jon-wei commented on a change in pull request #10339:
URL: https://github.com/apache/druid/pull/10339#discussion_r499963144
##########
File path: docs/operations/auth-ldap
##########
@@ -0,0 +1,165 @@
+---
+id: auth-ldap
+title: "Using LDAP auth"
Review comment:
This'll need the Apache license header
##########
File path: docs/operations/security-overview.md
##########
@@ -0,0 +1,244 @@
+---
+id: security-overview
+title: "Security overview"
+---
+
+
+## Overview
+
+By default, security features in Druid are disabled, which simplifies the
initial deployment experience. However, security features must be configured in
a production deployment. These features including TLS, authentication, and
authorization.
+
+To implement Druid security, you configure authenticators and authorizors.
Authenticators control the way user identities are verified, while authorizers
map the authenticated users (via user roles) to the datasources they are
permitted to access. Consequently, implementing Druid security also involves
consideration of your datasource scheme, given they represent the granularity
at which data access permissions are allocated.
+
+The following graphic depicts the course of request through the authentication
process:
+
+
+
+
+
+This document gives you an overview of security features in Druid and how to
configure them, and some best practices for securing Druid.
+
+
+## Best practices
+
+* Do not expose the Druid Console without authentication on untrusted
networks. Access to the console effectively confers access the file system on
the installation machine, via file browsers in the UI. You should use an API
gateway that restricts who can connect from untrusted networks, whitelists the
specific APIs that your users need to access, and implements account lockout
and throttling features.
+* Grant users the minimum permissions necessary to perform their functions.
For instance, do not allow user who only need to query data to write to data
sources or view state.
+* Disable JavaScript, as noted in the [Security
section](https://druid.apache.org/docs/latest/development/javascript.html#security)
of the JavaScript guide.
+* Run Druid as an unprivileged Unix user on the installation machine (not
root).
+ > This is an important point! Administrator users on Druid have the same
permission as the Unix user account it is running under. If the Druid process
is running under the root user account in the OS, then Administrator users on
Druid can read/write all files that the root account has access to, including
sensitive files such as /etc/passwd.
+
+You can configure authentication and authorization to control access to the
the Druid APIs. The first step is enabling TLS for the cluster nodes. Then
configure users, roles, and permissions, as described in the following
sections.
+
+The configuration settings mentioned below are primarily located in the
`common.runtime.properties` file. Note that you need to make the configuration
changes on each Druid server in the cluster.
+
+
+## Enable TLS
+
+The first step in securing Druid is enabling TLS. You can enable TLS to secure
external client connections to Druid as well as connections between cluster
nodes.
+
+The configuration steps are:
+
+1. Enable TLS by adding `druid.enableTlsPort=true` to
`common.runtime.properties` on each node in the Druid cluster.
+2. Follow the steps in [Understanding Certificates and
Keys](https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#understanding-certificates-and-keys)
to generate or import a key and certificate.
+3. Configure the keystore and truststore settings in
`common.runtime.properties`. The file should look something like this:
+ ```
+ druid.enablePlaintextPort=false
+ druid.enableTlsPort=true
+
+ druid.server.https.keyStoreType=jks
+ druid.server.https.keyStorePath=imply-keystore.jks
+ druid.server.https.keyStorePassword=secret123 # replace with your own
password
+ druid.server.https.certAlias=druid
+
+ druid.client.https.protocol=TLSv1.2
+ druid.client.https.trustStoreType=jks
+ druid.client.https.trustStorePath=imply-truststore.jks
+ druid.client.https.trustStorePassword=secret123 # replace with your own
password
+
+ ```
+4. Add the `simple-client-sslcontext` extension to `druid.extensions.loadList`
in common.runtime.properties. This enables TLS for Druid nodes acting as
clients.
+5. Restart the cluster.
+
+For more information, see [TLS support](tls-support) and [Simple SSLContext
Provider Module](../development/extensions-core/simple-client-sslcontext).
Review comment:
This link and others will need `.md` at the end
##########
File path: docs/operations/security-overview.md
##########
@@ -0,0 +1,244 @@
+---
+id: security-overview
+title: "Security overview"
+---
+
+
+## Overview
+
+By default, security features in Druid are disabled, which simplifies the
initial deployment experience. However, security features must be configured in
a production deployment. These features including TLS, authentication, and
authorization.
+
+To implement Druid security, you configure authenticators and authorizors.
Authenticators control the way user identities are verified, while authorizers
map the authenticated users (via user roles) to the datasources they are
permitted to access. Consequently, implementing Druid security also involves
consideration of your datasource scheme, given they represent the granularity
at which data access permissions are allocated.
+
+The following graphic depicts the course of request through the authentication
process:
+
+
+
+
+
+This document gives you an overview of security features in Druid and how to
configure them, and some best practices for securing Druid.
+
+
+## Best practices
+
+* Do not expose the Druid Console without authentication on untrusted
networks. Access to the console effectively confers access the file system on
the installation machine, via file browsers in the UI. You should use an API
gateway that restricts who can connect from untrusted networks, whitelists the
specific APIs that your users need to access, and implements account lockout
and throttling features.
+* Grant users the minimum permissions necessary to perform their functions.
For instance, do not allow user who only need to query data to write to data
sources or view state.
+* Disable JavaScript, as noted in the [Security
section](https://druid.apache.org/docs/latest/development/javascript.html#security)
of the JavaScript guide.
+* Run Druid as an unprivileged Unix user on the installation machine (not
root).
+ > This is an important point! Administrator users on Druid have the same
permission as the Unix user account it is running under. If the Druid process
is running under the root user account in the OS, then Administrator users on
Druid can read/write all files that the root account has access to, including
sensitive files such as /etc/passwd.
+
+You can configure authentication and authorization to control access to the
the Druid APIs. The first step is enabling TLS for the cluster nodes. Then
configure users, roles, and permissions, as described in the following
sections.
+
+The configuration settings mentioned below are primarily located in the
`common.runtime.properties` file. Note that you need to make the configuration
changes on each Druid server in the cluster.
+
+
+## Enable TLS
+
+The first step in securing Druid is enabling TLS. You can enable TLS to secure
external client connections to Druid as well as connections between cluster
nodes.
+
+The configuration steps are:
+
+1. Enable TLS by adding `druid.enableTlsPort=true` to
`common.runtime.properties` on each node in the Druid cluster.
+2. Follow the steps in [Understanding Certificates and
Keys](https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#understanding-certificates-and-keys)
to generate or import a key and certificate.
+3. Configure the keystore and truststore settings in
`common.runtime.properties`. The file should look something like this:
+ ```
+ druid.enablePlaintextPort=false
+ druid.enableTlsPort=true
+
+ druid.server.https.keyStoreType=jks
+ druid.server.https.keyStorePath=imply-keystore.jks
+ druid.server.https.keyStorePassword=secret123 # replace with your own
password
+ druid.server.https.certAlias=druid
+
+ druid.client.https.protocol=TLSv1.2
+ druid.client.https.trustStoreType=jks
+ druid.client.https.trustStorePath=imply-truststore.jks
+ druid.client.https.trustStorePassword=secret123 # replace with your own
password
+
+ ```
+4. Add the `simple-client-sslcontext` extension to `druid.extensions.loadList`
in common.runtime.properties. This enables TLS for Druid nodes acting as
clients.
+5. Restart the cluster.
+
+For more information, see [TLS support](tls-support) and [Simple SSLContext
Provider Module](../development/extensions-core/simple-client-sslcontext).
Review comment:
```suggestion
For more information, see [TLS support](tls-support.md) and [Simple
SSLContext Provider
Module](../development/extensions-core/simple-client-sslcontext).
```
##########
File path: docs/operations/security-overview.md
##########
@@ -0,0 +1,244 @@
+---
+id: security-overview
Review comment:
This'll need the Apache license header
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
