Overview
Basic Auth in Druid sets up an Authenticator that supports HTTP Basic authentication using the Druid metadata store or LDAP as its credentials store. It also sets up an Authorizer that implements basic role-based access control for Druid metadata store or LDAP users and groups. Please keep in mind that TLS should also be enabled to prevent credentials from being passed in plain text.
Configuration
The below steps are an example of implementing Druid Basic Auth.
First, add the basic-auth extension to Druid in the common.runtime.properties.
druid.extensions.loadList=["druid-basic-security", "druid-histogram", "druid-datasketches", "druid-kafka-indexing-service", "imply-utility-belt"]
Set up the basic Authenticator, Authorizer, and Escalator config in the same common.runtime.properties: (The below excerpt can be directly copied and pasted)
# Druid basic security
druid.auth.authenticatorChain=["MyBasicMetadataAuthenticator"]
druid.auth.authenticator.MyBasicMetadataAuthenticator.type=basic
druid.auth.authenticator.MyBasicMetadataAuthenticator.initialAdminPassword=password1
druid.auth.authenticator.MyBasicMetadataAuthenticator.initialInternalClientPassword=password2
druid.auth.authenticator.MyBasicMetadataAuthenticator.credentialsValidator.type=metadata
druid.auth.authenticator.MyBasicMetadataAuthenticator.skipOnFailure=false
druid.auth.authenticator.MyBasicMetadataAuthenticator.authorizerName=MyBasicMetadataAuthorizer
# Escalator
druid.escalator.type=basic
druid.escalator.internalClientUsername=druid_system
druid.escalator.internalClientPassword=password2
druid.escalator.authorizerName=MyBasicMetadataAuthorizer
druid.auth.authorizers=["MyBasicMetadataAuthorizer"]
druid.auth.authorizer.MyBasicMetadataAuthorizer.type=basic
If you are a Pivot admin, you can establish a basic Druid authorization using the Pivot UI:
-
Click the Person icon in the top right corner to open the Settings menu.
-
Click the Connections chevron.
-
In the Default auth token field, enter the following string: {"type":"basic-auth","username":"admin","password":"druid"}.
References
Druid documentation -> https://druid.apache.org/docs/latest/development/extensions-core/druid-basic-security.html
Git gist -> https://gist.github.com/davidagee/c0c839cd23f047b838e8a3ea73320346
Securing Druid -> https://imply.io/post/securing-druid
Comments
0 comments
Please sign in to leave a comment.