[kudu-CR] authz: verify tokens on scans

Tue, 19 Mar 2019 20:32:13 -0700 

Andrew Wong has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/11753 )

Change subject: authz: verify tokens on scans
......................................................................


Patch Set 9:

(11 comments)

http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_server_authorization-test.cc
File src/kudu/tserver/tablet_server_authorization-test.cc:

http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_server_authorization-test.cc@443
PS8, Line 443: ameterized based on th
> Are you planning to have another patch for integration tests?
When the Sentry integration is done, sure. There is no way to create a token 
right now. Also the integration test probably wouldn't be as rigorous as this 
one, since this test exists.


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_server_authorization-test.cc@444
PS8, Line 444:
> Add a comment that the boolean is to indicate whether to use primary key?
Done


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc
File src/kudu/tserver/tablet_service.cc:

http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc@426
PS8, Line 426: an_pb.has_start_primary_key() ||
> We may want to log such case for debugging? Same below.
Done


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc@426
PS8, Line 426: an_pb.has_start_primary_key() ||
> We may want to log such case for debugging? Same below.
I refactored a bit to facilitate logging useful debugging info.


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc@1521
PS8, Line 1521:   Status s = 
server_->scanner_manager()->LookupScanner(req->scanner_id(),
> May want to log a warning about is not authorized on what for debugging pur
I refactored a bit to facilitate logging useful debugging info.


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc@1521
PS8, Line 1521:   Status s = 
server_->scanner_manager()->LookupScanner(req->scanner_id(),
> May want to log a warning about is not authorized on what for debugging pur
Done


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc@1657
PS8, Line 1657:
> nit: extra space.
Done


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc@1662
PS8, Line 1662: tor.last_primary_key();
> Just for clarification, when do you think this could happen?
You can imagine a malicious user getting authorized for one table via token, 
and trying to use that token for another table.

We need to be mindful that a malicious user could pass in whatever bytes they 
want, as long as it _looks_ like a scan request.


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc@1686
PS8, Line 1686:
> I am not sure why here is guaranteed that kColumnNotFound is not returned?
Done


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc@1831
PS8, Line 1831: e
> nit: extra space.
Done


http://gerrit.cloudera.org:8080/#/c/11753/8/src/kudu/tserver/tablet_service.cc@1848
PS8, Line 1848:   vector<KeyRange> ranges;
              :   tablet->SplitKeyRange(start.get(), stop.get(), column_ids,
              :                         req->target_chunk_size_bytes(), 
&ranges);
              :   for (auto range : ranges) {
              :     range.ToPB(resp->add_ranges());
              :   }
              :
              :   context->RespondSuccess();
              : }
              :
              : void TabletServiceImpl::Checksum(const ChecksumRequestPB* req,
              :                                  ChecksumResponsePB* resp,
              :                                  rpc::RpcContext* context) {
              :   VLOG(1) << "Full request: " << SecureDebugString(*req);
              :
              :   // Validate the request: user must pass a new_scan_request or
              :   // a sc
> This looks like exact the same as L1530 to L1545. Maybe wrap this into a se
Done



--
To view, visit http://gerrit.cloudera.org:8080/11753
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I7a5d81cf215a5d936f8853feba05778038764905
Gerrit-Change-Number: 11753
Gerrit-PatchSet: 9
Gerrit-Owner: Andrew Wong <[email protected]>
Gerrit-Reviewer: Adar Dembo <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Hao Hao <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
Gerrit-Comment-Date: Wed, 20 Mar 2019 03:31:31 +0000
Gerrit-HasComments: Yes

Reply via email to