This is an automated email from the ASF dual-hosted git repository.
apucher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git
The following commit(s) were added to refs/heads/master by this push:
new 3772b55dc4 enable readonly access to controller UI for users without
table restrictions (#10329)
3772b55dc4 is described below
commit 3772b55dc4c35673762a182b2ee650469560aa97
Author: Alexander Pucher <[email protected]>
AuthorDate: Fri Feb 24 19:15:37 2023 -0800
enable readonly access to controller UI for users without table
restrictions (#10329)
---
.../api/resources/PinotControllerAuthResource.java | 3 ++-
.../main/java/org/apache/pinot/tools/AuthQuickstart.java | 16 ++++++++++------
2 files changed, 12 insertions(+), 7 deletions(-)
diff --git
a/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
b/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
index 77b77479ca..52e518cfed 100644
---
a/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
+++
b/pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotControllerAuthResource.java
@@ -28,6 +28,7 @@ import io.swagger.annotations.Authorization;
import io.swagger.annotations.SecurityDefinition;
import io.swagger.annotations.SwaggerDefinition;
import javax.inject.Inject;
+import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
@@ -72,7 +73,7 @@ public class PinotControllerAuthResource {
@ApiResponse(code = 500, message = "Verification error")
})
public boolean verify(@ApiParam(value = "Table name without type")
@QueryParam("tableName") String tableName,
- @ApiParam(value = "API access type") @QueryParam("accessType")
AccessType accessType,
+ @ApiParam(value = "API access type") @DefaultValue("READ")
@QueryParam("accessType") AccessType accessType,
@ApiParam(value = "Endpoint URL") @QueryParam("endpointUrl") String
endpointUrl) {
AccessControl accessControl = _accessControlFactory.create();
return accessControl.hasAccess(tableName, accessType, _httpHeaders,
endpointUrl);
diff --git
a/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
b/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
index 2642bbbb19..e4eaa89715 100644
--- a/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
+++ b/pinot-tools/src/main/java/org/apache/pinot/tools/AuthQuickstart.java
@@ -47,19 +47,23 @@ public class AuthQuickstart extends Quickstart {
properties.put("pinot.controller.segment.fetcher.auth.token", "Basic
YWRtaW46dmVyeXNlY3JldA==");
properties.put("controller.admin.access.control.factory.class",
"org.apache.pinot.controller.api.access.BasicAuthAccessControlFactory");
- properties.put("controller.admin.access.control.principals", "admin,
user");
+ properties.put("controller.admin.access.control.principals", "admin, user,
service, tableonly");
properties.put("controller.admin.access.control.principals.admin.password",
"verysecret");
+
properties.put("controller.admin.access.control.principals.service.password",
"verysecrettoo");
properties.put("controller.admin.access.control.principals.user.password",
"secret");
- properties.put("controller.admin.access.control.principals.user.tables",
"baseballStats");
-
properties.put("controller.admin.access.control.principals.user.permissions",
"read");
+
properties.put("controller.admin.access.control.principals.user.permissions",
"READ");
+
properties.put("controller.admin.access.control.principals.tableonly.password",
"secrettoo");
+
properties.put("controller.admin.access.control.principals.tableonly.permissions",
"READ");
+
properties.put("controller.admin.access.control.principals.tableonly.tables",
"baseballStats");
// broker
properties.put("pinot.broker.access.control.class",
"org.apache.pinot.broker.broker.BasicAuthAccessControlFactory");
- properties.put("pinot.broker.access.control.principals", "admin, user");
+ properties.put("pinot.broker.access.control.principals", "admin, user,
service, tableonly");
properties.put("pinot.broker.access.control.principals.admin.password",
"verysecret");
+ properties.put("pinot.broker.access.control.principals.service.password",
"verysecrettoo");
properties.put("pinot.broker.access.control.principals.user.password",
"secret");
- properties.put("pinot.broker.access.control.principals.user.tables",
"baseballStats");
- properties.put("pinot.broker.access.control.principals.user.permissions",
"read");
+
properties.put("pinot.broker.access.control.principals.tableonly.password",
"secrettoo");
+ properties.put("pinot.broker.access.control.principals.tableonly.tables",
"baseballStats");
// server
properties.put("pinot.server.segment.fetcher.auth.token", "Basic
YWRtaW46dmVyeXNlY3JldA==");
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
