techdocsmith commented on a change in pull request #11782:
URL: https://github.com/apache/druid/pull/11782#discussion_r724671144
##########
File path: docs/development/extensions-core/druid-basic-security.md
##########
@@ -145,22 +150,24 @@ druid.escalator.authorizerName=MyBasicMetadataAuthorizer
|`druid.escalator.authorizerName`|Authorizer that requests should be directed
to.|n/a|Yes|
-### Creating an Authorizer
-```
-druid.auth.authorizers=["MyBasicMetadataAuthorizer"]
-
-druid.auth.authorizer.MyBasicMetadataAuthorizer.type=basic
-```
+### Create an Authorizer
To use the Basic authorizer, add an authorizer with type `basic` to the
authorizers list.
-Configuration of the named authorizer is assigned through properties with the
form:
+Configure the named authorizer through properties of the form:
Review comment:
Same comment as line 67
##########
File path: docs/development/extensions-core/druid-basic-security.md
##########
@@ -56,28 +58,29 @@ To set the value for the configuration properties, add them
to the common runtim
|`druid.auth.basic.common.cacheDirectory`|If defined, snapshots of the basic
Authenticator and Authorizer Druid metadata store caches will be stored on disk
in this directory. If this property is defined, when a service is starting, it
will attempt to initialize its caches from these on-disk snapshots, if the
service is unable to initialize its state by communicating with the
Coordinator.|null|No|
-### Creating an Authenticator that uses the Druid metadata store to lookup and
validate credentials
-```
-druid.auth.authenticatorChain=["MyBasicMetadataAuthenticator"]
-
-druid.auth.authenticator.MyBasicMetadataAuthenticator.type=basic
-druid.auth.authenticator.MyBasicMetadataAuthenticator.initialAdminPassword=password1
-druid.auth.authenticator.MyBasicMetadataAuthenticator.initialInternalClientPassword=password2
-druid.auth.authenticator.MyBasicMetadataAuthenticator.credentialsValidator.type=metadata
-druid.auth.authenticator.MyBasicMetadataAuthenticator.skipOnFailure=false
-druid.auth.authenticator.MyBasicMetadataAuthenticator.authorizerName=MyBasicMetadataAuthorizer
-```
+### Create an Authenticator
To use the Basic authenticator, add an authenticator with type `basic` to the
authenticatorChain.
The default credentials validator (`credentialsValidator`) is `metadata`. To
use the LDAP validator, define a credentials validator with a type of 'ldap'.
-Configuration of the named authenticator is assigned through properties with
the form:
+Configure the named authenticator through properties of the form:
Review comment:
Reads awkwardly? Use the following syntax to configure a named
authenticator?
##########
File path: docs/development/extensions-core/druid-basic-security.md
##########
@@ -56,28 +58,29 @@ To set the value for the configuration properties, add them
to the common runtim
|`druid.auth.basic.common.cacheDirectory`|If defined, snapshots of the basic
Authenticator and Authorizer Druid metadata store caches will be stored on disk
in this directory. If this property is defined, when a service is starting, it
will attempt to initialize its caches from these on-disk snapshots, if the
service is unable to initialize its state by communicating with the
Coordinator.|null|No|
-### Creating an Authenticator that uses the Druid metadata store to lookup and
validate credentials
-```
-druid.auth.authenticatorChain=["MyBasicMetadataAuthenticator"]
-
-druid.auth.authenticator.MyBasicMetadataAuthenticator.type=basic
-druid.auth.authenticator.MyBasicMetadataAuthenticator.initialAdminPassword=password1
-druid.auth.authenticator.MyBasicMetadataAuthenticator.initialInternalClientPassword=password2
-druid.auth.authenticator.MyBasicMetadataAuthenticator.credentialsValidator.type=metadata
-druid.auth.authenticator.MyBasicMetadataAuthenticator.skipOnFailure=false
-druid.auth.authenticator.MyBasicMetadataAuthenticator.authorizerName=MyBasicMetadataAuthorizer
-```
+### Create an Authenticator
To use the Basic authenticator, add an authenticator with type `basic` to the
authenticatorChain.
The default credentials validator (`credentialsValidator`) is `metadata`. To
use the LDAP validator, define a credentials validator with a type of 'ldap'.
-Configuration of the named authenticator is assigned through properties with
the form:
+Configure the named authenticator through properties of the form:
```
druid.auth.authenticator.<authenticatorName>.<authenticatorProperty>
```
+Example configuration of an authenticator that uses the Druid metadata store
to look up and validate credentials:
+```
+druid.auth.authenticatorChain=["MyBasicMetadataAuthenticator"]
+
+druid.auth.authenticator.MyBasicMetadataAuthenticator.type=basic
+druid.auth.authenticator.MyBasicMetadataAuthenticator.initialAdminPassword=password1
+druid.auth.authenticator.MyBasicMetadataAuthenticator.initialInternalClientPassword=password2
Review comment:
consider adding an inline comment that these values should not be used
for production? Similar to security overview?
##########
File path: docs/development/extensions-core/druid-basic-security.md
##########
@@ -127,10 +130,12 @@ If Druid uses the default credentials validator (i.e.,
`credentialsValidator.typ
|`druid.auth.authenticator.MyBasicLDAPAuthenticator.skipOnFailure`|If true and
the request credential doesn't exists or isn't fully configured in the
credentials store, the request will proceed to next Authenticator in the
chain.|false|No|
|`druid.auth.authenticator.MyBasicLDAPAuthenticator.authorizerName`|Authorizer
that requests should be directed to.|N/A|Yes|
-### Creating an Escalator
+### Create an Escalator
+The Escalator controls what authentication scheme will be used by Druid's
internal clients when communicating with other Druid processes.
Review comment:
Consider the suggestion from line 29.
##########
File path: docs/development/extensions-core/druid-basic-security.md
##########
@@ -145,22 +150,24 @@ druid.escalator.authorizerName=MyBasicMetadataAuthorizer
|`druid.escalator.authorizerName`|Authorizer that requests should be directed
to.|n/a|Yes|
-### Creating an Authorizer
-```
-druid.auth.authorizers=["MyBasicMetadataAuthorizer"]
-
-druid.auth.authorizer.MyBasicMetadataAuthorizer.type=basic
-```
+### Create an Authorizer
To use the Basic authorizer, add an authorizer with type `basic` to the
authorizers list.
-Configuration of the named authorizer is assigned through properties with the
form:
+Configure the named authorizer through properties of the form:
```
druid.auth.authorizer.<authorizerName>.<authorizerProperty>
```
-The authorizer configuration examples in the rest of this document will use
"MyBasicMetadataAuthorizer" or "MyBasicLDAPAuthorizer" as the name of the
authenticators being configured.
+Example configuration:
+```
+druid.auth.authorizers=["MyBasicMetadataAuthorizer"]
+
+druid.auth.authorizer.MyBasicMetadataAuthorizer.type=basic
+```
+
+The authorizer configuration examples in the rest of this document will use
`MyBasicMetadataAuthorizer` or `MyBasicLDAPAuthorizer` as the name of the
authenticators being configured.
Review comment:
```suggestion
The authorizer configuration examples in the rest of this article use
`MyBasicMetadataAuthorizer` or `MyBasicLDAPAuthorizer` as the authenticator or
authorizer name in sample configurations.
```
I think we use article? maybe topic. Avoid passive if possible.
##########
File path: docs/development/extensions-core/druid-basic-security.md
##########
@@ -26,22 +26,24 @@ title: "Basic Security"
The Basic Security extension for Apache Druid adds:
- an Authenticator which supports [HTTP Basic
authentication](https://en.wikipedia.org/wiki/Basic_access_authentication)
using the Druid metadata store or LDAP as its credentials store.
+- an Escalator which defines how Druid processes authenticate with one another.
Review comment:
Consider this (revised) definition from the old auth.md topic:
> The escalator determines the authentication scheme to use for internal
Druid cluster communications. For example, when a Broker service communicates
with a Historical service during query processing.
##########
File path: docs/development/extensions-core/druid-basic-security.md
##########
@@ -145,22 +150,24 @@ druid.escalator.authorizerName=MyBasicMetadataAuthorizer
|`druid.escalator.authorizerName`|Authorizer that requests should be directed
to.|n/a|Yes|
-### Creating an Authorizer
-```
-druid.auth.authorizers=["MyBasicMetadataAuthorizer"]
-
-druid.auth.authorizer.MyBasicMetadataAuthorizer.type=basic
-```
+### Create an Authorizer
To use the Basic authorizer, add an authorizer with type `basic` to the
authorizers list.
-Configuration of the named authorizer is assigned through properties with the
form:
+Configure the named authorizer through properties of the form:
```
druid.auth.authorizer.<authorizerName>.<authorizerProperty>
```
-The authorizer configuration examples in the rest of this document will use
"MyBasicMetadataAuthorizer" or "MyBasicLDAPAuthorizer" as the name of the
authenticators being configured.
+Example configuration:
+```
+druid.auth.authorizers=["MyBasicMetadataAuthorizer"]
+
Review comment:
```suggestion
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
