erikerlandson
commented
2 years ago cc @MichaelTiemannOSC @caldeirav
Open erikerlandson opened 2 years ago
erikerlandson
commented
2 years ago cc @MichaelTiemannOSC @caldeirav
kokosing
commented
2 years ago I think you can implement something similar to https://github.com/nineinchnick/trino-rest where you call Github REST api to learn about user groups.
Ideally, this could be unioned with a file-based GroupProvider, so a trino user name would be assigned the union of groups derived from github team memberships, and any groups defined in the file group-provider.
That is something separate. It is basically about having multiple group providers in Trino. Can you please create for that separate issue? How do you imagine it to work? Is group A from one provider equivalent to group A from other group provider?
erikerlandson
commented
2 years ago @kokosing thanks! Will look into writing a plugin, maybe using this as an example of how to structure it, replacing ldap logic with github rest api logic:
erikerlandson
commented
2 years ago @kokosing I have written a draft of a github plugin. It is not yet tested in situ with a trino deployment, but the individual pieces appear to work. Here is the core getGroups biz logic:
https://github.com/os-climate/trino-github-group-provider/blob/main/plugin/src/main/java/org/osclimate/trino/groupprovider/github/GitHubGroupProvider.java#L46
We have a use case where our goal is to drive platform identities uniformly from github account user-names, and github team memberships. Currently we are manually creating trino user groups that correspond to github teams. In a perfect world, it would be very nice if there were a way for trino to look up a user's name in github, and identify teams from some particular github org (or multiple orgs?) and automatically generate a list of trino user-groups that correspond to that github user's team memberships.
Ideally, this could be unioned with a file-based GroupProvider, so a trino user name would be assigned the union of groups derived from github team memberships, and any groups defined in the file group-provider.