Page MenuHomePhabricator

Only hdfs (or authenticated user) should be able to run Druid indexing jobs
Open, LowPublic

Description

Only hdfs (or authenticated user) should be able to run Druid indexing jobs.

Druid 0.11 has some nice features:

https://github.com/druid-io/druid/releases/tag/druid-0.11.0 -> Highlights
http://druid.io/docs/0.11.0/configuration/auth.html

Druid 0.12 also adds a basic auth extension:

http://druid.io/docs/0.12.0-rc1/development/extensions-core/druid-basic-security.html

Related Objects

Event Timeline

Nuria created this task.Apr 24 2018, 8:53 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 24 2018, 8:53 PM
elukey added a subscriber: elukey.Apr 25 2018, 7:39 AM
elukey renamed this task from only hdfs (or authenticated user) should be able to run indexing jobs to Only hdfs (or authenticated user) should be able to run Druid indexing jobs.Apr 25 2018, 7:48 AM
elukey added a project: User-Elukey.
elukey updated the task description. (Show Details)
fdans triaged this task as Normal priority.Apr 26 2018, 4:27 PM
fdans lowered the priority of this task from Normal to Low.
fdans moved this task from Incoming to Operational Excellence on the Analytics board.
Vvjjkkii renamed this task from Only hdfs (or authenticated user) should be able to run Druid indexing jobs to cbeaaaaaaa.Jul 1 2018, 1:14 AM
Vvjjkkii raised the priority of this task from Low to High.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
Community_Tech_bot renamed this task from cbeaaaaaaa to Only hdfs (or authenticated user) should be able to run Druid indexing jobs.Jul 1 2018, 6:20 AM
Community_Tech_bot updated the task description. (Show Details)
Community_Tech_bot added a subscriber: Aklapper.
CommunityTechBot lowered the priority of this task from High to Low.Jul 3 2018, 3:26 AM
elukey added a parent task: Restricted Task.Jul 10 2018, 12:27 PM

I think this work is completed , ping @JAllemandou for confirmation

I think this work is completed , ping @JAllemandou for confirmation

As far as I know this needs us to experiment with TLS and basic auth with Druid, I was convinced that we needed 0.12 but it doesn't seem so, we might do some work this quarter if we have time :)

The implemented solution is not a real one: it's an oozie check preventing running indexations on production datasources when user is not hdfs.
I think this task is about a real way to prevent indexations.

elukey updated the task description. (Show Details)Sep 25 2018, 7:24 AM
Nuria added a comment.Sep 25 2018, 8:28 PM

I see, yes, all our oozie jobs use the check but - at this time- if you have access to druid you can run indexations on private cluster directly. Understood.

elukey moved this task from Backlog to Security backlog on the User-Elukey board.Thu, Oct 10, 6:31 AM