paul-rogers opened a new pull request, #14009:
URL: https://github.com/apache/druid/pull/14009
This PR adds a complete set of Basic security functions to the Python
`druidapi`. These functions are handy for setting up security, inspecting the
security setup, and learning the nuances of the basic security system. They
would make a fine foundation for Basic security tutorial notebook. If we did
such a notebook:
* Emphasize that users are defined twice: once in the authorizer, again in
the authenticator.
* The many config settings that have to be done just right.
* The complexities of SQL security: sometimes one needs multiple permissions.
Since the Druid console doesn't provide tools to set up basic security,
doing it via Python is a handy way to get started until a user defines a more
production-grade integration with an external system.
#### Example:
```python
# Define a coordinator-specific client, using the admin user
coord = druidapi.jupyter_client('http://localhost:8081', auth=('admin',
'pwd'))
# Create a basic auth client for your authenticator and authorizer:
ac = coord.basic_security('myAuthorizer', 'myAuthenticator')
# Get information
# List users
ac.users()
# List roles
ac.users()
# List roles for a user
ac.authorization_user('alice')
# List permissions for a role
ac.role_permissions('aliceRole')
# Create user
ac.add_user('fred', 'pwd')
# Create role
ac.add_role('myRole')
# Grant permissions to a role
perms = [ac.resource_action(consts.DATASOURCE_RESOURCE, 'foo',
consts.READ_ACTION)]
ac.set_role_permissions('myRole', perms)
# Assign a role to a user
ac.assign_role_to_user('myRole', 'fred')
# "Log in" as the new user
fred = druidapi.jupyter_client('http://localhost:8888', auth=('fred', 'pwd'))
# Perform operations as the user.
fred.sql.sql('SELECT * FROM foo LIMIT 10')
# Drop user
ac.drop_user('fred')
```
#### Release note
See the description.
<hr>
This PR has:
- [X] been self-reviewed.
- [X] added documentation for new or modified features or behaviors.
- [X] a release note entry in the PR description.
- [X] added comments explaining the "why" and the intent of the code
wherever would not be obvious for an unfamiliar reader.
- [ ] added unit tests or modified existing tests to cover new code paths,
ensuring the threshold for [code
coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md)
is met.
- [X] been tested in a test Druid cluster.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
