From acf6eaaf1c5b9ada22a370fb392c1cee9502390a Mon Sep 17 00:00:00 2001 From: John Joyce Date: Thu, 3 Mar 2022 19:22:35 -0800 Subject: [PATCH] refactor(ui): Simplify process of adding user.props (w/ docs) (#4296) --- datahub-frontend/conf/jaas.conf | 5 +-- docker/docker-compose.yml | 2 + .../quickstart/docker-compose.quickstart.yml | 2 + docs/how/auth/add-users.md | 40 +++++++++++-------- 4 files changed, 29 insertions(+), 20 deletions(-) diff --git a/datahub-frontend/conf/jaas.conf b/datahub-frontend/conf/jaas.conf index 64b7735609..f45a8884e3 100644 --- a/datahub-frontend/conf/jaas.conf +++ b/datahub-frontend/conf/jaas.conf @@ -2,7 +2,6 @@ // org.eclipse.jetty.jaas.spi.PropertyFileLoginModule -- this module can work with a username and any password defined in the `../conf/user.props` file WHZ-Authentication { - org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient - debug="true" - file="/datahub-frontend/conf/user.props"; + org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient debug="true" file="/etc/datahub/plugins/frontend/auth/user.props"; + org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient debug="true" file="/datahub-frontend/conf/user.props"; }; diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 55abb9d788..f15a1901ad 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -116,6 +116,8 @@ services: - "9002:9002" depends_on: - datahub-gms + volumes: + - ${HOME}/.datahub/plugins:/etc/datahub/plugins datahub-actions: image: public.ecr.aws/datahub/acryl-datahub-actions:${ACTIONS_VERSION:-head} diff --git a/docker/quickstart/docker-compose.quickstart.yml b/docker/quickstart/docker-compose.quickstart.yml index 24c4f6fcb6..903662ae52 100644 --- a/docker/quickstart/docker-compose.quickstart.yml +++ b/docker/quickstart/docker-compose.quickstart.yml @@ -57,6 +57,8 @@ services: image: linkedin/datahub-frontend-react:${DATAHUB_VERSION:-head} ports: - 9002:9002 + volumes: + - ${HOME}/.datahub/plugins:/etc/datahub/plugins datahub-gms: container_name: datahub-gms depends_on: diff --git a/docs/how/auth/add-users.md b/docs/how/auth/add-users.md index b5a65c6f2e..3537773c53 100644 --- a/docs/how/auth/add-users.md +++ b/docs/how/auth/add-users.md @@ -2,38 +2,43 @@ Users can log into DataHub in 2 ways: -1. Static credentials -2. Single Sign-On via [OpenID Connect](https://www.google.com/search?q=openid+connect&oq=openid+connect&aqs=chrome.0.0i131i433i512j0i512l4j69i60l2j69i61.1468j0j7&sourceid=chrome&ie=UTF-8) +1. Static credentials (Simplest) +2. Single Sign-On via [OpenID Connect](https://www.google.com/search?q=openid+connect&oq=openid+connect&aqs=chrome.0.0i131i433i512j0i512l4j69i60l2j69i61.1468j0j7&sourceid=chrome&ie=UTF-8) (For Production Use) -Option 1 is useful for running proof-of-concept exercises, while Option 2 is highly recommended for deploying DataHub in production. +Option 1 is useful for running proof-of-concept exercises, or just getting DataHub up & running quickly. Option 2 is highly recommended for deploying DataHub in production. # Configuring static credentials -## Step 1: Define a user.props file +## Create a user.props file -To define a set of username / password combinations that should be allowed to log in to DataHub, create a new file called `user.props`. This file should contain username:password combinations, with 1 user per line. For example, to create a `user.props` file with 2 users, the root -"datahub" user and a custom user "johndoe", we would define the following file: +To define a set of username / password combinations that should be allowed to log in to DataHub, create a new file called `user.props` at the file path `${HOME}/.datahub/plugins/frontend/auth/user.props`. +This file should contain username:password combinations, with 1 user per line. For example, to create 2 new users, +with usernames "janesmith" and "johndoe", we would define the following file: ``` -# user.props -datahub:rootpassword +janesmith:janespassword johndoe:johnspassword ``` -We strongly recommend keeping a root user named `datahub` in your user.props. Otherwise, the root user will not be able to log in! +Once you've saved the file, simply start the DataHub containers & navigate to `http://localhost:9002/login` +to verify that your new credentials work. -## Step 2: Mount user.props file to Docker container +To change or remove existing login credentials, edit and save the `user.props` file. Then restart DataHub containers. -Once you've defined a `user.props` file, you'll need to mount the file into the `datahub-frontend` Docker container at the following path: +If you want to customize the location of the `user.props` file, or if you're deploying DataHub via Helm, proceed to Step 2. -``` -/datahub-frontend/conf/user.props -``` +## (Advanced) Mount custom user.props file to container + +This step is only required when mounting custom credentials into a Kubernetes pod (e.g. Helm) **or** if you want to change +the default filesystem location from which DataHub mounts a custom `user.props` file (`${HOME}/.datahub/plugins/frontend/auth/user.props)`. + +If you are deploying with `datahub docker quickstart`, or running using Docker Compose, you can most likely skip this step. ### Docker Compose -You'll need to modify the `docker-compose.yml` file to mount a container volume mapping your local user.props to the standard location inside the container. +You'll need to modify the `docker-compose.yml` file to mount a container volume mapping your custom user.props to the standard location inside the container +(`/etc/datahub/plugins/frontend/auth/user.props`). For example, to mount a user.props file that is stored on my local filesystem at `/tmp/datahub/user.props`, we'd modify the YAML for the `datahub-web-react` config to look like the following: @@ -47,7 +52,8 @@ For example, to mount a user.props file that is stored on my local filesystem at ..... # The new stuff volumes: - - :/datahub-frontend/conf/user.props + - ${HOME}/.datahub/plugins:/etc/datahub/plugins + - /tmp/datahub:/etc/datahub/plugins/frontend/auth ``` Once you've made this change, restarting DataHub enable authentication for the configured users. @@ -74,7 +80,7 @@ datahub-frontend: secretName: datahub-users-secret extraVolumeMounts: - name: datahub-users - mountPath: /datahub-frontend/conf/user.props + mountPath: /etc/datahub/plugins/frontend/auth/user.props subPath: user.props ```