[KYUUBI #3222] JDBC Authentication Provider for server #3235

bowenliang123 · 2022-08-15T06:30:00Z

Why are the changes needed?

Add JDBC authentication provider as implementation of PasswdAuthenticationProvider out of box.

Compared to currently support authentication methods like Kerberos and LDAP, JDBC source is a much easy and stable source for practical deployment.

The solution should provide:

easy to use and config jdbc connection details
handy to customize query statements for authentication

Adding JDBC to AuthMethods enum and JDBCPasswdAuthenticationProvider into package org.apache.kyuubi.service.authentication with listed features:

specify JDBC driver name and load the driver class
configs of JDBC url, username and password
select query with placeholders for checking user and password , like SELECT 1 from user_pass_hash where username = ${user} and password = MD5(${password})

How was this patch tested?

Add some test cases that check the changes thoroughly including negative and positive cases if possible
Add screenshots for manual tests if appropriate
Run test locally before make a pull request

pan3793 · 2022-08-15T06:41:15Z

Can we add a derby/sqlite based ut?

bowenliang123 · 2022-08-15T07:12:49Z

Can we add a derby/sqlite based ut?

The initial idea of PR is intended to provide an basic implementation for JDBC auth out of box without depending on other packages other than driver and db itself.

pan3793 · 2022-08-15T07:16:11Z

"ut" is abbr of "unit testing", we need to add unit testing to verify the new feature works as expected and avoid breaking accidentally by future code changes.

bowenliang123 · 2022-08-15T07:19:04Z

yes, will add the test suite for it referring the LdapAuthenticationProviderImplSuite and other test cases with derby.

bowenliang123 · 2022-08-15T13:36:44Z

unit tests on derby added.

codecov-commenter · 2022-08-16T06:28:34Z

Codecov Report

Merging #3235 (17403b3) into master (1466165) will increase coverage by 0.10%.
The diff coverage is 82.52%.

@@             Coverage Diff              @@
##             master    #3235      +/-   ##
============================================
+ Coverage     50.94%   51.04%   +0.10%     
  Complexity       13       13              
============================================
  Files           469      470       +1     
  Lines         26123    26224     +101     
  Branches       3611     3626      +15     
============================================
+ Hits          13309    13387      +78     
- Misses        11546    11554       +8     
- Partials       1268     1283      +15

Impacted Files	Coverage Δ
...authentication/AuthenticationProviderFactory.scala	`70.00% <0.00%> (-3.69%)`	⬇️
...e/authentication/KyuubiAuthenticationFactory.scala	`76.81% <0.00%> (-1.13%)`	⬇️
...uthentication/JdbcAuthenticationProviderImpl.scala	`79.74% <79.74%> (ø)`
...in/scala/org/apache/kyuubi/config/KyuubiConf.scala	`97.40% <100.00%> (+0.04%)`	⬆️
...he/kyuubi/service/authentication/AuthMethods.scala	`100.00% <100.00%> (ø)`
...ache/kyuubi/service/authentication/AuthTypes.scala	`100.00% <100.00%> (ø)`
...rg/apache/kyuubi/ctl/cmd/log/LogBatchCommand.scala	`78.00% <0.00%> (-2.00%)`	⬇️
...ache/kyuubi/operation/KyuubiOperationManager.scala	`80.82% <0.00%> (-1.37%)`	⬇️
...ain/scala/org/apache/kyuubi/engine/EngineRef.scala	`74.07% <0.00%> (-0.93%)`	⬇️
...he/kyuubi/ha/client/etcd/EtcdDiscoveryClient.scala	`67.50% <0.00%> (-0.63%)`	⬇️
... and 5 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

pan3793 · 2022-08-16T06:42:18Z

Hi @bowenliang123, you can use dev/reformat to fix the code style issue quickly.

bowenliang123 · 2022-08-16T07:08:14Z

@pan3793 Thanks for the reminding. And struggling with the differences with IDEA default code format actions and project style checks. I will fix them very soon. The main part of code, test and docs should be okay.

...est/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala

...src/main/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImpl.scala

kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala

pan3793 · 2022-08-17T02:47:22Z

Thanks, merging to master

bowenliang123 · 2022-08-17T08:37:53Z

Thanks for all your patience, response and guidance. @pan3793
I will try to do it better next time with less doc/code/scala style bugs and unhelpful docs. And focus more on ideas and approaches.

Also thanks to my colleagues from Guangfa Securities for feature discussion and testing. @jeanlyn @Ero98

pan3793 · 2022-08-17T08:48:58Z

Thanks for contribution!

### _Why are the changes needed?_ This is the followup of #3235, the main change is introdude `JdbcUtils` to simplify code, and allow empty password for Jdbc auth. Jdbc connection pool has been removed because `JdbcAuthenticationProviderImpl` will be created on each connection, we can improve to use singleton in the future ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request Closes #3278 from pan3793/jdbc-followup. Closes #3222 2863cae [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala 51a9c45 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala eee3c55 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/util/JdbcUtilsSuite.scala d02bb99 [Cheng Pan] nit e001b5b [Cheng Pan] nit 8cf5cd6 [Cheng Pan] nit 032f2df [Cheng Pan] nit 8a42f18 [Cheng Pan] nit c7893fd [Cheng Pan] JdbcUtilsSuite f97f2d9 [Cheng Pan] remove pool a8812d0 [Cheng Pan] move render result set to test 83d7d4c [Cheng Pan] fix ut db787a4 [Cheng Pan] nit 864f9dd [Cheng Pan] nit b60decf [Cheng Pan] nit 8c66e0b [Cheng Pan] nit 2063c43 [Cheng Pan] [KYUUBI #3222][FOLLOWUP] Introdude JdbcUtils to simplify code Authored-by: Cheng Pan <[email protected]> Signed-off-by: Cheng Pan <[email protected]>

### _Why are the changes needed?_ This is the followup of #3235, the main change is introdude `JdbcUtils` to simplify code, and allow empty password for Jdbc auth. Jdbc connection pool has been removed because `JdbcAuthenticationProviderImpl` will be created on each connection, we can improve to use singleton in the future ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request Closes #3278 from pan3793/jdbc-followup. Closes #3222 2863cae [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala 51a9c45 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/service/authentication/JdbcAuthenticationProviderImplSuite.scala eee3c55 [Cheng Pan] Update kyuubi-common/src/test/scala/org/apache/kyuubi/util/JdbcUtilsSuite.scala d02bb99 [Cheng Pan] nit e001b5b [Cheng Pan] nit 8cf5cd6 [Cheng Pan] nit 032f2df [Cheng Pan] nit 8a42f18 [Cheng Pan] nit c7893fd [Cheng Pan] JdbcUtilsSuite f97f2d9 [Cheng Pan] remove pool a8812d0 [Cheng Pan] move render result set to test 83d7d4c [Cheng Pan] fix ut db787a4 [Cheng Pan] nit 864f9dd [Cheng Pan] nit b60decf [Cheng Pan] nit 8c66e0b [Cheng Pan] nit 2063c43 [Cheng Pan] [KYUUBI #3222][FOLLOWUP] Introdude JdbcUtils to simplify code Authored-by: Cheng Pan <[email protected]> Signed-off-by: Cheng Pan <[email protected]> (cherry picked from commit d0f75e8) Signed-off-by: Cheng Pan <[email protected]>

…C Authentication Provider ### _Why are the changes needed?_ To fix the config name and placeholder with `username` introduced in #3235 violate this convention as in JDBC driver use `user` keyword used for connection user rather than `username`, 1. change config name from `kyuubi.authentication.jdbc.username` to `kyuubi.authentication.jdbc.user` 2. change placeholder from `${username}` to `${user}` 3. update docs and config description related to above changes, and sync the update in jdbc auth docs statement details to config docs. 4. fix error in throwing AuthenticationException with auth db password. ut added for the fix. 5. other minor update in docs of custom auth ### _How was this patch tested?_ - [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request Closes #3288 from bowenliang123/jdbc-auth-config-update. Closes #3222 502703f [Bowen Liang] skip map for placeholder value lookup 3733be4 [liangbowen] nit ab00525 [liangbowen] nit 2301c4f [liangbowen] fix ut of jdbc auth with wrong_password 06f0c1b [liangbowen] remove redundant docs ec4565b [liangbowen] remove redundant docs ae1cce2 [liangbowen] fix compilation error of configLog 5d14103 [liangbowen] simplify configLog 6678e65 [liangbowen] reformat 52c1038 [liangbowen] simplify placeholder checking 21c2d5e [liangbowen] check whether placeholders in supported list before conn establishment or authenticate 7db0adf [liangbowen] ut for unknown placeholder 657de6a [liangbowen] nit 736b3f2 [liangbowen] refactoring placeholder value lookup, for preventing setString multiple times with "i+1" 86c8912 [liangbowen] setMaxRows after prepare placeholder, to postpone operation on jdbc conn 115fae5 [liangbowen] increase test code coverage b45b28c [liangbowen] resultSet returned by executeQuery is never null e1c0727 [liangbowen] update ut for redactPassword in JdbcUtils b4a52e2 [liangbowen] fix typo in docs of custom auth 371c2c6 [liangbowen] move redactPassword method to JdbcUtils and add ut. a4973c5 [liangbowen] reformat code 486e150 [liangbowen] fix error in throwing AuthenticationException with auth db password. add ut for the fix. efced90 [liangbowen] update settings.md ef97e35 [liangbowen] add SELECT prefix hint for doc of kyuubi.authentication.jdbc.query 025f94c [liangbowen] fix username to user in JdbcAuthenticationProviderImpl by 1. use config name `kyuubi.authentication.jdbc.user`, 2. use ${user} placeholder instead of ${username} Lead-authored-by: liangbowen <[email protected]> Co-authored-by: Bowen Liang <[email protected]> Signed-off-by: Cheng Pan <[email protected]>

bowenliang123 · 2022-09-07T01:12:10Z

Glad to have this feature metioned as one of highlights in v1.6.0-incubating release notes. 🎉
Also thanks to my colleague @lxbalex at Guangfa Securities for initial idea of this feature and code samples. 😄

yaooqinn · 2022-09-07T01:53:14Z

👍

implement JDBC Authentication Method

0dc75fe

github-actions bot added the module:common label Aug 15, 2022

refactor config and init process.remove unused import.

0e7f0ad

add unit test in JdbcAuthenticationProviderImplSuite

996f796

github-actions bot added the kind:build label Aug 15, 2022

bowenliang123 added 3 commits August 15, 2022 19:35

update

49c18c2

update code style

df4be56

fix derby startup error in test

7025330

add config docs in docs/deployment/settings.md

46cc1dd

github-actions bot added the kind:documentation Documentation is a feature! label Aug 15, 2022

bowenliang123 added 9 commits August 15, 2022 21:49

fix import orders

15176b2

update settings.md config doc

cd2c7c2

update settings.md config doc

1dc4187

update options usage

575301c

update format

30974d1

fix ddl statement and remove truncate statement in test

3672919

more test cases

cdec206

add more checks for query sql

653bc12

update doc

aeb19ce

bowenliang123 added 2 commits August 16, 2022 14:35

Merge branch 'master' into feature-jdbc-auth-provider

b9ffac3

add JDBC condition for getValidPasswordAuthMethod

9885f81

add JDBC value to AuthTypes enum

4ebe12e