You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by ne...@apache.org on 2022/06/02 17:20:12 UTC
[pinot] branch master updated: Adding acl support for helm chart (#8816)

This is an automated email from the ASF dual-hosted git repository.

nehapawar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git


The following commit(s) were added to refs/heads/master by this push:
     new b028499439 Adding acl support for helm chart (#8816)
b028499439 is described below

commit b0284994393c09d79917e529592b8ac10258e9ea
Author: Xiang Fu <xi...@gmail.com>
AuthorDate: Thu Jun 2 10:20:05 2022 -0700

    Adding acl support for helm chart (#8816)
---
 kubernetes/helm/pinot/templates/broker/configmap.yaml     |  6 ++++++
 kubernetes/helm/pinot/templates/controller/configmap.yaml |  8 +++++++-
 kubernetes/helm/pinot/values.yaml                         | 12 ++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/kubernetes/helm/pinot/templates/broker/configmap.yaml b/kubernetes/helm/pinot/templates/broker/configmap.yaml
index 8f7d3a8bfc..37161272c2 100644
--- a/kubernetes/helm/pinot/templates/broker/configmap.yaml
+++ b/kubernetes/helm/pinot/templates/broker/configmap.yaml
@@ -26,3 +26,9 @@ data:
     pinot.broker.client.queryPort={{ .Values.broker.service.port }}
     pinot.broker.routing.table.builder.class={{ .Values.broker.routingTable.builderClass }}
 {{ .Values.broker.extra.configs | indent 4 }}
+{{- if .Values.pinotAuth.enabled}}
+    pinot.broker.access.control.class={{ .Values.pinotAuth.brokerFactoryClass }}
+{{- range $config := .Values.pinotAuth.configs}}
+{{ printf "pinot.broker.%s" $config | indent 4 -}}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/helm/pinot/templates/controller/configmap.yaml b/kubernetes/helm/pinot/templates/controller/configmap.yaml
index bac1d8221d..2db39593bb 100644
--- a/kubernetes/helm/pinot/templates/controller/configmap.yaml
+++ b/kubernetes/helm/pinot/templates/controller/configmap.yaml
@@ -31,4 +31,10 @@ data:
 {{- end }}
     controller.data.dir={{ .Values.controller.data.dir }}
     controller.zk.str={{ include "zookeeper.url" . }}
-{{ .Values.controller.extra.configs | indent 4 }}
\ No newline at end of file
+{{ .Values.controller.extra.configs | indent 4 }}
+{{- if .Values.pinotAuth.enabled}}
+    controller.admin.access.control.factory.class={{ .Values.pinotAuth.controllerFactoryClass }}
+{{- range $config := .Values.pinotAuth.configs}}
+{{ printf "controller.admin.%s" $config | indent 4 -}}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/helm/pinot/values.yaml b/kubernetes/helm/pinot/values.yaml
index 31b362bad6..503aa21747 100644
--- a/kubernetes/helm/pinot/values.yaml
+++ b/kubernetes/helm/pinot/values.yaml
@@ -54,6 +54,18 @@ serviceAccount:
 
 additionalMatchLabels: {}
 
+
+pinotAuth:
+  enabled: false
+  controllerFactoryClass: org.apache.pinot.controller.api.access.BasicAuthAccessControlFactory
+  brokerFactoryClass: org.apache.pinot.broker.broker.BasicAuthAccessControlFactory
+  configs:
+  #  - access.control.principals=admin,user
+  #  - access.control.principals.admin.password=verysecret
+  #  - access.control.principals.user.password=secret
+  #  - access.control.principals.user.tables=baseballStats,otherstuff
+  #  - access.control.principals.user.permissions=READ
+
 # ------------------------------------------------------------------------------
 # Pinot Controller:
 # ------------------------------------------------------------------------------


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org