Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rename "fake" tenant that is used with no auth to "anonymous", and make it configurable #1063

Merged
merged 8 commits into from
Feb 8, 2022
Merged

Rename "fake" tenant that is used with no auth to "anonymous", and make it configurable #1063

merged 8 commits into from
Feb 8, 2022

Conversation

pstibrany
Copy link
Member

@pstibrany pstibrany commented Feb 7, 2022
edited
Loading

What this PR does: This PR renames fake tenant that is used when authentication is disabled to anonymous. This is now also configurable using -auth.no-auth-tenant option.

Checklist

  • Tests updated
  • [na] Documentation added
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

@colega
Copy link
Contributor

colega commented Feb 7, 2022

Maybe we should consider making this configurable, to make migration less painful?

pracucci
pracucci reviewed Feb 7, 2022
View reviewed changes
Copy link
Collaborator

@pracucci pracucci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love the idea of renaming fake but we should make it in a backward compatible way. I disagree on renaming it straight away. Making the default tenant configurable may be an option.

@pstibrany
Copy link
Member Author

Making it configurable, and change the default sounds like the best way forward to me. WDYT?

@pracucci
Copy link
Collaborator

pracucci commented Feb 7, 2022

Making it configurable, and change the default sounds like the best way forward to me. WDYT?

Makes sense to me.

@pstibrany pstibrany changed the title Rename "fake" tenant that is used with no auth to "demo". Rename "fake" tenant that is used with no auth to "anonymous", and make it configurable Feb 7, 2022
osg-grafana
osg-grafana reviewed Feb 7, 2022
View reviewed changes
docs/sources/configuration/config-file-reference.md Outdated
@@ -65,7 +65,7 @@ where `default_value` is the value to use if the environment variable is undefin
# CLI flag: -auth.enabled
[auth_enabled: <boolean> | default = true]

# Tenant name to use when auth is disabled.
# [advanced] Tenant name to use when auth is disabled.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does "auth" mean authentication, authorization, or both?

Copy link
Member Author

@pstibrany pstibrany Feb 7, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We never quite spell it out anywhere :) I always read is as authentication (ie. "who"), because we can't disable authorization in Mimir (each tenant can only access their own data, nothing else). But perhaps my understanding is wrong.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess the query federation could be considered an authorization mechanism, no? Because it authorizes tenants to access data of other tenants... But I don't think we call it that anywhere

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess the query federation could be considered an authorization mechanism, no? Because it authorizes tenants to access data of other tenants...

Yes, I think you're right. I believe @osg-grafana's question was about "auth" in -auth.enabled and -auth.no-auth-tenant names and descriptions though.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"auth" is not a word, so I will have to think about what it means every time I see it.

osg-grafana
osg-grafana approved these changes Feb 7, 2022
View reviewed changes
Copy link
Contributor

@osg-grafana osg-grafana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving despite "auth" being ambiguous.

colega
colega approved these changes Feb 7, 2022
View reviewed changes
Copy link
Contributor

@colega colega left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. This should be mentioned in the migration efforts.

This was referenced Feb 7, 2022
Closed
Closed
pracucci
pracucci approved these changes Feb 7, 2022
View reviewed changes
Copy link
Collaborator

@pracucci pracucci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (modulo a couple of nits). There are few more tests using "fake": could you update them too, just to be consistent with new default, please?

pkg/mimir/mimir.go Outdated Show resolved Hide resolved
docs/sources/guides/authentication-and-authorisation.md Outdated Show resolved Hide resolved
pstibrany and others added 8 commits February 8, 2022 10:10
@pstibrany
Rename "fake" tenant that is used with no auth to "demo".
d3087ee 
Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany
Use anonymous as default no-auth tenant. Add option to override the d…
ac931b2 
…efault.

Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany
Update docs.
8355d43 
Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany
Fix tests.
badf4a4 
Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany @pracucci
Update pkg/mimir/mimir.go
8a388be 
Co-authored-by: Marco Pracucci <marco@pracucci.com>
@pstibrany
Review feedback.
7cd810d 
Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany
Fix doc
8d954f8
@pstibrany
Fix jsonnet test
68197af
@pstibrany pstibrany merged commit 5a06393 into main Feb 8, 2022
@pstibrany pstibrany deleted the noauth-rename branch February 8, 2022 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@replay replay replay left review comments

@osg-grafana osg-grafana osg-grafana approved these changes

@colega colega colega approved these changes

@pracucci pracucci pracucci approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pstibrany @colega @pracucci @replay @osg-grafana