Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HBASE-26789 Automatically add default security headers to http/rest if SSL enabled #4128

Merged
merged 1 commit into from
Mar 2, 2022
Merged

HBASE-26789 Automatically add default security headers to http/rest if SSL enabled #4128

merged 1 commit into from
Mar 2, 2022

Conversation

anmolnar
Copy link
Contributor

Originally it was implemented with empty default values, but it actually makes sense to automatically enabled them if SSL is turned on. It's still possible to override via config, but the default behaviour is more secure.

@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 0m 40s Docker mode activated.
-0 ⚠️ yetus 0m 2s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
_ Prechecks _
_ master Compile Tests _
+0 🆗 mvndep 0m 36s Maven dependency ordering for branch
+1 💚 mvninstall 3m 3s master passed
+1 💚 compile 0m 27s master passed
+1 💚 shadedjars 5m 4s branch has no errors when building our shaded downstream artifacts.
+1 💚 javadoc 0m 23s master passed
_ Patch Compile Tests _
+0 🆗 mvndep 0m 10s Maven dependency ordering for patch
+1 💚 mvninstall 2m 48s the patch passed
+1 💚 compile 0m 28s the patch passed
+1 💚 javac 0m 28s the patch passed
+1 💚 shadedjars 5m 0s patch has no errors when building our shaded downstream artifacts.
+1 💚 javadoc 0m 21s the patch passed
_ Other Tests _
+1 💚 unit 0m 47s hbase-http in the patch passed.
+1 💚 unit 4m 51s hbase-rest in the patch passed.
25m 46s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4128/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR #4128
Optional Tests javac javadoc unit shadedjars compile
uname Linux 9cbd68ee439f 5.4.0-1025-aws #25~18.04.1-Ubuntu SMP Fri Sep 11 12:03:04 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision master / cd45cad
Default Java AdoptOpenJDK-11.0.10+9
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4128/1/testReport/
Max. process+thread count 1007 (vs. ulimit of 30000)
modules C: hbase-http hbase-rest U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4128/1/console
versions git=2.17.1 maven=3.6.3
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 0m 42s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+1 💚 hbaseanti 0m 0s Patch does not have any anti-patterns.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
_ master Compile Tests _
+0 🆗 mvndep 0m 13s Maven dependency ordering for branch
+1 💚 mvninstall 2m 36s master passed
+1 💚 compile 0m 40s master passed
+1 💚 checkstyle 0m 15s master passed
+1 💚 spotbugs 0m 43s master passed
_ Patch Compile Tests _
+0 🆗 mvndep 0m 10s Maven dependency ordering for patch
+1 💚 mvninstall 2m 17s the patch passed
+1 💚 compile 0m 38s the patch passed
+1 💚 javac 0m 38s the patch passed
-0 ⚠️ checkstyle 0m 7s hbase-http: The patch generated 1 new + 7 unchanged - 0 fixed = 8 total (was 7)
+1 💚 checkstyle 0m 7s hbase-rest: The patch generated 0 new + 6 unchanged - 1 fixed = 6 total (was 7)
+1 💚 whitespace 0m 0s The patch has no whitespace issues.
+1 💚 hadoopcheck 11m 18s Patch does not cause any errors with Hadoop 3.1.2 3.2.2 3.3.1.
+1 💚 spotbugs 0m 52s the patch passed
_ Other Tests _
+1 💚 asflicense 0m 14s The patch does not generate ASF License warnings.
25m 55s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4128/1/artifact/yetus-general-check/output/Dockerfile
GITHUB PR #4128
Optional Tests dupname asflicense javac spotbugs hadoopcheck hbaseanti checkstyle compile
uname Linux e0a37bfcce45 5.4.0-1025-aws #25~18.04.1-Ubuntu SMP Fri Sep 11 12:03:04 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision master / cd45cad
Default Java AdoptOpenJDK-1.8.0_282-b08
checkstyle https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4128/1/artifact/yetus-general-check/output/diff-checkstyle-hbase-http.txt
Max. process+thread count 60 (vs. ulimit of 30000)
modules C: hbase-http hbase-rest U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4128/1/console
versions git=2.17.1 maven=3.6.3 spotbugs=4.2.2
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 0m 56s Docker mode activated.
-0 ⚠️ yetus 0m 2s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
_ Prechecks _
_ master Compile Tests _
+0 🆗 mvndep 0m 13s Maven dependency ordering for branch
+1 💚 mvninstall 3m 5s master passed
+1 💚 compile 0m 30s master passed
+1 💚 shadedjars 5m 39s branch has no errors when building our shaded downstream artifacts.
+1 💚 javadoc 0m 28s master passed
_ Patch Compile Tests _
+0 🆗 mvndep 0m 15s Maven dependency ordering for patch
+1 💚 mvninstall 3m 0s the patch passed
+1 💚 compile 0m 32s the patch passed
+1 💚 javac 0m 32s the patch passed
+1 💚 shadedjars 5m 34s patch has no errors when building our shaded downstream artifacts.
+1 💚 javadoc 0m 24s the patch passed
_ Other Tests _
+1 💚 unit 0m 49s hbase-http in the patch passed.
+1 💚 unit 6m 0s hbase-rest in the patch passed.
28m 41s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4128/1/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile
GITHUB PR #4128
Optional Tests javac javadoc unit shadedjars compile
uname Linux 46416da79c83 5.4.0-1025-aws #25~18.04.1-Ubuntu SMP Fri Sep 11 12:03:04 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision master / cd45cad
Default Java AdoptOpenJDK-1.8.0_282-b08
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4128/1/testReport/
Max. process+thread count 949 (vs. ulimit of 30000)
modules C: hbase-http hbase-rest U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4128/1/console
versions git=2.17.1 maven=3.6.3
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

@anmolnar anmolnar changed the title HBASE-23303. Add default security headers if SSL is enabled HBASE-23303. Add default security headers if SSL is enabled [ADDENDUM] Feb 23, 2022
@anmolnar anmolnar changed the title HBASE-23303. Add default security headers if SSL is enabled [ADDENDUM] HBASE-26789 Automatically add default security headers to http/rest if SSL enabled Mar 2, 2022
@meszibalu meszibalu merged commit 87f8d9a into apache:master Mar 2, 2022
asfgit pushed a commit that referenced this pull request Mar 2, 2022
@anmolnar @meszibalu
HBASE-23303 Add default security headers if SSL is enabled (#4128)
7f30aa8 
Signed-off-by: Balazs Meszaros <meszibalu@apache.org>
asfgit pushed a commit that referenced this pull request Mar 2, 2022
@anmolnar @meszibalu
HBASE-23303 Add default security headers if SSL is enabled (#4128)
6aa32f0 
Signed-off-by: Balazs Meszaros <meszibalu@apache.org>
asfgit pushed a commit that referenced this pull request Mar 2, 2022
@anmolnar @meszibalu
HBASE-23303 Add default security headers if SSL is enabled (#4128)
1d0d70e 
Signed-off-by: Balazs Meszaros <meszibalu@apache.org>
@anmolnar anmolnar deleted the HBASE-23303_addendum branch March 3, 2022 13:34
vinayakphegde pushed a commit to vinayakphegde/hbase that referenced this pull request Apr 4, 2024
@anmolnar @meszibalu
HBASE-23303 Add default security headers if SSL is enabled (apache#4128)
1554746 
Signed-off-by: Balazs Meszaros <meszibalu@apache.org>
(cherry picked from commit 1d0d70e)
Change-Id: Ib5f7910b5a38fcdb5506012a36be1772a5d8393d
Apache9 added a commit that referenced this pull request Oct 26, 2024
@Apache9
Revert "HBASE-23303 Add default security headers if SSL is enabled (#…
6ddfcfd 
…4128)"

This reverts commit 87f8d9a.
Apache9 added a commit that referenced this pull request Oct 26, 2024
@Apache9
Revert "HBASE-23303 Add default security headers if SSL is enabled (#…
78d108f 
…4128)"

This reverts commit 6aa32f0.
Apache9 added a commit that referenced this pull request Oct 26, 2024
@Apache9
Revert "HBASE-23303 Add default security headers if SSL is enabled (#…
d4cfd29 
…4128)"

This reverts commit 7f30aa8.
Apache9 added a commit that referenced this pull request Oct 26, 2024
@Apache9
Revert "HBASE-23303 Add default security headers if SSL is enabled (#…
f33307f 
…4128)"

This reverts commit 7f30aa8.
Apache9 added a commit that referenced this pull request Oct 26, 2024
@Apache9
Revert "HBASE-23303 Add default security headers if SSL is enabled (#…
af72b44 
…4128)"

This reverts commit 87f8d9a.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@anmolnar @Apache-HBase @meszibalu