You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pinot.apache.org by ap...@apache.org on 2023/02/24 03:59:59 UTC

[pinot] branch auth-enable-readonly-access-controller-ui created (now 95b73d30fc)

This is an automated email from the ASF dual-hosted git repository.

apucher pushed a change to branch auth-enable-readonly-access-controller-ui
in repository https://gitbox.apache.org/repos/asf/pinot.git


      at 95b73d30fc enable readonly access to controller UI for users without table restrictions

This branch includes the following new commits:

     new 95b73d30fc enable readonly access to controller UI for users without table restrictions

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org

[pinot] 01/01: enable readonly access to controller UI for users without table restrictions

Posted by ap...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

apucher pushed a commit to branch auth-enable-readonly-access-controller-ui
in repository https://gitbox.apache.org/repos/asf/pinot.git

commit 95b73d30fcd3cc15aa7f9a1a190eb962b243c999
Author: Alexander Pucher <al...@startree.ai>
AuthorDate: Thu Feb 23 19:59:47 2023 -0800

    enable readonly access to controller UI for users without table restrictions
---
 .../api/resources/PinotControllerAuthResource.java       |  5 +++++
 .../main/java/org/apache/pinot/tools/AuthQuickstart.java | 16 ++++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java b/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
index 77b77479ca..6288b17be6 100644
--- a/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
+++ b/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
@@ -74,6 +74,11 @@ public class PinotControllerAuthResource {
   public boolean verify(@ApiParam(value = "Table name without type") @QueryParam("tableName") String tableName,
       @ApiParam(value = "API access type") @QueryParam("accessType") AccessType accessType,
       @ApiParam(value = "Endpoint URL") @QueryParam("endpointUrl") String endpointUrl) {
+
+    if (accessType == null) {
+      accessType = AccessType.READ;
+    }
+
     AccessControl accessControl = _accessControlFactory.create();
     return accessControl.hasAccess(tableName, accessType, _httpHeaders, endpointUrl);
   }
diff --git a/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java b/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
index 2642bbbb19..e4eaa89715 100644
--- a/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
+++ b/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
@@ -47,19 +47,23 @@ public class AuthQuickstart extends Quickstart {
     properties.put("pinot.controller.segment.fetcher.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
     properties.put("controller.admin.access.control.factory.class",
         "org.apache.pinot.controller.api.access.BasicAuthAccessControlFactory");
-    properties.put("controller.admin.access.control.principals", "admin, user");
+    properties.put("controller.admin.access.control.principals", "admin, user, service, tableonly");
     properties.put("controller.admin.access.control.principals.admin.password", "verysecret");
+    properties.put("controller.admin.access.control.principals.service.password", "verysecrettoo");
     properties.put("controller.admin.access.control.principals.user.password", "secret");
-    properties.put("controller.admin.access.control.principals.user.tables", "baseballStats");
-    properties.put("controller.admin.access.control.principals.user.permissions", "read");
+    properties.put("controller.admin.access.control.principals.user.permissions", "READ");
+    properties.put("controller.admin.access.control.principals.tableonly.password", "secrettoo");
+    properties.put("controller.admin.access.control.principals.tableonly.permissions", "READ");
+    properties.put("controller.admin.access.control.principals.tableonly.tables", "baseballStats");
 
     // broker
     properties.put("pinot.broker.access.control.class", "org.apache.pinot.broker.broker.BasicAuthAccessControlFactory");
-    properties.put("pinot.broker.access.control.principals", "admin, user");
+    properties.put("pinot.broker.access.control.principals", "admin, user, service, tableonly");
     properties.put("pinot.broker.access.control.principals.admin.password", "verysecret");
+    properties.put("pinot.broker.access.control.principals.service.password", "verysecrettoo");
     properties.put("pinot.broker.access.control.principals.user.password", "secret");
-    properties.put("pinot.broker.access.control.principals.user.tables", "baseballStats");
-    properties.put("pinot.broker.access.control.principals.user.permissions", "read");
+    properties.put("pinot.broker.access.control.principals.tableonly.password", "secrettoo");
+    properties.put("pinot.broker.access.control.principals.tableonly.tables", "baseballStats");
 
     // server
     properties.put("pinot.server.segment.fetcher.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org