drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5671) Set secure ACLs (Access Control List) for Drill ZK nodes in a secure cluster
Date Fri, 14 Jul 2017 19:09:00 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16087819#comment-16087819
] 

ASF GitHub Bot commented on DRILL-5671:
---------------------------------------

Github user paul-rogers commented on a diff in the pull request:

    https://github.com/apache/drill/pull/875#discussion_r127528429
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/coord/zk/ZKSecureACLProvider.java
---
    @@ -0,0 +1,80 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *    http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +package org.apache.drill.exec.coord.zk;
    +
    +import com.google.common.collect.ImmutableList;
    +import org.apache.curator.framework.api.ACLProvider;
    +import org.apache.zookeeper.ZooDefs.Ids;
    +import org.apache.zookeeper.data.ACL;
    +
    +import java.util.List;
    +
    +/**
    + * ZKSecureACLProvider restricts access to znodes created by Drill in a secure installation.
    + *
    + * The cluster discovery znode i.e. the znode containing the list of Drillbits is
    + * readable by anyone.
    + *
    + * For all other znodes, only the creator of the znode, i.e the Drillbit user, has full
access.
    + *
    + */
    +
    +public class ZKSecureACLProvider implements ACLProvider {
    +
    +    static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(ZKSecureACLProvider.class);
    +
    +    /**
    +     * DEFAULT_ACL gives the creator of a znode full-access to it
    +     */
    +    static ImmutableList<ACL> DEFAULT_ACL = new ImmutableList.Builder<ACL>()
    +                                              .addAll(Ids.CREATOR_ALL_ACL.iterator())
    +                                              .build();
    +    /**
    +     * DRILL_CLUSTER_ACL gives the creator full access and everyone else only read access.
    +     * Used on the Drillbit discovery znode (znode path /<drill.exec.zk.root>/<drill.exec.cluster-id>)
    +     * i.e. the node that contains the list of Drillbits in the cluster.
    +     */
    +     static ImmutableList<ACL> DRILL_CLUSTER_ACL = new ImmutableList.Builder<ACL>()
    +                                                .addAll(Ids.READ_ACL_UNSAFE.iterator())
    +                                                .addAll(Ids.CREATOR_ALL_ACL.iterator())
    +                                                .build();
    +    final String clusterName;
    +    final String drillZkRoot;
    +    final String drillClusterPath;
    +
    +    public ZKSecureACLProvider(String clusterName, String drillZKRoot) {
    +        this.clusterName = clusterName;
    +        this.drillZkRoot = drillZKRoot;
    +        this.drillClusterPath = "/" + this.drillZkRoot + "/" +  this.clusterName ;
    +    }
    +
    +    public List<ACL> getDefaultAcl() {
    +        return DEFAULT_ACL;
    +    }
    +
    +    public List<ACL> getAclForPath(String path) {
    --- End diff --
    
    This approach encodes the meaning of paths in just the path name. Seems fragile.
    
    Alternatives:
    
    * Register the secure (or insecure) paths so that the ZK cluster coordinator (not this
class) decides on security.
    * Get ACL base on type: `getSecureACL()` or `getPublicACL()`, and let the cluster coordinator
define which is which.
    * As a refinement of the first idea, provide some kind of config option to externalize
the set of paths and their security.
    
    For example, in Drill-on-YARN, the app master creates ZK entries to ensure that only one
app master starts per cluster. We would not want to encode that path information here.


> Set secure ACLs (Access Control List) for Drill ZK nodes in a secure cluster
> ----------------------------------------------------------------------------
>
>                 Key: DRILL-5671
>                 URL: https://issues.apache.org/jira/browse/DRILL-5671
>             Project: Apache Drill
>          Issue Type: New Feature
>          Components:  Server
>            Reporter: Karthikeyan Manivannan
>            Assignee: Karthikeyan Manivannan
>
> All Drill ZK nodes, currently, are assigned a default [world:all] ACL i.e. anyone gets
to do CDRWA(create, delete, read, write, admin access). This means that even on a secure cluster
anyone can perform all CRDWA actions on the znodes. 
> This should be changed such that:
> - In a non-secure cluster, Drill will continue using the current default [world:all]
ACL
> - In a secure cluster, all nodes should have an [authid: all] ACL i.e. the authenticated
user that created the znode gets full access. The discovery znodes i.e. the znodes with the
list of Drillbits will have an additional [world:read] ACL, i.e. the list of Drillbits will
be readable by anyone. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message