-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth cache improvements #435
Conversation
5632003
to
292bd0f
Compare
trino/auth.py
Outdated
|
||
@staticmethod | ||
def _construct_cache_key(host: Optional[str], user: Optional[str]) -> str: | ||
return f"{host}@{user}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
usually people expect stuff to be user@host
but it doesn't matter here since it's an internal cache key (unless we log it somewhere)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
first commit is unclear to me, can you explain a bit about it?
2nd looks good.
If there is no backend available then keyring backend is being initialized as |
|
||
@staticmethod | ||
def _determine_host(url: Optional[str]) -> Any: | ||
return urlparse(url).hostname | ||
|
||
@staticmethod | ||
def _determine_user(headers: Mapping[Any, Any]) -> Optional[Any]: | ||
return headers.get(HEADER_USER) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
X-Trino-User
header is optional
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right, is there any other way to get username?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the actual user might come from user mapping then getting it from the server is probably the only option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe we can use the client provided principal/user instead of user which it gets resolved to on the server to bypass this problem entirely?
292bd0f
to
8c4c75f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please update docs to add warning what happens when you don't specify user
when connecting (token cache gets shared)
""" | ||
|
||
def __init__(self) -> None: | ||
self._cache: Dict[Optional[str], str] = {} | ||
|
||
def get_token_from_cache(self, host: Optional[str]) -> Optional[str]: | ||
return self._cache.get(host) | ||
def get_token_from_cache(self, key: Optional[str]) -> Optional[str]: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if you extract the host
-> key
rename to it's own commit functional changes will be more visible and easier to see.
8c4c75f
to
9064581
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
@lukasz-walkiewicz do you want to take a look?
We now do like JDBC driver, if username was specified we use host+user cache key otherwise we use only host as the cache key and tokens get shared (same as JDBC driver).
Description
Closes #430 and #431
Non-technical explanation
Release notes
( ) This is not user-visible or docs only and no release notes are required.
( ) Release notes are required, please propose a release note for me.
( ) Release notes are required, with the following suggested text: