Hello Mike Percy, Alexey Serbin, Hao Hao,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/13681
to review the following change.
Change subject: KUDU-2870: use coarse-grained authz for Checksum
......................................................................
KUDU-2870: use coarse-grained authz for Checksum
There were a number of proposed solutions in the ticket; this implements
the simple one to enforce users to be a super-user to run Checksum.
Rather than removing fine-grained privilege checking and testing on the
Checksum endpoint altogether, I've gated the checking behind the new
hidden flag FLAGS_checksum_require_authz_tokens for now. These may be
restored when one of the fuller solutions mentioned in the ticket is
implemented.
A test is added to run the tool against a tserver that enforces
fine-grained access control, and the existing tserver tests that check
authorization for Checksums are updated to set
FLAGS_checksum_require_authz_tokens to maintain test coverage.
Change-Id: I9da21f41702da747a081ab037d75865748d981a8
---
M src/kudu/tools/kudu-tool-test.cc
M src/kudu/tserver/tablet_server_authorization-test.cc
M src/kudu/tserver/tablet_service.cc
M src/kudu/tserver/tablet_service.h
M src/kudu/tserver/tserver_service.proto
5 files changed, 71 insertions(+), 3 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/81/13681/1
--
To view, visit http://gerrit.cloudera.org:8080/13681
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9da21f41702da747a081ab037d75865748d981a8
Gerrit-Change-Number: 13681
Gerrit-PatchSet: 1
Gerrit-Owner: Andrew Wong <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Hao Hao <[email protected]>
Gerrit-Reviewer: Mike Percy <[email protected]>
