lasdf1234 opened a new pull request, #10972:
URL: https://github.com/apache/gravitino/pull/10972
### What changes were proposed in this pull request?
This branch currently includes the local basic authentication foundation
work that is ahead of `main`, including the service admin initialization task.
The changes in this branch include:
1. Basic authenticator module wiring and password hashing support.
2. Local IdP metadata schema and related persistence coverage.
3. Local IdP management APIs and supporting server wiring.
4. Service admin initialization in `authenticator-basic`, aligned with the
`ServerAuthenticator` singleton style, plus the built-in IdP bridge and tests.
### Why are the changes needed?
The local authentication epic requires these foundational pieces to work
together on top of `main`. In particular, the service admin initialization task
needs the local basic authentication stack to be available so a fresh
deployment can provision the initial built-in admin accounts safely and
consistently.
Fix: #10963
### Does this PR introduce _any_ user-facing change?
Yes.
This branch adds the local basic authentication foundation work, including
validation of `GRAVITINO_INITIAL_ADMIN_PASSWORD` during startup and
initialization of any missing configured service admins when
`gravitino.authenticators` contains `basic`. Startup fails if a required
initial password is missing or invalid.
### How was this patch tested?
Run the following tests with JDK 17:
```bash
export
JAVA_HOME=/Library/Java/JavaVirtualMachines/microsoft-17.jdk/Contents/Home
export PATH="$JAVA_HOME/bin:$PATH"
./gradlew \
:authenticators:authenticator-basic:test --tests
org.apache.gravitino.auth.local.TestServiceAdminInitializer \
:core:test --tests org.apache.gravitino.authorization.TestIdpUserManager
--tests org.apache.gravitino.authorization.TestIdpServiceAdminManager \
:server:test --tests org.apache.gravitino.server.TestGravitinoServer \
-PskipITs -PskipDockerTests=true
```
The tests cover:
1. Service admin initialization only when `basic` authentication is enabled.
2. Successful initialization for missing configured service admins.
3. Failure cases for missing passwords, invalid JSON, invalid
`username:password` entries, unknown admins, duplicate admins, and invalid
password policy.
4. Server startup wiring and the built-in IdP service admin bridge.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
