> On May 24, 2016, 12:03 a.m., Michael Han wrote: > > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java, line > > 32 > > <https://reviews.apache.org/r/47354/diff/3/?file=1388781#file1388781line32> > > > > I am tempted to rename this variable to QUORUM_SERVER_SASL_REQUIRED so > > it is consistent just like other configuration variables where the value of > > the variable and its name literally match. There are also other places in > > code where we could replace 'auth' with 'sasl', for example: > > quorumServerAuthRequired -> quorumServerSaslRequired > > > > Not sure what others think about this.
With this jira we are introducing sasl based authentication but in future quorum can support ssl based authentication way. I have chosen the word 'auth' considering this case and I thought 'auth' is more generic. Does this makes sense to you? > On May 24, 2016, 12:03 a.m., Michael Han wrote: > > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthClient.java, > > line 34 > > <https://reviews.apache.org/r/47354/diff/3/?file=1388782#file1388782line34> > > > > Similar to the comment on QuorumAuthServer::authenticate interface, we > > could provide some clarifications on the return value and the exception > > throwed for a user of this interface. Also the > > QuorumAuthClient::authenticate will never return false under current > > implementation. QuorumAuthServer and QuorumAuthClient are interfaces. I have defined the interfaces and written javadoc in a generic way. I think, I could have added javadoc for the implementation classes(SaslQuorumAuthServer, NullQuorumAuthServer, SaslQuorumAuthClient, NullQuorumAuthClient) detailing the specific cases. I will add javadocs for the implementations. Whats your opinion? > On May 24, 2016, 12:03 a.m., Michael Han wrote: > > src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthClient.java, > > line 101 > > <https://reviews.apache.org/r/47354/diff/3/?file=1388785#file1388785line101> > > > > Nit: missing full stop, comment start with upper case letter. > > > > Please let me know if we care about such stylish issue or not - if not > > then I will stop picking :) IIUC this is not followed in zookeeper very strictly. May be others can correct me if I missed anything. > On May 24, 2016, 12:03 a.m., Michael Han wrote: > > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java, line 1420 > > <https://reviews.apache.org/r/47354/diff/3/?file=1388776#file1388776line1420> > > > > Not sure if we really need this log, since the value of > > enableClientAuth is also captured in the following Log.info. Yes, I agree. Here I have added WARN log message to highlight the insecure client quorum peer communication channel. I will remove this if this is a duplicate info, should I remove? - Rakesh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47354/#review134426 ----------------------------------------------------------- On May 20, 2016, 3:10 a.m., Rakesh R wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47354/ > ----------------------------------------------------------- > > (Updated May 20, 2016, 3:10 a.m.) > > > Review request for zookeeper, fpj, Ivan Kelly, Patrick Hunt, and Raul > Gutierrez Segales. > > > Bugs: ZOOKEEPER-1045 > https://issues.apache.org/jira/browse/ZOOKEEPER-1045 > > > Repository: zookeeper-git > > > Description > ------- > > Quorum mutual authentication using SASL mechanism - Digest/Kerberos > > > Diffs > ----- > > build.xml ab254b2 > ivy.xml 95b0e5a > src/java/main/org/apache/zookeeper/Login.java a214c9c > src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 21ef0fa > src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 71870ce > > src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java > 2fbd6ed > src/java/main/org/apache/zookeeper/server/quorum/Leader.java 40c6748 > src/java/main/org/apache/zookeeper/server/quorum/Learner.java c73a8ee > src/java/main/org/apache/zookeeper/server/quorum/LearnerHandler.java > 8a748c7 > src/java/main/org/apache/zookeeper/server/quorum/QuorumCnxManager.java > 20e5f16 > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeer.java 2f0f21b > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java > 8ae820d > src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerMain.java > e9c8007 > > src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthClient.java > PRE-CREATION > > src/java/main/org/apache/zookeeper/server/quorum/auth/NullQuorumAuthServer.java > PRE-CREATION > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuth.java > PRE-CREATION > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthClient.java > PRE-CREATION > src/java/main/org/apache/zookeeper/server/quorum/auth/QuorumAuthServer.java > PRE-CREATION > src/java/main/org/apache/zookeeper/server/quorum/auth/README.md > PRE-CREATION > > src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthClient.java > PRE-CREATION > > src/java/main/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthServer.java > PRE-CREATION > src/java/main/org/apache/zookeeper/util/SecurityUtils.java PRE-CREATION > src/java/test/data/kerberos/minikdc-krb5.conf PRE-CREATION > src/java/test/data/kerberos/minikdc.ldiff PRE-CREATION > src/java/test/org/apache/zookeeper/server/quorum/CnxManagerTest.java > 831d3ed > > src/java/test/org/apache/zookeeper/server/quorum/FLEBackwardElectionRoundTest.java > c1259d1 > src/java/test/org/apache/zookeeper/server/quorum/FLECompatibilityTest.java > 72e4fc9 > src/java/test/org/apache/zookeeper/server/quorum/FLEDontCareTest.java > a4c0cb0 > src/java/test/org/apache/zookeeper/server/quorum/FLELostMessageTest.java > 39a53ca > src/java/test/org/apache/zookeeper/server/quorum/LearnerTest.java 2ae57ce > src/java/test/org/apache/zookeeper/server/quorum/QuorumCnxManagerTest.java > PRE-CREATION > src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerTestBase.java > ef552db > src/java/test/org/apache/zookeeper/server/quorum/Zab1_0Test.java ab8ce42 > > src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosSecurityTestcase.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/KerberosTestUtils.java > PRE-CREATION > src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdc.java > PRE-CREATION > src/java/test/org/apache/zookeeper/server/quorum/auth/MiniKdcTest.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java > PRE-CREATION > > src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java > PRE-CREATION > src/java/test/org/apache/zookeeper/test/FLEPredicateTest.java 8088505 > src/zookeeper.jute 6521e54 > > Diff: https://reviews.apache.org/r/47354/diff/ > > > Testing > ------- > > Added unit test cases to verify the changes. > > > Thanks, > > Rakesh R > >
