Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Merged by Bors] - LDAP authentication #374

Closed
wants to merge 59 commits into from
Closed

[Merged by Bors] - LDAP authentication #374

wants to merge 59 commits into from

Conversation

vsupalov
Copy link
Contributor

@vsupalov vsupalov commented Jan 10, 2023
edited
Loading

Description

This will resolve part of #144
The ticket can be merged once the stretch goals are reached as well.

A new iteration on the changes prototyped in #341

This iteration will include:

  • A closer resemblance to the ticket requirements - using a list of authenticators
  • Non-usage of LDAP for inter-node authentication (basic authentication instead)
  • Erroring out if both TLS auth and LDAP auth are configured

Follow-up Work

  • Interconnection with an OPA authorization config, if provided (former stretch goal)
  • Adding ldaps:// support (former stretch goal)
  • Druid does not like anonymous LDAP access (without bind credentials). I have not found a way to configure it. This however, seems to be a usecase we want to support generally.

Review Checklist

  • Code contains useful comments
  • CRD change approved (or not applicable)
  • (Integration-)Test cases added (or not applicable)
  • Documentation added (or not applicable)
  • Changelog updated (or not applicable)
  • Cargo.toml only contains references to git tags (not specific commits or branches)
  • Helm chart can be installed and deployed operator works (or not applicable)

Once the review is done, comment bors r+ (or bors merge) to merge. Further information

This was referenced Jan 10, 2023
Closed
Closed
sbernauer
sbernauer previously requested changes Jan 11, 2023
View reviewed changes
Copy link
Member

@sbernauer sbernauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't be afraid of the number of comments, lots of them are duplicates. Happy to have a chat :)

rust/crd/src/ldap.rs Outdated Show resolved Hide resolved
rust/crd/src/ldap.rs Outdated Show resolved Hide resolved
rust/crd/src/ldap.rs Outdated Show resolved Hide resolved
rust/crd/src/ldap.rs Outdated Show resolved Hide resolved
rust/crd/src/ldap.rs Outdated Show resolved Hide resolved
rust/operator-binary/src/druid_controller.rs Outdated Show resolved Hide resolved
rust/operator-binary/src/druid_controller.rs Outdated Show resolved Hide resolved
rust/operator-binary/src/druid_controller.rs Outdated Show resolved Hide resolved
rust/operator-binary/src/druid_controller.rs Outdated Show resolved Hide resolved
tests/templates/kuttl/ldap-authentication/02-install-hdfs.yaml.j2 Outdated Show resolved Hide resolved
This was referenced Jan 12, 2023
Closed
Closed
@vsupalov vsupalov force-pushed the feature/144-ldap-authentication-v2 branch from 1c4fed7 to 0961a12 Compare January 19, 2023 12:22
Vladislav Supalov and others added 22 commits January 19, 2023 13:23
docs(todo): describe LDAP usage
e94acb9 
refer to https://github.com/stackabletech/nifi-operator/pull/303/files#diff-ff1c06cfbfb2d6a67f8e0a1e5bd2b2d55f2e8e2704e360f73509318fa9d645bc
test: add adjusted ldap integration test
be8f258 
# Conflicts:
#	tests/test-definition.yaml
feat: accept LDAP for authentication
8b93abd
fix: secret name
75d5448
wip: add ldap integration sketch
b4bdbc5
wip: port and adjust ldap changes from old branch
1d0b4cb
fix(test): ldap auth errors
c02b0e7
test: simplify ldap test case
fff188c
fix: skip obsolete secret replacement commands
5cc6ea1
fix: remove unused dependency
b6d1433
refactor: remove unused error enum
af7bf5b
refactor: rename lines to config
64086b5
refactor: rename provider to ldap
19085a6
@sbernauer
feat: add additional ldap cmd info
358d9a2 
Co-authored-by: Sebastian Bernauer <[email protected]>
refactor: reuse consts to create config path
0ded0a8
refactor: move long config string prefixes into consts
17aff66
style: remove unneeded comments
868a432
style: change argument order
8cfb788
style: remove maybe_ prefix from variables
f1bb08b
wip: towards replacing internal hard-coded secret
1d99a33
wip: replace hard-coded secret with env var
afceef9
chore: clarify ldap tls test comment
c161c00
@vsupalov vsupalov force-pushed the feature/144-ldap-authentication-v2 branch from 0961a12 to c161c00 Compare January 19, 2023 12:23
fhennig
fhennig previously approved these changes Jan 25, 2023
View reviewed changes
@vsupalov
Copy link
Contributor Author

Alright, thanks for the review folks! I will rebase and merge this branch once the release is through.

I will create a comment on the main issue with the findings from this stage, so we can keep track of follow-up tasks there.

@vsupalov
Copy link
Contributor Author

vsupalov commented Jan 26, 2023
edited
Loading

Test run: https://ci.stackable.tech/view/02%20Operator%20Tests%20(custom)/job/druid-operator-it-custom/70/

That run had the wrong operator version selected. New one: https://ci.stackable.tech/job/druid-operator-it-custom/71/

maltesander
maltesander reviewed Jan 30, 2023
View reviewed changes
Copy link
Member

@maltesander maltesander left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall. Just some docs.

rust/crd/src/ldap.rs Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/usage.adoc Outdated Show resolved Hide resolved
@vsupalov vsupalov mentioned this pull request Jan 30, 2023
Open
@vsupalov
Copy link
Contributor Author

vsupalov commented Jan 30, 2023
edited
Loading

A list of follow-up tickets, also posted in the main LDAP issue:

maltesander
maltesander approved these changes Jan 30, 2023
View reviewed changes
Copy link
Member

@maltesander maltesander left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@vsupalov vsupalov dismissed sbernauer’s stale review January 30, 2023 15:13

Thanks! All changes have been implemented, and the PR has one approval. Merging time!

@stackabletech stackabletech deleted a comment from bors bot Jan 30, 2023
@vsupalov
Copy link
Contributor Author

bors r+

bors bot pushed a commit that referenced this pull request Jan 30, 2023
LDAP authentication (#374)
a158c7b 
# Description

This will resolve part of #144
The ticket can be merged once the stretch goals are reached as well.

A new iteration on the changes prototyped in #341

This iteration will include:

* A closer resemblance to the ticket requirements - using a list of authenticators
* Non-usage of LDAP for inter-node authentication (basic authentication instead)
* Erroring out if both TLS auth and LDAP auth are configured

## Follow-up Work

* Interconnection with an OPA authorization config, if provided (former stretch goal)
* Adding ldaps:// support (former stretch goal)
* Druid does not like anonymous LDAP access (without bind credentials). I have not found a way to configure it. This however, seems to be a usecase we want to support generally.
@vsupalov
Copy link
Contributor Author

Here we goooo :shipit:

@bors
Copy link
Contributor

bors bot commented Jan 30, 2023

Pull request successfully merged into main.

Build succeeded:

@bors bors bot changed the title LDAP authentication [Merged by Bors] - LDAP authentication Jan 30, 2023
@bors bors bot closed this Jan 30, 2023
@bors bors bot deleted the feature/144-ldap-authentication-v2 branch January 30, 2023 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maltesander maltesander maltesander approved these changes

@fhennig fhennig fhennig left review comments

@sbernauer sbernauer Awaiting requested review from sbernauer

Assignees
No one assigned
Labels
None yet
Projects
Stackable Engineering
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vsupalov @fhennig @maltesander @sbernauer