apucher commented on a change in pull request #6613:
URL: https://github.com/apache/incubator-pinot/pull/6613#discussion_r597144194
##########
File path:
pinot-controller/src/main/java/org/apache/pinot/controller/api/access/AccessControl.java
##########
@@ -64,4 +67,36 @@ default boolean hasAccess(String tableName, AccessType
accessType, HttpHeaders h
default boolean hasAccess(AccessType accessType, HttpHeaders httpHeaders,
String endpointUrl) {
return true;
}
+
+ /**
+ * Return workflow info for authenticating users. Not all workflows may be
supported by the pinot UI implementation.
+ *
+ * @return workflow info for user authentication
+ */
+ default AuthWorkflowInfo getAuthWorkflowInfo() {
+ return new AuthWorkflowInfo(WORKFLOW_NONE);
+ }
+
+ /**
+ * Container for authentication workflow info for the Pinot UI. May be
extended by implementations.
+ *
+ * Auth workflow info hold any configuration necessary to execute a UI
workflow. We currently foresee supporting NONE
+ * (auth disabled), BASIC (basic auth with username and password), and
OAUTH2 (token-based workflow via external
+ * issuer)
+ */
+ class AuthWorkflowInfo {
Review comment:
certificate-based auth usually takes place on the lower layer (TLS/SSL).
This endpoint purely serves to configure UI auth workflows as we broaden
support:
- disable auth workflows in the UI if pinot is set up without auth
- enable a user/password workflow for basic auth
- provide issuerUrl (with optional info) for oauth2 workflows
- provide secrets/redirects for Azure AD, kerberos, ... (as it comes up)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
