-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization on REST API Header #30
Comments
Hi @marcjimz , thx for sharing more details. I see that it can be solved in 2 ways depending on your needs:
Please let me know if the complete example with a step-by-step instructions required. |
Hi - neither of those would work since a pod that runs inside the cluster can still access the headless service. I think I will commit the basic auth class to the project and let that read from the configs. I suspect the LDAP auth class is the similar interface it is expecting which I should be able to replicate. Will see if I can get that to work and commit back here. |
Right, good point. Nice to see people contributing this area, would be nice to follow-up on your progress. |
Hi @marcjimz , have you had a chance to implement the solution proposed above? Can you share the link to the patch sources? |
Would like to enable basic authorization that was configurable at run time. When deploying this a multi-tenant model (ie. each tenant has their own Livy orchestration), we need to secure the authentications made otherwise the Livy API is open to the entire cluster.
One way for doing this is LDAP but wonder if there is a supportable way to incorporate either JWT token or Basic Auth.
Example:
import json, pprint, requests, textwrap
host = 'http://localhost:8998'
data = {'kind': 'spark'}
headers = {'Content-Type': 'application/json'}
r = requests.post(host + '/sessions', data=json.dumps(data), headers=headers)
r.json()
{u'state': u'starting', u'id': 0, u'kind': u'spark'}
We could add Authorization to the headers and have this embedded with basic auth.
The text was updated successfully, but these errors were encountered: