-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #258 from bento-platform/feat/v17/katsu-auth-v2
feat!: authorized Katsu endpoints + slightly auth-aware Beacon
- Loading branch information
Showing
16 changed files
with
199 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,91 @@ | ||
# Migrating to Bento v17 | ||
|
||
Key points: | ||
* Bento now has observability tools to help monitor the services (Grafana) | ||
<!-- TODO: add migration guide for Grafana, with examples of user role attribution --> | ||
|
||
* Bento now has observability tools to help monitor the services (Grafana). Some setup is required for this feature to | ||
work. | ||
* Katsu discovery endpoints now have an authorization layer. | ||
* Data that used to be completely public by default (i.e., | ||
censored counts) now requires a permission (`query:project_level_counts` and/or `query:dataset_level_counts`), and | ||
thus a grant in the authorization service. | ||
* Beacon now requires a client ID/secret and an authorization service grant to access uncensored data. | ||
* Katsu discovery is now more granular, and can be configured to the project or dataset level, in addition to the | ||
instance level. See the [Public data discovery configuration](./public_discovery.md) document for more information. | ||
* ... | ||
|
||
|
||
## 1. Stop Bento | ||
|
||
```bash | ||
./bentoctl.bash stop | ||
``` | ||
|
||
|
||
## 2. Update images | ||
|
||
```bash | ||
./bentoctl.bash pull | ||
``` | ||
|
||
|
||
## 3. Set up credentials for aggregation/Beacon and, optionally, set up Grafana | ||
|
||
If you wish to enable Grafana, you first must enable the monitoring feature in your `local.env` file: | ||
|
||
```bash | ||
BENTO_MONITORING_ENABLED='true' | ||
``` | ||
|
||
To create the client secrets for aggregation/Beacon and Grafana (if the latter is enabled), run the following commands: | ||
|
||
```bash | ||
./bentoctl.bash start auth | ||
./bentoctl.bash init-auth | ||
``` | ||
|
||
**Reminder:** Make sure to put the client secret(s) generated by `init-auth` into your `local.env` file! | ||
|
||
Aggregation/Beacon data access authorization will not work until an authorization service grant is configured; | ||
see step 4 below. | ||
|
||
|
||
## 4. Set up aggregation/Beacon permissions and public data access grants | ||
|
||
Now that Beacon uses a client ID/secret to get authorized, uncensored data access for discovery, a grant must be | ||
configured to give the aggregation/Beacon client data access. | ||
|
||
Another change to permissions: starting from Bento v17, anonymous visitors do not have access to see censored counts | ||
data by default, even if a discovery configuration has been set up. For anonymous visitors to access data, a level | ||
(`bool`, `counts`, `full`) must be chosen and passed to the `bento_authz` CLI command below. | ||
|
||
```bash | ||
./bentoctl.bash shell authz | ||
|
||
# Configure aggregation/Beacon permissions | ||
# ---------------------------------------- | ||
# This assumes the aggregation/Beacon client ID is "aggregation". | ||
# <ISSUER_HERE> MUST be replaced with your actual issuer value. | ||
# - The query:data permission gives access to Katsu endpoints which are properly authz-enabled. | ||
# - The view:private_portal permission gives access to Katsu and Gohan endpoints where the proxy still manages access. | ||
# This permission will be removed in an uncoming version. | ||
bento_authz create grant \ | ||
'{"iss": "<ISSUER_HERE>", "client": "aggregation"}' \ | ||
'{"everything": true}' \ | ||
'query:data' 'view:private_portal' | ||
|
||
# Configure public data access | ||
# ---------------------------- | ||
# The level below ("counts") preserves previous functionality. Other possible options are: | ||
# - none - will do nothing. | ||
# - bool - for censored true/false discovery, but in effect right now forbids access. | ||
# - counts - for censored count discovery. | ||
# - full - allows full data access (record-level, including sensitive data such as IDs), uncensored counts, etc. | ||
bento_authz public-data-access counts | ||
``` | ||
|
||
|
||
## 5. Start Bento | ||
|
||
```bash | ||
./bentoctl.bash start | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.