Page MenuHomePhabricator
Create Task
Maniphest T241189

Defining a better authentication scheme for Druid and Presto
Open, MediumPublic
Actions

Description

Defining a better authentication scheme for Druid and Presto

Right now LDAP is the main gate keeper of data access that is not sufficiently robust as kerberos authentication for Presto and Druid does not carry per-user info.

Related Objects
Search...

Event Timeline

Nuria created this task.Dec 19 2019, 11:42 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 19 2019, 11:42 PM
Nuria renamed this task from superset can authenticate to presto via kerberos to Easier Dashboards. Superset can authenticate to presto via kerberos.Dec 19 2019, 11:46 PM
fdans closed this task as a duplicate of T239903: Kerberize Superset to allow Presto queries.Dec 23 2019, 4:31 PM
SNowick_WMF subscribed.Jan 7 2020, 6:34 PM
Nuria added a comment.Jan 21 2020, 6:15 PM

Anyone on LDAP user groups can access now (via presto) anything that is on hive using presto. This conflates somewhat data access opened via LDAP with the privacy of some datasets.

Nuria renamed this task from Easier Dashboards. Superset can authenticate to presto via kerberos to Defining a better authentication scheme for Druid and Presto .Jan 21 2020, 6:23 PM
Nuria updated the task description. (Show Details)
Nuria updated the task description. (Show Details)
Nuria added a comment.Jan 21 2020, 6:25 PM

Ideas:

  • VPN
  • Single Sign On
Nuria reopened this task as Open.Jan 21 2020, 6:26 PM
Nuria added a subtask: T242998: VPN access to superset/turnilo instead of LDAP.Jan 21 2020, 6:30 PM
Nuria added a parent task: T243309: Add Presto to Analytics' stack.Jan 21 2020, 6:36 PM
Nuria added a subtask: T239903: Kerberize Superset to allow Presto queries.
Ottomata triaged this task as Medium priority.Feb 4 2020, 6:07 PM
Ottomata moved this task from Incoming to Data Quality on the Analytics board.
Ottomata moved this task from Data Quality to Smart Tools for Better Data on the Analytics board.
elukey closed subtask T242998: VPN access to superset/turnilo instead of LDAP as Declined.Feb 5 2020, 10:48 AM
elukey subscribed.Feb 5 2020, 10:55 AM

I think that the title of this task is a little bit misleading. Druid and Presto will need to get Kerberos authentication enabled, the problem will be how to authenticate properly all the UIs that fetch data from them (most notably Superset and Turnilo).

Nuria closed subtask T239903: Kerberize Superset to allow Presto queries as Resolved.Apr 9 2020, 3:12 PM
Ottomata moved this task from Smart Tools for Better Data to Security Maturity and Data Privacy on the Analytics board.Jan 14 2021, 6:09 PM
odimitrijevic added a project: Data-Engineering.Jan 6 2022, 2:20 AM
odimitrijevic moved this task from Incoming (new tickets) to Security & Governance on the Data-Engineering board.Jan 6 2022, 2:28 AM
odimitrijevic removed a project: Analytics.Jan 11 2022, 11:22 PM
JArguello-WMF moved this task from Security & Governance to Data Products & Metrics on the Data-Engineering board.Jun 29 2023, 11:27 PM
BTullis edited projects, added Data-Platform-SRE; removed Data-Engineering.Jul 15 2023, 12:21 AM
Gehel moved this task from Incoming to Access request / user management on the Data-Platform-SRE board.Dec 7 2023, 1:57 PM
Gehel edited projects, added Data Platform Access request and user management; removed Data-Platform-SRE.Mar 22 2024, 12:50 PM
Gehel edited projects, added Data-Platform-SRE; removed Data Platform Access request and user management.Mar 22 2024, 12:52 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits