Dan Burkert has posted comments on this change. Change subject: security: authorize all RPCs against coarse-grained ACLs ......................................................................
Patch Set 7: (6 comments) http://gerrit.cloudera.org:8080/#/c/5998/6//COMMIT_MSG Commit Message: Line 9: This adds two new flags: 'superuser_acl' and 'user_acl'. > Just checked and it seems HDFS uses the term 'superuser' rather than 'admin sounds good Line 20: user, since it's the endpoint that exports signed IPKI certs. > Yea, discussed offline. The issue is that the certs assigned to tablet serv ok good catch http://gerrit.cloudera.org:8080/#/c/5998/7/src/kudu/rpc/messenger.h File src/kudu/rpc/messenger.h: Line 218: bool authentication_required() const { Is this necessary anymore? I know you removed one use of it in the latest revision. http://gerrit.cloudera.org:8080/#/c/5998/7/src/kudu/security/simple_acl.cc File src/kudu/security/simple_acl.cc: Line 64: static const char* kReservedStartingCharacters = "!@#$%*-=+"; Should we reserve ''' or '"'? I think it would be prudent to have a way to introduce escaped names in the future, in case these symbols end up being used somewhere. http://gerrit.cloudera.org:8080/#/c/5998/6/src/kudu/server/server_base.cc File src/kudu/server/server_base.cc: Line 272: > yea, I think it's a good idea. I guess we'll need to make our tests run as Ok one more thought - in the case where the server does have kerberos credentials but authentication is OPTIONAL, we might want to consider requiring strong authn if the user is attempting to be a super user. The upside is that we are 'more secure' by default for super user actions when kerberos is configured. The OPTIONAL state is necessary not to break existing clients when transitioning from insecure to secure, but I don't expect we'll have any 'long-lived' superuser clients. The downside is that this may be confusing to explain. http://gerrit.cloudera.org:8080/#/c/5998/7/src/kudu/server/server_base.h File src/kudu/server/server_base.h: PS7, Line 107: CLIENT USER -- To view, visit http://gerrit.cloudera.org:8080/5998 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Id24a6429273aff355e70e127086a26b7e4a03cd8 Gerrit-PatchSet: 7 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
