Client auth Interface¶
Pravega client can access Pravega APIs through
grpc. Some of the admin APIs can be accessed via
The Authorization/Authentication API and plugin works for both of these interfaces.
grpc Client auth Interface¶
If multiple plugin exists, a client selects its auth handler by setting a
grpc header with the name
This is performed by implementing Credentials interface by passing through the ClientConfig object to the Pravega client.
The parameters for authentication are passed through custom
grpc headers. These are extracted through
grpc interceptors and passed on to the specific auth plugin.
This plugin is identified by the
Dynamic extraction of the auth parameters on the client¶
Dynamic extraction of parameters is also possible using the system properties or environment variables. The order of preference is listed below:
- User explicitly provides a credential object through the API. This results in overriding the other settings.
- System properties: System properties are defined in the format:
- Environment variables: Environment variables are defined in the format:
- In case of option 2 and 3, the caller decides on whether, the class needs to be loaded dynamically by setting the property
REST Client auth Interface¶
REST client in order to access the Pravega API uses the similar approach as mentioned in the above sections. The custom auth parameters are sent as the part of the
Authorization HTTP header.
REST server implementation on Pravega Controller extracts these headers and passes it to the valid auth plugin implementation. Then it resumes, if the authentication and authorization matches the intended access pattern.