Basic Auth not working for other users

spareslant commented 1 year ago

Hi, I am running Pinot in my test environment. I am following this link to configure basic auth for a user called pinotuser : https://docs.pinot.apache.org/operators/tutorials/authentication-authorization-and-acls This user is not able to login via controller UI.

`./conf/pinot-controller.conf` file contents:

pinot.service.role=CONTROLLER
pinot.cluster.name=pinot-quickstart
pinot.zk.server=localhost:2191
pinot.set.instance.id.to.hostname=true
controller.vip.host=worker1.virtual.machine
controller.host=worker1.virtual.machine
controller.data.dir=/tmp/pinot/data/controller
controller.tls.keystore.path=/root/apache-pinot-0.12.0-bin/certs/pinot-keystore
controller.tls.keystore.password=pinot123
controller.tls.client.auth=false
controller.access.protocols=https
controller.access.protocols.https.port=10000
controller.broker.protocol=https
controller.vip.protocol=https
controller.vip.port=10000
controller.admin.access.control.principals=admin,pinotuser
controller.admin.access.control.principals.admin.password=admin123
controller.admin.access.control.principals.pinotuser.password=pinot123
controller.admin.access.control.factory.class=org.apache.pinot.controller.api.access.BasicAuthAccessControlFactory
controller.admin.access.control.principals.pinotuser.tables=transcript
controller.admin.access.control.principals.pinotuser.permissions=READ

Start zookeeper

bin/pinot-admin.sh StartZookeeper -zkPort 2191

Start Controller

bin/pinot-admin.sh StartController-configFileName ./conf/pinot-controller.conf

Expected Output

Both admin and pinotuser should be able to login. But pinotuser is not able to login. admin user works fine. However if I comment or remove last two lines in above controller configuration then pinotuser is able to login. In fact leaving any of the last two lines in config will make pinotuser fail to login

Additional Info

Pinot version: apache-pinot-0.12.0 java version:

openjdk version "11.0.3" 2019-04-16
OpenJDK Runtime Environment 18.9 (build 11.0.3+7)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.3+7, mixed mode, sharing)

INNOCENT-BOY commented 1 year ago

Hi @spareslant , you can reference this close pr https://github.com/apache/pinot/pull/10634 to allow both admin and common user to login.

navina commented 1 year ago

Both admin and pinotuser should be able to login. But pinotuser is not able to login. admin user works fine

@apucher what is the expected behavior here?

apache / pinot