Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KillTask should return empty inputSource resources #14106

Merged
merged 5 commits into from
Apr 18, 2023
Merged

KillTask should return empty inputSource resources #14106

merged 5 commits into from
Apr 18, 2023

Conversation

zachjsh
Copy link
Contributor

@zachjsh zachjsh commented Apr 18, 2023
edited
Loading

Description

This pr fixes a few bugs found with the inputSource security feature.

  1. KillUnusedSegmentsTask previously had no definition for the getInputSourceResources, which caused an unsupportedOperationException to be thrown when this task type was submitted with the inputSource security feature enabled. This task type should not require any input source specific resources, so returning an empty set for this task type now.

  2. Fixed a bug where when the input source type security feature is enabled, all of the input source type specific resources used where authenticated against:

{"resource": {"name": "EXTERNAL", "type": "{INPUT_SOURCE_TYPE}"}, "action": "READ"}

When they should be instead authenticated against:

{"resource": {"name": "{INPUT_SOURCE_TYPE}", "type": "EXTERNAL"}, "action": "READ"}

  1. fixed bug where supervisor tasks were not authenticated against the specific input source types used, if input source security feature was enabled.

This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • a release note entry in the PR description.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

@zachjsh zachjsh marked this pull request as ready for review April 18, 2023 03:55
abhishekrb19
abhishekrb19 approved these changes Apr 18, 2023
View reviewed changes
Copy link
Contributor

@abhishekrb19 abhishekrb19 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix and addressing the review feedback! LGTM after CI
Should we backport this fix to 26.0 once it's merged to master? (cc: @clintropolis)

@zachjsh zachjsh merged commit 04da010 into apache:master Apr 18, 2023
@zachjsh zachjsh deleted the input-source-security-fix branch April 18, 2023 19:27
zachjsh added a commit to zachjsh/druid that referenced this pull request Apr 18, 2023
@zachjsh
KillTask should return empty inputSource resources (apache#14106)
0ed3665 
### Description

This pr fixes a few bugs found with the inputSource security feature.

1. `KillUnusedSegmentsTask` previously had no definition for the `getInputSourceResources`, which caused an unsupportedOperationException to be thrown when this task type was submitted with the inputSource security feature enabled. This task type should not require any input source specific resources, so returning an empty set for this task type now.

2. Fixed a bug where when the input source type security feature is enabled, all of the input source type specific resources used where authenticated against:

`{"resource": {"name": "EXTERNAL", "type": "{INPUT_SOURCE_TYPE}"}, "action": "READ"}`

When they should be instead authenticated against:

`{"resource": {"name": "{INPUT_SOURCE_TYPE}", "type": "EXTERNAL"}, "action": "READ"}`

3. fixed bug where supervisor tasks were not authenticated against the specific input source types used, if input source security feature was enabled.
zachjsh added a commit that referenced this pull request Apr 19, 2023
@zachjsh
KillTask should return empty inputSource resources (#14106) (#14110)
a2a8d23 
### Description

This pr fixes a few bugs found with the inputSource security feature.

1. `KillUnusedSegmentsTask` previously had no definition for the `getInputSourceResources`, which caused an unsupportedOperationException to be thrown when this task type was submitted with the inputSource security feature enabled. This task type should not require any input source specific resources, so returning an empty set for this task type now.

2. Fixed a bug where when the input source type security feature is enabled, all of the input source type specific resources used where authenticated against:

`{"resource": {"name": "EXTERNAL", "type": "{INPUT_SOURCE_TYPE}"}, "action": "READ"}`

When they should be instead authenticated against:

`{"resource": {"name": "{INPUT_SOURCE_TYPE}", "type": "EXTERNAL"}, "action": "READ"}`

3. fixed bug where supervisor tasks were not authenticated against the specific input source types used, if input source security feature was enabled.
@abhishekagarwal87 abhishekagarwal87 added this to the 27.0 milestone Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhishekrb19 abhishekrb19 abhishekrb19 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
27.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zachjsh @abhishekrb19 @abhishekagarwal87