[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. IMPALA-9537: Add LDAP auth to the webui This patch adds a startup flag --webserver_require_ldap, which if set to true secures the debug webserver with LDAP username/password authentication. It also adds the flags --webserver_ldap_group_filter and --webserver_ldap_user_filter, which allow users to restrict access to the webserver separately from the restrictions on other endpoints (i.e. --ldap_group_filter and --ldap_user_filter), for example to enable webserver access only for admin users. Testing: - Added a FE test that runs a custom cluster with ldap webserver auth enabled and verifies it works as expected, with and without filters specified. Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Reviewed-on: http://gerrit.cloudera.org:8080/15538 Reviewed-by: Impala Public Jenkins Tested-by: Impala Public Jenkins --- M be/src/util/webserver.cc M be/src/util/webserver.h M common/thrift/metrics.json M fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java M fe/src/test/java/org/apache/impala/customcluster/LdapImpalaShellTest.java A fe/src/test/java/org/apache/impala/customcluster/LdapWebserverTest.java A fe/src/test/java/org/apache/impala/testutil/LdapUtil.java M fe/src/test/java/org/apache/impala/util/Metrics.java M tests/common/impala_service.py 9 files changed, 478 insertions(+), 99 deletions(-) Approvals: Impala Public Jenkins: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 6 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 5: Verified+1 -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 5 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Thu, 02 Apr 2020 21:08:17 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Thomas Tauber-Marshall has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 4: Jenkins failure was unrelated: IMPALA-9550 -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 4 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Thu, 02 Apr 2020 16:36:06 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 5: Code-Review+2 -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 5 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Thu, 02 Apr 2020 16:36:31 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 5: Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/5603/ DRY_RUN=false -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 5 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Thu, 02 Apr 2020 16:36:32 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 4: Verified-1 Build failed: https://jenkins.impala.io/job/gerrit-verify-dryrun/5599/ -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 4 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Thu, 02 Apr 2020 02:33:05 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 4: Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/5599/ DRY_RUN=false -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 4 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Wed, 01 Apr 2020 21:59:34 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Thomas Tauber-Marshall has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 4: Code-Review+2 rebased, carrying forward -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 4 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Wed, 01 Apr 2020 21:58:40 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Tim Armstrong has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 3: Code-Review+2 -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 3 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Wed, 01 Apr 2020 20:47:08 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 3: Build Successful https://jenkins.impala.io/job/gerrit-code-review-checks/5672/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests. -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 3 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Tue, 31 Mar 2020 23:30:26 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Hello Tim Armstrong, Impala Public Jenkins, I'd like you to reexamine a change. Please visit http://gerrit.cloudera.org:8080/15538 to look at the new patch set (#3). Change subject: IMPALA-9537: Add LDAP auth to the webui .. IMPALA-9537: Add LDAP auth to the webui This patch adds a startup flag --webserver_require_ldap, which if set to true secures the debug webserver with LDAP username/password authentication. It also adds the flags --webserver_ldap_group_filter and --webserver_ldap_user_filter, which allow users to restrict access to the webserver separately from the restrictions on other endpoints (i.e. --ldap_group_filter and --ldap_user_filter), for example to enable webserver access only for admin users. Testing: - Added a FE test that runs a custom cluster with ldap webserver auth enabled and verifies it works as expected, with and without filters specified. Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 --- M be/src/util/webserver.cc M be/src/util/webserver.h M common/thrift/metrics.json M fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java M fe/src/test/java/org/apache/impala/customcluster/LdapImpalaShellTest.java A fe/src/test/java/org/apache/impala/customcluster/LdapWebserverTest.java A fe/src/test/java/org/apache/impala/testutil/LdapUtil.java M fe/src/test/java/org/apache/impala/util/Metrics.java M tests/common/impala_service.py 9 files changed, 478 insertions(+), 99 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/38/15538/3 -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 3 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 2: Build Failed https://jenkins.impala.io/job/gerrit-code-review-checks/5671/ : Initial code review checks failed. See linked job for details on the failure. -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 2 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Tue, 31 Mar 2020 21:57:21 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Thomas Tauber-Marshall has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 2: (4 comments) http://gerrit.cloudera.org:8080/#/c/15538/1//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/15538/1//COMMIT_MSG@9 PS1, Line 9: This patch adds a startup flag --webserver_require_ldap, which if set > I think we might also need some kind of authorisation solution too? I.e. on Done http://gerrit.cloudera.org:8080/#/c/15538/1/be/src/util/webserver.cc File be/src/util/webserver.cc: http://gerrit.cloudera.org:8080/#/c/15538/1/be/src/util/webserver.cc@122 PS1, Line 122: DEFINE_bool(webserver_require_ldap, false, > Maybe in the help briefly explain the interaction between the different kin Yeah, allowing both while getting the return headers right is a little tricky and would require some code restructuring. I don't think its an important use case, so I just disallowed it. I'll note that in the description of the flags. http://gerrit.cloudera.org:8080/#/c/15538/1/be/src/util/webserver.cc@581 PS1, Line 581: total_cookie_auth_failure_->Increment(1); > It feels a little weird that we don't set authenticated = true here. The co Done http://gerrit.cloudera.org:8080/#/c/15538/1/fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java File fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java: http://gerrit.cloudera.org:8080/#/c/15538/1/fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java@59 PS1, Line 59: // Print out the output of the process, for debugging. We only need to print stdout, > I guess this is good to aid debugging. Maybe merits a one line comment to e Done -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 2 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Thomas Tauber-Marshall Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Tue, 31 Mar 2020 21:20:31 + Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Hello Tim Armstrong, Impala Public Jenkins, I'd like you to reexamine a change. Please visit http://gerrit.cloudera.org:8080/15538 to look at the new patch set (#2). Change subject: IMPALA-9537: Add LDAP auth to the webui .. IMPALA-9537: Add LDAP auth to the webui This patch adds a startup flag --webserver_require_ldap, which if set to true secures the debug webserver with LDAP username/password authentication. It also adds the flags --webserver_ldap_group_filter and --webserver_ldap_user_filter, which allow users to restrict access to the webserver separately from the restrictions on other endpoints (i.e. --ldap_group_filter and --ldap_user_filter), for example to enable webserver access only for admin users. Testing: - Added a FE test that runs a custom cluster with ldap webserver auth enabled and verifies it works as expected, with and without filters specified. Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 --- M be/src/util/webserver.cc M be/src/util/webserver.h M common/thrift/metrics.json M fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java M fe/src/test/java/org/apache/impala/customcluster/LdapImpalaShellTest.java A fe/src/test/java/org/apache/impala/customcluster/LdapWebserverTest.java M fe/src/test/java/org/apache/impala/util/Metrics.java M tests/common/impala_service.py 8 files changed, 442 insertions(+), 99 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/38/15538/2 -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 2 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Tim Armstrong
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Tim Armstrong has posted comments on this change. (
http://gerrit.cloudera.org:8080/15538 )
Change subject: IMPALA-9537: Add LDAP auth to the webui
..
Patch Set 1:
(3 comments)
This makes sense to me as the authentication piece of the solution. I had a few
readability comments but no concerns about the logic or testing.
http://gerrit.cloudera.org:8080/#/c/15538/1/be/src/util/webserver.cc
File be/src/util/webserver.cc:
http://gerrit.cloudera.org:8080/#/c/15538/1/be/src/util/webserver.cc@122
PS1, Line 122: DEFINE_bool(webserver_require_ldap, false,
Maybe in the help briefly explain the interaction between the different kinds
of auth - is it that clients need to authenticate with only one of the enabled
mechanisms?
edit: oh i guess setting both is disallowed
http://gerrit.cloudera.org:8080/#/c/15538/1/be/src/util/webserver.cc@581
PS1, Line 581: AddCookie(request_info, &response_headers);
It feels a little weird that we don't set authenticated = true here. The
control flow doesn't require it, so we don't need to add unnecessary logic.
Maybe it would be clearer with a comment, or if the ldap and spnego branches
were made obviously mutually exclusive. E.g.
if (!authenticated && FLAGS_spnego) {
} else if (!authenticated && FLAGS_ldap) {
}
or
if (!authenticated) {
if (FLAGS_spnego) {
} else if (FLAGS_ldap) {
}
}
http://gerrit.cloudera.org:8080/#/c/15538/1/fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java
File fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java:
http://gerrit.cloudera.org:8080/#/c/15538/1/fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java@59
PS1, Line 59: LOG.info(IOUtils.toString(p.getInputStream()));
I guess this is good to aid debugging. Maybe merits a one line comment to
explain what it's doing?
--
To view, visit http://gerrit.cloudera.org:8080/15538
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10
Gerrit-Change-Number: 15538
Gerrit-PatchSet: 1
Gerrit-Owner: Thomas Tauber-Marshall
Gerrit-Reviewer: Impala Public Jenkins
Gerrit-Reviewer: Tim Armstrong
Gerrit-Comment-Date: Tue, 24 Mar 2020 23:31:10 +
Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Tim Armstrong has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/15538/1//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/15538/1//COMMIT_MSG@9 PS1, Line 9: This patch adds a startup flag --webserver_require_ldap, which if set I think we might also need some kind of authorisation solution too? I.e. only allow privileged users to view the web UI, since it has potentially sensitive info. Maybe I'm missing how this could be achieved though. -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 1 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Tim Armstrong Gerrit-Comment-Date: Tue, 24 Mar 2020 18:40:51 + Gerrit-HasComments: Yes
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/15538 ) Change subject: IMPALA-9537: Add LDAP auth to the webui .. Patch Set 1: Build Successful https://jenkins.impala.io/job/gerrit-code-review-checks/5575/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests. -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 1 Gerrit-Owner: Thomas Tauber-Marshall Gerrit-Reviewer: Impala Public Jenkins Gerrit-Comment-Date: Mon, 23 Mar 2020 22:52:49 + Gerrit-HasComments: No
[Impala-ASF-CR] IMPALA-9537: Add LDAP auth to the webui
Thomas Tauber-Marshall has uploaded this change for review. ( http://gerrit.cloudera.org:8080/15538 Change subject: IMPALA-9537: Add LDAP auth to the webui .. IMPALA-9537: Add LDAP auth to the webui This patch adds a startup flag --webserver_require_ldap, which if set to true secures the debug webserver with LDAP username/password authentication. Testing: - Added a FE test that runs a custom cluster with ldap webserver auth enabled and verifies it works as expected. Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 --- M be/src/rpc/authentication.cc M be/src/rpc/authentication.h M be/src/util/webserver.cc M be/src/util/webserver.h M common/thrift/metrics.json M fe/src/test/java/org/apache/impala/customcluster/CustomClusterRunner.java A fe/src/test/java/org/apache/impala/customcluster/LdapWebserverTest.java M fe/src/test/java/org/apache/impala/util/Metrics.java M tests/common/impala_service.py 9 files changed, 376 insertions(+), 74 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/38/15538/1 -- To view, visit http://gerrit.cloudera.org:8080/15538 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I6e92481929f2f06898b8496233ab4134792c9f10 Gerrit-Change-Number: 15538 Gerrit-PatchSet: 1 Gerrit-Owner: Thomas Tauber-Marshall
