Support passing groups in OAuth access token claim by lukasz-walkiewicz · Pull Request #10262 · trinodb/trino

lukasz-walkiewicz · 2021-12-10T08:51:37Z

Resolves: #10220

kokosing

Let's add a product tests that would call current_groups() To make sure it works end to end.

Looks nice!

core/trino-main/src/test/java/io/trino/server/security/TestResourceSecurity.java

core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2Authenticator.java

kokosing · 2021-12-10T10:43:22Z

core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2Authenticator.java

identity = identity.withPrincipal(new BasicPrincipal(principal));?

withPrincipal just modifies the builder and returns this, thus reassignment is unnecessary.

core/trino-main/src/test/java/io/trino/server/security/TestResourceSecurity.java

kokosing · 2021-12-10T10:45:49Z

core/trino-main/src/test/java/io/trino/server/security/TestResourceSecurity.java

Why no impersonation?

It's not important actually whether it allows impersonation or not but I think it's better to deny by default.
The important part is:

@Override public void checkCanReadSystemInformation(SystemSecurityContext context) { if (!context.getIdentity().getUser().equals(MANAGEMENT_USER)) { denyReadSystemInformationAccess(); } }

as it's being tested by assertAuthenticationAutomatic

mat3e · 2021-12-13T11:39:13Z

core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2Authenticator.java

nit: we can skip this rnn here and in other places as groups field is an empty Optional by default in the config.

mat3e · 2021-12-13T11:46:17Z

core/trino-main/src/main/java/io/trino/server/ui/OAuth2WebUiAuthenticationFilter.java

Maybe not for this PR, but would it be possible to make this filter using OAuth2Authenticator? Seems they share more logic now than previously.

I initially thought about it and I think it's generally a good idea but it would require a bit broader refactor. The important difference between OAuth2Authenticator and this filter is that protocol authenticator throws an Authentication exception (401 Unauthorized) whereas this filter redirects the browser to authentication url (303 See Other). It's doable ofc but as I said, it requires a bit of refactoring.

11xor6

LGTM, a few minor changes.

11xor6 · 2021-12-14T10:38:03Z

core/trino-main/src/main/java/io/trino/server/security/jwt/JwtAuthenticator.java

You can continue the chain and avoid the if statement here by using map.

I'm afraid it would not work. User mapping throws UserMappingException which is checked exception.

11xor6 · 2021-12-14T10:42:43Z

core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2Authenticator.java

No need for flatMap as map handles null correctly.

Optional.map(o -> Optional.of(o)) returns Optional<Optional<>>
whereas
Optional.flatMap(o -> Optional.of(o)) returns Optional<>

11xor6 · 2021-12-14T10:45:39Z

core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2Authenticator.java

withPrincipal just modifies the builder and returns this, thus reassignment is unnecessary.

11xor6 · 2021-12-14T10:49:14Z

core/trino-main/src/main/java/io/trino/server/ui/OAuth2WebUiAuthenticationFilter.java

Again map here is cleaner and clearer.

userMapping.mapUser(principalName) throws checked UserMappingException

testing/trino-product-tests/pom.xml

kokosing · 2022-01-06T20:47:41Z

core/trino-main/src/main/java/io/trino/server/security/oauth2/OAuth2Config.java

Please add changes to docs too

It's already done:

* - ``http-server.authentication.oauth2.groups-field`` - The field of the access token used for Trino groups. The corresponding claim value must be an array.

Would like to add something?

No. Thanks.

...main/java/io/trino/tests/product/launcher/env/environment/EnvSinglenodeOauth2HttpsProxy.java

kokosing · 2022-01-18T08:30:11Z

2022-01-18T00:22:24.5270305Z 2022-01-18T00:22:24.526Z	INFO	testcontainers-lifecycle-4	🐳 [postgres:14.0]	Container postgres:14.0 started in PT2.019499S
2022-01-18T00:22:24.5271614Z 2022-01-18T00:22:24.526Z	INFO	environment-listener-1	io.trino.tests.product.launcher.env.EnvironmentListener	Container started: hydra-db
2022-01-18T00:22:24.5279573Z 2022-01-18T00:22:24.527Z	INFO	environment-listener-1	io.trino.tests.product.launcher.env.StatisticsFetcher	Started listening for container hydra-db statistics stream...
2022-01-18T00:22:24.5322747Z 2022-01-18T00:22:24.529Z	INFO	testcontainers-lifecycle-5	🐳 [oryd/hydra:v1.10.6]	Creating container for image: oryd/hydra:v1.10.6
2022-01-18T00:22:24.5546992Z 2022-01-18T00:22:24.554Z	INFO	testcontainers-lifecycle-5	🐳 [oryd/hydra:v1.10.6]	Starting container with ID: 6107e37d2ef6e8eed6e56332933fe3995eee4961c4d45e340b4f025ec591afb5
2022-01-18T00:22:24.8529639Z 2022-01-18T00:22:24.851Z	INFO	testcontainers-lifecycle-5	🐳 [oryd/hydra:v1.10.6]	Container oryd/hydra:v1.10.6 is starting: 6107e37d2ef6e8eed6e56332933fe3995eee4961c4d45e340b4f025ec591afb5
2022-01-18T00:22:24.8585668Z 2022-01-18T00:22:24.858Z	INFO	environment-listener-1	io.trino.tests.product.launcher.env.EnvironmentListener	Container starting: hydra-db-migration
2022-01-18T00:22:24.8806071Z hydra-db-migration  | time=2022-01-18T00:22:24Z level=info msg=No tracer configured - skipping tracing setup audience=application service_name=ORY Hydra service_version=v1.10.6
2022-01-18T00:22:24.8938883Z hydra-db            | 2022-01-18 00:22:24.893 UTC [124] ERROR:  relation "hydra_client_migration" does not exist at character 15
2022-01-18T00:22:24.8939408Z hydra-db            | 2022-01-18 00:22:24.893 UTC [124] STATEMENT:  SELECT * FROM hydra_client_migration
2022-01-18T00:22:24.8939807Z hydra-db-migration  | The following migration is planned:
2022-01-18T00:22:24.8944550Z hydra-db-migration  | 
2022-01-18T00:22:24.8950870Z hydra-db            | 2022-01-18 00:22:24.894 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.8952264Z hydra-db            | 2022-01-18 00:22:24.894 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.8955173Z hydra-db            | 2022-01-18 00:22:24.895 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.8955760Z hydra-db            | 2022-01-18 00:22:24.895 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.8961134Z hydra-db            | 2022-01-18 00:22:24.895 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.8961720Z hydra-db            | 2022-01-18 00:22:24.895 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.8968153Z hydra-db            | 2022-01-18 00:22:24.896 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.8968749Z hydra-db            | 2022-01-18 00:22:24.896 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.8974168Z hydra-db            | 2022-01-18 00:22:24.897 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.8974758Z hydra-db            | 2022-01-18 00:22:24.897 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9090873Z hydra-db            | 2022-01-18 00:22:24.897 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9091467Z hydra-db            | 2022-01-18 00:22:24.897 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9096787Z hydra-db            | 2022-01-18 00:22:24.897 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9097375Z hydra-db            | 2022-01-18 00:22:24.897 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9097897Z hydra-db            | 2022-01-18 00:22:24.898 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9098457Z hydra-db            | 2022-01-18 00:22:24.898 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9098977Z hydra-db            | 2022-01-18 00:22:24.898 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9099538Z hydra-db            | 2022-01-18 00:22:24.898 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9100037Z hydra-db            | 2022-01-18 00:22:24.898 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9100593Z hydra-db            | 2022-01-18 00:22:24.898 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9101118Z hydra-db            | 2022-01-18 00:22:24.899 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9101670Z hydra-db            | 2022-01-18 00:22:24.899 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9102187Z hydra-db            | 2022-01-18 00:22:24.899 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9102724Z hydra-db            | 2022-01-18 00:22:24.899 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9103245Z hydra-db            | 2022-01-18 00:22:24.899 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9103803Z hydra-db            | 2022-01-18 00:22:24.899 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9104321Z hydra-db            | 2022-01-18 00:22:24.899 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9104858Z hydra-db            | 2022-01-18 00:22:24.899 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9105366Z hydra-db            | 2022-01-18 00:22:24.900 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9105924Z hydra-db            | 2022-01-18 00:22:24.900 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9106435Z hydra-db            | 2022-01-18 00:22:24.900 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9106984Z hydra-db            | 2022-01-18 00:22:24.900 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9107586Z hydra-db            | 2022-01-18 00:22:24.900 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9108138Z hydra-db            | 2022-01-18 00:22:24.900 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9108651Z hydra-db            | 2022-01-18 00:22:24.900 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9109258Z hydra-db            | 2022-01-18 00:22:24.900 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9109774Z hydra-db            | 2022-01-18 00:22:24.901 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9110302Z hydra-db            | 2022-01-18 00:22:24.901 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9110818Z hydra-db            | 2022-01-18 00:22:24.901 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9111376Z hydra-db            | 2022-01-18 00:22:24.901 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9111890Z hydra-db            | 2022-01-18 00:22:24.901 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9112419Z hydra-db            | 2022-01-18 00:22:24.901 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9112929Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9113481Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9113991Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9114541Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9115178Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9115745Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9116263Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9116816Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9117328Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9117861Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9118375Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9118921Z hydra-db            | 2022-01-18 00:22:24.902 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9119434Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9120048Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9120556Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9121108Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9121685Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9122239Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9122735Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9123288Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9123799Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9124439Z hydra-db            | 2022-01-18 00:22:24.903 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9124942Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9125489Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9126006Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9126566Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9127077Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9127609Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9128129Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9128676Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9129190Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9129719Z hydra-db            | 2022-01-18 00:22:24.904 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9130228Z hydra-db            | 2022-01-18 00:22:24.905 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9130779Z hydra-db            | 2022-01-18 00:22:24.905 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9131294Z hydra-db            | 2022-01-18 00:22:24.905 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9131841Z hydra-db            | 2022-01-18 00:22:24.905 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9132410Z hydra-db            | 2022-01-18 00:22:24.905 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9132959Z hydra-db            | 2022-01-18 00:22:24.905 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9133482Z hydra-db            | 2022-01-18 00:22:24.905 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9134089Z hydra-db            | 2022-01-18 00:22:24.905 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9134605Z hydra-db            | 2022-01-18 00:22:24.906 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9135140Z hydra-db            | 2022-01-18 00:22:24.906 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9135654Z hydra-db            | 2022-01-18 00:22:24.906 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9136205Z hydra-db            | 2022-01-18 00:22:24.906 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9136717Z hydra-db            | 2022-01-18 00:22:24.906 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9137248Z hydra-db            | 2022-01-18 00:22:24.906 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9137754Z hydra-db            | 2022-01-18 00:22:24.906 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9138308Z hydra-db            | 2022-01-18 00:22:24.906 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9138822Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9139372Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9139870Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9140422Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9140934Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9141496Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9142015Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9142548Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9143069Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] ERROR:  relation "schema_migration" does not exist at character 47
2022-01-18T00:22:24.9143625Z hydra-db            | 2022-01-18 00:22:24.907 UTC [124] STATEMENT:  SELECT EXISTS (SELECT schema_migration.* FROM schema_migration AS schema_migration WHERE version = $1)
2022-01-18T00:22:24.9298981Z hydra-db-migration  | Version                Name                                              Status    
2022-01-18T00:22:24.9299586Z hydra-db-migration  | 20190100000001000000   client                                            Pending   
2022-01-18T00:22:24.9300176Z hydra-db-migration  | 20190100000002000000   client                                            Pending   
2022-01-18T00:22:24.9300581Z hydra-db-migration  | 20190100000003000000   client                                            Pending   
2022-01-18T00:22:24.9300988Z hydra-db-migration  | 20190100000004000000   client                                            Pending   
2022-01-18T00:22:24.9301564Z hydra-db-migration  | 20190100000005000000   client                                            Pending   
2022-01-18T00:22:24.9447510Z hydra-db-migration  | 20190100000006000000   client                                            Pending   
2022-01-18T00:22:24.9449138Z hydra-db-migration  | 20190100000007000000   client                                            Pending   
2022-01-18T00:22:24.9450484Z hydra-db-migration  | 20190100000008000000   client                                            Pending   
2022-01-18T00:22:24.9451816Z hydra-db-migration  | 20190100000009000000   client                                            Pending   
2022-01-18T00:22:24.9453132Z hydra-db-migration  | 20190100000010000000   client                                            Pending   
2022-01-18T00:22:24.9454751Z hydra-db-migration  | 20190100000011000000   client                                            Pending   
2022-01-18T00:22:24.9456227Z hydra-db-migration  | 20190100000012000000   client                                            Pending   
2022-01-18T00:22:24.9456829Z hydra-db-migration  | 20190100000013000000   client                                            Pending   
2022-01-18T00:22:24.9457517Z hydra-db-migration  | 20190100000014000000   client                                            Pending   
2022-01-18T00:22:24.9460209Z hydra-db-migration  | 20190200000001000000   jwk                                               Pending   
2022-01-18T00:22:24.9461019Z hydra-db-migration  | 20190200000002000000   jwk                                               Pending   
2022-01-18T00:22:24.9461591Z hydra-db-migration  | 20190200000003000000   jwk                                               Pending   
2022-01-18T00:22:24.9462040Z hydra-db-migration  | 20190200000004000000   jwk                                               Pending   
2022-01-18T00:22:24.9462780Z hydra-db-migration  | 20190300000001000000   consent                                           Pending   
2022-01-18T00:22:24.9463689Z hydra-db-migration  | 20190300000002000000   consent                                           Pending   
2022-01-18T00:22:24.9464245Z hydra-db-migration  | 20190300000003000000   consent                                           Pending   
2022-01-18T00:22:24.9464664Z hydra-db-migration  | 20190300000004000000   consent                                           Pending   
2022-01-18T00:22:24.9465050Z hydra-db-migration  | 20190300000005000000   consent                                           Pending   
2022-01-18T00:22:24.9465445Z hydra-db-migration  | 20190300000006000000   consent                                           Pending   
2022-01-18T00:22:24.9465842Z hydra-db-migration  | 20190300000007000000   consent                                           Pending   
2022-01-18T00:22:24.9466234Z hydra-db-migration  | 20190300000008000000   consent                                           Pending   
2022-01-18T00:22:24.9466628Z hydra-db-migration  | 20190300000009000000   consent                                           Pending   
2022-01-18T00:22:24.9467009Z hydra-db-migration  | 20190300000010000000   consent                                           Pending   
2022-01-18T00:22:24.9467398Z hydra-db-migration  | 20190300000011000000   consent                                           Pending   
2022-01-18T00:22:24.9467795Z hydra-db-migration  | 20190300000012000000   consent                                           Pending   
2022-01-18T00:22:24.9468184Z hydra-db-migration  | 20190300000013000000   consent                                           Pending   
2022-01-18T00:22:24.9468787Z hydra-db-migration  | 20190300000014000000   consent                                           Pending   
2022-01-18T00:22:24.9469181Z hydra-db-migration  | 20190400000001000000   oauth2                                            Pending   
2022-01-18T00:22:24.9469571Z hydra-db-migration  | 20190400000002000000   oauth2                                            Pending   
2022-01-18T00:22:24.9469965Z hydra-db-migration  | 20190400000003000000   oauth2                                            Pending   
2022-01-18T00:22:24.9470344Z hydra-db-migration  | 20190400000004000000   oauth2                                            Pending   
2022-01-18T00:22:24.9470807Z hydra-db-migration  | 20190400000005000000   oauth2                                            Pending   
2022-01-18T00:22:24.9471314Z hydra-db-migration  | 20190400000006000000   oauth2                                            Pending   
2022-01-18T00:22:24.9471714Z hydra-db-migration  | 20190400000007000000   oauth2                                            Pending   
2022-01-18T00:22:24.9472096Z hydra-db-migration  | 20190400000008000000   oauth2                                            Pending   
2022-01-18T00:22:24.9472505Z hydra-db-migration  | 20190400000009000000   oauth2                                            Pending   
2022-01-18T00:22:24.9472973Z hydra-db-migration  | 20190400000010000000   oauth2                                            Pending   
2022-01-18T00:22:24.9473366Z hydra-db-migration  | 20190400000011000000   oauth2                                            Pending   
2022-01-18T00:22:24.9473753Z hydra-db-migration  | 20200521071434000000   consent                                           Pending   
2022-01-18T00:22:24.9474154Z hydra-db-migration  | 20200527215731000000   client                                            Pending   
2022-01-18T00:22:24.9474547Z hydra-db-migration  | 20200527215732000000   client                                            Pending   
2022-01-18T00:22:24.9474969Z hydra-db-migration  | 20200819163013000000   add_client_id_subject_idx_to_access_and_refresh   Pending   
2022-01-18T00:22:24.9475381Z hydra-db-migration  | 20200913192340000000   initial_sqlite                                    Pending   
2022-01-18T00:22:24.9475785Z hydra-db-migration  | 20201110104000000000   drop_uq_oauth2                                    Pending   
2022-01-18T00:22:24.9476188Z hydra-db-migration  | 20201116133000000000   set_null_time                                     Pending   
2022-01-18T00:22:24.9476656Z hydra-db            | 2022-01-18 00:22:24.908 UTC [124] ERROR:  relation "hydra_client_migration" does not exist at character 15
2022-01-18T00:22:24.9477102Z hydra-db            | 2022-01-18 00:22:24.908 UTC [124] STATEMENT:  SELECT * FROM hydra_client_migration
2022-01-18T00:22:24.9477560Z hydra-db            | 2022-01-18 00:22:24.909 UTC [124] ERROR:  relation "schema_migration" does not exist at character 21
2022-01-18T00:22:24.9478012Z hydra-db            | 2022-01-18 00:22:24.909 UTC [124] STATEMENT:  select version from schema_migration
2022-01-18T00:22:25.1269220Z hydra-db-migration  | Successfully applied migrations!
2022-01-18T00:22:25.1491922Z hydra-db-migration  | (exited)
2022-01-18T00:22:54.8612233Z 2022-01-18T00:22:54.859Z	ERROR	testcontainers-lifecycle-5	🐳 [oryd/hydra:v1.10.6]	Could not start container
2022-01-18T00:22:54.8612893Z org.rnorth.ducttape.TimeoutException: Timeout waiting for result with exception
2022-01-18T00:22:54.8613612Z 	at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:54)
2022-01-18T00:22:54.8668801Z 	at org.rnorth.ducttape.unreliables.Unreliables.retryUntilTrue(Unreliables.java:100)
2022-01-18T00:22:54.8669489Z 	at org.testcontainers.containers.startupcheck.StartupCheckStrategy.waitUntilStartupSuccessful(StartupCheckStrategy.java:35)
2022-01-18T00:22:54.8670121Z 	at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:460)
2022-01-18T00:22:54.8670625Z 	at org.testcontainers.containers.GenericContainer.lambda$doStart$0(GenericContainer.java:331)
2022-01-18T00:22:54.8671410Z 	at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:81)
2022-01-18T00:22:54.8671895Z 	at org.testcontainers.containers.GenericContainer.doStart(GenericContainer.java:329)
2022-01-18T00:22:54.8672369Z 	at org.testcontainers.containers.GenericContainer.start(GenericContainer.java:317)
2022-01-18T00:22:54.8672825Z 	at java.base/java.util.concurrent.CompletableFuture$UniRun.tryFire(CompletableFuture.java:783)
2022-01-18T00:22:54.8673247Z 	at java.base/java.util.concurrent.CompletableFuture$Completion.run(CompletableFuture.java:478)
2022-01-18T00:22:54.8673824Z 	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
2022-01-18T00:22:54.8674283Z 	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
2022-01-18T00:22:54.8674637Z 	at java.base/java.lang.Thread.run(Thread.java:829)
2022-01-18T00:22:54.8675091Z Caused by: com.github.dockerjava.api.exception.NotFoundException: Status 404: {"message":"No such container: 6107e37d2ef6e8eed6e56332933fe3995eee4961c4d45e340b4f025ec591afb5"}
2022-01-18T00:22:54.8675433Z 
2022-01-18T00:22:54.8675885Z 	at org.testcontainers.shaded.com.github.dockerjava.core.DefaultInvocationBuilder.execute(DefaultInvocationBuilder.java:241)
2022-01-18T00:22:54.8676601Z 	at org.testcontainers.shaded.com.github.dockerjava.core.DefaultInvocationBuilder.get(DefaultInvocationBuilder.java:202)
2022-01-18T00:22:54.8677287Z 	at org.testcontainers.shaded.com.github.dockerjava.core.DefaultInvocationBuilder.get(DefaultInvocationBuilder.java:74)
2022-01-18T00:22:54.8678016Z 	at org.testcontainers.shaded.com.github.dockerjava.core.exec.InspectContainerCmdExec.execute(InspectContainerCmdExec.java:31)
2022-01-18T00:22:54.8678763Z 	at org.testcontainers.shaded.com.github.dockerjava.core.exec.InspectContainerCmdExec.execute(InspectContainerCmdExec.java:13)
2022-01-18T00:22:54.8679495Z 	at org.testcontainers.shaded.com.github.dockerjava.core.exec.AbstrSyncDockerCmdExec.exec(AbstrSyncDockerCmdExec.java:21)
2022-01-18T00:22:54.8680161Z 	at org.testcontainers.shaded.com.github.dockerjava.core.command.AbstrDockerCmd.exec(AbstrDockerCmd.java:35)
2022-01-18T00:22:54.8680859Z 	at org.testcontainers.shaded.com.github.dockerjava.core.command.InspectContainerCmdImpl.exec(InspectContainerCmdImpl.java:52)
2022-01-18T00:22:54.8681578Z 	at org.testcontainers.containers.startupcheck.StartupCheckStrategy.getCurrentState(StartupCheckStrategy.java:54)
2022-01-18T00:22:54.8682325Z 	at org.testcontainers.containers.startupcheck.IsRunningStartupCheckStrategy.checkStartupState(IsRunningStartupCheckStrategy.java:15)
2022-01-18T00:22:54.8683032Z 	at org.testcontainers.containers.startupcheck.StartupCheckStrategy.lambda$null$0(StartupCheckStrategy.java:38)
2022-01-18T00:22:54.8683545Z 	at org.rnorth.ducttape.ratelimits.RateLimiter.getWhenReady(RateLimiter.java:51)
2022-01-18T00:22:54.8684263Z 	at org.testcontainers.containers.startupcheck.StartupCheckStrategy.lambda$waitUntilStartupSuccessful$1(StartupCheckStrategy.java:37)
2022-01-18T00:22:54.8684852Z 	at org.rnorth.ducttape.unreliables.Unreliables.lambda$retryUntilTrue$1(Unreliables.java:101)
2022-01-18T00:22:54.8685315Z 	at org.rnorth.ducttape.unreliables.Unreliables.lambda$retryUntilSuccess$0(Unreliables.java:43)
2022-01-18T00:22:54.8685718Z 	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
2022-01-18T00:22:54.8685984Z 	... 3 more
2022-01-18T00:22:54.8686090Z 
2022-01-18T00:22:54.8686184Z

Is this related?

...duct-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/EnvironmentModule.java

lukasz-walkiewicz · 2022-01-18T20:28:22Z

I don't why this happend tbh. The container simply didn't start. Let's give it another try.

kokosing · 2022-01-18T20:30:58Z

I don't why this happend tbh. The container simply didn't start. Let's give it another try.

This is not an option. It seems that the environment is flaky. Please stress it out instead to see how frequent it is. Also IIRC we do retry setup of each environment which may suggest that this env failed couple times in row. I am not sure if retry happened here.

lukasz-walkiewicz · 2022-01-19T07:55:29Z

Fair point. I'll stress test it.

kokosing · 2022-01-19T13:07:41Z

Fair point. I'll stress test it.

Also you can stress test the master to see if it is something or pre-existing issue.

lukasz-walkiewicz · 2022-01-19T13:17:34Z

I was able to reproduce it locally and it looks like the problem is that hydra-migration, container which migrates the database and immidately exits (which is ok and expected), is doing that too fast and startup gets lost and checks for the status of the container which no longer exists. I'll take a closer look at why this happens.

kokosing · 2022-01-19T13:25:59Z

I was able to reproduce it locally

👍 Thank you!

lukasz-walkiewicz · 2022-01-23T12:09:24Z

I've fixed problems with the startup check. Stress tested in: https://github.com/trinodb/trino/actions/runs/1735765630

Temporal containers can finish faster than the startup probe can check. The check interval comes from the docker client with rate limiting which queries the docker service at most once per second. This can create a race condition if the container can complete it's job in less or around 1 second.

Instead of using selenium driver to log in and accept the consent request use a simple python implementation which accepts all requests thus eliminating the need of web driver entirely. Fixes trinodb#6991

cla-bot bot added the cla-signed label Dec 10, 2021

lukasz-walkiewicz requested review from 11xor6, dain and kokosing December 10, 2021 08:52

kokosing reviewed Dec 10, 2021

View reviewed changes

mat3e approved these changes Dec 13, 2021

View reviewed changes

11xor6 approved these changes Dec 14, 2021

View reviewed changes

lukasz-walkiewicz force-pushed the oauth-groups-claim branch from 4b3bfdb to 13d4aea Compare December 23, 2021 11:48

kokosing approved these changes Jan 6, 2022

View reviewed changes

kokosing reviewed Jan 7, 2022

View reviewed changes

...main/java/io/trino/tests/product/launcher/env/environment/EnvSinglenodeOauth2HttpsProxy.java Outdated Show resolved Hide resolved

kokosing mentioned this pull request Jan 10, 2022

Flaky TestExternalAuthorizerOAuth2 #9423

Closed

lukasz-walkiewicz force-pushed the oauth-groups-claim branch from 13d4aea to dabb828 Compare January 17, 2022 19:06

github-actions bot added docs tests:hive labels Jan 17, 2022

lukasz-walkiewicz force-pushed the oauth-groups-claim branch from dabb828 to 338f27a Compare January 17, 2022 22:21

kokosing reviewed Jan 18, 2022

View reviewed changes

...duct-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/EnvironmentModule.java Outdated Show resolved Hide resolved

lukasz-walkiewicz force-pushed the oauth-groups-claim branch from 338f27a to f9e5058 Compare January 18, 2022 20:27

lukasz-walkiewicz force-pushed the oauth-groups-claim branch 3 times, most recently from 26c8c76 to a79ca06 Compare January 23, 2022 12:07

lukasz-walkiewicz added 2 commits January 24, 2022 12:48

Extract identity building to bearer authenticators

6a9256b

Assert additional fields from identity

576f658

lukasz-walkiewicz added 9 commits January 24, 2022 12:48

Move TestResource

27117b2

Extract token server from OAuth2 test

1287cba

Return groups in indentity response

6632601

Do not return groups=[username] from group provider

b0c9db1

Add WebUI identity endpoint to TestResource

c1b94b5

Use one shot startup strategy for hydra migrations

791afaa

Use login & consent server accepting all requests

0e004f5

Instead of using selenium driver to log in and accept the consent request use a simple python implementation which accepts all requests thus eliminating the need of web driver entirely. Fixes trinodb#6991

Support passing groups in OAuth access token claim

d842185

lukasz-walkiewicz force-pushed the oauth-groups-claim branch from a79ca06 to d842185 Compare January 24, 2022 11:48

kokosing merged commit 8b8b0be into trinodb:master Jan 24, 2022

lukasz-walkiewicz deleted the oauth-groups-claim branch January 24, 2022 20:19

mosabua mentioned this pull request Jan 24, 2022

Add Trino 369 release notes #10553

Merged

github-actions bot added this to the 369 milestone Jan 24, 2022

Conversation

lukasz-walkiewicz commented Dec 10, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

kokosing left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

11xor6 left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

lukasz-walkiewicz Dec 23, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

kokosing commented Jan 18, 2022

Uh oh!

Uh oh!

lukasz-walkiewicz commented Jan 18, 2022

Uh oh!

kokosing commented Jan 18, 2022

Uh oh!

lukasz-walkiewicz commented Jan 19, 2022

Uh oh!

kokosing commented Jan 19, 2022

Uh oh!

lukasz-walkiewicz commented Jan 19, 2022

Uh oh!

kokosing commented Jan 19, 2022

Uh oh!

lukasz-walkiewicz commented Jan 23, 2022

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants

lukasz-walkiewicz commented Dec 10, 2021 •

edited

Loading

lukasz-walkiewicz Dec 23, 2021 •

edited

Loading