This is an automated email from the ASF dual-hosted git repository.
cgivre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill.git
The following commit(s) were added to refs/heads/master by this push:
new c688b1f241 DRILL-8223: Refactor auth modes dropping DRILL_PROCESS and
allowing credential providers everywhere (#2547)
c688b1f241 is described below
commit c688b1f241b5ac5bdd4f6a56ca3e1342bb2f76dd
Author: James Turton <[email protected]>
AuthorDate: Tue May 17 20:58:05 2022 +0200
DRILL-8223: Refactor auth modes dropping DRILL_PROCESS and allowing
credential providers everywhere (#2547)
* Remove CredentialedStoragePluginConfig and drill_process auth mode.
* Add a unit test of shared_user with no creds based on H2.
* Fix compile errors.
---
.../store/cassandra/CassandraStorageConfig.java | 9 +-
.../elasticsearch/ElasticsearchStorageConfig.java | 9 +-
.../exec/store/http/HttpStoragePluginConfig.java | 4 +-
.../http/TestUserTranslationInHttpPlugin.java | 3 +-
.../drill/exec/store/jdbc/JdbcStorageConfig.java | 4 +-
.../drill/exec/store/jdbc/JdbcStoragePlugin.java | 20 ++-
.../exec/store/jdbc/TestJdbcPluginWithH2IT.java | 42 ++++-
.../exec/store/mongo/MongoStoragePluginConfig.java | 4 +-
.../store/phoenix/PhoenixStoragePluginConfig.java | 9 +-
.../exec/store/splunk/SplunkPluginConfig.java | 4 +-
.../exec/server/rest/CredentialResources.java | 25 +--
.../drill/exec/server/rest/OAuthRequests.java | 174 +++++++++------------
.../exec/server/rest/PluginConfigWrapper.java | 26 +--
.../drill/exec/store/dfs/FileSystemConfig.java | 9 +-
.../drill/exec/store/TestClassicLocator.java | 2 -
.../logical/CredentialedStoragePluginConfig.java | 84 ----------
.../drill/common/logical/StoragePluginConfig.java | 99 +++++++++---
17 files changed, 228 insertions(+), 299 deletions(-)
diff --git
a/contrib/storage-cassandra/src/main/java/org/apache/drill/exec/store/cassandra/CassandraStorageConfig.java
b/contrib/storage-cassandra/src/main/java/org/apache/drill/exec/store/cassandra/CassandraStorageConfig.java
index d6a51cd9cc..ca1fc1c0cf 100644
---
a/contrib/storage-cassandra/src/main/java/org/apache/drill/exec/store/cassandra/CassandraStorageConfig.java
+++
b/contrib/storage-cassandra/src/main/java/org/apache/drill/exec/store/cassandra/CassandraStorageConfig.java
@@ -22,7 +22,7 @@ import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
+import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.exec.store.security.CredentialProviderUtils;
import org.apache.drill.common.logical.security.CredentialsProvider;
import org.apache.drill.exec.store.security.UsernamePasswordCredentials;
@@ -33,7 +33,7 @@ import java.util.Objects;
import java.util.Optional;
@JsonTypeName(CassandraStorageConfig.NAME)
-public class CassandraStorageConfig extends CredentialedStoragePluginConfig {
+public class CassandraStorageConfig extends StoragePluginConfig {
public static final String NAME = "cassandra";
private final String host;
@@ -110,9 +110,4 @@ public class CassandraStorageConfig extends
CredentialedStoragePluginConfig {
public int hashCode() {
return Objects.hash(host, credentialsProvider);
}
-
- @Override
- public CassandraStorageConfig updateCredentialProvider(CredentialsProvider
credentialsProvider) {
- return this;
- }
}
diff --git
a/contrib/storage-elasticsearch/src/main/java/org/apache/drill/exec/store/elasticsearch/ElasticsearchStorageConfig.java
b/contrib/storage-elasticsearch/src/main/java/org/apache/drill/exec/store/elasticsearch/ElasticsearchStorageConfig.java
index c03f5255da..d0275ce2d0 100644
---
a/contrib/storage-elasticsearch/src/main/java/org/apache/drill/exec/store/elasticsearch/ElasticsearchStorageConfig.java
+++
b/contrib/storage-elasticsearch/src/main/java/org/apache/drill/exec/store/elasticsearch/ElasticsearchStorageConfig.java
@@ -24,7 +24,7 @@ import com.fasterxml.jackson.annotation.JsonTypeName;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectWriter;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
+import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.exec.store.security.CredentialProviderUtils;
import org.apache.drill.common.logical.security.CredentialsProvider;
import org.apache.drill.exec.store.security.UsernamePasswordCredentials;
@@ -36,7 +36,7 @@ import java.util.Objects;
import java.util.Optional;
@JsonTypeName(ElasticsearchStorageConfig.NAME)
-public class ElasticsearchStorageConfig extends
CredentialedStoragePluginConfig {
+public class ElasticsearchStorageConfig extends StoragePluginConfig {
public static final String NAME = "elastic";
private static final ObjectWriter OBJECT_WRITER = new
ObjectMapper().writerFor(List.class);
@@ -109,9 +109,4 @@ public class ElasticsearchStorageConfig extends
CredentialedStoragePluginConfig
public int hashCode() {
return Objects.hash(hosts, credentialsProvider);
}
-
- @Override
- public CredentialedStoragePluginConfig
updateCredentialProvider(CredentialsProvider credentialsProvider) {
- return this;
- }
}
diff --git
a/contrib/storage-http/src/main/java/org/apache/drill/exec/store/http/HttpStoragePluginConfig.java
b/contrib/storage-http/src/main/java/org/apache/drill/exec/store/http/HttpStoragePluginConfig.java
index 75cb1937e1..c19b5b2821 100644
---
a/contrib/storage-http/src/main/java/org/apache/drill/exec/store/http/HttpStoragePluginConfig.java
+++
b/contrib/storage-http/src/main/java/org/apache/drill/exec/store/http/HttpStoragePluginConfig.java
@@ -21,7 +21,7 @@ import org.apache.drill.common.PlanStringBuilder;
import org.apache.drill.common.exceptions.UserException;
import org.apache.drill.common.logical.OAuthConfig;
import org.apache.drill.common.map.CaseInsensitiveMap;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
+import org.apache.drill.common.logical.StoragePluginConfig;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnore;
@@ -42,7 +42,7 @@ import java.util.concurrent.TimeUnit;
@JsonTypeName(HttpStoragePluginConfig.NAME)
-public class HttpStoragePluginConfig extends CredentialedStoragePluginConfig {
+public class HttpStoragePluginConfig extends StoragePluginConfig {
private static final Logger logger =
LoggerFactory.getLogger(HttpStoragePluginConfig.class);
public static final String NAME = "http";
diff --git
a/contrib/storage-http/src/test/java/org/apache/drill/exec/store/http/TestUserTranslationInHttpPlugin.java
b/contrib/storage-http/src/test/java/org/apache/drill/exec/store/http/TestUserTranslationInHttpPlugin.java
index 3b9af438a9..f4d20018d3 100644
---
a/contrib/storage-http/src/test/java/org/apache/drill/exec/store/http/TestUserTranslationInHttpPlugin.java
+++
b/contrib/storage-http/src/test/java/org/apache/drill/exec/store/http/TestUserTranslationInHttpPlugin.java
@@ -30,7 +30,6 @@ import org.apache.commons.io.FileUtils;
import org.apache.commons.net.util.Base64;
import org.apache.drill.common.config.DrillProperties;
import org.apache.drill.common.exceptions.UserException;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
import org.apache.drill.common.logical.OAuthConfig;
import org.apache.drill.common.logical.StoragePluginConfig.AuthMode;
import org.apache.drill.common.logical.security.CredentialsProvider;
@@ -172,7 +171,7 @@ public class TestUserTranslationInHttpPlugin extends
ClusterTest {
// First verify that the user has no credentials
StoragePluginRegistry registry = cluster.storageRegistry();
StoragePlugin plugin = registry.getPlugin("local");
- PlainCredentialsProvider credentialsProvider = (PlainCredentialsProvider)
((CredentialedStoragePluginConfig) plugin.getConfig()).getCredentialsProvider();
+ PlainCredentialsProvider credentialsProvider = (PlainCredentialsProvider)
plugin.getConfig().getCredentialsProvider();
Map<String, String> credentials =
credentialsProvider.getCredentials(TEST_USER_1);
assertNotNull(credentials);
assertNull(credentials.get("username"));
diff --git
a/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStorageConfig.java
b/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStorageConfig.java
index 0de6912b87..fb6a37b5ae 100644
---
a/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStorageConfig.java
+++
b/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStorageConfig.java
@@ -30,9 +30,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
import org.apache.drill.common.PlanStringBuilder;
import org.apache.drill.common.exceptions.UserException;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
import org.apache.drill.exec.proto.UserBitShared.UserCredentials;
import org.apache.drill.exec.store.security.CredentialProviderUtils;
+import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.common.logical.security.CredentialsProvider;
import org.apache.drill.exec.store.security.UsernamePasswordCredentials;
import org.apache.drill.shaded.guava.com.google.common.base.Preconditions;
@@ -41,7 +41,7 @@ import org.slf4j.LoggerFactory;
@JsonTypeName(JdbcStorageConfig.NAME)
@JsonFilter("passwordFilter")
-public class JdbcStorageConfig extends CredentialedStoragePluginConfig {
+public class JdbcStorageConfig extends StoragePluginConfig {
private static final Logger logger =
LoggerFactory.getLogger(JdbcStorageConfig.class);
diff --git
a/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStoragePlugin.java
b/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStoragePlugin.java
index 6caf9dd7ae..64d89ecb79 100644
---
a/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStoragePlugin.java
+++
b/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStoragePlugin.java
@@ -33,12 +33,14 @@ import org.apache.calcite.sql.SqlDialect;
import org.apache.calcite.sql.SqlDialectFactoryImpl;
import org.apache.drill.common.AutoCloseables;
import org.apache.drill.common.exceptions.UserException;
+import org.apache.drill.common.logical.StoragePluginConfig.AuthMode;
import org.apache.drill.exec.ops.OptimizerRulesContext;
import org.apache.drill.exec.proto.UserBitShared.UserCredentials;
import org.apache.drill.exec.server.DrillbitContext;
import org.apache.drill.exec.store.AbstractStoragePlugin;
import org.apache.drill.exec.store.SchemaConfig;
import org.apache.drill.exec.store.security.UsernamePasswordCredentials;
+import org.apache.drill.exec.util.ImpersonationUtil;
import
org.apache.drill.shaded.guava.com.google.common.annotations.VisibleForTesting;
import org.apache.drill.shaded.guava.com.google.common.collect.ImmutableSet;
import org.slf4j.Logger;
@@ -83,19 +85,25 @@ public class JdbcStoragePlugin extends
AbstractStoragePlugin {
public Optional<DataSource> getDataSource(UserCredentials userCredentials) {
Optional<UsernamePasswordCredentials> jdbcCreds =
jdbcStorageConfig.getUsernamePasswordCredentials(userCredentials);
- if (!jdbcCreds.isPresent()) {
- logger.debug(
- "There are no {} mode credentials in {} for query user {}",
- jdbcStorageConfig.getAuthMode(),
+ if (!jdbcCreds.isPresent() && jdbcStorageConfig.getAuthMode() ==
AuthMode.USER_TRANSLATION) {
+ logger.info(
+ "There are no {} mode credentials in {} for query user {}, will not
attempt to connect.",
+ AuthMode.USER_TRANSLATION,
getName(),
userCredentials.getUserName()
);
return Optional.<DataSource>empty();
}
+ // Missing creds is valid under SHARED_USER (e.g. unsecured DBs,
BigQuery's OAuth)
+ // and we fall back to using a key of Drillbit process username in this
instance.
+ String dsKey = jdbcCreds.isPresent()
+ ? jdbcCreds.get().getUsername()
+ : ImpersonationUtil.getProcessUserName();
+
return Optional.of(dataSources.computeIfAbsent(
- jdbcCreds.get().getUsername(),
- ds -> initDataSource(this.jdbcStorageConfig, jdbcCreds.get())
+ dsKey,
+ ds -> initDataSource(this.jdbcStorageConfig, jdbcCreds.orElse(null))
));
}
diff --git
a/contrib/storage-jdbc/src/test/java/org/apache/drill/exec/store/jdbc/TestJdbcPluginWithH2IT.java
b/contrib/storage-jdbc/src/test/java/org/apache/drill/exec/store/jdbc/TestJdbcPluginWithH2IT.java
index b097b4746a..4d9d4e97bd 100644
---
a/contrib/storage-jdbc/src/test/java/org/apache/drill/exec/store/jdbc/TestJdbcPluginWithH2IT.java
+++
b/contrib/storage-jdbc/src/test/java/org/apache/drill/exec/store/jdbc/TestJdbcPluginWithH2IT.java
@@ -55,6 +55,7 @@ public class TestJdbcPluginWithH2IT extends ClusterTest {
private static final String TABLE_PATH = "jdbcmulti/";
private static final String TABLE_NAME = String.format("%s.`%s`",
StoragePluginTestUtils.DFS_PLUGIN_NAME, TABLE_PATH);
private static TimeZone defaultTimeZone;
+ private static URL SCRIPT_FILE =
TestJdbcPluginWithH2IT.class.getClassLoader().getResource("h2-test-data.sql");
@BeforeClass
public static void init() throws Exception {
@@ -66,10 +67,10 @@ public class TestJdbcPluginWithH2IT extends ClusterTest {
dirTestWatcher.copyResourceToRoot(Paths.get(TABLE_PATH));
Class.forName("org.h2.Driver");
String connString = "jdbc:h2:" +
dirTestWatcher.getTmpDir().getCanonicalPath();
- URL scriptFile =
TestJdbcPluginWithH2IT.class.getClassLoader().getResource("h2-test-data.sql");
- assertNotNull("Script for test tables generation 'h2-test-data.sql' cannot
be found in test resources", scriptFile);
+
+ assertNotNull("Script for test tables generation 'h2-test-data.sql' cannot
be found in test resources", SCRIPT_FILE);
try (Connection connection = DriverManager.getConnection(connString,
"root", "root");
- FileReader fileReader = new FileReader(scriptFile.getFile())) {
+ FileReader fileReader = new FileReader(SCRIPT_FILE.getFile())) {
RunScript.execute(connection, fileReader);
}
@@ -313,4 +314,39 @@ public class TestJdbcPluginWithH2IT extends ClusterTest {
.include("mocked_enum")
.match();
}
+
+ @Test
+ public void testSharedUserNoCreds() throws Exception {
+ String connString = "jdbc:h2:" +
dirTestWatcher.getTmpDir().getCanonicalPath() + "/noauth";
+ JdbcStorageConfig cfg = new JdbcStorageConfig(
+ "org.h2.Driver",
+ connString,
+ null,
+ null,
+ true,
+ false,
+ null,
+ null,
+ AuthMode.SHARED_USER.name(),
+ 10000
+ );
+ cfg.setEnabled(true);
+ cluster.defineStoragePlugin("h2_noauth", cfg);
+
+ try (
+ Connection connection = DriverManager.getConnection(connString, null,
null);
+ FileReader fileReader = new FileReader(SCRIPT_FILE.getFile())
+ ) {
+ RunScript.execute(connection, fileReader);
+ }
+
+ run("USE h2_noauth");
+ String sql = "SHOW TABLES";
+ testBuilder()
+ .sqlQuery(sql)
+ .unOrdered()
+ .baselineColumns("TABLE_SCHEMA", "TABLE_NAME")
+ .baselineValues("h2_noauth.noauth.drill_h2_test_1", "PERSON")
+ .go();
+ }
}
diff --git
a/contrib/storage-mongo/src/main/java/org/apache/drill/exec/store/mongo/MongoStoragePluginConfig.java
b/contrib/storage-mongo/src/main/java/org/apache/drill/exec/store/mongo/MongoStoragePluginConfig.java
index f80f1beadb..b9fc1758db 100644
---
a/contrib/storage-mongo/src/main/java/org/apache/drill/exec/store/mongo/MongoStoragePluginConfig.java
+++
b/contrib/storage-mongo/src/main/java/org/apache/drill/exec/store/mongo/MongoStoragePluginConfig.java
@@ -23,7 +23,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
import com.mongodb.ConnectionString;
import org.apache.commons.lang3.ObjectUtils;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
+import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.common.logical.security.CredentialsProvider;
import org.apache.drill.common.logical.security.PlainCredentialsProvider;
@@ -31,7 +31,7 @@ import java.util.List;
import java.util.Objects;
@JsonTypeName(MongoStoragePluginConfig.NAME)
-public class MongoStoragePluginConfig extends CredentialedStoragePluginConfig {
+public class MongoStoragePluginConfig extends StoragePluginConfig {
public static final String NAME = "mongo";
diff --git
a/contrib/storage-phoenix/src/main/java/org/apache/drill/exec/store/phoenix/PhoenixStoragePluginConfig.java
b/contrib/storage-phoenix/src/main/java/org/apache/drill/exec/store/phoenix/PhoenixStoragePluginConfig.java
index 6e73dc2b09..8a9e6a8950 100644
---
a/contrib/storage-phoenix/src/main/java/org/apache/drill/exec/store/phoenix/PhoenixStoragePluginConfig.java
+++
b/contrib/storage-phoenix/src/main/java/org/apache/drill/exec/store/phoenix/PhoenixStoragePluginConfig.java
@@ -24,7 +24,7 @@ import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.drill.common.PlanStringBuilder;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
+import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.common.logical.security.CredentialsProvider;
import org.apache.drill.exec.store.security.CredentialProviderUtils;
import org.apache.drill.exec.store.security.UsernamePasswordCredentials;
@@ -35,7 +35,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
@JsonTypeName(PhoenixStoragePluginConfig.NAME)
-public class PhoenixStoragePluginConfig extends
CredentialedStoragePluginConfig {
+public class PhoenixStoragePluginConfig extends StoragePluginConfig {
public static final String NAME = "phoenix";
public static final String THIN_DRIVER_CLASS =
"org.apache.phoenix.queryserver.client.Driver";
@@ -147,9 +147,4 @@ public class PhoenixStoragePluginConfig extends
CredentialedStoragePluginConfig
.field("props", props)
.toString();
}
-
- @Override
- public PhoenixStoragePluginConfig
updateCredentialProvider(CredentialsProvider credentialsProvider) {
- return this;
- }
}
diff --git
a/contrib/storage-splunk/src/main/java/org/apache/drill/exec/store/splunk/SplunkPluginConfig.java
b/contrib/storage-splunk/src/main/java/org/apache/drill/exec/store/splunk/SplunkPluginConfig.java
index 0734347b08..41d134a3f8 100644
---
a/contrib/storage-splunk/src/main/java/org/apache/drill/exec/store/splunk/SplunkPluginConfig.java
+++
b/contrib/storage-splunk/src/main/java/org/apache/drill/exec/store/splunk/SplunkPluginConfig.java
@@ -23,7 +23,7 @@ import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
import org.apache.drill.common.PlanStringBuilder;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
+import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.common.logical.security.CredentialsProvider;
import org.apache.drill.common.logical.security.PlainCredentialsProvider;
import org.apache.drill.exec.store.security.CredentialProviderUtils;
@@ -33,7 +33,7 @@ import java.util.Objects;
import java.util.Optional;
@JsonTypeName(SplunkPluginConfig.NAME)
-public class SplunkPluginConfig extends CredentialedStoragePluginConfig {
+public class SplunkPluginConfig extends StoragePluginConfig {
public static final String NAME = "splunk";
public static final int DISABLED_RECONNECT_RETRIES = 1;
diff --git
a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/CredentialResources.java
b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/CredentialResources.java
index f50c07bd7d..3cfebd2fcd 100644
---
a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/CredentialResources.java
+++
b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/CredentialResources.java
@@ -20,7 +20,6 @@ package org.apache.drill.exec.server.rest;
import io.swagger.v3.oas.annotations.ExternalDocumentation;
import io.swagger.v3.oas.annotations.Operation;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
import org.apache.drill.common.logical.StoragePluginConfig.AuthMode;
import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.common.logical.security.CredentialsProvider;
@@ -156,14 +155,7 @@ public class CredentialResources {
}
// Get the config
- StoragePluginConfig rawConfig = storage.getStoredConfig(pluginName);
- if (!(rawConfig instanceof CredentialedStoragePluginConfig)) {
- return Response.status(Status.INTERNAL_SERVER_ERROR)
- .entity(message(pluginName + " does not support per user
credentials."))
- .build();
- }
-
- CredentialedStoragePluginConfig config =
(CredentialedStoragePluginConfig)rawConfig;
+ StoragePluginConfig config = storage.getStoredConfig(pluginName);
if (config.getAuthMode() != AuthMode.USER_TRANSLATION) {
return Response.status(Status.INTERNAL_SERVER_ERROR)
@@ -177,7 +169,7 @@ public class CredentialResources {
// Since the config classes are not accessible from java-exec, we have to
serialize them,
// replace the credential provider with the updated one, and update the
storage plugin registry
- CredentialedStoragePluginConfig newConfig =
config.updateCredentialProvider(credentialProvider);
+ StoragePluginConfig newConfig =
config.updateCredentialProvider(credentialProvider);
newConfig.setEnabled(config.isEnabled());
try {
@@ -210,26 +202,19 @@ public class CredentialResources {
cleanPluginName = pluginName.trim();
StoragePluginConfig config = storage.getStoredConfig(cleanPluginName);
- if (!(config instanceof CredentialedStoragePluginConfig)) {
- return Response.status(Status.INTERNAL_SERVER_ERROR)
- .entity(message(cleanPluginName + " does not support user
translation."))
- .build();
- }
-
if (config.getAuthMode() != AuthMode.USER_TRANSLATION) {
return Response.status(Status.INTERNAL_SERVER_ERROR)
.entity(message(cleanPluginName + " does not have user translation
enabled."))
.build();
}
- CredentialedStoragePluginConfig credsConfig =
(CredentialedStoragePluginConfig)config;
- CredentialsProvider credentialProvider =
credsConfig.getCredentialsProvider();
+ CredentialsProvider credentialProvider = config.getCredentialsProvider();
credentialProvider.setUserCredentials(credentials.getUsername(),
credentials.getPassword(), queryUser);
// Since the config classes are not accessible from java-exec, we have to
serialize them,
// replace the credential provider with the updated one, and update the
storage plugin registry
- CredentialedStoragePluginConfig newConfig =
credsConfig.updateCredentialProvider(credentialProvider);
- newConfig.setEnabled(credsConfig.isEnabled());
+ StoragePluginConfig newConfig =
config.updateCredentialProvider(credentialProvider);
+ newConfig.setEnabled(config.isEnabled());
try {
storage.validatedPut(cleanPluginName, newConfig);
diff --git
a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/OAuthRequests.java
b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/OAuthRequests.java
index 6c817c8d28..5a32b11e76 100644
---
a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/OAuthRequests.java
+++
b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/OAuthRequests.java
@@ -21,7 +21,6 @@ package org.apache.drill.exec.server.rest;
import okhttp3.OkHttpClient;
import okhttp3.OkHttpClient.Builder;
import okhttp3.Request;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.common.logical.StoragePluginConfig.AuthMode;
import org.apache.drill.common.logical.security.CredentialsProvider;
@@ -63,23 +62,16 @@ public class OAuthRequests {
UserAuthEnabled authEnabled,
SecurityContext sc) {
try {
- if (storage.getPlugin(name).getConfig() instanceof
CredentialedStoragePluginConfig) {
- DrillbitContext context = ((AbstractStoragePlugin)
storage.getPlugin(name)).getContext();
- OAuthTokenProvider tokenProvider = context.getoAuthTokenProvider();
- PersistentTokenTable tokenTable =
tokenProvider.getOauthTokenRegistry(getQueryUser(storage.getPlugin(name).getConfig(),
authEnabled, sc)).getTokenTable(name);
-
- // Set the access token
- tokenTable.setAccessToken(tokens.getAccessToken());
-
- return Response.status(Status.OK)
- .entity("Access tokens have been updated.")
- .build();
- } else {
- logger.error("{} does not support OAuth2.0. You can only add tokens
to OAuth enabled plugins.", name);
- return Response.status(Status.INTERNAL_SERVER_ERROR)
- .entity(message("Unable to add tokens: %s", name))
- .build();
- }
+ DrillbitContext context = ((AbstractStoragePlugin)
storage.getPlugin(name)).getContext();
+ OAuthTokenProvider tokenProvider = context.getoAuthTokenProvider();
+ PersistentTokenTable tokenTable =
tokenProvider.getOauthTokenRegistry(getQueryUser(storage.getPlugin(name).getConfig(),
authEnabled, sc)).getTokenTable(name);
+
+ // Set the access token
+ tokenTable.setAccessToken(tokens.getAccessToken());
+
+ return Response.status(Status.OK)
+ .entity("Access tokens have been updated.")
+ .build();
} catch (PluginException e) {
logger.error("Error when adding tokens to {}", name);
return Response.status(Status.INTERNAL_SERVER_ERROR)
@@ -92,24 +84,17 @@ public class OAuthRequests {
StoragePluginRegistry storage,
UserAuthEnabled authEnabled,
SecurityContext sc) {
try {
- if (storage.getPlugin(name).getConfig() instanceof
CredentialedStoragePluginConfig) {
- DrillbitContext context = ((AbstractStoragePlugin)
storage.getPlugin(name)).getContext();
- OAuthTokenProvider tokenProvider = context.getoAuthTokenProvider();
- PersistentTokenTable tokenTable = tokenProvider.getOauthTokenRegistry(
- getQueryUser(storage.getPlugin(name).getConfig(), authEnabled,
sc)).getTokenTable(name);
-
- // Set the access token
- tokenTable.setRefreshToken(tokens.getRefreshToken());
-
- return Response.status(Status.OK)
- .entity("Refresh token have been updated.")
- .build();
- } else {
- logger.error("{} is not a HTTP plugin. You can only add access tokens
to HTTP plugins.", name);
- return Response.status(Status.INTERNAL_SERVER_ERROR)
- .entity(message("Unable to add tokens: %s", name))
- .build();
- }
+ DrillbitContext context = ((AbstractStoragePlugin)
storage.getPlugin(name)).getContext();
+ OAuthTokenProvider tokenProvider = context.getoAuthTokenProvider();
+ PersistentTokenTable tokenTable = tokenProvider.getOauthTokenRegistry(
+ getQueryUser(storage.getPlugin(name).getConfig(), authEnabled,
sc)).getTokenTable(name);
+
+ // Set the access token
+ tokenTable.setRefreshToken(tokens.getRefreshToken());
+
+ return Response.status(Status.OK)
+ .entity("Refresh token have been updated.")
+ .build();
} catch (PluginException e) {
logger.error("Error when adding tokens to {}", name);
return Response.status(Status.INTERNAL_SERVER_ERROR)
@@ -121,26 +106,19 @@ public class OAuthRequests {
public static Response updateOAuthTokens(String name, OAuthTokenContainer
tokenContainer, StoragePluginRegistry storage,
UserAuthEnabled authEnabled,
SecurityContext sc) {
try {
- if (storage.getPlugin(name).getConfig() instanceof
CredentialedStoragePluginConfig) {
- DrillbitContext context = ((AbstractStoragePlugin)
storage.getPlugin(name)).getContext();
- OAuthTokenProvider tokenProvider = context.getoAuthTokenProvider();
- PersistentTokenTable tokenTable = tokenProvider
-
.getOauthTokenRegistry(getQueryUser(storage.getPlugin(name).getConfig(),
authEnabled, sc))
- .getTokenTable(name);
-
- // Set the access and refresh token
- tokenTable.setAccessToken(tokenContainer.getAccessToken());
- tokenTable.setRefreshToken(tokenContainer.getRefreshToken());
-
- return Response.status(Status.OK)
- .entity("Access tokens have been updated.")
- .build();
- } else {
- logger.error("{} is not a HTTP plugin. You can only add access tokens
to HTTP plugins.", name);
- return Response.status(Status.INTERNAL_SERVER_ERROR)
- .entity(message("Unable to add tokens: %s", name))
- .build();
- }
+ DrillbitContext context = ((AbstractStoragePlugin)
storage.getPlugin(name)).getContext();
+ OAuthTokenProvider tokenProvider = context.getoAuthTokenProvider();
+ PersistentTokenTable tokenTable = tokenProvider
+
.getOauthTokenRegistry(getQueryUser(storage.getPlugin(name).getConfig(),
authEnabled, sc))
+ .getTokenTable(name);
+
+ // Set the access and refresh token
+ tokenTable.setAccessToken(tokenContainer.getAccessToken());
+ tokenTable.setRefreshToken(tokenContainer.getRefreshToken());
+
+ return Response.status(Status.OK)
+ .entity("Access tokens have been updated.")
+ .build();
} catch (PluginException e) {
logger.error("Error when adding tokens to {}", name);
return Response.status(Status.INTERNAL_SERVER_ERROR)
@@ -153,53 +131,45 @@ public class OAuthRequests {
StoragePluginRegistry storage,
UserAuthEnabled authEnabled,
SecurityContext sc) {
try {
- if (storage.getPlugin(name).getConfig() instanceof
CredentialedStoragePluginConfig) {
- CredentialedStoragePluginConfig securedStoragePluginConfig =
(CredentialedStoragePluginConfig) storage.getPlugin(name).getConfig();
- CredentialsProvider credentialsProvider =
securedStoragePluginConfig.getCredentialsProvider();
- String callbackURL = request.getRequestURL().toString();
-
- // Now exchange the authorization token for an access token
- Builder builder = new OkHttpClient.Builder();
- OkHttpClient client = builder.build();
-
- Request accessTokenRequest =
OAuthUtils.getAccessTokenRequest(credentialsProvider, code, callbackURL);
- Map<String, String> updatedTokens = OAuthUtils.getOAuthTokens(client,
accessTokenRequest);
-
- // Add to token registry
- // If USER_TRANSLATION is enabled, Drill will create a token table for
each user.
- TokenRegistry tokenRegistry = ((AbstractStoragePlugin)
storage.getPlugin(name))
- .getContext()
- .getoAuthTokenProvider()
-
.getOauthTokenRegistry(getQueryUser(storage.getPlugin(name).getConfig(),
authEnabled, sc));
-
- // Add a token registry table if none exists
- tokenRegistry.createTokenTable(name);
- PersistentTokenTable tokenTable = tokenRegistry.getTokenTable(name);
-
- // Add tokens to persistent storage
-
tokenTable.setAccessToken(updatedTokens.get(OAuthTokenCredentials.ACCESS_TOKEN));
-
tokenTable.setRefreshToken(updatedTokens.get(OAuthTokenCredentials.REFRESH_TOKEN));
-
- // Get success page
- String successPage = null;
- try (InputStream inputStream =
Resource.newClassPathResource(OAUTH_SUCCESS_PAGE).getInputStream()) {
- InputStreamReader reader = new InputStreamReader(inputStream,
StandardCharsets.UTF_8);
- BufferedReader bufferedReader = new BufferedReader(reader);
- successPage = bufferedReader.lines()
- .collect(Collectors.joining("\n"));
- bufferedReader.close();
- reader.close();
- } catch (IOException e) {
- return Response.status(Status.OK).entity("You may close this
window.").build();
- }
-
- return Response.status(Status.OK).entity(successPage).build();
- } else {
- logger.error("{} is not a HTTP plugin. You can only add auth code to
HTTP plugins.", name);
- return Response.status(Status.INTERNAL_SERVER_ERROR)
- .entity(message("Unable to add authorization code: %s", name))
- .build();
+ CredentialsProvider credentialsProvider =
storage.getPlugin(name).getConfig().getCredentialsProvider();
+ String callbackURL = request.getRequestURL().toString();
+
+ // Now exchange the authorization token for an access token
+ Builder builder = new OkHttpClient.Builder();
+ OkHttpClient client = builder.build();
+
+ Request accessTokenRequest =
OAuthUtils.getAccessTokenRequest(credentialsProvider, code, callbackURL);
+ Map<String, String> updatedTokens = OAuthUtils.getOAuthTokens(client,
accessTokenRequest);
+
+ // Add to token registry
+ // If USER_TRANSLATION is enabled, Drill will create a token table for
each user.
+ TokenRegistry tokenRegistry = ((AbstractStoragePlugin)
storage.getPlugin(name))
+ .getContext()
+ .getoAuthTokenProvider()
+
.getOauthTokenRegistry(getQueryUser(storage.getPlugin(name).getConfig(),
authEnabled, sc));
+
+ // Add a token registry table if none exists
+ tokenRegistry.createTokenTable(name);
+ PersistentTokenTable tokenTable = tokenRegistry.getTokenTable(name);
+
+ // Add tokens to persistent storage
+
tokenTable.setAccessToken(updatedTokens.get(OAuthTokenCredentials.ACCESS_TOKEN));
+
tokenTable.setRefreshToken(updatedTokens.get(OAuthTokenCredentials.REFRESH_TOKEN));
+
+ // Get success page
+ String successPage = null;
+ try (InputStream inputStream =
Resource.newClassPathResource(OAUTH_SUCCESS_PAGE).getInputStream()) {
+ InputStreamReader reader = new InputStreamReader(inputStream,
StandardCharsets.UTF_8);
+ BufferedReader bufferedReader = new BufferedReader(reader);
+ successPage = bufferedReader.lines()
+ .collect(Collectors.joining("\n"));
+ bufferedReader.close();
+ reader.close();
+ } catch (IOException e) {
+ return Response.status(Status.OK).entity("You may close this
window.").build();
}
+
+ return Response.status(Status.OK).entity(successPage).build();
} catch (PluginException e) {
logger.error("Error when adding auth token to {}", name);
return Response.status(Status.INTERNAL_SERVER_ERROR)
diff --git
a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/PluginConfigWrapper.java
b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/PluginConfigWrapper.java
index bbc87cda69..9ae34828ee 100644
---
a/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/PluginConfigWrapper.java
+++
b/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/PluginConfigWrapper.java
@@ -29,7 +29,6 @@ import javax.xml.bind.annotation.XmlRootElement;
import com.fasterxml.jackson.annotation.JsonIgnore;
import org.apache.commons.lang3.StringUtils;
import org.apache.drill.common.exceptions.UserException;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
import org.apache.drill.common.logical.OAuthConfig;
import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.common.logical.security.CredentialsProvider;
@@ -66,12 +65,7 @@ public class PluginConfigWrapper {
@JsonIgnore
public String getUserName(String activeUser) {
- if (!(config instanceof CredentialedStoragePluginConfig)) {
- return null;
- }
-
- CredentialedStoragePluginConfig securedStoragePluginConfig =
(CredentialedStoragePluginConfig) config;
- CredentialsProvider credentialsProvider =
securedStoragePluginConfig.getCredentialsProvider();
+ CredentialsProvider credentialsProvider = config.getCredentialsProvider();
Optional<UsernamePasswordCredentials> credentials = new
UsernamePasswordCredentials.Builder()
.setCredentialsProvider(credentialsProvider)
.setQueryUser(activeUser)
@@ -82,12 +76,7 @@ public class PluginConfigWrapper {
@JsonIgnore
public String getPassword(String activeUser) {
- if (!(config instanceof CredentialedStoragePluginConfig)) {
- return null;
- }
-
- CredentialedStoragePluginConfig securedStoragePluginConfig =
(CredentialedStoragePluginConfig) config;
- CredentialsProvider credentialsProvider =
securedStoragePluginConfig.getCredentialsProvider();
+ CredentialsProvider credentialsProvider = config.getCredentialsProvider();
Optional<UsernamePasswordCredentials> credentials = new
UsernamePasswordCredentials.Builder()
.setCredentialsProvider(credentialsProvider)
.setQueryUser(activeUser)
@@ -110,11 +99,7 @@ public class PluginConfigWrapper {
*/
@JsonIgnore
public boolean isOauth() {
- if (! (config instanceof CredentialedStoragePluginConfig)) {
- return false;
- }
- CredentialedStoragePluginConfig securedStoragePluginConfig =
(CredentialedStoragePluginConfig) config;
- CredentialsProvider credentialsProvider =
securedStoragePluginConfig.getCredentialsProvider();
+ CredentialsProvider credentialsProvider = config.getCredentialsProvider();
if (credentialsProvider == null) {
return false;
}
@@ -128,8 +113,7 @@ public class PluginConfigWrapper {
@JsonIgnore
public String getClientID() {
- CredentialedStoragePluginConfig securedStoragePluginConfig =
(CredentialedStoragePluginConfig) config;
- CredentialsProvider credentialsProvider =
securedStoragePluginConfig.getCredentialsProvider();
+ CredentialsProvider credentialsProvider = config.getCredentialsProvider();
return credentialsProvider.getCredentials().getOrDefault("clientID", "");
}
@@ -150,7 +134,7 @@ public class PluginConfigWrapper {
}
String clientID = getClientID();
- OAuthConfig oAuthConfig =
((CredentialedStoragePluginConfig)config).oAuthConfig();
+ OAuthConfig oAuthConfig = config.oAuthConfig();
String authorizationURI = oAuthConfig.getAuthorizationURL();
StringBuilder finalUrlBuilder = new StringBuilder();
diff --git
a/exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/FileSystemConfig.java
b/exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/FileSystemConfig.java
index 6fbba4196a..b8b784c859 100644
---
a/exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/FileSystemConfig.java
+++
b/exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/FileSystemConfig.java
@@ -34,7 +34,7 @@ import org.apache.drill.common.logical.FormatPluginConfig;
import com.fasterxml.jackson.annotation.JsonTypeName;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
+import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.common.map.CaseInsensitiveMap;
import org.apache.drill.common.logical.security.CredentialsProvider;
import org.apache.drill.common.logical.security.PlainCredentialsProvider;
@@ -43,7 +43,7 @@ import
org.apache.drill.shaded.guava.com.google.common.collect.ImmutableMap.Buil
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
@JsonTypeName(FileSystemConfig.NAME)
-public class FileSystemConfig extends CredentialedStoragePluginConfig {
+public class FileSystemConfig extends StoragePluginConfig {
private static final List<String> FS_CREDENTIAL_KEYS =
Arrays.asList(
CommonConfigurationKeysPublic.HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH,
@@ -182,9 +182,4 @@ public class FileSystemConfig extends
CredentialedStoragePluginConfig {
}
return PlainCredentialsProvider.EMPTY_CREDENTIALS_PROVIDER;
}
-
- @Override
- public FileSystemConfig updateCredentialProvider(CredentialsProvider
credentialsProvider) {
- return this;
- }
}
diff --git
a/exec/java-exec/src/test/java/org/apache/drill/exec/store/TestClassicLocator.java
b/exec/java-exec/src/test/java/org/apache/drill/exec/store/TestClassicLocator.java
index a64e96f083..bd20c60e92 100644
---
a/exec/java-exec/src/test/java/org/apache/drill/exec/store/TestClassicLocator.java
+++
b/exec/java-exec/src/test/java/org/apache/drill/exec/store/TestClassicLocator.java
@@ -27,7 +27,6 @@ import java.util.Collections;
import java.util.Set;
import org.apache.drill.common.logical.StoragePluginConfig;
-import org.apache.drill.common.logical.CredentialedStoragePluginConfig;
import org.apache.drill.exec.ExecConstants;
import org.apache.drill.exec.planner.logical.StoragePlugins;
import org.apache.drill.exec.store.dfs.FileSystemConfig;
@@ -63,7 +62,6 @@ public class TestClassicLocator extends
BasePluginRegistryTest {
// Abstract classes do not appear
assertFalse(result.contains(StoragePluginConfig.class));
- assertFalse(result.contains(CredentialedStoragePluginConfig.class));
// The private plugin class does not appear
assertFalse(result.contains(StoragePluginFixtureConfig.class));
diff --git
a/logical/src/main/java/org/apache/drill/common/logical/CredentialedStoragePluginConfig.java
b/logical/src/main/java/org/apache/drill/common/logical/CredentialedStoragePluginConfig.java
deleted file mode 100644
index 587413220f..0000000000
---
a/logical/src/main/java/org/apache/drill/common/logical/CredentialedStoragePluginConfig.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.drill.common.logical;
-
-import com.fasterxml.jackson.annotation.JsonInclude;
-import com.fasterxml.jackson.annotation.JsonInclude.Include;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import org.apache.drill.common.logical.security.CredentialsProvider;
-import org.apache.drill.common.logical.security.PlainCredentialsProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public abstract class CredentialedStoragePluginConfig extends
StoragePluginConfig {
-
- private static final Logger logger =
LoggerFactory.getLogger(CredentialedStoragePluginConfig.class);
- protected boolean directCredentials;
- protected final CredentialsProvider credentialsProvider;
- protected OAuthConfig oAuthConfig;
-
- public CredentialedStoragePluginConfig() {
- this(PlainCredentialsProvider.EMPTY_CREDENTIALS_PROVIDER, true);
- }
-
- public CredentialedStoragePluginConfig(
- CredentialsProvider credentialsProvider,
- boolean directCredentials
- ) {
- // Default auth mode for credentialed storage plugins is shared user.
- this(credentialsProvider, directCredentials, AuthMode.SHARED_USER);
- }
-
- public CredentialedStoragePluginConfig(
- CredentialsProvider credentialsProvider,
- boolean directCredentials,
- AuthMode authMode
- ) {
- this.credentialsProvider = credentialsProvider;
- this.directCredentials = directCredentials;
- this.authMode = authMode;
- this.oAuthConfig = null;
- }
-
- public CredentialedStoragePluginConfig(
- CredentialsProvider credentialsProvider,
- boolean directCredentials,
- AuthMode authMode,
- OAuthConfig oAuthConfig
- ) {
- this.credentialsProvider = credentialsProvider;
- this.directCredentials = directCredentials;
- this.authMode = authMode;
- this.oAuthConfig = oAuthConfig;
- }
-
- public abstract CredentialedStoragePluginConfig
updateCredentialProvider(CredentialsProvider credentialsProvider);
-
- @JsonProperty("oAuthConfig")
- @JsonInclude(Include.NON_NULL)
- public OAuthConfig oAuthConfig() {
- return oAuthConfig;
- }
-
- public CredentialsProvider getCredentialsProvider() {
- if (directCredentials) {
- return null;
- }
- return credentialsProvider;
- }
-}
diff --git
a/logical/src/main/java/org/apache/drill/common/logical/StoragePluginConfig.java
b/logical/src/main/java/org/apache/drill/common/logical/StoragePluginConfig.java
index b5c265e010..a93dbec7be 100644
---
a/logical/src/main/java/org/apache/drill/common/logical/StoragePluginConfig.java
+++
b/logical/src/main/java/org/apache/drill/common/logical/StoragePluginConfig.java
@@ -18,22 +18,64 @@
package org.apache.drill.common.logical;
-import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonInclude.Include;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.apache.drill.common.exceptions.UserException;
+import org.apache.drill.common.logical.security.CredentialsProvider;
+import org.apache.drill.common.logical.security.PlainCredentialsProvider;
import org.apache.drill.shaded.guava.com.google.common.base.Strings;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "type")
@JsonInclude(JsonInclude.Include.NON_DEFAULT)
public abstract class StoragePluginConfig {
+ Logger logger = LoggerFactory.getLogger(StoragePluginConfig.class);
+
// DO NOT include enabled status in equality and hash
// comparisons; doing so will break the plugin registry.
protected Boolean enabled;
+ protected final boolean directCredentials;
+ protected final CredentialsProvider credentialsProvider;
+ protected final AuthMode authMode;
+ protected OAuthConfig oAuthConfig;
+
+ public StoragePluginConfig() {
+ this(PlainCredentialsProvider.EMPTY_CREDENTIALS_PROVIDER, true);
+ }
- // The overridable default plugin auth mode is DRILL_PROCESS
- protected AuthMode authMode = AuthMode.DRILL_PROCESS;
+ public StoragePluginConfig(
+ CredentialsProvider credentialsProvider,
+ boolean directCredentials
+ ) {
+ // The overridable default auth mode is shared user.
+ this(credentialsProvider, directCredentials, AuthMode.SHARED_USER);
+ }
+
+ public StoragePluginConfig(
+ CredentialsProvider credentialsProvider,
+ boolean directCredentials,
+ AuthMode authMode
+ ) {
+ this(credentialsProvider, directCredentials, authMode, null);
+ }
+
+ public StoragePluginConfig(
+ CredentialsProvider credentialsProvider,
+ boolean directCredentials,
+ AuthMode authMode,
+ OAuthConfig oAuthConfig
+ ) {
+ this.credentialsProvider = credentialsProvider;
+ this.directCredentials = directCredentials;
+ this.authMode = authMode;
+ this.oAuthConfig = oAuthConfig;
+ }
/**
* Check for enabled status of the plugin
@@ -48,14 +90,6 @@ public abstract class StoragePluginConfig {
this.enabled = enabled;
}
- public AuthMode getAuthMode() {
- return authMode;
- }
-
- public void setAuthMode(AuthMode authMode) {
- this.authMode = authMode;
- }
-
/**
* Allows to check whether the enabled status is present in config
*
@@ -66,30 +100,49 @@ public abstract class StoragePluginConfig {
return enabled != null;
}
+ public String getValue(String key) {
+ return null;
+ }
+
+ public CredentialsProvider getCredentialsProvider() {
+ if (directCredentials) {
+ return null;
+ }
+ return credentialsProvider;
+ }
+
+ public StoragePluginConfig updateCredentialProvider(CredentialsProvider
credentialsProvider) {
+ throw UserException.unsupportedError()
+ .message("%s does not support credential provider updates.", getClass())
+ .build(logger);
+ }
+
+ public AuthMode getAuthMode() {
+ return authMode;
+ }
+
+ @JsonProperty("oAuthConfig")
+ @JsonInclude(Include.NON_NULL)
+ public OAuthConfig oAuthConfig() {
+ return oAuthConfig;
+ }
+
@Override
public abstract boolean equals(Object o);
@Override
public abstract int hashCode();
- public String getValue(String key) {
- return null;
- }
-
/**
* The standardised authentication modes that storage plugins may offer.
*/
public enum AuthMode {
- /**
- * Default. Connects using the identity of the Drill cluster (OS user or
- * service principal) if the external storage is aware of said identity,
- * otherwise connects without authentication. Unaffected by the Drill
- * query user's identity.
- */
- DRILL_PROCESS,
/**
* Connects using a single set of shared credentials stored in some
- * credential provider. Unaffected by the Drill query user's identity.
+ * credential provider. If no credentials are present, the plugin may
+ * connect with no credentials or make implicit use of the Drillbit's
+ * identity (e.g. OS process user). Unaffected by the Drill query user's
+ * identity.
*/
SHARED_USER,
/**
