Skip to content

Use SecretsResolver from Airlift #22633

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Praveen2112 merged 1 commit into from
Aug 8, 2024
Merged

Use SecretsResolver from Airlift #22633

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion core/trino-main/src/main/java/io/trino/connector/CatalogStoreManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.trino.spi.catalog.CatalogName;
import io.trino.spi.catalog.CatalogProperties;
Expand Down Expand Up @@ -46,6 +48,13 @@ public class CatalogStoreManager
private static final String CATALOG_STORE_PROPERTY_NAME = "catalog-store.name";
private final Map<String, CatalogStoreFactory> catalogStoreFactories = new ConcurrentHashMap<>();
private final AtomicReference<Optional<CatalogStore>> configuredCatalogStore = new AtomicReference<>(Optional.empty());
private final SecretsResolver secretsResolver;

@Inject
public CatalogStoreManager(SecretsResolver secretsResolver)
{
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
}

public void addCatalogStoreFactory(CatalogStoreFactory catalogStoreFactory)
{
Expand Down Expand Up @@ -91,7 +100,7 @@ protected void setConfiguredCatalogStore(String name, Map<String, String> proper

CatalogStore catalogStore;
try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
catalogStore = factory.create(ImmutableMap.copyOf(properties));
catalogStore = factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties)));
}

setConfiguredCatalogStore(catalogStore);
Expand Down
8 changes: 6 additions & 2 deletions core/trino-main/src/main/java/io/trino/connector/DefaultCatalogFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@

import com.google.errorprone.annotations.ThreadSafe;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.node.NodeInfo;
import io.opentelemetry.api.OpenTelemetry;
import io.opentelemetry.api.trace.Tracer;
Expand Down Expand Up @@ -73,6 +74,7 @@ public class DefaultCatalogFactory

private final ConcurrentMap<ConnectorName, ConnectorFactory> connectorFactories = new ConcurrentHashMap<>();
private final LocalMemoryManager localMemoryManager;
private final SecretsResolver secretsResolver;

@Inject
public DefaultCatalogFactory(
Expand All @@ -88,7 +90,8 @@ public DefaultCatalogFactory(
TypeManager typeManager,
NodeSchedulerConfig nodeSchedulerConfig,
OptimizerConfig optimizerConfig,
LocalMemoryManager localMemoryManager)
LocalMemoryManager localMemoryManager,
SecretsResolver secretsResolver)
{
this.metadata = requireNonNull(metadata, "metadata is null");
this.accessControl = requireNonNull(accessControl, "accessControl is null");
Expand All @@ -103,6 +106,7 @@ public DefaultCatalogFactory(
this.schedulerIncludeCoordinator = nodeSchedulerConfig.isIncludeCoordinator();
this.maxPrefetchedInformationSchemaPrefixes = optimizerConfig.getMaxPrefetchedInformationSchemaPrefixes();
this.localMemoryManager = requireNonNull(localMemoryManager, "localMemoryManager is null");
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
}

@Override
Expand All @@ -125,7 +129,7 @@ public CatalogConnector createCatalog(CatalogProperties catalogProperties)
catalogProperties.catalogHandle().getCatalogName().toString(),
catalogProperties.catalogHandle(),
connectorFactory,
catalogProperties.properties());
secretsResolver.getResolvedConfiguration(catalogProperties.properties()));

return createCatalog(
catalogProperties.catalogHandle(),
Expand Down
7 changes: 5 additions & 2 deletions core/trino-main/src/main/java/io/trino/eventlistener/EventListenerManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.airlift.stats.CounterStat;
import io.airlift.stats.TimeStat;
Expand Down Expand Up @@ -68,12 +69,14 @@ public class EventListenerManager
private final TimeStat queryCreatedTime = new TimeStat(MILLISECONDS);
private final TimeStat queryCompletedTime = new TimeStat(MILLISECONDS);
private final TimeStat splitCompletedTime = new TimeStat(MILLISECONDS);
private final SecretsResolver secretsResolver;

@Inject
public EventListenerManager(EventListenerConfig config)
public EventListenerManager(EventListenerConfig config, SecretsResolver secretsResolver)
{
this.configFiles = ImmutableList.copyOf(config.getEventListenerFiles());
this.maxConcurrentQueryCompletedEvents = config.getMaxConcurrentQueryCompletedEvents();
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
}

public void addEventListenerFactory(EventListenerFactory eventListenerFactory)
Expand Down Expand Up @@ -130,7 +133,7 @@ private EventListener createEventListener(File configFile)

EventListener eventListener;
try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
eventListener = factory.create(properties);
eventListener = factory.create(secretsResolver.getResolvedConfiguration(properties));
}

log.info("-- Loaded event listener %s --", configFile);
Expand Down
8 changes: 6 additions & 2 deletions core/trino-main/src/main/java/io/trino/exchange/ExchangeManagerRegistry.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
package io.trino.exchange;

import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.opentelemetry.api.OpenTelemetry;
import io.opentelemetry.api.trace.Tracer;
Expand Down Expand Up @@ -50,14 +51,17 @@ public class ExchangeManagerRegistry
private final Map<String, ExchangeManagerFactory> exchangeManagerFactories = new ConcurrentHashMap<>();

private volatile ExchangeManager exchangeManager;
private final SecretsResolver secretsResolver;

@Inject
public ExchangeManagerRegistry(
OpenTelemetry openTelemetry,
Tracer tracer)
Tracer tracer,
SecretsResolver secretsResolver)
{
this.openTelemetry = requireNonNull(openTelemetry, "openTelemetry is null");
this.tracer = requireNonNull(tracer, "tracer is null");
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
}

public void addExchangeManagerFactory(ExchangeManagerFactory factory)
Expand Down Expand Up @@ -92,7 +96,7 @@ public synchronized void loadExchangeManager(String name, Map<String, String> pr

ExchangeManager exchangeManager;
try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
exchangeManager = factory.create(properties, new ExchangeManagerContextInstance(openTelemetry, tracer));
exchangeManager = factory.create(secretsResolver.getResolvedConfiguration(properties), new ExchangeManagerContextInstance(openTelemetry, tracer));
}

log.info("-- Loaded exchange manager %s --", name);
Expand Down
12 changes: 10 additions & 2 deletions ...no-main/src/main/java/io/trino/execution/resourcegroups/InternalResourceGroupManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import com.google.common.collect.ImmutableMap;
import com.google.errorprone.annotations.ThreadSafe;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.airlift.node.NodeInfo;
import io.trino.execution.ManagedQueryExecution;
Expand Down Expand Up @@ -80,14 +81,21 @@ public final class InternalResourceGroupManager<C>
private final AtomicBoolean started = new AtomicBoolean();
private final AtomicLong lastCpuQuotaGenerationNanos = new AtomicLong(System.nanoTime());
private final Map<String, ResourceGroupConfigurationManagerFactory> configurationManagerFactories = new ConcurrentHashMap<>();
private final SecretsResolver secretsResolver;

@Inject
public InternalResourceGroupManager(LegacyResourceGroupConfigurationManager legacyManager, ClusterMemoryManager memoryPoolManager, NodeInfo nodeInfo, MBeanExporter exporter)
public InternalResourceGroupManager(
LegacyResourceGroupConfigurationManager legacyManager,
ClusterMemoryManager memoryPoolManager,
NodeInfo nodeInfo,
MBeanExporter exporter,
SecretsResolver secretsResolver)
{
this.exporter = requireNonNull(exporter, "exporter is null");
this.configurationManagerContext = new ResourceGroupConfigurationManagerContextInstance(memoryPoolManager::addChangeListener, nodeInfo.getEnvironment());
this.legacyManager = requireNonNull(legacyManager, "legacyManager is null");
this.configurationManager = new AtomicReference<>(cast(legacyManager));
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
}

@Override
Expand Down Expand Up @@ -159,7 +167,7 @@ public void setConfigurationManager(String name, Map<String, String> properties)

ResourceGroupConfigurationManager<C> configurationManager;
try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
configurationManager = cast(factory.create(ImmutableMap.copyOf(properties), configurationManagerContext));
configurationManager = cast(factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties)), configurationManagerContext));
}

checkState(this.configurationManager.compareAndSet(cast(legacyManager), configurationManager), "configurationManager already set");
Expand Down
6 changes: 5 additions & 1 deletion core/trino-main/src/main/java/io/trino/security/AccessControlManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.airlift.stats.CounterStat;
import io.opentelemetry.api.OpenTelemetry;
Expand Down Expand Up @@ -114,6 +115,7 @@ public class AccessControlManager

private final CounterStat authorizationSuccess = new CounterStat();
private final CounterStat authorizationFail = new CounterStat();
private final SecretsResolver secretsResolver;

@Inject
public AccessControlManager(
Expand All @@ -122,13 +124,15 @@ public AccessControlManager(
EventListenerManager eventListenerManager,
AccessControlConfig config,
OpenTelemetry openTelemetry,
SecretsResolver secretsResolver,
@DefaultSystemAccessControlName String defaultAccessControlName)
{
this.nodeVersion = requireNonNull(nodeVersion, "nodeVersion is null");
this.transactionManager = requireNonNull(transactionManager, "transactionManager is null");
this.eventListenerManager = requireNonNull(eventListenerManager, "eventListenerManager is null");
this.configFiles = ImmutableList.copyOf(config.getAccessControlFiles());
this.openTelemetry = requireNonNull(openTelemetry, "openTelemetry is null");
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
this.defaultAccessControlName = requireNonNull(defaultAccessControlName, "defaultAccessControl is null");
addSystemAccessControlFactory(new DefaultSystemAccessControl.Factory());
addSystemAccessControlFactory(new AllowAllSystemAccessControl.Factory());
Expand Down Expand Up @@ -232,7 +236,7 @@ public void loadSystemAccessControl(String name, Map<String, String> properties)

SystemAccessControl systemAccessControl;
try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
systemAccessControl = factory.create(ImmutableMap.copyOf(properties), createContext(name));
systemAccessControl = factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties)), createContext(name));
}

systemAccessControl.getEventListeners()
Expand Down
11 changes: 10 additions & 1 deletion core/trino-main/src/main/java/io/trino/security/GroupProviderManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.trino.spi.classloader.ThreadContextClassLoader;
import io.trino.spi.security.GroupProvider;
Expand Down Expand Up @@ -45,6 +47,13 @@ public class GroupProviderManager
private static final String GROUP_PROVIDER_PROPERTY_NAME = "group-provider.name";
private final Map<String, GroupProviderFactory> groupProviderFactories = new ConcurrentHashMap<>();
private final AtomicReference<Optional<GroupProvider>> configuredGroupProvider = new AtomicReference<>(Optional.empty());
private final SecretsResolver secretsResolver;

@Inject
public GroupProviderManager(SecretsResolver secretsResolver)
{
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
}

public void addGroupProviderFactory(GroupProviderFactory groupProviderFactory)
{
Expand Down Expand Up @@ -90,7 +99,7 @@ protected void setConfiguredGroupProvider(String name, Map<String, String> prope

GroupProvider groupProvider;
try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
groupProvider = factory.create(ImmutableMap.copyOf(properties));
groupProvider = factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties)));
}

setConfiguredGroupProvider(groupProvider);
Expand Down
3 changes: 2 additions & 1 deletion core/trino-main/src/main/java/io/trino/server/Server.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,8 @@ private void doStart(String trinoVersion)

modules.addAll(getAdditionalModules());

Bootstrap app = new Bootstrap(modules.build());
Bootstrap app = new Bootstrap(modules.build())
.loadSecretsPlugins();

try {
Injector injector = app.initialize();
Expand Down
7 changes: 5 additions & 2 deletions core/trino-main/src/main/java/io/trino/server/SessionPropertyDefaults.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@

import com.google.common.annotations.VisibleForTesting;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.airlift.node.NodeInfo;
import io.trino.Session;
Expand Down Expand Up @@ -52,12 +53,14 @@ public class SessionPropertyDefaults
private final AtomicReference<SessionPropertyConfigurationManager> delegate = new AtomicReference<>();

private final AccessControl accessControl;
private final SecretsResolver secretsResolver;

@Inject
public SessionPropertyDefaults(NodeInfo nodeInfo, AccessControl accessControl)
public SessionPropertyDefaults(NodeInfo nodeInfo, AccessControl accessControl, SecretsResolver secretsResolver)
{
this.configurationManagerContext = new SessionPropertyConfigurationManagerContextInstance(nodeInfo.getEnvironment());
this.accessControl = requireNonNull(accessControl, "accessControl is null");
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
}

public void addConfigurationManagerFactory(SessionPropertyConfigurationManagerFactory sessionConfigFactory)
Expand Down Expand Up @@ -97,7 +100,7 @@ public void setConfigurationManager(String name, Map<String, String> properties)

SessionPropertyConfigurationManager manager;
try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
manager = factory.create(properties, configurationManagerContext);
manager = factory.create(secretsResolver.getResolvedConfiguration(properties), configurationManagerContext);
}

checkState(delegate.compareAndSet(null, manager), "sessionPropertyConfigurationManager is already set");
Expand Down
11 changes: 10 additions & 1 deletion core/trino-main/src/main/java/io/trino/server/security/CertificateAuthenticatorManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
package io.trino.server.security;

import com.google.common.collect.ImmutableMap;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.trino.spi.classloader.ThreadContextClassLoader;
import io.trino.spi.security.CertificateAuthenticator;
Expand Down Expand Up @@ -42,6 +44,13 @@ public class CertificateAuthenticatorManager
private final AtomicBoolean required = new AtomicBoolean();
private final Map<String, CertificateAuthenticatorFactory> factories = new ConcurrentHashMap<>();
private final AtomicReference<CertificateAuthenticator> authenticator = new AtomicReference<>();
private final SecretsResolver secretsResolver;

@Inject
public CertificateAuthenticatorManager(SecretsResolver secretsResolver)
{
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
}

public void setRequired()
{
Expand Down Expand Up @@ -79,7 +88,7 @@ public void loadCertificateAuthenticator()

CertificateAuthenticator authenticator;
try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
authenticator = factory.create(ImmutableMap.copyOf(properties));
authenticator = factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties)));
}

this.authenticator.set(requireNonNull(authenticator, "authenticator is null"));
Expand Down
8 changes: 6 additions & 2 deletions core/trino-main/src/main/java/io/trino/server/security/HeaderAuthenticatorManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.trino.spi.classloader.ThreadContextClassLoader;
import io.trino.spi.security.HeaderAuthenticator;
Expand All @@ -35,6 +36,7 @@
import static com.google.common.base.Preconditions.checkState;
import static com.google.common.base.Strings.isNullOrEmpty;
import static io.airlift.configuration.ConfigurationLoader.loadPropertiesFrom;
import static java.util.Objects.requireNonNull;

public class HeaderAuthenticatorManager
{
Expand All @@ -45,12 +47,14 @@ public class HeaderAuthenticatorManager
private final AtomicBoolean required = new AtomicBoolean();
private final Map<String, HeaderAuthenticatorFactory> factories = new ConcurrentHashMap<>();
private final AtomicReference<List<HeaderAuthenticator>> authenticators = new AtomicReference<>();
private final SecretsResolver secretsResolver;

@Inject
public HeaderAuthenticatorManager(HeaderAuthenticatorConfig config)
public HeaderAuthenticatorManager(HeaderAuthenticatorConfig config, SecretsResolver secretsResolver)
{
this.configFiles = ImmutableList.copyOf(config.getHeaderAuthenticatorFiles());
checkArgument(!configFiles.isEmpty(), "header authenticator files list is empty");
this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
}

public List<HeaderAuthenticator> getAuthenticators()
Expand Down Expand Up @@ -83,7 +87,7 @@ private HeaderAuthenticator loadAuthenticator(File configFile)
{
Map<String, String> properties;
try {
properties = new HashMap<>(loadPropertiesFrom(configFile.getPath()));
properties = new HashMap<>(secretsResolver.getResolvedConfiguration(loadPropertiesFrom(configFile.getPath())));
}
catch (IOException e) {
throw new UncheckedIOException(e);
Expand Down
Loading