Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make checkCanWriteSystemInformation to deny by default #17105

Merged
merged 2 commits into from
Apr 19, 2023
Merged

Make checkCanWriteSystemInformation to deny by default #17105

merged 2 commits into from
Apr 19, 2023

Conversation

kokosing
Copy link
Member

Make checkCanWriteSystemInformation to deny by default

This is in order to prevent accidental access to modify the worker state
in case there was no configured access control on worker.

kokosing added 2 commits April 18, 2023 20:48
@kokosing
Fix the error message for checkCanWriteSystemInformation
b33d615
@kokosing
Make checkCanWriteSystemInformation to deny by default
1c340d3 
This is in order to prevent accidental access to modify the worker state
in case there was no configured access control on worker.
@cla-bot cla-bot bot added the cla-signed label Apr 18, 2023
@kokosing kokosing requested a review from electrum April 18, 2023 18:49
@kokosing
Copy link
Member Author

I am not sure if this requires tests

@electrum
Copy link
Member

I like this idea, but it might break graceful shutdown for k8s or other deployments. At a minimum, I think we need to document how someone would setup access control on workers to allow this.

@electrum
Copy link
Member

cc @mosabua

@mosabua
Copy link
Member

mosabua commented Apr 18, 2023

Uff.. yeah. I am pretty sure this would be a pretty big breaking change for many scenarios. At minimum we would need some docs on how to change/allow the old behavior in terms of access control.. or a property that allows to set a default to allow vs deny.

ksobolew
ksobolew approved these changes Apr 19, 2023
View reviewed changes
Copy link
Contributor

@ksobolew ksobolew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we even have tests for these defaults? This looks like a very short and very specific list of prohibited behaviors.

@kokosing
Copy link
Member Author

this would be a pretty big breaking change for many scenarios

Not really that big. In order to restore previous behavior one can need to follow access-control.name=allow-all (https://trino.io/docs/current/security/built-in-system-access-control.html#read-only-system-access-control). However the best would be to configure https://trino.io/docs/current/security/file-system-access-control.html#system-information-rules to define who can have the "write" access to change the state of the work and so trigger the shutdown.

Do we even have tests for these defaults?

I do not want to reverse the implementation in test as such tests do not introduce much value. So I think I will skip those.

@kokosing kokosing merged commit c38a1c0 into trinodb:master Apr 19, 2023
@kokosing kokosing deleted the origin/master/179_default_for_management_write branch April 19, 2023 11:59
@kokosing
Copy link
Member Author

@mosabua can you please follow with the release notes for this? The content is here #17105 (comment)

@github-actions github-actions bot added this to the 414 milestone Apr 19, 2023
@colebow colebow mentioned this pull request Apr 19, 2023
Closed
@mosabua
Copy link
Member

mosabua commented Apr 19, 2023
edited
Loading

This should not have been merged without documentation update imho. I am working with @colebow to get min info into release notes.

cc @martint

Can you supply exact details on how to configure what so that the old behavior continues to work. I think this might have to be the default for many users so the impact on docs and usage advice is potentially large.

@mosabua
Copy link
Member

mosabua commented Apr 19, 2023

Also .. doesnt this mean that what we call "default" access control is now changed?

@kokosing
Copy link
Member Author

This should not have been merged without documentation update imho.

I am sorry. I was not aware that we documented the default access control. From the comments I understood that we need to handle backward compatibility only.

@kokosing kokosing mentioned this pull request Apr 20, 2023
Closed
@kokosing
Copy link
Member Author

Please see #17142

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ksobolew ksobolew ksobolew approved these changes

@electrum electrum electrum approved these changes

@lukasz-walkiewicz lukasz-walkiewicz Awaiting requested review from lukasz-walkiewicz

@Laonel Laonel Awaiting requested review from Laonel

Assignees
No one assigned
Labels
cla-signed
Milestone
414
Development

Successfully merging this pull request may close these issues.
4 participants
@kokosing @electrum @mosabua @ksobolew