January 2021 - infinispan-issues - Jboss List Archives

[Red Hat JIRA] (ISPN-12620) Implicit authorization

by Tristan Tarrant (Jira)

Tristan Tarrant created ISPN-12620: -------------------------------------- Summary: Implicit authorization Key: ISPN-12620 URL: https://issues.redhat.com/browse/ISPN-12620 Project: Infinispan Issue Type: Enhancement Components: Security, Server Reporter: Tristan Tarrant Assignee: Tristan Tarrant Fix For: 13.0.0.Final Authorization should be enabled OOTB in the server. * out-of-the-box, authorization would apply only at the cache manager level. Caches would not have authz enabled by default (the performance cost is non-negligible) * the current small set of permissions which can be combined to form roles is not flexible enough. We would need to have named roles, possibly mapping to the REST resource names (e.g. {{/v2/logging/loggers, /v2/caches/cacheName}}) and map permissions to verbs ({{GET/HEAD = READ, POST,PUT,DELETE = WRITE}}). We might want to use resource prefixes to provide coarser management * users upgrading from older versions will need to add the roles to their existing users. To make use of authorization less cumbersome we should also have some defaults. Adding the empty {{<authorization>}} element should enable authorization with a set of default predefined roles A proposed list of these roles: * admin superuser, allowed to do everything * application allowed to perform all read/write ops, but not allowed to create/remove caches, schemas, scripts * deployer allowed to create/remove caches, schemas, scripts * observer a read-only role. Can use the CLI/console but all write ops are forbidden In terms of {{org.infinispan.security.AuthorizationPermission}} add the following permission: CREATE which would allow create/remove of caches, counters, schemas, scripts -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

[Red Hat JIRA] (ISPN-12616) Rolling Upgrade fails for caches storing POJOs

by Gustavo Fernandes (Jira)

[ https://issues.redhat.com/browse/ISPN-12616?page=com.atlassian.jira.plugi... ] Gustavo Fernandes updated ISPN-12616: ------------------------------------- Git Pull Request: https://github.com/infinispan/infinispan/pull/8978 Status: Pull Request Sent (was: Coding In Progress) > Rolling Upgrade fails for caches storing POJOs > ---------------------------------------------- > > Key: ISPN-12616 > URL: https://issues.redhat.com/browse/ISPN-12616 > Project: Infinispan > Issue Type: Bug > Components: Hot Rod, Loaders and Stores > Affects Versions: 12.0.0.CR1, 11.0.8.Final > Reporter: Gustavo Fernandes > Assignee: Gustavo Fernandes > Priority: Major > > The Remote Store does not support transcoding yet, and the data conversions are done implicitly by combining the 'hotRodWrapping', 'marshaller' and 'rawValues' configurations. > The rolling upgrade process forces the remote store to use 'hotRodWrapping', that prevents consuming a cache that stores "application/x-java-objects", since it assumes the data is already in "application/x-jboss-marshalling" format, causing lots of internal issues. -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

[Red Hat JIRA] (ISPN-12619) Support for Rolling Upgrade in embedded caches

by Gustavo Fernandes (Jira)

Gustavo Fernandes created ISPN-12619: ---------------------------------------- Summary: Support for Rolling Upgrade in embedded caches Key: ISPN-12619 URL: https://issues.redhat.com/browse/ISPN-12619 Project: Infinispan Issue Type: Bug Components: Hot Rod, Loaders and Stores Affects Versions: 12.0.0.CR1, 11.0.8.Final Reporter: Gustavo Fernandes Assignee: Gustavo Fernandes The Remote Store does not support transcoding yet, and the data conversions are done implicitly by combining the 'hotRodWrapping', 'marshaller' and 'rawValues' configurations. The rolling upgrade process forces the remote store to use 'hotRodWrapping', that prevents consuming a cache that stores "application/x-java-objects", since it assumes the data is already in "application/x-jboss-marshalling" format, causing lots of internal issues. -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

[Red Hat JIRA] (ISPN-12607) Metrics degrade cluster performance

by Ryan Emerson (Jira)

[ https://issues.redhat.com/browse/ISPN-12607?page=com.atlassian.jira.plugi... ] Ryan Emerson updated ISPN-12607: -------------------------------- Git Pull Request: https://github.com/infinispan/infinispan/pull/8976, https://github.com/infinispan/infinispan/pull/8977 (was: https://github.com/infinispan/infinispan/pull/8976/files) > Metrics degrade cluster performance > ----------------------------------- > > Key: ISPN-12607 > URL: https://issues.redhat.com/browse/ISPN-12607 > Project: Infinispan > Issue Type: Bug > Affects Versions: 12.0.0.CR1, 11.0.8.Final > Reporter: Ryan Emerson > Priority: Major > > The `/metrics` endpoint exposes Infinispan stats so that they can be periodically scraped by monitoring tools such as Prometheus. However, these stats include calls to `size` which does not perform well as the number of entries in a cache increase. Consequently, if deploying DG in a k8 environment with Prometheus monitoring the DG cluster performance rapidly declines as the number of entries in a cache increases due to time /resources spent iterating the cache container. > This problem is only exasperated when muiltiple caches exist with many entries exist. -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

[Red Hat JIRA] (ISPN-12607) Metrics degrade cluster performance

by Ryan Emerson (Jira)

[ https://issues.redhat.com/browse/ISPN-12607?page=com.atlassian.jira.plugi... ] Ryan Emerson reassigned ISPN-12607: ----------------------------------- Assignee: Ryan Emerson > Metrics degrade cluster performance > ----------------------------------- > > Key: ISPN-12607 > URL: https://issues.redhat.com/browse/ISPN-12607 > Project: Infinispan > Issue Type: Bug > Affects Versions: 12.0.0.CR1, 11.0.8.Final > Reporter: Ryan Emerson > Assignee: Ryan Emerson > Priority: Major > > The `/metrics` endpoint exposes Infinispan stats so that they can be periodically scraped by monitoring tools such as Prometheus. However, these stats include calls to `size` which does not perform well as the number of entries in a cache increase. Consequently, if deploying DG in a k8 environment with Prometheus monitoring the DG cluster performance rapidly declines as the number of entries in a cache increases due to time /resources spent iterating the cache container. > This problem is only exasperated when muiltiple caches exist with many entries exist. -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

[Red Hat JIRA] (ISPN-12618) Configuration/Serialization refactoring

by Tristan Tarrant (Jira)

Tristan Tarrant created ISPN-12618: -------------------------------------- Summary: Configuration/Serialization refactoring Key: ISPN-12618 URL: https://issues.redhat.com/browse/ISPN-12618 Project: Infinispan Issue Type: Feature Request Components: Configuration Reporter: Tristan Tarrant Assignee: Tristan Tarrant Fix For: 13.0.0.Final Currently Infinispan's configuration parsers and serializers rely on {{XmlStreamReader}} and {{XmlStreamWriter}} from {{java.xml}} directly. This means that supporting other formats (JSON, YAML) requires writing parallel implementations. Additionally, referencing {{java.xml}} pulls in 200 classes which have an RSS impact of about 20MB. We should refactor the parsing/serialization code so that it can support multiple formats. The [XPP3|https://www.extreme.indiana.edu/xgws/xsoap/xpp/] implementation is very compact and doesn't rely on the internal {{java.xml}} classes. Identify other modules which may pull in XML classes and try to avoid that. -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

[Red Hat JIRA] (ISPN-12617) Transport security

by Tristan Tarrant (Jira)

Tristan Tarrant created ISPN-12617: -------------------------------------- Summary: Transport security Key: ISPN-12617 URL: https://issues.redhat.com/browse/ISPN-12617 Project: Infinispan Issue Type: Feature Request Components: Security, Server Reporter: Tristan Tarrant Assignee: Tristan Tarrant Fix For: 13.0.0.Final Extend the {{infinispan/cache-container/transport}} schema so that a {{security-realm}} may be specified in server configurations: {code:xml} <cache-container name="default"> <transport cluster="${infinispan.cluster.name:cluster}" stack="${infinispan.cluster.stack:tcp}" node-name="${infinispan.node.name:}" server:security-realm="default"/> </cache-container> {code} If the security realm has an SSL server identity, JGroups will be configured to use a {{SSLSocketFactory}}. If the security realm has a backing realm, JGroups will be configured to enable authentication. -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

[Red Hat JIRA] (ISPN-12616) Rolling Upgrade fails for caches storing POJOs

by Gustavo Fernandes (Jira)

[ https://issues.redhat.com/browse/ISPN-12616?page=com.atlassian.jira.plugi... ] Work on ISPN-12616 started by Gustavo Fernandes. ------------------------------------------------ > Rolling Upgrade fails for caches storing POJOs > ---------------------------------------------- > > Key: ISPN-12616 > URL: https://issues.redhat.com/browse/ISPN-12616 > Project: Infinispan > Issue Type: Bug > Components: Hot Rod, Loaders and Stores > Affects Versions: 12.0.0.CR1, 11.0.8.Final > Reporter: Gustavo Fernandes > Assignee: Gustavo Fernandes > Priority: Major > > The Remote Store does not support transcoding yet, and the data conversions are done implicitly by combining the 'hotRodWrapping', 'marshaller' and 'rawValues' configurations. > The rolling upgrade process forces the remote store to use 'hotRodWrapping', that prevents consuming a cache that stores "application/x-java-objects", since it assumes the data is already in "application/x-jboss-marshalling" format, causing lots of internal issues. -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

[Red Hat JIRA] (ISPN-12616) Rolling Upgrade fails for caches storing POJOs

by Gustavo Fernandes (Jira)

[ https://issues.redhat.com/browse/ISPN-12616?page=com.atlassian.jira.plugi... ] Gustavo Fernandes updated ISPN-12616: ------------------------------------- Status: Open (was: New) > Rolling Upgrade fails for caches storing POJOs > ---------------------------------------------- > > Key: ISPN-12616 > URL: https://issues.redhat.com/browse/ISPN-12616 > Project: Infinispan > Issue Type: Bug > Components: Hot Rod, Loaders and Stores > Affects Versions: 12.0.0.CR1, 11.0.8.Final > Reporter: Gustavo Fernandes > Assignee: Gustavo Fernandes > Priority: Major > > The Remote Store does not support transcoding yet, and the data conversions are done implicitly by combining the 'hotRodWrapping', 'marshaller' and 'rawValues' configurations. > The rolling upgrade process forces the remote store to use 'hotRodWrapping', that prevents consuming a cache that stores "application/x-java-objects", since it assumes the data is already in "application/x-jboss-marshalling" format, causing lots of internal issues. -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

[Red Hat JIRA] (ISPN-12616) Rolling Upgrade fails for caches storing POJOs

by Gustavo Fernandes (Jira)

[ https://issues.redhat.com/browse/ISPN-12616?page=com.atlassian.jira.plugi... ] Gustavo Fernandes updated ISPN-12616: ------------------------------------- Affects Version/s: 12.0.0.CR1 > Rolling Upgrade fails for caches storing POJOs > ---------------------------------------------- > > Key: ISPN-12616 > URL: https://issues.redhat.com/browse/ISPN-12616 > Project: Infinispan > Issue Type: Bug > Components: Hot Rod, Loaders and Stores > Affects Versions: 12.0.0.CR1, 11.0.8.Final > Reporter: Gustavo Fernandes > Assignee: Gustavo Fernandes > Priority: Major > > The Remote Store does not support transcoding yet, and the data conversions are done implicitly by combining the 'hotRodWrapping', 'marshaller' and 'rawValues' configurations. > The rolling upgrade process forces the remote store to use 'hotRodWrapping', that prevents consuming a cache that stores "application/x-java-objects", since it assumes the data is already in "application/x-jboss-marshalling" format, causing lots of internal issues. -- This message was sent by Atlassian Jira (v8.13.1#813001)

4 years, 8 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

infinispan-issues January 2021