Todd Lipcon has uploaded a new patch set (#8). Change subject: security: authorize all RPCs against coarse-grained ACLs ......................................................................
security: authorize all RPCs against coarse-grained ACLs This adds two new flags: 'superuser_acl' and 'user_acl'. Cluster-admin operations (eg things like SetFlags) are authorized against superuser_acl, and read/write/DDL type operations are authorized against user_acl. Internal-facing RPCs are authorized against the service user, which is assumed to be a matching principal across all of the hosts. Most of the "service" RPCs are also allowed to be accessed by superusers, so that operator tools can take advantage of them. The one exception is TSHeartbeat, which is locked down to _only_ the service user, since it's the endpoint that exports signed IPKI certs. The default service user and superuser ACL are set based on the identity of the server: if the server is logged in from a keytab, we use that username. Otherwise, we use the local Unix username. This means that tests which rely on superuser things like SetFlags, etc, should continue to work as before, since the test client runs as the same Unix user as the server. A new unit test smoke tests the various authorization levels using a combination of the real client and hand-crafted RPCs. Change-Id: Id24a6429273aff355e70e127086a26b7e4a03cd8 --- M java/kudu-client/src/test/java/org/apache/kudu/client/MiniKuduCluster.java M src/kudu/consensus/consensus.proto M src/kudu/integration-tests/CMakeLists.txt M src/kudu/integration-tests/external_mini_cluster-test.cc M src/kudu/integration-tests/external_mini_cluster.cc A src/kudu/integration-tests/security-itest.cc M src/kudu/master/master.cc M src/kudu/master/master.proto M src/kudu/master/master_service.cc M src/kudu/master/master_service.h M src/kudu/rpc/rpc_context.cc M src/kudu/rpc/rpc_context.h M src/kudu/security/CMakeLists.txt M src/kudu/security/init.cc M src/kudu/security/init.h A src/kudu/security/kerberos_util.cc A src/kudu/security/kerberos_util.h A src/kudu/security/simple_acl.cc A src/kudu/security/simple_acl.h M src/kudu/server/generic_service.cc M src/kudu/server/generic_service.h M src/kudu/server/server_base.cc M src/kudu/server/server_base.h M src/kudu/server/server_base.proto M src/kudu/tserver/tablet_copy.proto M src/kudu/tserver/tablet_copy_service.cc M src/kudu/tserver/tablet_copy_service.h M src/kudu/tserver/tablet_server.cc M src/kudu/tserver/tablet_service.cc M src/kudu/tserver/tablet_service.h M src/kudu/tserver/tserver_admin.proto M src/kudu/tserver/tserver_service.proto 32 files changed, 801 insertions(+), 74 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/98/5998/8 -- To view, visit http://gerrit.cloudera.org:8080/5998 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: Id24a6429273aff355e70e127086a26b7e4a03cd8 Gerrit-PatchSet: 8 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]>
