This is an automated email from the ASF dual-hosted git repository. apucher pushed a commit to branch auth-enable-readonly-access-controller-ui in repository https://gitbox.apache.org/repos/asf/pinot.git
commit 95b73d30fcd3cc15aa7f9a1a190eb962b243c999 Author: Alexander Pucher <[email protected]> AuthorDate: Thu Feb 23 19:59:47 2023 -0800 enable readonly access to controller UI for users without table restrictions --- .../api/resources/PinotControllerAuthResource.java | 5 +++++ .../main/java/org/apache/pinot/tools/AuthQuickstart.java | 16 ++++++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java b/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java index 77b77479ca..6288b17be6 100644 --- a/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java +++ b/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java @@ -74,6 +74,11 @@ public class PinotControllerAuthResource { public boolean verify(@ApiParam(value = "Table name without type") @QueryParam("tableName") String tableName, @ApiParam(value = "API access type") @QueryParam("accessType") AccessType accessType, @ApiParam(value = "Endpoint URL") @QueryParam("endpointUrl") String endpointUrl) { + + if (accessType == null) { + accessType = AccessType.READ; + } + AccessControl accessControl = _accessControlFactory.create(); return accessControl.hasAccess(tableName, accessType, _httpHeaders, endpointUrl); } diff --git a/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java b/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java index 2642bbbb19..e4eaa89715 100644 --- a/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java +++ b/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java @@ -47,19 +47,23 @@ public class AuthQuickstart extends Quickstart { properties.put("pinot.controller.segment.fetcher.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA=="); properties.put("controller.admin.access.control.factory.class", "org.apache.pinot.controller.api.access.BasicAuthAccessControlFactory"); - properties.put("controller.admin.access.control.principals", "admin, user"); + properties.put("controller.admin.access.control.principals", "admin, user, service, tableonly"); properties.put("controller.admin.access.control.principals.admin.password", "verysecret"); + properties.put("controller.admin.access.control.principals.service.password", "verysecrettoo"); properties.put("controller.admin.access.control.principals.user.password", "secret"); - properties.put("controller.admin.access.control.principals.user.tables", "baseballStats"); - properties.put("controller.admin.access.control.principals.user.permissions", "read"); + properties.put("controller.admin.access.control.principals.user.permissions", "READ"); + properties.put("controller.admin.access.control.principals.tableonly.password", "secrettoo"); + properties.put("controller.admin.access.control.principals.tableonly.permissions", "READ"); + properties.put("controller.admin.access.control.principals.tableonly.tables", "baseballStats"); // broker properties.put("pinot.broker.access.control.class", "org.apache.pinot.broker.broker.BasicAuthAccessControlFactory"); - properties.put("pinot.broker.access.control.principals", "admin, user"); + properties.put("pinot.broker.access.control.principals", "admin, user, service, tableonly"); properties.put("pinot.broker.access.control.principals.admin.password", "verysecret"); + properties.put("pinot.broker.access.control.principals.service.password", "verysecrettoo"); properties.put("pinot.broker.access.control.principals.user.password", "secret"); - properties.put("pinot.broker.access.control.principals.user.tables", "baseballStats"); - properties.put("pinot.broker.access.control.principals.user.permissions", "read"); + properties.put("pinot.broker.access.control.principals.tableonly.password", "secrettoo"); + properties.put("pinot.broker.access.control.principals.tableonly.tables", "baseballStats"); // server properties.put("pinot.server.segment.fetcher.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA=="); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
