Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: pass api_access_token to executor client #1473

Merged
merged 3 commits into from
Jul 8, 2024

Conversation

zhangvi7
Copy link
Contributor

@zhangvi7 zhangvi7 commented Jul 3, 2024

If we use api-access-token in request header, then pass it down to the executor client

Then in Presto client, we can use this flag to determine whether to continue using ldap auth or pass outh jwt instead.

@zhangvi7 zhangvi7 requested review from czgu, jczhong84 and kgopal492 July 3, 2024 21:05
@zhangvi7 zhangvi7 self-assigned this Jul 3, 2024
@zhangvi7
Copy link
Contributor Author

zhangvi7 commented Jul 3, 2024

  • Use execution metadata instead to hold access token
  • Manually tested with api access token
    image

@@ -19,8 +19,13 @@ class AuthenticationError(Exception):


class AuthUser(UserMixin):
def __init__(self, user: User):
def __init__(self, user: User, api_access_token=False):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

api_access_token is a boolean flag?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider renaming it to something more clear

Comment on lines 75 to 82
api_access_token = (
True if request.headers.get("api-access-token", None) else False
)
metadata = metadata or {}
metadata["api_access_token"] = api_access_token
logic.create_query_execution_metadata(
query_execution.id, metadata, session=session
)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

metadata = {}
used_api_token = request.headers.get("api-access-token", None) is not None
if used_api_token:
    metadata["used_api_token"] = used_api_token

if metadata:
   logic.create(...)

@@ -528,6 +528,16 @@ def __init__(
self._client = None
self._cursor = None

with DBSession() as session:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dbsession is not needed if you are only calling once

@@ -528,6 +528,16 @@ def __init__(
self._client = None
self._cursor = None

with DBSession() as session:
query_execution_metadata = (
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this might be None? (if metadata wasn't created)

self._query_execution_id, session=session
).execution_metadata
)
self._api_access_token = query_execution_metadata.get(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rename to used_api_token or some other boolean name

api_access_token was used as a str to represent the actual token, let's not reuse the same name for a boolean flag?

@zhangvi7 zhangvi7 merged commit 1092268 into pinterest:master Jul 8, 2024
3 checks passed
@zhangvi7 zhangvi7 deleted the access_token branch July 8, 2024 17:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants