Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Merged by Bors] - Add support for LDAP authentication#180

Closed
sbernauer wants to merge 37 commits into
mainfrom
feature/ldap-authn-2
Closed

[Merged by Bors] - Add support for LDAP authentication#180
sbernauer wants to merge 37 commits into
mainfrom
feature/ldap-authn-2

Conversation

@sbernauer

@sbernauer sbernauer commented Apr 21, 2022
edited by siegfriedweber
Loading

Copy link
Copy Markdown
Member

Description

Superseding #145, completely reworked to use new configuration mechanism introduced in #173
For #5
Integration-Tests: https://github.com/stackabletech/integration-tests/pull/175
Use ./create_test_cluster.py --kind --operator superset=0.4.0-pr180 before running the tests

Review Checklist

  • Code contains useful comments
  • (Integration-)Test cases added (or not applicable)
  • Documentation added (or not applicable)
  • Changelog updated (or not applicable)
  • Cargo.toml only contains references to git tags (not specific commits or branches)
  • Helm chart can be installed and deployed operator works (or not applicable)

Once the review is done, comment bors r+ (or bors merge) to merge. Further information

@sbernauer sbernauer mentioned this pull request Apr 21, 2022
Closed
6 tasks
@sbernauer

sbernauer commented Apr 21, 2022

Copy link
Copy Markdown
Member Author

Integration tests are green => ready for review :)

@sbernauer sbernauer requested a review from a team April 21, 2022 13:45
@sbernauer sbernauer force-pushed the feature/ldap-authn-2 branch from 4bd4212 to abcd0a8 Compare April 21, 2022 14:12
sbernauer
sbernauer commented Apr 21, 2022
View reviewed changes
Comment thread rust/operator-binary/src/config.rs
maltesander
maltesander reviewed Apr 25, 2022
View reviewed changes

@maltesander maltesander left a comment
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a small thing. Ran the tests and works. Maybe @siegfriedweber can have another look? Im not that into ldap and superset ;)

@sbernauer i cannot judge how good i is, but since we will require ldap etc. in other operators to i think its fine to merge in a working approach and refine / improve that later as well.

Comment thread rust/operator-binary/src/superset_controller.rs Outdated
@siegfriedweber siegfriedweber self-requested a review May 2, 2022 08:43
siegfriedweber
siegfriedweber requested changes May 3, 2022
View reviewed changes
Comment thread docs/modules/ROOT/pages/installation.adoc Outdated
Comment thread docs/modules/ROOT/pages/usage.adoc Outdated
Comment thread examples/superset-with-ldap.yaml Outdated
Comment thread examples/superset-with-ldap.yaml Outdated
Comment thread examples/superset-with-ldap.yaml
Comment thread rust/crd/src/lib.rs Outdated
Comment thread rust/crd/src/lib.rs
Comment thread rust/crd/src/lib.rs Outdated
Comment thread rust/operator-binary/src/config.rs Outdated
Comment thread rust/operator-binary/src/config.rs
siegfriedweber
siegfriedweber previously requested changes May 9, 2022
View reviewed changes

@siegfriedweber siegfriedweber left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are some minor and one major issue left.

The major issue is that some views are not accessible by the administrator, e.g. the user list. The reason is that the Admin role does not have the UserLDAPModelView permission. The command superset init which is called in the job created by the superset_db_controller initializes the roles according to the configured authentication type. If the authentication type is AUTH_LDAP then the permission UserLDAPModelView is added to the Admin role. Unfortunately the authentication type is not set in the configuration created by the superset_db_controller and it is not trivial to add it.

Comment thread rust/operator-binary/src/config.rs Outdated
Comment thread rust/operator-binary/src/main.rs Outdated
Comment thread examples/superset-with-ldap.yaml
Comment thread examples/superset-with-ldap.yaml Outdated
Comment thread rust/operator-binary/src/superset_controller.rs Outdated
@sbernauer sbernauer mentioned this pull request May 10, 2022
Closed
@sbernauer sbernauer force-pushed the feature/ldap-authn-2 branch from 925acb3 to 01ecf02 Compare May 10, 2022 14:21
@sbernauer sbernauer force-pushed the feature/ldap-authn-2 branch from 71e5a59 to 458b7f2 Compare May 10, 2022 15:14
@sbernauer

sbernauer commented May 11, 2022

Copy link
Copy Markdown
Member Author

The major issue is that some views are not accessible by the administrator, e.g. the user list.

The problem should now be sorted out via 458b7f2

The problem with the first login failing is purely a bug in flask-appbuilder and should be fixed by dpgaspar/Flask-AppBuilder#1846 which is entirely a docker image thing and not part of this PR.

Could you please take another look - would be great before your holiday to get this in 😇

@sbernauer

sbernauer commented May 12, 2022

Copy link
Copy Markdown
Member Author

@adwk67, @siegfriedweber was fine with the current implementation and requested fixing the "init container must finish before Superset starts" before merging.
Could you please took a look at the last 2 commits c60740a and 6df5300 and review them?
I tested the LDAP integration and for me everything worked fine and logs were ok

@adwk67 adwk67 self-requested a review May 12, 2022 13:29
adwk67
adwk67 approved these changes May 12, 2022
View reviewed changes

@adwk67 adwk67 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. Opened a separate issue #195 to avoid db-clashes in the tests

@sbernauer

sbernauer commented May 13, 2022

Copy link
Copy Markdown
Member Author

Thanks all for your feedback!
Everything should work to the best of my knowledge. Together with stackabletech/docker-images#116 this seems to be a nice solution :)
The Authorization part is outstanding and will be handled via a separate PR.

@sbernauer

sbernauer commented May 13, 2022

Copy link
Copy Markdown
Member Author

bors r+

@bors

bors Bot commented May 13, 2022

Copy link
Copy Markdown
Contributor

👎 Rejected by code reviews

@soenkeliebau soenkeliebau dismissed siegfriedweber’s stale review May 13, 2022 08:04

Dismissing this due to Sigi being on vacation for 2 weeks and subsequent reviews by other people having confimed his concerns as addressed.

@sbernauer

sbernauer commented May 13, 2022

Copy link
Copy Markdown
Member Author

bors r+

bors Bot pushed a commit that referenced this pull request May 13, 2022
@sbernauer
Add support for LDAP authentication (#180)
18e3c74 
## Description

Superseding #145, completely reworked to use new configuration mechanism introduced in #173
For #5
Integration-Tests: https://github.com/stackabletech/integration-tests/pull/175
Use `./create_test_cluster.py --kind --operator superset=0.4.0-pr180` before running the tests
@bors

bors Bot commented May 13, 2022

Copy link
Copy Markdown
Contributor

Pull request successfully merged into main.

Build succeeded:

@bors bors Bot changed the title Add support for LDAP authentication [Merged by Bors] - Add support for LDAP authentication May 13, 2022
@bors bors Bot closed this May 13, 2022
@bors bors Bot deleted the feature/ldap-authn-2 branch May 13, 2022 08:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maltesander maltesander maltesander left review comments

@adwk67 adwk67 adwk67 approved these changes

@siegfriedweber siegfriedweber siegfriedweber left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sbernauer @adwk67 @maltesander @siegfriedweber