Datasource authentication updates #1289
Conversation
Signed-off-by: Saad Khan <[email protected]>
Signed-off-by: Saad Khan <[email protected]>
| ", credentials=" + credentials + | ||
| '}'; | ||
| } | ||
| } |
| @@ -38,8 +38,9 @@ | |||
| */ | |||
| public class KruizeDeploymentInfo { | |||
| private static final Logger LOGGER = LoggerFactory.getLogger(KruizeDeploymentInfo.class); | |||
| public static String database_username; | |||
| public static String database_password; | |||
| public static String database_authentication_type; | |||
There was a problem hiding this comment.
why this change required ?
this change will affect ROS
There was a problem hiding this comment.
Stashed for now. Will be updating later on for common auth feature
| @@ -75,10 +75,15 @@ data: | |||
| "adminUsername": "admin", | |||
| "hostname": "kruize-db-service", | |||
There was a problem hiding this comment.
I guess this PR is limited to datasource auth , But not for DB ?
| @@ -92,7 +97,7 @@ data: | |||
| "savetodb": "true", | |||
| "dbdriver": "jdbc:postgresql://", | |||
| "plots": "true", | |||
| "local": "false", | |||
| "local": "true", | |||
There was a problem hiding this comment.
let default value set to false , Until ROS move into thanos
| "logLevel": "INFO" | ||
| "authentication": { |
There was a problem hiding this comment.
Let make this PR limited scope .. Only datasource authentication
| ", headerName='" + headerName + '\'' + | ||
| '}'; | ||
| } | ||
| } |
| KruizeConstants.SupportedDatasources.PROMETHEUS | ||
| ) | ||
| ); | ||
| public JSONObject getJsonObjectForQuery(String url, String query, AuthenticationConfig authenticationConfig) { |
There was a problem hiding this comment.
notice that many functions are using authenticationConfig. This configuration should be set at the experiment level, similar to how experiment.setDatasource works. When retrieving the datasource using experiment.getDatasource, it should also return the associated authenticationConfig.
To achieve this, the authenticationConfig object should be linked to the datasource and accessible through it.
There was a problem hiding this comment.
Updated now.
Instead of passing authenticationObject in every function, refactored the methods to take the datasource object instead so that it will help in fetching both the datasource URL as well as authenticationConfig
| @@ -73,7 +73,7 @@ public void append(LogEvent event) { | |||
| } | |||
|
|
|||
| public static void configureLoggerForCloudWatchLog() { | |||
| if (cloudwatch_logs_access_key_id != null && !cloudwatch_logs_access_key_id.isEmpty() && cloudwatch_logs_secret_access_key != null && !cloudwatch_logs_secret_access_key.isEmpty() && cloudwatch_logs_region != null && !cloudwatch_logs_region.isEmpty()) { | |||
| if (cloudwatch_logs_authentication_credentials_access_key_id != null && !cloudwatch_logs_authentication_credentials_access_key_id.isEmpty() && cloudwatch_logs_authentication_credentials_secret_access_key != null && !cloudwatch_logs_authentication_credentials_secret_access_key.isEmpty() && cloudwatch_logs_region != null && !cloudwatch_logs_region.isEmpty()) { | |||
There was a problem hiding this comment.
lets limit this change only related to only datasource
| String queryResult = (String) ado.getValueForQuery(experimentTrial.getDatasourceInfoHashMap() | ||
| .get(containerMetric.getDatasource()) | ||
| .getUrl().toString(), updatedContainerQuery); | ||
| .getUrl().toString(), updatedContainerQuery, noAuthConfig); |
There was a problem hiding this comment.
authoconfig should get tagged to datasource obj and
datasource obj should get tagged to Experiment
so data pass using parameter should be just experiment Obj everywhere
…s passing the datasource URL and other review updates Signed-off-by: Saad Khan <[email protected]>
Signed-off-by: Saad Khan <[email protected]>
Signed-off-by: Saad Khan <[email protected]>
…onding updates Signed-off-by: Saad Khan <[email protected]>
There was a problem hiding this comment.
LGTM
Review Checklist
Common Review
- Code formatting adheres to the project’s style guide.
- No unnecessary commented-out code.
- Appropriate use of comments and documentation.
Logical Flow Review
- Code logic is clear and easy to follow.
- All branches and conditions are covered and tested.
- No redundant or duplicate code.
Demo Update
- Demonstration examples are updated to reflect changes.
- README and documentation include updated demo instructions.
- Any necessary demo files are included and tested.
Naming Conventions
- Variable and function names follow the project's naming conventions.
- File names are descriptive and adhere to naming standards.
- No ambiguous or misleading names.
Workflow
- CI/CD pipelines are updated and passing.
- Tests are included and all pass.
- The workflow for deploying or integrating changes is clear and documented.
Does It Affect ROS
- Changes are reviewed for compatibility with ROS.
- ROS-specific configurations are updated if necessary.
- Any ROS dependencies or integrations are tested and verified.
|
@khansaad - Can you resolve the conflicts. |
Done |
| @@ -134,7 +134,13 @@ data: | |||
| "provider": "prometheus", | |||
| "serviceName": "prometheus-k8s", | |||
| "namespace": "openshift-monitoring", | |||
| "url": "" | |||
| "url": "", | |||
There was a problem hiding this comment.
Please update the other openshift yaml in BYODB
Signed-off-by: Saad Khan <[email protected]>
|
@khansaad - I see a merge conflict, can you please resolve this. Thanks. |
| "serviceName": "prometheus-k8s", | ||
| "namespace": "openshift-monitoring", | ||
| "url": "", | ||
| "authentication": { |
There was a problem hiding this comment.
Ensure that this change, including the check for the authentication object, is applied only when local=true. The Kruize pods should not fail if the authentication object is absent, as sometimes datasource authentication is not required.
There was a problem hiding this comment.
The datasource object is applicable only for local monitoring. Therefore, any code changes related to it have been made specifically within the local monitoring context and do not affect the ROS case.
|
|
||
| public class AuthenticationStrategyFactory { | ||
|
|
||
| public static AuthenticationStrategy createAuthenticationStrategy(AuthenticationConfig authConfig) { |
There was a problem hiding this comment.
Also support for no auth stratgey
There was a problem hiding this comment.
Support for no auth has been added in the AuthenticationConfig class:
Description
This PR contains new feature addition of supporting different REST API authentication for Datasource, DB, cloudwatch and other services.
Fixes # (issue)
Type of change
How has this been tested?
Testing is in progress
Please describe the tests that were run to verify your changes and steps to reproduce. Please specify any test configuration required.
Test Configuration
Checklist 🎯
Additional information
Tested using this custom image:
quay.io/khansaad/autotune_operator:ds-authShows the failure when wrong token path is passed :