-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for pluggable Custom Presto Authenticators #24111
base: master
Are you sure you want to change the base?
Add support for pluggable Custom Presto Authenticators #24111
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @imsayari404, could you please add a test? Will the JwtAuthenticator and PasswordAuthenticator be refactored, as suggested in #24053 (review), in this PR?
|
||
import static java.util.Objects.requireNonNull; | ||
|
||
public class PrestoAuthenticator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be an interface?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PrestoAuthenticator
class does not need to be an interface because it serves as a concrete adapter between the Airlift Authenticator
interface and the pluggable design provided by PrestoAuthenticator
and PrestoAuthenticatorFactory
SPI. Its role is to delegate authentication to the PrestoAuthenticatorManager
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pramodsatya I understand why you might be confused. We have an interface called PrestoAuthenticator in the presto-spi package with the same name.
@tdcmeehan Currently, we've followed the same naming convention as was done for the PasswordAuthenticator SPI. This could lead to confusion since we have an SPI with the same name as the PasswordAuthenticator class in the presto-main package. Do you think we should refactor the class names in presto-main to eliminate the confusion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the doc! A couple of rephrasing suggestions for conciseness.
Also - because this is a new page - you must add
develop/presto-authenticator
to https://github.com/prestodb/presto/blob/master/presto-docs/src/main/sphinx/develop.rst
so the new page will show up on the Developer Guide index page https://prestodb.io/docs/current/develop.html .
Custom Presto Authenticator | ||
=========================== | ||
|
||
Presto supports authentication via a custom presto authenticator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Presto supports authentication via a custom presto authenticator | |
Presto supports authentication through a custom Presto authenticator |
Don't use via
. See the GitLab documentation style guide word list entry for via for discussion and alternate working suggestions, if the suggested through
isn't a good fit for you.
Implementation | ||
-------------- | ||
|
||
``PrestoAuthenticatorFactory`` is responsible for creating a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
``PrestoAuthenticatorFactory`` is responsible for creating a | |
``PrestoAuthenticatorFactory`` creates a |
Additionally, the coordinator must be configured to use custom authentication | ||
and have HTTPS enabled. | ||
|
||
Below property needs to be added to the coordinator's ``config.properties`` file: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Below property needs to be added to the coordinator's ``config.properties`` file: | |
Add the property shown below to the coordinator's ``config.properties`` file: |
Co-authored-by: Namya Sehgal <sehgalnamya@gmail.com>
e9538d0
to
5a9b144
Compare
Add TestingPrestoAuthenticatorFactory
5a9b144
to
caefe42
Compare
@pramodsatya There has been a slight change since my last comment on this issue. After discussions with @tdcmeehan, we introduced a new and more generic SPI that is independent of the current Authenticators. This SPI can be used to implement any type of custom authenticator, without being limited to just a custom implementation of JWT or Password Authenticators. We decided to keep the current implementation of Password and JWT authenticators unchanged to avoid introducing a breaking change. |
Description
A pluggable authenticator in Presto allows the authentication process to be customized based on specific use cases, such as integrating with different identity providers or token validation strategies.
Motivation and Context
Fixes #24052
Test Plan
Added Unit Tests
Contributor checklist
Release Notes
Please follow release notes guidelines and fill in the release notes below.