[GitHub] [incubator-pinot] apucher commented on a change in pull request #6613: Basic Auth for pinot-controller

Wed, 17 Mar 2021 10:05:02 -0700 


apucher commented on a change in pull request #6613:
URL: https://github.com/apache/incubator-pinot/pull/6613#discussion_r596217291



##########
File path: 
pinot-controller/src/main/java/org/apache/pinot/controller/api/access/AccessControl.java
##########
@@ -64,4 +67,36 @@ default boolean hasAccess(String tableName, AccessType 
accessType, HttpHeaders h
   default boolean hasAccess(AccessType accessType, HttpHeaders httpHeaders, 
String endpointUrl) {
     return true;
   }
+
+  /**
+   * Return workflow info for authenticating users. Not all workflows may be 
supported by the pinot UI implementation.
+   *
+   * @return workflow info for user authentication
+   */
+  default AuthWorkflowInfo getAuthWorkflowInfo() {
+    return new AuthWorkflowInfo(WORKFLOW_NONE);
+  }
+
+  /**
+   * Container for authentication workflow info for the Pinot UI. May be 
extended by implementations.
+   *
+   * Auth workflow info hold any configuration necessary to execute a UI 
workflow. We currently foresee supporting NONE
+   * (auth disabled), BASIC (basic auth with username and password), and 
OAUTH2 (token-based workflow via external
+   * issuer)
+   */
+  class AuthWorkflowInfo {

Review comment:
       afaik LinkedIn doesn't authenticate web UI calls at all (it's not yet 
supported by the controller UI). cert-based auth takes place in restli's tls 
layer, while broker queries are further authenticated with tokens at the 
request layer.
   
   this endpoint enables us to configure different UI auth workflows depending 
on the scenario. at minimum we need to support NONE to maintain backwards 
compatibility and BASIC to support fully authenticated clusters with this PR.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org

Reply via email to