Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: add static auth configuration #156

Merged
merged 1 commit into from
Aug 14, 2024
Merged

refactor: add static auth configuration #156

merged 1 commit into from
Aug 14, 2024

Conversation

zyy17
Copy link
Collaborator

@zyy17 zyy17 commented Aug 14, 2024
edited by coderabbitai bot
Loading

In the future, we plan to support GreptimeDBUser in the operator GreptimeTeam/greptimedb-operator#145. For now, we can just add the simple configuration in the chart.

Summary by CodeRabbit

  • New Features

    • Updated the Helm chart version from 0.2.6 to 0.2.7, signaling potential new features or improvements.
    • Introduced new static authentication configuration options, enhancing security management.

  • Documentation

    • Enhanced README documentation with detailed descriptions of the new authentication configuration parameters and usage guidance.

  • Improvements

    • Updated environment variable handling in the Kubernetes template to support the new authentication settings effectively.
    • Added logic for conditional creation of user credentials in Kubernetes Secret for improved security.
    • Refined volume mounts and management to adapt to different deployment scenarios based on authentication settings.

@zyy17 zyy17 requested a review from daviderli614 August 14, 2024 06:11
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Aug 14, 2024
edited
Loading

Walkthrough

The updates to the greptimedb-cluster Helm chart introduce a new configuration for static authentication, reflected in a version increment from 0.2.6 to 0.2.7. Enhancements include new authentication options, a refined environment variable setup, and improved documentation, providing users with greater flexibility and control over their GreptimeDB deployment security.

Changes

File Change Summary
charts/greptimedb-cluster/Chart.yaml Version updated from 0.2.6 to 0.2.7; appVersion remains 0.9.1.
charts/greptimedb-cluster/README.md Version updated; added new authentication options (auth, auth.enabled, auth.fileName, auth.users) with descriptions.
charts/greptimedb-cluster/templates/*.yaml Added conditional environment variable for authentication; improved formatting for environment variables and volume management.
charts/greptimedb-cluster/values.yaml New auth configuration block added with properties for enabling authentication and specifying user credentials, defaulting to false, admin, and admin.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant GreptimeDB
    participant Kubernetes

    User->>Kubernetes: Deploy GreptimeDB with Helm
    Kubernetes->>GreptimeDB: Provision resources
    alt If authentication enabled
        GreptimeDB->>User: Request username and password
        User->>GreptimeDB: Provide credentials
    end
    GreptimeDB->>User: Access granted
Loading

🐰 In the meadow, where rabbits play,
New options bloom, bright as the day.
Auth for all, now easy to find,
Secure your data, peace of mind!
With each little change, our joy's on display,
Hop, hop, hooray for the update today! 🐇✨

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Aug 14, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)
charts/greptimedb-cluster/values.yaml (1)

447-454: Documentation lacks advice on changing default credentials.

The current documentation does not provide guidance on changing the default static authentication credentials (username: admin, password: admin). It is important to include a strong recommendation in the documentation to change these defaults in production environments to enhance security.

  • Consider updating the relevant documentation files to include this advice.
Analysis chain

Ensure secure handling of default credentials.

The auth block introduces default credentials (username: admin, password: admin). While this is common for initial setup, ensure that documentation strongly advises changing these defaults in production environments to enhance security.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that documentation advises changing default credentials.

# Test: Search for mentions of changing default credentials. Expect: Documentation advises changing defaults.
rg --type md 'change.*default.*credentials'

Length of output: 45

Script:

#!/bin/bash
# Broaden the search to find any mention of credentials in markdown files.
rg --type md 'credentials'

Length of output: 646

charts/greptimedb-cluster/README.md (1)

76-79: Consider formatting the URL in the description.

The description for the auth configuration contains a bare URL. Consider using markdown formatting to improve readability.

- The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/clients/authentication#authentication).
+ The static auth for greptimedb, only support one user now ([documentation](https://docs.greptime.com/user-guide/clients/authentication#authentication)).
Tools
Markdownlint

76-76: null
Bare URL used

(MD034, no-bare-urls)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 11e1df1 and ea2ab3b.

Files selected for processing (4)
  • charts/greptimedb-cluster/Chart.yaml (1 hunks)
  • charts/greptimedb-cluster/README.md (2 hunks)
  • charts/greptimedb-cluster/templates/cluster.yaml (1 hunks)
  • charts/greptimedb-cluster/values.yaml (1 hunks)
Files skipped from review due to trivial changes (1)
  • charts/greptimedb-cluster/Chart.yaml
Additional context used
Markdownlint
charts/greptimedb-cluster/README.md

76-76: null
Bare URL used

(MD034, no-bare-urls)

Additional comments not posted (2)
charts/greptimedb-cluster/templates/cluster.yaml (1)

77-85: Verify conditional logic for authentication environment variable.

The conditional logic for setting GREPTIMEDB_FRONTEND__USER_PROVIDER is correct. Ensure that this logic is tested to confirm that the environment variable is set only when authentication is enabled.

charts/greptimedb-cluster/README.md (1)

5-5: Version update is correct.

The version number has been updated from 0.2.6 to 0.2.7. Ensure that this version aligns with the changes made in the Helm chart.

@zyy17 zyy17 force-pushed the refactor/add-auth branch from ea2ab3b to 28b5e2d Compare August 14, 2024 08:02
coderabbitai[bot]
coderabbitai bot reviewed Aug 14, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Outside diff range, codebase verification and nitpick comments (1)
charts/greptimedb-cluster/README.md (1)

76-76: Consider formatting the bare URL.

Markdownlint has flagged the use of a bare URL. Consider formatting it as a hyperlink for improved readability.

- The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/clients/authentication#authentication).
+ The static auth for greptimedb, only support one user now [here](https://docs.greptime.com/user-guide/clients/authentication#authentication).
Tools
Markdownlint

76-76: null
Bare URL used

(MD034, no-bare-urls)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between ea2ab3b and 28b5e2d.

Files selected for processing (5)
  • charts/greptimedb-cluster/Chart.yaml (1 hunks)
  • charts/greptimedb-cluster/README.md (3 hunks)
  • charts/greptimedb-cluster/templates/cluster.yaml (2 hunks)
  • charts/greptimedb-cluster/templates/users-auth-secret.yaml (1 hunks)
  • charts/greptimedb-cluster/values.yaml (2 hunks)
Files skipped from review due to trivial changes (1)
  • charts/greptimedb-cluster/Chart.yaml
Files skipped from review as they are similar to previous changes (2)
  • charts/greptimedb-cluster/templates/cluster.yaml
  • charts/greptimedb-cluster/values.yaml
Additional context used
yamllint
charts/greptimedb-cluster/templates/users-auth-secret.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

Markdownlint
charts/greptimedb-cluster/README.md

76-76: null
Bare URL used

(MD034, no-bare-urls)

Additional comments not posted (3)
charts/greptimedb-cluster/templates/users-auth-secret.yaml (1)

2-13: LGTM! Ensure proper templating and formatting.

The structure and logic of the Kubernetes Secret definition look correct. Ensure that the templating syntax is accurate and consistent with Helm practices.

charts/greptimedb-cluster/README.md (2)

5-5: Version update confirmed.

The version number has been correctly updated to 0.2.7.

76-80: Ensure clarity and completeness of new auth configuration options.

The new authentication configuration options are well-documented. Ensure that users understand how to use these options and that they align with the intended functionality of the Helm chart.

Tools
Markdownlint

76-76: null
Bare URL used

(MD034, no-bare-urls)

charts/greptimedb-cluster/templates/users-auth-secret.yaml Outdated Show resolved Hide resolved
@zyy17 zyy17 force-pushed the refactor/add-auth branch from 28b5e2d to 29baf19 Compare August 14, 2024 08:25
coderabbitai[bot]
coderabbitai bot reviewed Aug 14, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Outside diff range, codebase verification and nitpick comments (1)
charts/greptimedb-cluster/README.md (1)

76-76: Fix bare URL usage in Markdown.

To comply with Markdown best practices, avoid using bare URLs. Consider converting the URL into a hyperlink.

- The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/clients/authentication#authentication).
+ The static auth for greptimedb, only support one user now [here](https://docs.greptime.com/user-guide/clients/authentication#authentication).
Tools
Markdownlint

76-76: null
Bare URL used

(MD034, no-bare-urls)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 28b5e2d and 29baf19.

Files selected for processing (5)
  • charts/greptimedb-cluster/Chart.yaml (1 hunks)
  • charts/greptimedb-cluster/README.md (3 hunks)
  • charts/greptimedb-cluster/templates/cluster.yaml (2 hunks)
  • charts/greptimedb-cluster/templates/users-auth-secret.yaml (1 hunks)
  • charts/greptimedb-cluster/values.yaml (1 hunks)
Files skipped from review due to trivial changes (2)
  • charts/greptimedb-cluster/Chart.yaml
  • charts/greptimedb-cluster/values.yaml
Files skipped from review as they are similar to previous changes (1)
  • charts/greptimedb-cluster/templates/cluster.yaml
Additional context used
yamllint
charts/greptimedb-cluster/templates/users-auth-secret.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

Markdownlint
charts/greptimedb-cluster/README.md

76-76: null
Bare URL used

(MD034, no-bare-urls)

Additional comments not posted (1)
charts/greptimedb-cluster/README.md (1)

5-5: LGTM!

The version update, new authentication configuration options, and updated etcd endpoint are consistent with the PR objectives and enhance the documentation.

Also applies to: 76-80, 178-182

charts/greptimedb-cluster/templates/users-auth-secret.yaml Outdated Show resolved Hide resolved
@zyy17 zyy17 force-pushed the refactor/add-auth branch from 29baf19 to 877ae71 Compare August 14, 2024 09:40
@zyy17 zyy17 force-pushed the refactor/add-auth branch from 877ae71 to b20b50c Compare August 14, 2024 09:42
coderabbitai[bot]
coderabbitai bot reviewed Aug 14, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (1)
charts/greptimedb-cluster/README.md (1)

76-76: Address markdownlint hint: Bare URL used.

Consider enclosing the bare URL in angle brackets to adhere to markdownlint guidelines.

- The static auth for greptimedb, only support one user now(https://docs.greptime.com/user-guide/clients/authentication#authentication).
+ The static auth for greptimedb, only support one user now(<https://docs.greptime.com/user-guide/clients/authentication#authentication>).
Tools
Markdownlint

76-76: null
Bare URL used

(MD034, no-bare-urls)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 29baf19 and b20b50c.

Files selected for processing (5)
  • charts/greptimedb-cluster/Chart.yaml (1 hunks)
  • charts/greptimedb-cluster/README.md (2 hunks)
  • charts/greptimedb-cluster/templates/cluster.yaml (2 hunks)
  • charts/greptimedb-cluster/templates/users-auth-secret.yaml (1 hunks)
  • charts/greptimedb-cluster/values.yaml (1 hunks)
Files skipped from review due to trivial changes (1)
  • charts/greptimedb-cluster/Chart.yaml
Files skipped from review as they are similar to previous changes (1)
  • charts/greptimedb-cluster/templates/cluster.yaml
Additional context used
yamllint
charts/greptimedb-cluster/templates/users-auth-secret.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

Markdownlint
charts/greptimedb-cluster/README.md

76-76: null
Bare URL used

(MD034, no-bare-urls)

Additional comments not posted (4)
charts/greptimedb-cluster/templates/users-auth-secret.yaml (1)

1-1: YAML structure and logic verification.

The conditional statement is correctly formatted with the - at the end, which resolves the previous syntax error mentioned in past comments. The template logic for creating a Secret based on user credentials is sound.

Tools
yamllint

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/greptimedb-cluster/values.yaml (1)

447-458: Verify configuration logic and documentation alignment.

The auth configuration block is well-structured and includes sensible default values. Ensure that any documentation or user guides reflect these configuration options accurately to prevent confusion.

charts/greptimedb-cluster/README.md (2)

5-5: Update version number.

The version number has been correctly updated to 0.2.7 to reflect the changes introduced in this PR.

76-80: Ensure comprehensive documentation of new auth parameters.

The documentation for the auth configuration block is clear and provides necessary details for users to understand and utilize the new authentication features. Ensure that this aligns with any external documentation or guides.

Tools
Markdownlint

76-76: null
Bare URL used

(MD034, no-bare-urls)

daviderli614
daviderli614 approved these changes Aug 14, 2024
View reviewed changes
Copy link
Member

@daviderli614 daviderli614 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@daviderli614 daviderli614 merged commit 4a869ac into GreptimeTeam:main Aug 14, 2024
2 checks passed
@coderabbitai coderabbitai bot mentioned this pull request Oct 16, 2024
Merged
@coderabbitai coderabbitai bot mentioned this pull request Dec 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@daviderli614 daviderli614 daviderli614 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zyy17 @daviderli614