You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@drill.apache.org by dz...@apache.org on 2021/12/14 17:31:51 UTC
[drill] branch master updated: DRILL-8076: Remove unneeded Vault token BOOT opt (#2404)
This is an automated email from the ASF dual-hosted git repository.
dzamo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill.git
The following commit(s) were added to refs/heads/master by this push:
new c931f16 DRILL-8076: Remove unneeded Vault token BOOT opt (#2404)
c931f16 is described below
commit c931f1693997a8e0d38d41fcc1335f13282b62e8
Author: James Turton <91...@users.noreply.github.com>
AuthorDate: Tue Dec 14 19:31:42 2021 +0200
DRILL-8076: Remove unneeded Vault token BOOT opt (#2404)
* Remove unneeded Vault token BOOT opt.
* Remove Vault token BOOT opt code from unit test class.
---
.../rpc/user/security/VaultUserAuthenticator.java | 37 ++++------------------
.../user/security/TestVaultUserAuthenticator.java | 2 --
2 files changed, 6 insertions(+), 33 deletions(-)
diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/security/VaultUserAuthenticator.java b/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/security/VaultUserAuthenticator.java
index 110d5f7..a7e94ef 100644
--- a/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/security/VaultUserAuthenticator.java
+++ b/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/security/VaultUserAuthenticator.java
@@ -42,7 +42,6 @@ public class VaultUserAuthenticator implements UserAuthenticator {
// Drill boot options used to configure Vault auth.
public static final String VAULT_ADDRESS = "drill.exec.security.user.auth.vault.address";
- public static final String VAULT_TOKEN = "drill.exec.security.user.auth.vault.token";
public static final String VAULT_AUTH_METHOD = "drill.exec.security.user.auth.vault.method";
// The subset of Vault auth methods that are supported by this authenticator
@@ -86,32 +85,9 @@ public class VaultUserAuthenticator implements UserAuthenticator {
)
);
+ // There's no need for Drill have its own Vault token for it to use auth
+ // methods.
VaultConfig vaultConfBuilder = new VaultConfig().address(vaultAddress);
- String vaultToken = config.hasPath(VAULT_TOKEN)
- ? config.getString(VAULT_TOKEN)
- : null;
-
- if (this.authMethod == VaultAuthMethod.VAULT_TOKEN) {
- // Drill will use end users' Vault tokens for Vault operations
- if (vaultToken != null) {
- logger.warn(
- "When Drill is set to authenticate using end user Vault tokens the " +
- "[{}] BOOT option is ignored.",
- VAULT_TOKEN
- );
- }
- } else {
- // Drill needs its own Vault token set in a BOOT option
- if (vaultToken == null) {
- throw new DrillbitStartupException(String.format(
- "Only the %s method is supported if you do not set a token in the " +
- "[%s] config option.",
- VaultAuthMethod.VAULT_TOKEN,
- VAULT_TOKEN
- ));
- }
- vaultConfBuilder.token(vaultToken);
- }
// Initialise Vault client
try {
@@ -127,11 +103,9 @@ public class VaultUserAuthenticator implements UserAuthenticator {
logger.error(String.join(System.lineSeparator(),
"Error initialising the Vault client library using configuration: ",
"\tvaultAddress: {}",
- "\tvaultToken: {}",
"\tauthMethod: {}"
),
vaultAddress,
- vaultToken,
authMethod,
e
);
@@ -175,9 +149,10 @@ public class VaultUserAuthenticator implements UserAuthenticator {
case VAULT_TOKEN:
// user = username, password = vault token
- // Create a throwaway Vault client using the provided token and send a
- // token lookup request to Vault which will fail if the token is
- // invalid.
+ // The BetterCloud Vault client doesn't provide an auth-by-token
+ // method so instead we create a throwaway Vault client using the
+ // provided token and send a token lookup request to Vault which
+ // will fail if the token is invalid.
VaultConfig lookupConfig = new VaultConfig()
.address(this.vaultConfig.getAddress())
.token(password)
diff --git a/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestVaultUserAuthenticator.java b/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestVaultUserAuthenticator.java
index d5e33c2..d5bf5cf 100644
--- a/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestVaultUserAuthenticator.java
+++ b/exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestVaultUserAuthenticator.java
@@ -74,7 +74,6 @@ public class TestVaultUserAuthenticator extends ClusterTest {
.configProperty(ExecConstants.USER_AUTHENTICATION_ENABLED, true)
.configProperty(ExecConstants.USER_AUTHENTICATOR_IMPL, "vault")
.configProperty(VaultUserAuthenticator.VAULT_ADDRESS, vaultAddr)
- .configProperty(VaultUserAuthenticator.VAULT_TOKEN, ROOT_TOKEN_VALUE)
.configProperty(
VaultUserAuthenticator.VAULT_AUTH_METHOD,
VaultUserAuthenticator.VaultAuthMethod.USER_PASS
@@ -110,7 +109,6 @@ public class TestVaultUserAuthenticator extends ClusterTest {
.configProperty(ExecConstants.USER_AUTHENTICATION_ENABLED, true)
.configProperty(ExecConstants.USER_AUTHENTICATOR_IMPL, "vault")
.configProperty(VaultUserAuthenticator.VAULT_ADDRESS, vaultAddr)
- // test without any VAULT_TOKEN boot option for token auth method
.configProperty(
VaultUserAuthenticator.VAULT_AUTH_METHOD,
VaultUserAuthenticator.VaultAuthMethod.VAULT_TOKEN