[
https://issues.apache.org/jira/browse/IGNITE-19077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mikhail Pochatkin updated IGNITE-19077:
---------------------------------------
Description:
After IGNITE-18576 its possible to provide Authentication cluster configuration
on cluster init.
Looking at ClusterManagementGroupManager#onElectedAsLeader we can see that REST
authentication configuration is applied to the distributed configuration on
leader election. This happens because there is no any other way to put any
values to the cluster configuration on init.
-This leads to the following situation:-
- -cluster init in progress, some REST endpoints are blocked
(cluster/configuration for example)-
- -cluster initialized, REST is available without auth *anybody can use the
REST*-
- -authentication configuration is applied to the distributed configuration
and REST is secured-
After IGNITE-18943 this is not possible because configuration REST endpoints
are disabled until cluter initialization will successfuly finished.
It is proposed to extend this approach to whole cluster configration. Instead
of cluster authentication configuration init endpoint should accept whole
cluster configuration in HOCON format and apply it as it currently.
CLI should have option to provide HOCON file. This file should be readed and
provided tgo init REST endpoint.
was:
-
To fix this issue we have to design the solution for "atomic configuration
initialization" of something like this.
After IGNITE-18576 its possible to provide Authentication cluster configuration
on cluster init.
Looking at ClusterManagementGroupManager#onElectedAsLeader we can see that REST
authentication configuration is applied to the distributed configuration on
leader election. This happens because there is no any other way to put any
values to the cluster configuration on init.
~~This leads to the following situation:~~
- cluster init in progress, some REST endpoints are blocked
(cluster/configuration for example)
- cluster initialized, REST is available without auth
*anybody can use the REST*
- authentication configuration is applied to the distributed configuration and
REST is secured~~
> Investigation: Apply cutom cluster config on cluster init
> ---------------------------------------------------------
>
> Key: IGNITE-19077
> URL: https://issues.apache.org/jira/browse/IGNITE-19077
> Project: Ignite
> Issue Type: Task
> Components: rest
> Reporter: Aleksandr
> Priority: Major
> Labels: ignite-3
>
> After IGNITE-18576 its possible to provide Authentication cluster
> configuration on cluster init.
> Looking at ClusterManagementGroupManager#onElectedAsLeader we can see that
> REST authentication configuration is applied to the distributed configuration
> on leader election. This happens because there is no any other way to put any
> values to the cluster configuration on init.
> -This leads to the following situation:-
> - -cluster init in progress, some REST endpoints are blocked
> (cluster/configuration for example)-
> - -cluster initialized, REST is available without auth *anybody can use the
> REST*-
> - -authentication configuration is applied to the distributed configuration
> and REST is secured-
> After IGNITE-18943 this is not possible because configuration REST endpoints
> are disabled until cluter initialization will successfuly finished.
> It is proposed to extend this approach to whole cluster configration. Instead
> of cluster authentication configuration init endpoint should accept whole
> cluster configuration in HOCON format and apply it as it currently.
> CLI should have option to provide HOCON file. This file should be readed and
> provided tgo init REST endpoint.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
