You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by ap...@apache.org on 2023/02/25 03:15:45 UTC
[pinot] branch master updated: enable readonly access to controller UI for users without table restrictions (#10329)
This is an automated email from the ASF dual-hosted git repository.
apucher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git
The following commit(s) were added to refs/heads/master by this push:
new 3772b55dc4 enable readonly access to controller UI for users without table restrictions (#10329)
3772b55dc4 is described below
commit 3772b55dc4c35673762a182b2ee650469560aa97
Author: Alexander Pucher <ap...@apache.org>
AuthorDate: Fri Feb 24 19:15:37 2023 -0800
enable readonly access to controller UI for users without table restrictions (#10329)
---
.../api/resources/PinotControllerAuthResource.java | 3 ++-
.../main/java/org/apache/pinot/tools/AuthQuickstart.java | 16 ++++++++++------
2 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java b/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
index 77b77479ca..52e518cfed 100644
--- a/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
+++ b/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
@@ -28,6 +28,7 @@ import io.swagger.annotations.Authorization;
import io.swagger.annotations.SecurityDefinition;
import io.swagger.annotations.SwaggerDefinition;
import javax.inject.Inject;
+import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
@@ -72,7 +73,7 @@ public class PinotControllerAuthResource {
@ApiResponse(code = 500, message = "Verification error")
})
public boolean verify(@ApiParam(value = "Table name without type") @QueryParam("tableName") String tableName,
- @ApiParam(value = "API access type") @QueryParam("accessType") AccessType accessType,
+ @ApiParam(value = "API access type") @DefaultValue("READ") @QueryParam("accessType") AccessType accessType,
@ApiParam(value = "Endpoint URL") @QueryParam("endpointUrl") String endpointUrl) {
AccessControl accessControl = _accessControlFactory.create();
return accessControl.hasAccess(tableName, accessType, _httpHeaders, endpointUrl);
diff --git a/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java b/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
index 2642bbbb19..e4eaa89715 100644
--- a/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
+++ b/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
@@ -47,19 +47,23 @@ public class AuthQuickstart extends Quickstart {
properties.put("pinot.controller.segment.fetcher.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
properties.put("controller.admin.access.control.factory.class",
"org.apache.pinot.controller.api.access.BasicAuthAccessControlFactory");
- properties.put("controller.admin.access.control.principals", "admin, user");
+ properties.put("controller.admin.access.control.principals", "admin, user, service, tableonly");
properties.put("controller.admin.access.control.principals.admin.password", "verysecret");
+ properties.put("controller.admin.access.control.principals.service.password", "verysecrettoo");
properties.put("controller.admin.access.control.principals.user.password", "secret");
- properties.put("controller.admin.access.control.principals.user.tables", "baseballStats");
- properties.put("controller.admin.access.control.principals.user.permissions", "read");
+ properties.put("controller.admin.access.control.principals.user.permissions", "READ");
+ properties.put("controller.admin.access.control.principals.tableonly.password", "secrettoo");
+ properties.put("controller.admin.access.control.principals.tableonly.permissions", "READ");
+ properties.put("controller.admin.access.control.principals.tableonly.tables", "baseballStats");
// broker
properties.put("pinot.broker.access.control.class", "org.apache.pinot.broker.broker.BasicAuthAccessControlFactory");
- properties.put("pinot.broker.access.control.principals", "admin, user");
+ properties.put("pinot.broker.access.control.principals", "admin, user, service, tableonly");
properties.put("pinot.broker.access.control.principals.admin.password", "verysecret");
+ properties.put("pinot.broker.access.control.principals.service.password", "verysecrettoo");
properties.put("pinot.broker.access.control.principals.user.password", "secret");
- properties.put("pinot.broker.access.control.principals.user.tables", "baseballStats");
- properties.put("pinot.broker.access.control.principals.user.permissions", "read");
+ properties.put("pinot.broker.access.control.principals.tableonly.password", "secrettoo");
+ properties.put("pinot.broker.access.control.principals.tableonly.tables", "baseballStats");
// server
properties.put("pinot.server.segment.fetcher.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org