[Feature]: Add support of custom authenticators for jaeger cassandra storage #5627
Comments
|
What does it mean to allow those custom authenticators from the list you mention? If it's just an option we need to pass to gocql driver, then it's reasonable to support. If it requires integrating with another dependency, then it gives me a pause. E.g. we intentionally stayed away from integrating with AWS AIM because it requires taking dependency on their custom SDKs (and increases the binary size like crazy, although that ship may have sailed now since OTEL collector wasn't as diligent). |
Yes, that is exactly what I want in this issue: just to pass another option to gocql driver |
yurishkuro
added
help wanted
|
Hey @quantumlexa I want to work on this issue. Please assign to me. |
@quantumlexa why do you refer to these as "custom"? I think it's creating confusion, we have two PRs going about this ticket in completely different directions: #5628 and #5637. When I hear "custom" I think more of the approach in #5637 where we implement an authenticator API. Whereas #5628 simply adds a CLI flag to pass on of those "approved" authenticators from the list. The documentation in gocql is lacking on this front. |
@yurishkuro I think the use of passing "approved" authenticators let's say you are using instacluster cassendra db so now they have there own custom auth for that so to connect to that you can either specify the auth you are allowing cluster.Authenticator = gocql.PasswordAuthenticator{Username: "Username", Password: "Password", AllowedAuthenticators: []string {"com.instaclustr.cassandra.auth.InstaclustrPasswordAuthenticator"}}it would still work if you don't pass any allowed auth cluster.Authenticator = gocql.PasswordAuthenticator{Username: "Username", Password: "Password"}as you can see the |
@yurishkuro I'm sorry for such a badly formatted issue description. Looking at #5628 it seems that it should solve this issue |
are you sure? According to #5627 (comment), the default list is used regardless of whether we specify them or not. Even if that conclusion is wrong, the PR does nothing to enable authenticators that are NOT on the list. |
no if you specify the default list won't be used it will only try among the provided auth |
|
@hellspawn679 our current code leaves this field empty, which causes the default list to be used https://github.com/gocql/gocql/blob/34fdeebefcbf183ed7f916f931aa0586fdaa1b40/conn.go#L44 So if someone wants to use one of these approved authenticators, no changes is needed in Jaeger. Only if someone wants to prohibit using the full list would we need a user-configurable option to allow user to provide the exact list, OR to provide some name that is not even on the list. I think your PR is still on point, but given the utter lack of documentation in gocql about that I want to (a) understand it myself and (b) write adequate CLI flag description that is unambiguous. |
|
@yurishkuro yes |
<!-- !! Please DELETE this comment before posting. We appreciate your contribution to the Jaeger project! 👋🎉 --> ## Which problem is this PR solving? - #5627 ## Description of the changes - added defaultApprovedAuthenticators ## How was this change tested? - ## Checklist - [ ] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [ ] I have signed all commits - [ ] I have added unit tests for the new functionality - [ ] I have run lint and test steps successfully - for `jaeger`: `make lint test` - for `jaeger-ui`: `yarn lint` and `yarn test` --------- Signed-off-by: mehul gautam <mehulsharma4786@gmail.com>
@yurishkuro |
|
@yurishkuro @quantumlexa, I understood the problem it in a wrong way, I have read the whole description above why I am wrong. By the way thanks for it. Looking forward to contribute more. |
Requirement
as a Jaeger power user I want to use cassandra that uses custom authenticator as a storage for jaeger traces
Problem
Jarger uses BasicAuthenticator from config with no
AllowedAuthenticatorsset. That makes gocql to use default set of Authenticators.https://github.com/jaegertracing/jaeger/blob/main/pkg/cassandra/config/config.go#L144-L149
As the result all cassandra instances that uses custom Authenticators can't be used as a storage for jaeger traces
Here by custom authenticators I mean not included in the following list: https://github.com/gocql/gocql/blob/master/conn.go#L26-L39
Proposal
Add ability to set authenticator by an user.
Open questions
No response
The text was updated successfully, but these errors were encountered: