RPC Authorization #710
Closed
RPC Authorization #710
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
assigned 
hsanjuan
reviewed
Mar 8, 2019
There was a problem hiding this comment.
This goes in the right direction.
We need to discuss whether the "policy" config option is part of the consensus component configuration (only for crdts, for raft it would be implicit), or general in the cluster section like proposed here.
This decision has to do with where we place the trusted_peerset option which will be used by crdts.
@lanzafame opinion?
kishansagathiya
commented
Mar 11, 2019
|
Can I get a quick review for this? |
kishansagathiya
force-pushed
the
issue_666
branch
from
7bc56cb
to
0964bca
Compare
5 tasks
|
Thanks @kishansagathiya , I will finish this PR |
24 tasks
This commit adds permission policy for raft consensus and adds permission policy to config(but hides it from user). It proposes minimum set of RPC methods which we have to allow peers in order for all cluster features to work as expected. It restricts peers from accessing methods that are not part of the proposed RPC method set. Proposed authorization would work only for raft consensus. `authorizeWithPolicy` would need to be edited in order to support upcoming consensus mechanisms. Issue #666
Addressed some review comments - added `authorizer` that could contain all information required to be used authrorize function - ability to add more peers after `authorizer` has been created
- No need to change gx hash for gorpc and ocgorpc - Use map for trusted peers instead of array Issue #666
Merged
|
Superseeded at #775 |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds permission policy for raft consensus and adds
permission policy to config(but hides it from user).
It proposes minimum set of RPC methods which we have to allow peers in
order for all cluster features to work as expected. It restricts peers
from accessing methods that are not part of the proposed RPC method set.
Proposed authorization would work only for raft consensus.
authorizeWithPolicywould need to be edited in order to supportupcoming consensus mechanisms.
#666