trino icon indicating copy to clipboard operation
trino copied to clipboard

Published 20 hours ago verified publisher icon trinodb

add header authentication support for the web-ui

Open kenandominic opened this issue 1 year ago • 28 comments

Description

Installs the header authenticator and header authenticator manager modules in the web UI authentication module

relevant configuration

web-ui.authentication.type=header

in place of https://github.com/trinodb/trino/pull/14450

Additional context and related issues

Release notes

( ) This is not user-visible or docs only and no release notes are required. (x) Release notes are required, please propose a release note for me. ( ) Release notes are required, with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

kenandominic avatar Mar 14 '23 23:03 kenandominic

hey @lukasz-walkiewicz could you ptal when you get the chance. wrote tests as you asked in https://github.com/trinodb/trino/pull/14450

kenandominic avatar Mar 15 '23 05:03 kenandominic

This pull request has gone a while without any activity. Tagging the Trino developer relations team: @bitsondatadev @colebow @mosabua

github-actions[bot] avatar Jan 17 '24 17:01 github-actions[bot]

:wave: @kenandominic - this PR has become inactive. We hope you are still interested in working on it. Please let us know, and we can try to get reviewers to help with that.

We're working on closing out old and inactive PRs, so if you're too busy or this has too many merge conflicts to be worth picking back up, we'll be making another pass to close it out in a few weeks.

mosabua avatar Jan 17 '24 18:01 mosabua

I'm also interested in this feature. @hashhar @lukasz-walkiewicz what is outstanding to merge this?

huw0 avatar Jan 22 '24 16:01 huw0

This pull request has gone a while without any activity. Tagging the Trino developer relations team: @bitsondatadev @colebow @mosabua

github-actions[bot] avatar Feb 12 '24 17:02 github-actions[bot]

hey @mosabua, I'll spend some time again, hopefully later today, to resolve the merge conflicts if you can get someone to review it.

kenandominic avatar Feb 12 '24 17:02 kenandominic

hey @huw0, you can apply the changes in this PR if you have a fork of trino. we've (salesforce) been using header authn to guard our UI for nearly a year now

kenandominic avatar Feb 12 '24 18:02 kenandominic

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic. This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email [email protected]
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

cla-bot[bot] avatar Feb 12 '24 22:02 cla-bot[bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic. This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email [email protected]
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

cla-bot[bot] avatar Feb 12 '24 22:02 cla-bot[bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic. This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email [email protected]
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

cla-bot[bot] avatar Feb 12 '24 22:02 cla-bot[bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic. This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email [email protected]
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

cla-bot[bot] avatar Feb 12 '24 22:02 cla-bot[bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic. This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email [email protected]
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

cla-bot[bot] avatar Feb 12 '24 22:02 cla-bot[bot]

hey @mosabua I have resolved all the conflicts

kenandominic avatar Feb 12 '24 22:02 kenandominic

@cla-bot check

mosabua avatar Feb 12 '24 23:02 mosabua

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic. This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email [email protected]
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

cla-bot[bot] avatar Feb 12 '24 23:02 cla-bot[bot]

The cla-bot has been summoned, and re-checked this pull request!

cla-bot[bot] avatar Feb 12 '24 23:02 cla-bot[bot]

Can you submit a signed CLA and check the build failures out @kenandominic ?

mosabua avatar Feb 12 '24 23:02 mosabua

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic. This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email [email protected]
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

cla-bot[bot] avatar Feb 13 '24 00:02 cla-bot[bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic. This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email [email protected]
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

cla-bot[bot] avatar Feb 13 '24 00:02 cla-bot[bot]

hey @mosabua I was able to fix the issue with the cla check not passing. all tests pass except trino-delta-lake which is unrelated to the changes in this pr. is there a way to run just that check again?

kenandominic avatar Feb 21 '24 00:02 kenandominic

Thanks for the CLA and such @kenandominic . The test results coming from the Delta Lake test are probably just a CI failure. Every new push will trigger the whole build again but I would wait until we get further review comments.

mosabua avatar Feb 21 '24 01:02 mosabua

Can @lukasz-walkiewicz @hashhar or maybe @dain help here?

mosabua avatar Feb 21 '24 01:02 mosabua

hey @huw0, you can apply the changes in this PR if you have a fork of trino. we've (salesforce) been using header authn to guard our UI for nearly a year now

Great to hear that this has been battle tested! So far I've been trying to avoid forking and sticking with upstream as closely as possible to reduce the overhead of staying up to date.

Is there anything that can be done to progress this PR?

huw0 avatar Mar 04 '24 18:03 huw0

This pull request has gone a while without any activity. Tagging the Trino developer relations team: @bitsondatadev @colebow @mosabua

github-actions[bot] avatar Mar 26 '24 17:03 github-actions[bot]

Closing this pull request, as it has been stale for six weeks. Feel free to re-open at any time.

github-actions[bot] avatar Apr 16 '24 17:04 github-actions[bot]

Reopening .. we still want this feature to get in. Adding stale-ignore label.

mosabua avatar Apr 17 '24 16:04 mosabua

Hi @mosabua, @lukasz-walkiewicz - would be great to get this in soon if possible?

huw0 avatar Jul 26 '24 15:07 huw0