Support for per-share bearer token configs #162
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- changes the `authorization.bearerToken` property to `authorization.universalBearerToken`, and adds an `authorization.shares` array to configure additional tokens unique to a share - adds an AuthManager trait and two implementations (BearerTokenAuth and NoAuth) to handle authorization - expands unit tests to cover per-share authorization cases Signed-off-by: Gabe Cicione <[email protected]>
|
An alternative approach on this is to introduce |
|
@zhuansunxt yup, that approach would work for our use case and sounds like it more closely mirrors the Databricks strategy. Is that approach in development elsewhere or a change you'd like to see on this PR? |
|
@atgabe It would be great to submit an issue and use it to describe the general approach (like an RFC) so we can agree on design decisions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
At the moment authorization is everything or nothing, with a single bearer token providing access to the entire server. This PR expands authorization to support per-share bearer token configs.
authorization.bearerTokenproperty toauthorization.universalBearerToken, and adds anauthorization.sharesarray to configure additional tokens unique to a shareThere are certainly other approaches to this feature, so let me know if an alternative approach is deemed preferable.