Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Merged by Bors] - Add support for LDAP authentication #180

Closed
wants to merge 37 commits into from
Closed

[Merged by Bors] - Add support for LDAP authentication #180

wants to merge 37 commits into from

Conversation

sbernauer
Copy link
Member

@sbernauer sbernauer commented Apr 21, 2022
edited by siegfriedweber
Loading

Description

Superseding #145, completely reworked to use new configuration mechanism introduced in #173
For #5
Integration-Tests: https://github.com/stackabletech/integration-tests/pull/175
Use ./create_test_cluster.py --kind --operator superset=0.4.0-pr180 before running the tests

Review Checklist

  • Code contains useful comments
  • (Integration-)Test cases added (or not applicable)
  • Documentation added (or not applicable)
  • Changelog updated (or not applicable)
  • Cargo.toml only contains references to git tags (not specific commits or branches)
  • Helm chart can be installed and deployed operator works (or not applicable)

Once the review is done, comment bors r+ (or bors merge) to merge. Further information

@sbernauer sbernauer mentioned this pull request Apr 21, 2022
Closed
6 tasks
@sbernauer
Copy link
Member Author

Integration tests are green => ready for review :)

@sbernauer sbernauer requested a review from a team April 21, 2022 13:45
@sbernauer sbernauer force-pushed the feature/ldap-authn-2 branch from 4bd4212 to abcd0a8 Compare April 21, 2022 14:12
maltesander
maltesander reviewed Apr 25, 2022
View reviewed changes
Copy link
Member

@maltesander maltesander left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a small thing. Ran the tests and works. Maybe @siegfriedweber can have another look? Im not that into ldap and superset ;)

@sbernauer i cannot judge how good i is, but since we will require ldap etc. in other operators to i think its fine to merge in a working approach and refine / improve that later as well.

rust/operator-binary/src/superset_controller.rs Outdated Show resolved Hide resolved
@siegfriedweber siegfriedweber self-requested a review May 2, 2022 08:43
siegfriedweber
siegfriedweber requested changes May 3, 2022
View reviewed changes
docs/modules/ROOT/pages/installation.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/usage.adoc Outdated Show resolved Hide resolved
examples/superset-with-ldap.yaml Outdated Show resolved Hide resolved
examples/superset-with-ldap.yaml Outdated Show resolved Hide resolved
examples/superset-with-ldap.yaml Show resolved Hide resolved
rust/crd/src/lib.rs Outdated Show resolved Hide resolved
rust/crd/src/lib.rs Show resolved Hide resolved
rust/crd/src/lib.rs Outdated Show resolved Hide resolved
rust/operator-binary/src/config.rs Outdated Show resolved Hide resolved
rust/operator-binary/src/config.rs Outdated Show resolved Hide resolved
siegfriedweber
siegfriedweber previously requested changes May 9, 2022
View reviewed changes
Copy link
Member

@siegfriedweber siegfriedweber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are some minor and one major issue left.

The major issue is that some views are not accessible by the administrator, e.g. the user list. The reason is that the Admin role does not have the UserLDAPModelView permission. The command superset init which is called in the job created by the superset_db_controller initializes the roles according to the configured authentication type. If the authentication type is AUTH_LDAP then the permission UserLDAPModelView is added to the Admin role. Unfortunately the authentication type is not set in the configuration created by the superset_db_controller and it is not trivial to add it.

rust/operator-binary/src/config.rs Outdated Show resolved Hide resolved
rust/operator-binary/src/main.rs Outdated Show resolved Hide resolved
examples/superset-with-ldap.yaml Show resolved Hide resolved
examples/superset-with-ldap.yaml Outdated Show resolved Hide resolved
rust/operator-binary/src/superset_controller.rs Outdated Show resolved Hide resolved
@sbernauer sbernauer mentioned this pull request May 10, 2022
Closed
@sbernauer sbernauer force-pushed the feature/ldap-authn-2 branch from 925acb3 to 01ecf02 Compare May 10, 2022 14:21
@sbernauer sbernauer force-pushed the feature/ldap-authn-2 branch from 71e5a59 to 458b7f2 Compare May 10, 2022 15:14
@sbernauer
Copy link
Member Author

The major issue is that some views are not accessible by the administrator, e.g. the user list.

The problem should now be sorted out via 458b7f2

The problem with the first login failing is purely a bug in flask-appbuilder and should be fixed by dpgaspar/Flask-AppBuilder#1846 which is entirely a docker image thing and not part of this PR.

Could you please take another look - would be great before your holiday to get this in 😇

@sbernauer
Copy link
Member Author

@adwk67, @siegfriedweber was fine with the current implementation and requested fixing the "init container must finish before Superset starts" before merging.
Could you please took a look at the last 2 commits c60740a and 6df5300 and review them?
I tested the LDAP integration and for me everything worked fine and logs were ok

@adwk67 adwk67 self-requested a review May 12, 2022 13:29
adwk67
adwk67 approved these changes May 12, 2022
View reviewed changes
Copy link
Member

@adwk67 adwk67 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. Opened a separate issue #195 to avoid db-clashes in the tests

@sbernauer
Copy link
Member Author

Thanks all for your feedback!
Everything should work to the best of my knowledge. Together with stackabletech/docker-images#116 this seems to be a nice solution :)
The Authorization part is outstanding and will be handled via a separate PR.

@sbernauer
Copy link
Member Author

bors r+

@bors
Copy link
Contributor

bors bot commented May 13, 2022

👎 Rejected by code reviews

@soenkeliebau soenkeliebau dismissed siegfriedweber’s stale review May 13, 2022 08:04

Dismissing this due to Sigi being on vacation for 2 weeks and subsequent reviews by other people having confimed his concerns as addressed.

@sbernauer
Copy link
Member Author

bors r+

bors bot pushed a commit that referenced this pull request May 13, 2022
@sbernauer
Add support for LDAP authentication (#180)
18e3c74 
## Description

Superseding #145, completely reworked to use new configuration mechanism introduced in #173
For #5
Integration-Tests: https://github.com/stackabletech/integration-tests/pull/175
Use `./create_test_cluster.py --kind --operator superset=0.4.0-pr180` before running the tests
@bors
Copy link
Contributor

bors bot commented May 13, 2022

Pull request successfully merged into main.

Build succeeded:

@bors bors bot changed the title Add support for LDAP authentication [Merged by Bors] - Add support for LDAP authentication May 13, 2022
@bors bors bot closed this May 13, 2022
@bors bors bot deleted the feature/ldap-authn-2 branch May 13, 2022 08:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maltesander maltesander maltesander left review comments

@adwk67 adwk67 adwk67 approved these changes

@siegfriedweber siegfriedweber siegfriedweber left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sbernauer @adwk67 @maltesander @siegfriedweber