[GitHub] zeppelin pull request #2891: ZEPPELIN-1070: Inject Credentials in any Interp...

[pellmont <gi...@git.apache.org>]

GitHub user pellmont opened a pull request:

    https://github.com/apache/zeppelin/pull/2891

    ZEPPELIN-1070: Inject Credentials in any Interpreter-Code

    ### What is this PR for?
    This PR enables a generic syntax for inserting credentials. A username can be inserted by $[user.entry] where "entry" is the name of the credential. A password can be inserted by $[password.entry].
    To avoid output of the password all occurences of the password-String in the Interpreter-output will be replaced by "###". This should not be a really secure feature (since the runner of the notebook knows the password anyway), but it should avoid accidential exposure of the used passwords by any sort of interpreter echo.
    
    
    ### What type of PR is it?
    Feature
    
    ### Todos
    * [ ] - Documentation
    
    ### What is the Jira issue?
    ZEPPELIN-1070 Enable data source authentication in each community interpreters
    
    ### How should this be tested?
    * unit tests available
    
    ### Screenshots (if appropriate)
    
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions? The new syntax could break notebooks which contain the patterns $[user.*] or $[password.*]. But I assume this pattern is not very common...
    * Does this needs documentation? yes, but I didn't find the proper place to document it yet.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/pellmont/zeppelin ZEPPELIN-1070

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2891.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2891
    
----
commit 6770a7eebd376518eb3fa8a833add0bee4d9493c
Author: Pascal Pellmont <gi...@...>
Date:   2018-02-04T11:08:48Z

    ZEPPELIN-1070: Inject Credentials in any Interpreter-Code

----


---

[GitHub] zeppelin issue #2891: ZEPPELIN-1070: Inject Credentials in any Interpreter-C...

[felixcheung <gi...@git.apache.org>]

Github user felixcheung commented on the issue:

    https://github.com/apache/zeppelin/pull/2891
  
    thanks, sounds like that could be useful.
    what do you think about "secret" management?
    also for template I think we should match the other way, where we have a longer discussion: #2834



---

[GitHub] zeppelin issue #2891: ZEPPELIN-1070: Inject Credentials in any Interpreter-C...

[felixcheung <gi...@git.apache.org>]

Github user felixcheung commented on the issue:

    https://github.com/apache/zeppelin/pull/2891
  
    Curly braces
    
    ________________________________
    From: pellmont <no...@github.com>
    Sent: Monday, March 26, 2018 1:45:06 PM
    To: apache/zeppelin
    Cc: Felix Cheung; Manual
    Subject: Re: [apache/zeppelin] ZEPPELIN-1070: Inject Credentials in any Interpreter-Code (#2891)
    
    
    nice if I can contribute :-)
    
    I think the current API for the credentials makes sense, of course it would be nice if the credentials could be shared across users without exposing the underlying passwords. But I think as long as there are different interpreters (especially those with "free-form-connections" like spark, livy, etc) it's impossible without implementing quite some code for each of the interpreters. Ending up with limited possibilities to cpnnect to a datasource.
    
    What do you exactly mean by "match the other way"? Using the same syntax? Curly braces to be replaced and double-curly-braces to escape? Or do you mean by the configuration option(s)? Or both?
    
    —
    You are receiving this because you are subscribed to this thread.
    Reply to this email directly, view it on GitHub<https://github.com/apache/zeppelin/pull/2891#issuecomment-376305551>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AIjc-yypcBR_cbJS2lfRELnOdkQY_uH5ks5tiVNRgaJpZM4S5aTm>.



---

[GitHub] zeppelin issue #2891: ZEPPELIN-1070: Inject Credentials in any Interpreter-C...

[pellmont <gi...@git.apache.org>]

Github user pellmont commented on the issue:

    https://github.com/apache/zeppelin/pull/2891
  
    nice if I can contribute :-)
    
    I think the current API for the credentials makes sense, of course it would be nice if the credentials could be shared across users without exposing the underlying passwords. But I think as long as there are different interpreters (especially those with "free-form-connections" like spark, livy, etc) it's impossible without implementing quite some code for each of the interpreters. Ending up with limited possibilities to cpnnect to a datasource.
    
    What do you exactly mean by "match the other way"? Using the same syntax? Curly braces to be replaced and double-curly-braces to escape? Or do you mean by the configuration option(s)? Or both?


---