You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2020/01/13 15:44:26 UTC

[GitHub] [druid] capistrant opened a new issue #9174: Druid Basic Security - Allow dynamic update of escalated client credentials

capistrant opened a new issue #9174: Druid Basic Security - Allow dynamic update of escalated client credentials
URL: https://github.com/apache/druid/issues/9174
 
 
   ### Description
   
   Updating the escalated client credential information when using basic-security requires a rolling restart of the cluster. This is not ideal for large clusters that take a long time to roll through for an update. There should be functionality to dynamically update the credentials used by the escalated client so changes can be made without rolling restarts. An example for when this would be helpful is if a password is compromised or when a corporation requires quarterly password rotations.
   
   Since we want to limit this to zero downtime, we likely need to implement a way to change to a new user/password combo for the escalated client during runtime. If we were to try and retain the user and update the password, we would run into the case where we'd need to positively authenticate for multiple user/password pairs because distributing the credentials to all nodes at once seems like a stretch goal. The idea would be to roll out the new user/password pair to the cluster and once it is verified that the old pair is no longer in use, the admin can do what is needed to finish the process (update password, delete account, etc.)
   
   ### Motivation
   
   Rolling restarts of large clusters are time consuming and should be limited to major config changes/upgrades/etc.
   
   Adding to that, when security is in question, time is of the essence to rotate away from a compromised credential. Taking the cluster offline temporarily for a one time credential reset is an option, but many organizations adhere to uptime standards that make this mostly undesirable except for the most critical of cases.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org