[kudu-CR] authz: verify tokens on scans

Thu, 21 Mar 2019 19:09:31 -0700 

Hello Tidy Bot, Dan Burkert, Kudu Jenkins, Adar Dembo, Hao Hao,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/11753

to look at the new patch set (#12).

Change subject: authz: verify tokens on scans
......................................................................

authz: verify tokens on scans

Adds privilege checking to enforce the following authorization
requirements are met when scan-like requests are received by tablet
servers:

Scans or checksum scans require:
  if no projected columns || projected columns has virtual column:
    foreach (column): SCAN ON COLUMN
  else:
    if uses pk:
      foreach(primary key column): SCAN ON COLUMN
    foreach(projected column): SCAN ON COLUMN
    foreach(predicated column): SCAN ON COLUMN

Split-key requests require:
  if uses pk:
    foreach(primary key column): SCAN ON COLUMN
  foreach(requested column): SCAN ON COLUMN

Notes:
  Empty projections
  - Kudu uses this to implement counting rows, which is semantically
    equivalent to counting rows with a projection on all columns.
  Primary keys
  - Scans in ORDERED mode (i.e. fault-tolerant scans) pass around
    primary keys to keep track of scan progress.
  - Scans that include a start or stop primary key will use the bounds
    as a range predicate on the primary key columns. Split-key requests
    use similar fields.
  Virtual columns
  - Diff scans are implemented by having users supply a column in the
    projection that doesn't exist in the tablet schema. Without special
    handling for virtual columns, such projections would be rejected to
    prevent leaking the presence of columns. To remediate this, we
    enforce that virtual columns require full scan privileges. If this
    is deemed too strict for future virtual columns, we can loosen this
    in the future.

All of the listed requests are also permitted if SCAN ON TABLE (i.e.
full scan privileges) are given.

Change-Id: I7a5d81cf215a5d936f8853feba05778038764905
---
M src/kudu/common/schema.h
M src/kudu/tserver/CMakeLists.txt
M src/kudu/tserver/tablet_server_authorization-test.cc
M src/kudu/tserver/tablet_service.cc
4 files changed, 1,046 insertions(+), 57 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/53/11753/12
--
To view, visit http://gerrit.cloudera.org:8080/11753
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I7a5d81cf215a5d936f8853feba05778038764905
Gerrit-Change-Number: 11753
Gerrit-PatchSet: 12
Gerrit-Owner: Andrew Wong <[email protected]>
Gerrit-Reviewer: Adar Dembo <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Hao Hao <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)

Reply via email to