f940fbcd Parents: 3afc576 b77c0c7 Author: Robert Dale <robd...@gmail.com> Authored: Tue Sep 4 07:26:23 2018 -0400 Committer: Robert Dale <robd...@gmail.com> Committed: Tue Sep 4 07:26:23 2018 -0400 ---------------------------------------------------------------------- CHANGELOG.asciidoc | 1 + .../src/reference/gremlin-applications.asciidoc | 82 +++++-- .../upgrade/release-3.2.x-incubating.asciidoc | 26 +++ gremlin-console/conf/remote-secure.yaml | 5 +- .../tinkerpop/gremlin/driver/Cluster.java | 180 ++++++++++++++- .../tinkerpop/gremlin/driver/Settings.java | 83 +++++++ .../tinkerpop/gremlin/driver/SettingsTest.java | 17 ++ .../conf/gremlin-server-rest-secure.yaml | 7 +- gremlin-server/conf/gremlin-server-secure.yaml | 7 +- .../gremlin/server/AbstractChannelizer.java | 90 ++++++-- .../tinkerpop/gremlin/server/Settings.java | 66 +++++- .../AbstractGremlinServerIntegrationTest.java | 13 ++ .../server/GremlinServerAuthIntegrateTest.java | 4 +- .../GremlinServerAuthOldIntegrateTest.java | 4 +- .../server/GremlinServerIntegrateTest.java | 223 ++++++++++++++++--- ...ctGremlinServerChannelizerIntegrateTest.java | 12 +- .../src/test/resources/client-key.jks | Bin 0 -> 2241 bytes .../src/test/resources/client-key.p12 | Bin 0 -> 2583 bytes .../src/test/resources/client-trust.jks | Bin 0 -> 969 bytes .../src/test/resources/client-trust.p12 | Bin 0 -> 1202 bytes .../src/test/resources/server-key.jks | Bin 0 -> 2258 bytes .../src/test/resources/server-key.p12 | Bin 0 -> 2613 bytes .../src/test/resources/server-trust.jks | Bin 0 -> 952 bytes .../src/test/resources/server-trust.p12 | Bin 0 -> 1186 bytes 24 files changed, 723 insertions(+), 97 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e937a3a5/CHANGELOG.asciidoc ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e937a3a5/docs/src/upgrade/release-3.2.x-incubating.asciidoc ---------------------------------------------------------------------- diff --cc docs/src/upgrade/release-3.2.x-incubating.asciidoc index c7ae1e2,ec973de..5cc52c8 --- a/docs/src/upgrade/release-3.2.x-incubating.asciidoc +++ b/docs/src/upgrade/release-3.2.x-incubating.asciidoc @@@ -29,13 -29,32 +29,39 @@@ Please see the link:https://github.com/ === Upgrading for Users +==== SASL in Gremlin.Net + +The Gremlin Javascript Driver now supports SASL Plain Text authentication against a Gremlin Server. + +See: link:https://issues.apache.org/jira/browse/TINKERPOP-1977[TINKERPOP-1977], +link:http://tinkerpop.apache.org/docs/3.2.10/reference#gremlin-javascript[Reference Documentation - Gremlin Javascript] + + ==== SSL Security + + TinkerPop improves its security posture by removing insecure defaults and adding forward-looking standards support. + + Gremlin Server no longer supports automatically creating self-signed certificates. + Self-signed certificates can still be created manually outside of Gremlin Server. + If ssl is enabled, a key store must be configured. + + Cluster client no longer trusts all certs by default as this is an insecure configuration. + Instead, if no trust store is configured, Cluster will use the default CA certs. + To revert to the previous behavior and accept all certs, it must be explicitly configured. + + This release introduces JKS and PKCS12 support. JKS is the legacy Java Key Store. PKCS12 has better cross-platform support and is gaining in adoption. + Be aware that JKS is the default on Java 8. Java 9 and higher use PKCS12 as the default. Both Java keytool and OpenSSL tools can create, read, update PKCS12 files. + + Other new features include specifying SSL protocols and cipher suites. + The packaged `*-secure.yaml` files now restrict the protocol to `TLSv1.2` by default. + + PEM-based configurations are deprecated and may be removed in a future release. + + See also http://tinkerpop.apache.org/docs/current/reference/#_configuration[Connecting via Java Configuration], + http://tinkerpop.apache.org/docs/current/reference/#_configuring_2[Gremlin Server Configuration]. + + link:https://issues.apache.org/jira/browse/TINKERPOP-2022[TINKERPOP-2022] + link:https://issues.apache.org/jira/browse/TINKERPOP-2023[TINKERPOP-2023] + ==== Bulk Import and Export TinkerPop has provided some general methods for importing and exporting data, but more and more graph providers are http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e937a3a5/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java ----------------------------------------------------------------------