Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make the proxy single user #16

Closed
mikewalch opened this issue Dec 20, 2019 · 9 comments
Closed

Make the proxy single user #16

mikewalch opened this issue Dec 20, 2019 · 9 comments
Labels
blocker This issue blocks release

Comments

@mikewalch
Copy link
Member

From code review of #15, Simplify the proxy by dropping this login mechanism entirely, and make the proxy single-user (using the user specified in the proxy/client properties file).

@ctubbsii
Copy link
Member

Under this paradigm, it still would be possible to support multiple users with a single proxy. However, the way it would be done is much simpler: you simply specify which client properties file the proxy should use to create AccumuloClient objects for the requested operations.

@mikewalch
Copy link
Member Author

Under this paradigm, it still would be possible to support multiple users with a single proxy. However, the way it would be done is much simpler: you simply specify which client properties file the proxy should use to create AccumuloClient objects for the requested operations.

Does the proxy client need to be on the same server as the Proxy if this is done? There are Java bindings in case you want to limit access from the client to cluster. I am not sure if limiting access is still needed, I just wanted to bring it up.

@ctubbsii
Copy link
Member

Does the proxy client need to be on the same server as the Proxy if this is done?

No. The client just needs to send a filename for a file that exists local to the proxy server... or, it could send the raw client properties, I suppose. The main point is to standardize client initialization around the client properties, either as raw properties or as a properties file, rather than the custom "logon" session stuff that the proxy has now. Avoiding the custom stuff and using the client properties in the same (familiar) way that the Java API uses them, would be the main goal.

The simplest thing to do is just have one set of client properties in the proxy server so it has one Java AccumuloClient for the lifetime of the proxy, to handle all the real client's requests. That implies a single-user scenario, so that's why I thought of that first.

The more complicated case would be the multi-user support via multiple sets of client properties. I haven't fully through through all the possible multi-user options and their implications... but just thinking that it could still be done, if we really wanted to have that complexity.

Which direction this goes is really up to user demand and how tolerant for complexity those maintaining the proxy are. I'm fine with the single user case (because my tolerance for complexity in Accumulo is low right now)... I just want to see the custom and unfamiliar proxy-specific stuff go away in favor of the friendly and familiar client properties.

@milleruntime
Copy link
Contributor

milleruntime commented Jun 1, 2022

@ctubbsii With the update in Accumulo 2.0.1, most of the ITs are throwing security exceptions. I have been looking where the user "user" gets setup but have not found that yet. I am wondering if this ticket is more important now that the exception bug was fixed in: apache/accumulo#1828

Edit: The ITs can still pass but they are throwing security exceptions.

@ctubbsii
Copy link
Member

ctubbsii commented Jun 1, 2022

@ctubbsii With the update in Accumulo 2.0.1, most of the ITs are now failing. I have been looking where the user "user" gets setup but have not found that yet. I am wondering if this ticket is more important now that the exception bug was fixed in: apache/accumulo#1828

I'm not sure how this ticket would relate to that one. The idea here is to just create a single AccumuloClient for that specific proxy instance, built from the client properties, and remove any "login" mechanisms.

I'm not sure what's going on with the ITs. It may be entirely unrelated.

@milleruntime
Copy link
Contributor

I'm not sure what's going on with the ITs. It may be entirely unrelated.

See #31

@DomGarguilo DomGarguilo added the blocker This issue blocks release label Nov 30, 2022
@DomGarguilo
Copy link
Member

Is the suggestion here to pass the client properties when creating the Accumuloproxy.Client which will be used to create the AccumuloClient once, which will then be used for all operations without having to pass in the "login" every time we want to do an operation?

@ctubbsii
Copy link
Member

Is the suggestion here to pass the client properties when creating the Accumuloproxy.Client which will be used to create the AccumuloClient once, which will then be used for all operations without having to pass in the "login" every time we want to do an operation?

The suggestion is that starting the AccumuloProxy (via it's main method) will either automatically locate the client properties using the class path and/or environment and construct an AccumuloClient from that (just like bin/accumulo jshell does). I'm not sure what features we have right now to explicitly set the path to the client properties file... it might be a Java system property you can set with -Daccumulo.properties=/path/to/file or similar... but that should work also. The user should have to do nothing to construct the AccumuloClient object inside the proxy service. We may want to add some mechanism for the proxy client to authenticate to the proxy service, but that can be addressed later. The first pass, is just to simplify the proxy service authenticating to Accumulo.

@DomGarguilo
Copy link
Member

Addressed in #59

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocker This issue blocks release
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants