Page MenuHomePhabricator
Create Task
Maniphest T250484

Add authentication and encryption to Druid Analytics clients
Open, MediumPublic
Actions

Description

The Druid Analytics cluster currently does not offer any form of authentication and encryption of data. Druid supports Kerberos and TLS plus Authorization rules, so we should be able to secure the cluster.

There are a lot of moving gears and things to keep into account:

  1. Druid would need to be upgraded to its latest version before starting anything, the project came out of the incubator and a lot of fixes/plugins for security have been added. This is currently being tracked in T244482
  2. Superset needs to be able to contact Druid via TLS/Kerberos before we enable it. Some followup with upstream is surely needed.
  3. Turnilo needs to be able to contact Druid via TLS/Kerberos before enabling it. Some followup with upstream is surely needed.
  4. All our scripts run via systemd timers (for example to drop old data) needs to work with Kerberos/TLS before we enable it.

Related Objects
Search...

Event Timeline

elukey triaged this task as Medium priority.Apr 17 2020, 1:14 PM
elukey created this task.
elukey set Final Story Points to 0.
elukey added subtasks: T192959: Only hdfs (or authenticated user) should be able to run Druid indexing jobs, T244482: Upgrade Druid to its latest upstream version (currently 0.19.0), Restricted Task, Restricted Task, Restricted Task, Restricted Task.
Ottomata moved this task from Incoming to Security Maturity and Data Privacy on the Analytics board.May 11 2020, 3:57 PM
Nuria closed subtask T244482: Upgrade Druid to its latest upstream version (currently 0.19.0) as Resolved.Aug 5 2020, 10:59 PM
elukey unsubscribed.Jun 1 2021, 8:11 AM
elukey removed elukey as the assignee of this task.Jun 1 2021, 8:14 AM
elukey subscribed.
odimitrijevic added a project: Data-Engineering.Jan 6 2022, 2:20 AM
odimitrijevic moved this task from Incoming (new tickets) to Security & Governance on the Data-Engineering board.Jan 6 2022, 2:24 AM
odimitrijevic removed a project: Analytics.Jan 11 2022, 11:22 PM
JArguello-WMF moved this task from Security & Governance to Data Products & Metrics on the Data-Engineering board.Jun 29 2023, 11:27 PM
BTullis edited projects, added Data-Platform-SRE; removed Data-Engineering.Jul 15 2023, 12:20 AM
Gehel moved this task from Incoming to Security on the Data-Platform-SRE board.Dec 7 2023, 1:57 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL