New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CELEBORN-1258] Add UserIdentifier to the master application meta #2365
base: main
Are you sure you want to change the base?
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2365 +/- ##
==========================================
+ Coverage 48.85% 48.93% +0.08%
==========================================
Files 209 209
Lines 13102 13153 +51
Branches 1134 1137 +3
==========================================
+ Hits 6400 6435 +35
- Misses 6282 6296 +14
- Partials 420 422 +2 ☔ View full report in Codecov by Sentry. |
8054753
to
2da0aed
Compare
cc @RexXiong Could you help have a overall review? I can enhance it after that. |
OK, I will review this asap. |
7cf4932
to
399e9c3
Compare
common/src/main/scala/org/apache/celeborn/common/CelebornConf.scala
Outdated
Show resolved
Hide resolved
...c/main/java/org/apache/celeborn/common/network/sasl/registration/RegistrationRpcHandler.java
Outdated
Show resolved
Hide resolved
common/src/main/scala/org/apache/celeborn/common/identity/UserIdentifier.scala
Outdated
Show resolved
Hide resolved
common/src/main/scala/org/apache/celeborn/common/meta/ApplicationInfo.scala
Outdated
Show resolved
Hide resolved
common/src/main/scala/org/apache/celeborn/common/util/PbSerDeUtils.scala
Outdated
Show resolved
Hide resolved
master/src/main/scala/org/apache/celeborn/service/deploy/master/Master.scala
Outdated
Show resolved
Hide resolved
...src/main/java/org/apache/celeborn/service/deploy/master/clustermeta/AbstractMetaManager.java
Outdated
Show resolved
Hide resolved
A general query on this - is there any benefit to not supporting auth going forward given authn support has completed ? (except for backward compatibility reasons for older applications) +CC @otterc in case I am missing something ! |
I agree, we will also enable auth for our use case. |
This pr is used to provide the tenant information for dashboard. https://issues.apache.org/jira/browse/CELEBORN-1227 Do we plan to set |
No, IMO this feature has nothing to do with whether the auth enabled or not. |
Have a general question. Why is user identifier needed to be shared with Celeborn? I can't find any information in the linked jira: CELEBORN-1285 |
Thanks for the suggestion, will check how to implement it. |
81d500c
to
66e1a21
Compare
client/src/main/scala/org/apache/celeborn/client/LifecycleManager.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/org/apache/celeborn/client/LifecycleManager.scala
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should also deserialize the userIndentifier of ApplicationMeta in MetaHandler.
b5fd917
to
0feedd7
Compare
// Since method `onStart` is executed when `rpcEnv.setupEndpoint` is executed, and | ||
// `masterClient` is initialized after `rpcEnv` is initialized, if method `onStart` contains | ||
// a reference to `masterClient`, there may be cases where `masterClient` is null when | ||
// `masterClient` is called. Therefore, it's necessary to uniformly execute the initialization | ||
// method at the end of the construction of the class to perform the initialization operations. | ||
private def initialize(): Unit = { | ||
// noinspection ConvertExpressionToSAM | ||
updateApplicationMeta() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This actually conflicts with safely propagating the application secret to the Celeborn Master. When auth is enabled, this will transmit application secret to Celeborn Master without any Sasl client authentication. Currently, we have added Anonymous client authentication, but the plan was to add other mechanisms.
cc. @mridulm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should rename the existing ApplicationMeta
to ApplicationAuthMeta
and it should contain information specific to authentication. We can then use ApplicationMeta for general app info that needs to be sent to the Celeborn Master.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
checking
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This actually conflicts with safely propagating the application secret to the Celeborn Master. When auth is enabled, this will transmit application secret to Celeborn Master without any Sasl client authentication. Currently, we have added Anonymous client authentication, but the plan was to add other mechanisms. cc. @mridulm
Based on my understanding, if authentication is enabled in Celeborn, it is not possible to access the Celeborn Master without SASL client authentication. This PR does not introduce new mechanisms; it merely adds an identifier to ApplicationMeta. Therefore, I believe this PR does not compromise security. @otterc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, you are correct. The connection will only be established once the client is authenticated. However, I still believe that sending the secret in plain text multiple times to the Master may cause issues in the future. Eventually, we would want to encrypt the secret, and TLS support is for that purpose. If we are sending the secret multiple times, it would mean that not only registration has to be done with TLS but also that all messages should be sent via TLS. Therefore, I think having authentication metadata separated from general application metadata will be better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree with most messages shouldn't be sent via TLS. I believe that the most fundamental issue with the existing security authentication mechanism is that it only authenticates the connection, but does not verify the legitimacy of the messages sent by the authenticated client. At the very least, we need verify that the applicationId in the sent messages matches the applicationId provided during the initial authentication, Otherwise, an authenticated client could still access or modify with the data of other applications. I am not sure if this is in line with the expectations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this is a gap. We can validate the appId in the fetch and push messages of an application. I created https://issues.apache.org/jira/browse/CELEBORN-1360 for that and will create a PR soon.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this is a gap. We can validate the appId in the fetch and push messages of an application. I created https://issues.apache.org/jira/browse/CELEBORN-1360 for that and will create a PR soon.
If that's the case, then we won't have to send a secret; we'll only need to update the userIdentifier. I believe that extending the ApplicationMeta to contain more application-related information is acceptable.
0feedd7
to
a9a4761
Compare
This PR is stale because it has been open 20 days with no activity. Remove stale label or comment or this will be closed in 10 days. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2365 +/- ##
==========================================
- Coverage 48.96% 48.93% -0.03%
==========================================
Files 209 209
Lines 13146 13153 +7
Branches 1135 1137 +2
==========================================
- Hits 6436 6435 -1
- Misses 6287 6296 +9
+ Partials 423 422 -1 ☔ View full report in Codecov by Sentry. |
What changes were proposed in this pull request?
In this pr, we support to update the user identifier in application meta when initializing lifecycle manager.
Why are the changes needed?
to close CELEBORN-1285
Does this PR introduce any user-facing change?
No.
How was this patch tested?
UT.