You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@kudu.apache.org by "Alexey Serbin (Code Review)" <ge...@cloudera.org> on 2021/05/25 21:06:05 UTC

[kudu-CR] WIP [txn manager] allow service user to call txn-related RPCs

Alexey Serbin has uploaded this change for review. ( http://gerrit.cloudera.org:8080/17510


Change subject: WIP [txn_manager] allow service user to call txn-related RPCs
......................................................................

WIP [txn_manager] allow service user to call txn-related RPCs

Since we are planning to use transactional operations in kudu CLI tools
(e.g., in 'kudu perf loadgen'), it makes sense to allow txn-related RPCs
to be invoked by a service user since kudu CLI tools are often run
under 'kudu' user's credentials.  This patch changes the RPC-level
coarse authz settings for all methods in the TxnManagerService from
"AuthorizeClient" to "AuthorizeClientOrServiceUser".

WIP:
  * collect initial feedback?
  * add tests

Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
---
M src/kudu/master/txn_manager.proto
1 file changed, 5 insertions(+), 5 deletions(-)



  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/10/17510/1
-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>

[kudu-CR] [txn manager] allow a super user to call txn-related RPCs

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17510 )

Change subject: [txn_manager] allow a super user to call txn-related RPCs
......................................................................


Patch Set 3:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/17510/3/src/kudu/master/txn_manager_service.cc
File src/kudu/master/txn_manager_service.cc:

http://gerrit.cloudera.org:8080/#/c/17510/3/src/kudu/master/txn_manager_service.cc@167
PS3, Line 167: AuthorizeClient
> nit: for consistency with the MasterService, let's call this AuthorizeClien
As I understand, renaming this into AuthorizeClientOrServiceUser would bring some inconsistency since AuthorizeClientOrServiceUser() assumes a service user is also granted a privilege, but here it's not the case.

Below is the code for AuthorizeClientOrServiceUser() from tserver:

bool TabletServiceImpl::AuthorizeClientOrServiceUser(const google::protobuf::Message* /*req*/,
                                                     google::protobuf::Message* /*resp*/,
                                                     RpcContext* context) {
  return server_->Authorize(context, ServerBase::SUPER_USER | ServerBase::USER |
                            ServerBase::SERVICE_USER);
}



-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Wed, 26 May 2021 18:38:25 +0000
Gerrit-HasComments: Yes

[kudu-CR] [txn manager] allow a super user to call txn-related RPCs

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17510 )

Change subject: [txn_manager] allow a super user to call txn-related RPCs
......................................................................


Patch Set 3:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/17510/3/src/kudu/master/txn_manager_service.cc
File src/kudu/master/txn_manager_service.cc:

http://gerrit.cloudera.org:8080/#/c/17510/3/src/kudu/master/txn_manager_service.cc@167
PS3, Line 167: AuthorizeClient
> Ah indeed, seems like AuthorizClient is actually what the MasterService use
np, thanks a lot for the review!



-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Wed, 26 May 2021 19:32:11 +0000
Gerrit-HasComments: Yes

[kudu-CR] [txn manager] allow a super user to call txn-related RPCs

Posted by "Andrew Wong (Code Review)" <ge...@cloudera.org>.

Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/17510 )

Change subject: [txn_manager] allow a super user to call txn-related RPCs
......................................................................


Patch Set 3: Code-Review+1

(1 comment)

http://gerrit.cloudera.org:8080/#/c/17510/3/src/kudu/master/txn_manager_service.cc
File src/kudu/master/txn_manager_service.cc:

http://gerrit.cloudera.org:8080/#/c/17510/3/src/kudu/master/txn_manager_service.cc@167
PS3, Line 167: AuthorizeClient
nit: for consistency with the MasterService, let's call this AuthorizeClientOrServiceUser?



-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Wed, 26 May 2021 17:54:41 +0000
Gerrit-HasComments: Yes

[kudu-CR] [txn manager] allow service user to call txn-related RPCs

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17510 )

Change subject: [txn_manager] allow service user to call txn-related RPCs
......................................................................


Patch Set 2:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/17510/2//COMMIT_MSG
Commit Message:

http://gerrit.cloudera.org:8080/#/c/17510/2//COMMIT_MSG@11
PS2, Line 11: super user
I also had a version of this patch where a service user was able to call txn API as well, but it turned out that TabletServerService API isn't accessible to service users, e.g. TabletServerService::Write() is accessible only to regular and super users.  With that, I don't quite see the necessity of allowing a service user to user txn API then.



-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Wed, 26 May 2021 16:57:48 +0000
Gerrit-HasComments: Yes

[kudu-CR] [txn manager] allow a super user to call txn-related RPCs

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/17510 )

Change subject: [txn_manager] allow a super user to call txn-related RPCs
......................................................................

[txn_manager] allow a super user to call txn-related RPCs

Since we are planning to use transactional operations in kudu CLI tools
(e.g., in 'kudu perf loadgen'), it makes sense to allow txn-related RPCs
to be invoked by a super user as well since some kudu CLI tools are often
run under such credentials.  This patch changes the RPC-level coarse authz
settings for all methods in the TxnManagerService accordingly.

I also had a version of this patch where a service user was able to call
txn API as well, but it turned out that TabletServerService API isn't
accessible to service users, e.g. TabletServerService::Write() is
accessible only to regular and super users.  With that, I don't quite see
the necessity of allowing a service user to call txn API.

Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Reviewed-on: http://gerrit.cloudera.org:8080/17510
Tested-by: Alexey Serbin <as...@cloudera.com>
Reviewed-by: Andrew Wong <aw...@cloudera.com>
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/master/txn_manager_service.cc
2 files changed, 106 insertions(+), 17 deletions(-)

Approvals:
  Alexey Serbin: Verified
  Andrew Wong: Looks good to me, approved

-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 4
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] [txn manager] allow a super user to call txn-related RPCs

Posted by "Andrew Wong (Code Review)" <ge...@cloudera.org>.

Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/17510 )

Change subject: [txn_manager] allow a super user to call txn-related RPCs
......................................................................


Patch Set 3: Code-Review+2

(1 comment)

http://gerrit.cloudera.org:8080/#/c/17510/3/src/kudu/master/txn_manager_service.cc
File src/kudu/master/txn_manager_service.cc:

http://gerrit.cloudera.org:8080/#/c/17510/3/src/kudu/master/txn_manager_service.cc@167
PS3, Line 167: AuthorizeClient
> As I understand, renaming this into AuthorizeClientOrServiceUser would brin
Ah indeed, seems like AuthorizClient is actually what the MasterService uses for USER|SUPER_USER. Sorry for the noise.



-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Wed, 26 May 2021 18:41:59 +0000
Gerrit-HasComments: Yes

[kudu-CR] [txn manager] allow a super user to call txn-related RPCs

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17510 )

Change subject: [txn_manager] allow a super user to call txn-related RPCs
......................................................................


Patch Set 3: Verified+1

Unrelated test failure in 
org.apache.kudu.client.TestSecurity.testExternallyProvidedSubjectRefreshedExternally


-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Wed, 26 May 2021 18:41:07 +0000
Gerrit-HasComments: No

[kudu-CR] [txn manager] allow service user to call txn-related RPCs

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Hello Kudu Jenkins, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/17510

to look at the new patch set (#2).

Change subject: [txn_manager] allow service user to call txn-related RPCs
......................................................................

[txn_manager] allow service user to call txn-related RPCs

Since we are planning to use transactional operations in kudu CLI tools
(e.g., in 'kudu perf loadgen'), it makes sense to allow txn-related RPCs
to be invoked by a super user since kudu CLI tools are often run under
such credentials.  This patch changes the RPC-level coarse authz
settings for all methods in the TxnManagerService accordingly.

"AuthorizeClient" to "AuthorizeClientOrServiceUser".

Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/master/txn_manager_service.cc
2 files changed, 106 insertions(+), 17 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/10/17510/2
-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] [txn manager] allow a super user to call txn-related RPCs

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Hello Kudu Jenkins, Andrew Wong, 

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/17510

to look at the new patch set (#3).

Change subject: [txn_manager] allow a super user to call txn-related RPCs
......................................................................

[txn_manager] allow a super user to call txn-related RPCs

Since we are planning to use transactional operations in kudu CLI tools
(e.g., in 'kudu perf loadgen'), it makes sense to allow txn-related RPCs
to be invoked by a super user as well since some kudu CLI tools are often
run under such credentials.  This patch changes the RPC-level coarse authz
settings for all methods in the TxnManagerService accordingly.

I also had a version of this patch where a service user was able to call
txn API as well, but it turned out that TabletServerService API isn't
accessible to service users, e.g. TabletServerService::Write() is
accessible only to regular and super users.  With that, I don't quite see
the necessity of allowing a service user to call txn API.

Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/master/txn_manager_service.cc
2 files changed, 106 insertions(+), 17 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/10/17510/3
-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] [txn manager] allow a super user to call txn-related RPCs

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has removed a vote on this change.

Change subject: [txn_manager] allow a super user to call txn-related RPCs
......................................................................


Removed Verified-1 by Kudu Jenkins (120)
-- 
To view, visit http://gerrit.cloudera.org:8080/17510
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: deleteVote
Gerrit-Change-Id: I21e4b29634fd01f0ced80b54373b1ce156e274ad
Gerrit-Change-Number: 17510
Gerrit-PatchSet: 3
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)