New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File group provider #5028
File group provider #5028
Conversation
.. code-block:: none | ||
|
||
group-provider.name=file | ||
file.group-file=/path/to/group.txt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
txt? We usually use json. I think using json make sense here because:
- it is coherent with other file based configuration files
- it is much easier to extend it in future
- there is less parsing code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is based on the Apache HTTP server format, which is the format we use for password files
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We used the Apache password file format since it is a standard format and we could have people use htpasswd
, rather than needing to write our own or have detailed instructions on how to create it. I don't think this applies here.
However, I can see the argument that this is a very simple mapping format that we do not expect to change, and using JSON is overkill.
``file.group-file`` Path of the group file. | ||
|
||
``file.refresh-period`` How often to reload the group file. | ||
Defaults to ``1m``. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess by default it shouldn't refresh, like it is implemented for cases like that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My goal is to have this consistent with password file, and people seem to like the refresh.
...password-authenticators/src/main/java/io/prestosql/plugin/password/file/FileGroupConfig.java
Show resolved
Hide resolved
...password-authenticators/src/main/java/io/prestosql/plugin/password/file/FileGroupConfig.java
Show resolved
Hide resolved
@@ -27,7 +27,7 @@ The following configuration properties are available: | |||
==================================== ============================================== | |||
Property Description | |||
==================================== ============================================== | |||
``file.password`` Path of the password file. | |||
``file.password-file`` Path of the password file. | |||
|
|||
``file.refresh-period`` How often to reload the password file. | |||
Defaults to ``1m``. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh. So this is where the default came from. Should we consider changing file based access rules to have this default set as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on feedback from david I changed the docs to 5s, and changed the file group provider to 5s also.
|
||
.. code-block:: none | ||
|
||
group_name: user_1 user_2 user3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: user_3
for uniformity?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not to bikeshed on the format, but I'd expect this to use commas, like the UNIX /etc/group
file format:
group_name:user_1,user_2,user_3
This would be the same format, minus the group ID and password fields.
...ssword-authenticators/src/main/java/io/prestosql/plugin/password/file/FileGroupProvider.java
Outdated
Show resolved
Hide resolved
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package io.prestosql.plugin.password.file; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there a reason to put a GroupProvider
implementation in this package? this feature seems to be independent to the password authenticators. Should we create a separate package (or even module like other plugin implementations)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think they are close to a matched set, and will be commonly used together. Also, I don't think there is much of a problem since none of these plugins take up. much resources
...word-authenticators/src/test/java/io/prestosql/plugin/password/file/TestFileGroupConfig.java
Outdated
Show resolved
Hide resolved
...rd-authenticators/src/test/java/io/prestosql/plugin/password/file/TestFileGroupProvider.java
Outdated
Show resolved
Hide resolved
...authenticators/src/main/java/io/prestosql/plugin/password/file/FileGroupProviderFactory.java
Show resolved
Hide resolved
...ssword-authenticators/src/main/java/io/prestosql/plugin/password/file/FileGroupProvider.java
Outdated
Show resolved
Hide resolved
2b43aea
to
3bd05ea
Compare
All updated |
6138b01
to
33defe8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for updating, looks good to me!
...password-authenticators/src/main/java/io/prestosql/plugin/password/file/FileGroupConfig.java
Outdated
Show resolved
Hide resolved
Fix property name in password file docs Add missing config null checks
No description provided.