Todd Lipcon has posted comments on this change. Change subject: security: authorize all RPCs against coarse-grained ACLs ......................................................................
Patch Set 6: (5 comments) http://gerrit.cloudera.org:8080/#/c/5998/6//COMMIT_MSG Commit Message: Line 9: This adds two new flags: 'superuser_acl' and 'client_acl'. > Unless there is precedent for these names, I would suggest 'admin_acl' and Just checked and it seems HDFS uses the term 'superuser' rather than 'admin'. I do think 'user' is better than 'client' though, so I'll change that one. Line 20: user, since it's the endpoint that exports signed IPKI certs. > I'm not following this logic. Is this so a superuser can't request service Yea, discussed offline. The issue is that the certs assigned to tablet servers last 10 years, whereas the user authn tokens last only 7 days. So, if we allowed an admin to grab a tserver cert, then they could squirrel away a cert which would be valid for years even if their account were revoked, etc. http://gerrit.cloudera.org:8080/#/c/5998/6/src/kudu/security/init.cc File src/kudu/security/init.cc: PS6, Line 348: onwn > typo Done http://gerrit.cloudera.org:8080/#/c/5998/6/src/kudu/security/simple_acl.cc File src/kudu/security/simple_acl.cc: PS6, Line 44: user > use? Done http://gerrit.cloudera.org:8080/#/c/5998/6/src/kudu/server/server_base.cc File src/kudu/server/server_base.cc: Line 272: if (!messenger_->authentication_required()) { > Is there a downside to moving this to OPTIONAL | REQUIRED? I know it doesn yea, I think it's a good idea. I guess we'll need to make our tests run as a superuser, though, or else a bunch will fail. -- To view, visit http://gerrit.cloudera.org:8080/5998 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Id24a6429273aff355e70e127086a26b7e4a03cd8 Gerrit-PatchSet: 6 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
