Merge pull request #30 from datainfrahq/basic-auth

add basic auth support in cp
datainfrahq · Apr 29, 2023 · 00772df · 00772df
2 parents d32c854 + eefafab
commit 00772df
Show file tree

Hide file tree

Showing 24 changed files with 832 additions and 36 deletions.
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 
 # Image URL to use all building/pushing image targets
-IMG ?= datainfrahq/pinot-control-plane:v0.0.6
+IMG ?= datainfrahq/pinot-control-plane:v0.0.7
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.26.0
 

diff --git a/api/v1beta1/pinot_types.go b/api/v1beta1/pinot_types.go
@@ -23,6 +23,8 @@ import (
 
 // PinotSpec defines the desired state of Pinot
 type PinotSpec struct {
+	// +optional
+	Auth Auth `json:"auth"`
 	// +optional
 	Plugins []string `json:"plugins"`
 	// +required
@@ -66,6 +68,19 @@ type DeepStorageConfig struct {
 	Data string `json:"data"`
 }
 
+type AuthType string
+
+const (
+	BasicAuth AuthType = "basic-auth"
+)
+
+type Auth struct {
+	// +required
+	Type AuthType `json:"type"`
+	// +required
+	SecretRef v1.SecretReference `json:"secretRef"`
+}
+
 type K8sConfig struct {
 	// +required
 	Name string `json:"name"`

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/datainfra.io_pinots.yaml b/config/crd/bases/datainfra.io_pinots.yaml
@@ -39,6 +39,28 @@ spec:
           spec:
             description: PinotSpec defines the desired state of Pinot
             properties:
+              auth:
+                properties:
+                  secretRef:
+                    description: SecretReference represents a Secret Reference. It
+                      has enough information to retrieve secret in any namespace
+                    properties:
+                      name:
+                        description: name is unique within a namespace to reference
+                          a secret resource.
+                        type: string
+                      namespace:
+                        description: namespace defines the space within which the
+                          secret name must be unique.
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  type:
+                    type: string
+                required:
+                - secretRef
+                - type
+                type: object
               deploymentOrder:
                 items:
                   type: string

diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -5,7 +5,7 @@ resources:
 - bases/datainfra.io_pinots.yaml
 - bases/datainfra.io_pinotschemas.yaml
 - bases/datainfra.io_pinottables.yaml
-- bases/datainfra.io.datainfra.io_pinottenants.yaml
+- bases/datainfra.io_pinottenants.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

diff --git a/config/crd/patches/cainjection_in_pinottenants.yaml b/config/crd/patches/cainjection_in_pinottenants.yaml
@@ -4,4 +4,4 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
-  name: pinottenants.datainfra.io.datainfra.io
+  name: pinottenants.datainfra.io
diff --git a/config/rbac/pinotschema_editor_role.yaml b/config/rbac/pinotschema_editor_role.yaml
@@ -23,6 +23,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+    - ""
+  resources:
+    - secrets
+  verbs:
+    - get
 - apiGroups:
   - datainfra.io
   resources:

diff --git a/config/rbac/pinottable_editor_role.yaml b/config/rbac/pinottable_editor_role.yaml
@@ -23,6 +23,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+    - ""
+  resources:
+    - secrets
+  verbs:
+    - get
+    - list
+    - watch
 - apiGroups:
   - datainfra.io
   resources:

diff --git a/config/rbac/pinottenant_viewer_role.yaml b/config/rbac/pinottenant_viewer_role.yaml
@@ -12,15 +12,23 @@ metadata:
   name: pinottenant-viewer-role
 rules:
 - apiGroups:
-  - datainfra.io.datainfra.io
+  - datainfra.io
   resources:
   - pinottenants
   verbs:
   - get
   - list
   - watch
 - apiGroups:
-  - datainfra.io.datainfra.io
+    - ""
+  resources:
+    - secrets
+  verbs:
+    - get
+    - list
+    - watch
+- apiGroups:
+  - datainfra.io
   resources:
   - pinottenants/status
   verbs:

diff --git a/docs/getting_started_auth.md b/docs/getting_started_auth.md
@@ -0,0 +1,54 @@
+### Getting Started With Auth Enabled Cluster
+
+- Control Plane supports basic auth only.
+
+#### Export your StorageClassName 
+```
+export STORAGE_CLASS_NAME=standard
+```
+
+#### Install Pinot Control Plane
+```
+make helm-install-pinot-control-plane
+```
+
+#### Install Zookeeper Opoerator and CR
+```
+make helm-install-zk-operator
+```
+
+### Install Pinot Cluster
+
+```
+envsubst < examples/04-pinot-auth/pinotauth-basic.yaml  | kubectl apply -f - -n pinot
+```
+
+### Create a K8 secret in the namespace where pinot cluster is deployed
+
+
+- add secrets to file, the following secrets needs to be same as mentioned
+  in pinot controller properties.
+```
+cat << EOF > pinot-control-plane-secret
+CONTROL_PLANE_USERNAME=controlplane
+CONTROL_PLANE_PASSWORD=controlplane
+EOF
+```
+
+- create secret
+
+```
+kubectl create secret generic pinot-control-plane-secret --from-env-file=pinot-control-plane-secret -n pinot
+```
+
+### create schema
+
+```
+kubectl apply -f examples/04-pinot-auth/pinotauth-schema.yaml -n pinot
+```
+
+### create table
+
+```
+kubectl apply -f examples/04-pinot-auth/pinotauth-table.yaml -n pinot
+```
diff --git a/examples/04-pinot-auth/pinotauth-basic.yaml b/examples/04-pinot-auth/pinotauth-basic.yaml
@@ -1,9 +1,15 @@
 apiVersion: datainfra.io/v1beta1
 kind: Pinot
 metadata:
-  name: pinot-basic
+  name: pinot-auth
 spec:
 
+  auth:
+    type: basic-auth
+    secretRef:
+        name: pinot-control-plane-secret
+        namespace: pinot
+
   external:
 
     zookeeper: