You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by pellmont <gi...@git.apache.org> on 2018/03/23 21:41:47 UTC
[GitHub] zeppelin pull request #2891: ZEPPELIN-1070: Inject Credentials in any Interp...
GitHub user pellmont opened a pull request:
https://github.com/apache/zeppelin/pull/2891
ZEPPELIN-1070: Inject Credentials in any Interpreter-Code
### What is this PR for?
This PR enables a generic syntax for inserting credentials. A username can be inserted by $[user.entry] where "entry" is the name of the credential. A password can be inserted by $[password.entry].
To avoid output of the password all occurences of the password-String in the Interpreter-output will be replaced by "###". This should not be a really secure feature (since the runner of the notebook knows the password anyway), but it should avoid accidential exposure of the used passwords by any sort of interpreter echo.
### What type of PR is it?
Feature
### Todos
* [ ] - Documentation
### What is the Jira issue?
ZEPPELIN-1070 Enable data source authentication in each community interpreters
### How should this be tested?
* unit tests available
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? The new syntax could break notebooks which contain the patterns $[user.*] or $[password.*]. But I assume this pattern is not very common...
* Does this needs documentation? yes, but I didn't find the proper place to document it yet.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/pellmont/zeppelin ZEPPELIN-1070
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2891.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2891
----
commit 6770a7eebd376518eb3fa8a833add0bee4d9493c
Author: Pascal Pellmont <gi...@...>
Date: 2018-02-04T11:08:48Z
ZEPPELIN-1070: Inject Credentials in any Interpreter-Code
----
---
[GitHub] zeppelin issue #2891: ZEPPELIN-1070: Inject Credentials in any Interpreter-C...
Posted by felixcheung <gi...@git.apache.org>.
Github user felixcheung commented on the issue:
https://github.com/apache/zeppelin/pull/2891
thanks, sounds like that could be useful.
what do you think about "secret" management?
also for template I think we should match the other way, where we have a longer discussion: #2834
---
[GitHub] zeppelin issue #2891: ZEPPELIN-1070: Inject Credentials in any Interpreter-C...
Posted by felixcheung <gi...@git.apache.org>.
Github user felixcheung commented on the issue:
https://github.com/apache/zeppelin/pull/2891
Curly braces
________________________________
From: pellmont <no...@github.com>
Sent: Monday, March 26, 2018 1:45:06 PM
To: apache/zeppelin
Cc: Felix Cheung; Manual
Subject: Re: [apache/zeppelin] ZEPPELIN-1070: Inject Credentials in any Interpreter-Code (#2891)
nice if I can contribute :-)
I think the current API for the credentials makes sense, of course it would be nice if the credentials could be shared across users without exposing the underlying passwords. But I think as long as there are different interpreters (especially those with "free-form-connections" like spark, livy, etc) it's impossible without implementing quite some code for each of the interpreters. Ending up with limited possibilities to cpnnect to a datasource.
What do you exactly mean by "match the other way"? Using the same syntax? Curly braces to be replaced and double-curly-braces to escape? Or do you mean by the configuration option(s)? Or both?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<https://github.com/apache/zeppelin/pull/2891#issuecomment-376305551>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AIjc-yypcBR_cbJS2lfRELnOdkQY_uH5ks5tiVNRgaJpZM4S5aTm>.
---
[GitHub] zeppelin issue #2891: ZEPPELIN-1070: Inject Credentials in any Interpreter-C...
Posted by pellmont <gi...@git.apache.org>.
Github user pellmont commented on the issue:
https://github.com/apache/zeppelin/pull/2891
nice if I can contribute :-)
I think the current API for the credentials makes sense, of course it would be nice if the credentials could be shared across users without exposing the underlying passwords. But I think as long as there are different interpreters (especially those with "free-form-connections" like spark, livy, etc) it's impossible without implementing quite some code for each of the interpreters. Ending up with limited possibilities to cpnnect to a datasource.
What do you exactly mean by "match the other way"? Using the same syntax? Curly braces to be replaced and double-curly-braces to escape? Or do you mean by the configuration option(s)? Or both?
---