This repository has been archived by the owner on Jun 23, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 59
feat(security): implement meta server access controller #655
Merged
Merged
Changes from 20 commits
Commits
Show all changes
22 commits
Select commit
Hold shift + click to select a range
2343ae1
feat(security): meta access controller
levy5307 3b5eafb
add unit test
levy5307 6316b77
meta_access_controller_test
levy5307 674ffdb
modify unit test
levy5307 dd68bbf
fix
levy5307 d26ff5a
fix
levy5307 cc7dc4a
fix
levy5307 567817e
fix
levy5307 66f25cb
Merge branch 'master' into meta_access_controller
levy5307 6cbe3cc
Merge branch 'master' into meta_access_controller
levy5307 09c7dbb
fix
levy5307 7635e42
fix
levy5307 4270b3b
fix
levy5307 00df4a0
Merge branch 'meta_access_controller' of github.com:levy5307/rdsn int…
levy5307 41b07ed
fix
levy5307 210e288
Merge branch 'master' into meta_access_controller
levy5307 2e164c3
fix by review
levy5307 28cc9e6
Merge branch 'master' into meta_access_controller
foreverneverer 16fa184
fix
levy5307 91cf01b
Merge branch 'master' into meta_access_controller
levy5307 29827af
Merge branch 'master' into meta_access_controller
acelyc111 3d3e481
Merge branch 'master' into meta_access_controller
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
// Licensed to the Apache Software Foundation (ASF) under one | ||
// or more contributor license agreements. See the NOTICE file | ||
// distributed with this work for additional information | ||
// regarding copyright ownership. The ASF licenses this file | ||
// to you under the Apache License, Version 2.0 (the | ||
// "License"); you may not use this file except in compliance | ||
// with the License. You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, | ||
// software distributed under the License is distributed on an | ||
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
// KIND, either express or implied. See the License for the | ||
// specific language governing permissions and limitations | ||
// under the License. | ||
|
||
#include "access_controller.h" | ||
|
||
#include <dsn/utility/flags.h> | ||
#include <dsn/utility/strings.h> | ||
#include <dsn/utility/smart_pointers.h> | ||
#include "meta_access_controller.h" | ||
|
||
namespace dsn { | ||
namespace security { | ||
DSN_DEFINE_bool("security", enable_acl, false, "whether enable access controller or not"); | ||
DSN_DEFINE_string("security", super_users, "", "super user for access controller"); | ||
|
||
access_controller::access_controller() { utils::split_args(FLAGS_super_users, _super_users, ','); } | ||
|
||
access_controller::~access_controller() {} | ||
acelyc111 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
bool access_controller::pre_check(const std::string &user_name) | ||
{ | ||
if (!FLAGS_enable_acl || _super_users.find(user_name) != _super_users.end()) { | ||
return true; | ||
} | ||
return false; | ||
} | ||
|
||
std::unique_ptr<access_controller> create_meta_access_controller() | ||
{ | ||
return make_unique<meta_access_controller>(); | ||
} | ||
} // namespace security | ||
} // namespace dsn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
// Licensed to the Apache Software Foundation (ASF) under one | ||
// or more contributor license agreements. See the NOTICE file | ||
// distributed with this work for additional information | ||
// regarding copyright ownership. The ASF licenses this file | ||
// to you under the Apache License, Version 2.0 (the | ||
// "License"); you may not use this file except in compliance | ||
// with the License. You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, | ||
// software distributed under the License is distributed on an | ||
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
// KIND, either express or implied. See the License for the | ||
// specific language governing permissions and limitations | ||
// under the License. | ||
|
||
#pragma once | ||
|
||
#include <memory> | ||
acelyc111 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
#include <unordered_set> | ||
|
||
namespace dsn { | ||
class message_ex; | ||
namespace security { | ||
|
||
class access_controller | ||
{ | ||
public: | ||
access_controller(); | ||
virtual ~access_controller() = 0; | ||
|
||
/** | ||
* reset the access controller | ||
* acls - the new acls to reset | ||
**/ | ||
virtual void reset(const std::string &acls){}; | ||
acelyc111 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
/** | ||
* check if the message received is allowd to do something. | ||
* msg - the message received | ||
**/ | ||
virtual bool allowed(message_ex *msg) = 0; | ||
|
||
protected: | ||
bool pre_check(const std::string &user_name); | ||
friend class meta_access_controller_test; | ||
|
||
std::unordered_set<std::string> _super_users; | ||
}; | ||
|
||
std::unique_ptr<access_controller> create_meta_access_controller(); | ||
} // namespace security | ||
} // namespace dsn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
// Licensed to the Apache Software Foundation (ASF) under one | ||
// or more contributor license agreements. See the NOTICE file | ||
// distributed with this work for additional information | ||
// regarding copyright ownership. The ASF licenses this file | ||
// to you under the Apache License, Version 2.0 (the | ||
// "License"); you may not use this file except in compliance | ||
// with the License. You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, | ||
// software distributed under the License is distributed on an | ||
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
// KIND, either express or implied. See the License for the | ||
// specific language governing permissions and limitations | ||
// under the License. | ||
|
||
#include "meta_access_controller.h" | ||
|
||
#include <dsn/tool-api/rpc_message.h> | ||
#include <dsn/utility/flags.h> | ||
#include <dsn/tool-api/network.h> | ||
#include <dsn/dist/fmt_logging.h> | ||
|
||
namespace dsn { | ||
namespace security { | ||
DSN_DEFINE_string("security", | ||
meta_acl_rpc_allow_list, | ||
"", | ||
"allowed list of rpc codes for meta_access_controller"); | ||
|
||
meta_access_controller::meta_access_controller() | ||
{ | ||
// MetaServer serves the allow-list RPC from all users. RPCs unincluded are accessible to only | ||
// superusers. | ||
if (strlen(FLAGS_meta_acl_rpc_allow_list) == 0) { | ||
register_allowed_list("RPC_CM_LIST_APPS"); | ||
register_allowed_list("RPC_CM_LIST_NODES"); | ||
register_allowed_list("RPC_CM_CLUSTER_INFO"); | ||
register_allowed_list("RPC_CM_QUERY_PARTITION_CONFIG_BY_INDEX"); | ||
} else { | ||
std::vector<std::string> rpc_code_white_list; | ||
utils::split_args(FLAGS_meta_acl_rpc_allow_list, rpc_code_white_list, ','); | ||
for (const auto &rpc_code : rpc_code_white_list) { | ||
register_allowed_list(rpc_code); | ||
} | ||
} | ||
} | ||
|
||
bool meta_access_controller::allowed(message_ex *msg) | ||
{ | ||
if (pre_check(msg->io_session->get_client_username()) || | ||
_allowed_rpc_code_list.find(msg->rpc_code().code()) != _allowed_rpc_code_list.end()) { | ||
return true; | ||
} | ||
return false; | ||
} | ||
|
||
void meta_access_controller::register_allowed_list(const std::string &rpc_code) | ||
{ | ||
auto code = task_code::try_get(rpc_code, TASK_CODE_INVALID); | ||
dassert_f(code != TASK_CODE_INVALID, | ||
"invalid task code({}) in rpc_code_white_list of security section", | ||
rpc_code); | ||
|
||
_allowed_rpc_code_list.insert(code); | ||
} | ||
} // namespace security | ||
} // namespace dsn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
// Licensed to the Apache Software Foundation (ASF) under one | ||
// or more contributor license agreements. See the NOTICE file | ||
// distributed with this work for additional information | ||
// regarding copyright ownership. The ASF licenses this file | ||
// to you under the Apache License, Version 2.0 (the | ||
// "License"); you may not use this file except in compliance | ||
// with the License. You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, | ||
// software distributed under the License is distributed on an | ||
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
// KIND, either express or implied. See the License for the | ||
// specific language governing permissions and limitations | ||
// under the License. | ||
|
||
#pragma once | ||
|
||
#include "access_controller.h" | ||
|
||
#include <unordered_set> | ||
|
||
namespace dsn { | ||
class message_ex; | ||
namespace security { | ||
|
||
class meta_access_controller : public access_controller | ||
{ | ||
public: | ||
meta_access_controller(); | ||
bool allowed(message_ex *msg) override; | ||
|
||
private: | ||
void register_allowed_list(const std::string &rpc_code); | ||
|
||
std::unordered_set<int> _allowed_rpc_code_list; | ||
}; | ||
} // namespace security | ||
} // namespace dsn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dont couple the username into rpc_session. Place it into negotiation or somewhere. rpc_session should not
be responsible for any authorization stuff. Use interceptor or other means.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's ok to add a
client_username
property for rpc_session. It's a stuff of the session itself, but not provided for security. security is just using it.It will be a little too complex if we put it into negotiation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No authorization/negotiation then no username. The RPC module should be pure network RPC implementation that can be used in every place whether or not the auth enabled. We must insist open-close principle that prevents such modification to add responsibility to a class.
I will take some time thinking about how to dispose of this variable, if you got no idea then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, but I don't suggest add user_name to negotiation, because in this way we should get the corresponding negotiation for each rpc_session, which will acquire a lock. It will produce low efficiency