You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2022/10/28 13:30:02 UTC
[GitHub] [druid] tijoparacka commented on a diff in pull request #13245: Update LDAP configuration docs
tijoparacka commented on code in PR #13245:
URL: https://github.com/apache/druid/pull/13245#discussion_r1008068171
##########
docs/development/extensions-core/druid-basic-security.md:
##########
@@ -182,24 +333,131 @@ druid.auth.authorizer.MyBasicMetadataAuthorizer.type=basic
The examples in the rest of this article use `MyBasicMetadataAuthorizer` or `MyBasicLDAPAuthorizer` as the authorizer name.
#### Properties for Druid metadata store user authorization
-|Property|Description|Default|required|
-|--------|-----------|-------|--------|
-|`druid.auth.authorizer.MyBasicMetadataAuthorizer.enableCacheNotifications`|If true, the Coordinator will notify Druid processes whenever a configuration change to this Authorizer occurs, allowing them to immediately update their state without waiting for polling.|true|No|
-|`druid.auth.authorizer.MyBasicMetadataAuthorizer.cacheNotificationTimeout`|The timeout in milliseconds for the cache notifications.|5000|No|
-|`druid.auth.authorizer.MyBasicMetadataAuthorizer.initialAdminUser`|The initial admin user with role defined in initialAdminRole property if specified, otherwise the default admin role will be assigned.|admin|No|
-|`druid.auth.authorizer.MyBasicMetadataAuthorizer.initialAdminRole`|The initial admin role to create if it doesn't already exists.|admin|No|
-|`druid.auth.authorizer.MyBasicMetadataAuthorizer.roleProvider.type`|The type of role provider to authorize requests credentials.|metadata|No
+
+**`druid.auth.authorizer.MyBasicMetadataAuthorizer.enableCacheNotifications`**
+
+If true, the Coordinator will notify Druid processes whenever a configuration change to this Authorizer occurs, allowing them to immediately update their state without waiting for polling.<br>
+ **Required**: No<br>
+ **Default**: true
+
+**`druid.auth.authorizer.MyBasicMetadataAuthorizer.cacheNotificationTimeout`**
+
+The timeout in milliseconds for the cache notifications.<br>
+ **Required**: No<br>
+ **Default**: 5000
+
+**`druid.auth.authorizer.MyBasicMetadataAuthorizer.initialAdminUser`**
+
+The initial admin user with role defined in initialAdminRole property if specified, otherwise the default admin role will be assigned.<br>
+ **Required**: No<br>
+ **Default**: admin
+
+**`druid.auth.authorizer.MyBasicMetadataAuthorizer.initialAdminRole`**
+
+The initial admin role to create if it doesn't already exists.<br>
+ **Required**: No<br>
+ **Default**: admin
+
+**`druid.auth.authorizer.MyBasicMetadataAuthorizer.roleProvider.type`**
+
+The type of role provider to authorize requests credentials.<br>
+ **Required**: No<br>
+ **Default**: metadata
#### Properties for LDAP user authorization
-|Property|Description|Default|required|
-|--------|-----------|-------|--------|
-|`druid.auth.authorizer.MyBasicLDAPAuthorizer.enableCacheNotifications`|If true, the Coordinator will notify Druid processes whenever a configuration change to this Authorizer occurs, allowing them to immediately update their state without waiting for polling.|true|No|
-|`druid.auth.authorizer.MyBasicLDAPAuthorizer.cacheNotificationTimeout`|The timeout in milliseconds for the cache notifications.|5000|No|
-|`druid.auth.authorizer.MyBasicLDAPAuthorizer.initialAdminUser`|The initial admin user with role defined in initialAdminRole property if specified, otherwise the default admin role will be assigned.|admin|No|
-|`druid.auth.authorizer.MyBasicLDAPAuthorizer.initialAdminRole`|The initial admin role to create if it doesn't already exists.|admin|No|
-|`druid.auth.authorizer.MyBasicLDAPAuthorizer.initialAdminGroupMapping`|The initial admin group mapping with role defined in initialAdminRole property if specified, otherwise the default admin role will be assigned. The name of this initial admin group mapping will be set to adminGroupMapping|null|No|
-|`druid.auth.authorizer.MyBasicLDAPAuthorizer.roleProvider.type`|The type of role provider (ldap) to authorize requests credentials.|metadata|No
-|`druid.auth.authorizer.MyBasicLDAPAuthorizer.roleProvider.groupFilters`|Array of LDAP group filters used to filter out the allowed set of groups returned from LDAP search. Filters can be begin with *, or end with ,* to provide configurational flexibility to limit or filter allowed set of groups available to LDAP Authorizer.|null|No|
+
+**`druid.auth.authorizer.MyBasicLDAPAuthorizer.enableCacheNotifications`**
+
+If true, the Coordinator will notify Druid processes whenever a configuration change to this Authorizer occurs, allowing them to immediately update their state without waiting for polling.<br>
+ **Required**: No<br>
+ **Default**: true
+
+**`druid.auth.authorizer.MyBasicLDAPAuthorizer.cacheNotificationTimeout`**
+
+The timeout in milliseconds for the cache notifications.<br>
+ **Required**: No<br>
+ **Default**: 5000
+
+**`druid.auth.authorizer.MyBasicLDAPAuthorizer.initialAdminUser`**
+
+The initial admin user with role defined in initialAdminRole property if specified, otherwise the default admin role will be assigned.<br>
+ **Required**: No<br>
+ **Default**: admin
+
+**`druid.auth.authorizer.MyBasicLDAPAuthorizer.initialAdminRole`**
+
+The initial admin role to create if it doesn't already exists.<br>
+ **Required**: No<br>
+ **Default**: admin
+
+**`druid.auth.authorizer.MyBasicLDAPAuthorizer.initialAdminGroupMapping`**
+
+The initial admin group mapping with role defined in initialAdminRole property if specified, otherwise the default admin role will be assigned. The name of this initial admin group mapping will be set to adminGroupMapping<br>
+ **Required**: No<br>
+ **Default**: null
+
+**`druid.auth.authorizer.MyBasicLDAPAuthorizer.roleProvider.type`**
+
+The type of role provider (ldap) to authorize requests credentials.<br>
+ **Required**: No<br>
+ **Default**: metadata
+
+**`druid.auth.authorizer.MyBasicLDAPAuthorizer.roleProvider.groupFilters`**
+
+Array of LDAP group filters used to filter out the allowed set of groups returned from LDAP search. Filters can be begin with *, or end with ,* to provide configurational flexibility to limit or filter allowed set of groups available to LDAP Authorizer.<br>
+ **Required**: No<br>
+ **Default**: null
+
+#### Properties for LDAPS
+
+Use the following properties to configure Druid authentication with LDAP over TLS (LDAPS). See [Configure LDAP authentication](../../operations/auth-ldap.md) for more information.
+
+**`druid.auth.basic.ssl.protocol`**
+
+SSL protocol to use. The TLS version is 1.2.<br>
+ **Required**: Yes<br>
+ **Default**: tls
+
+**`druid.auth.basic.ssl.trustStorePath`**
+
+Path to the trust store file.<br>
+ **Required**: Yes<br>
+ **Default**: N/A
+
+**`druid.auth.basic.ssl.trustStorePassword`**
+
+Password to access the trust store file.<br>
+ **Required**: Yes<br>
+ **Default**: N/A
+
+**`druid.auth.basic.ssl.trustStoreType`**
+
+Format of the trust store file. For Java the format is jks.<br>
+ **Required**: No<br>
+ **Default**: jks
+
+**`druid.auth.basic.ssl.trustStoreAlgorithm`**
+
+Algorithm used by the trust manager to validate certificate chains.<br>
+ **Required**: No<br>
+ **Default**: N/A
+
+**`druid.auth.basic.ssl.trustStorePasswordProvider`**
Review Comment:
In my understanding this property should be `druid.auth.basic.ssl.trustStorePassword` variable name is `trustStorePasswordProvider`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org