Unable to configure OAuth on Trino gateway
Nexengineer opened this issue · comments
Hi,
I am trying to enable OAuth on gateway running via docker container. I have created an app registration in azure for the oauth. Below is my config file
# Routing Rules are ways by which query can be send to a specific $schema
# Resource group
# reference - https://github.com/trinodb/trino-gateway/blob/main/docs/routing-rules.md
routingRules:
rulesEngineEnabled: false
# rulesConfigPath: "./gw_rules.yml" ---> Rules path
requestRouter:
ssl: true
port: 8080
name: trinoRouter
historySize: 1000
requestBufferSize: 8192
keystorePath: /opt/trino/standard_trusts.jks
keystorePass: "password"
dataStore:
jdbcUrl: jdbc:postgresql://host.docker.internal:5431/trino_gateway_db
user: trino_gateway_db_admin
password: P0stG&es
driver: org.postgresql.Driver
queryHistoryHoursRetention: 24
backendState:
username: lb_query
password: secret
clusterStatsConfiguration:
monitorType: INFO_API
# monitorType: JDBC
server:
applicationConnectors:
- type: https
port: 8090
useForwardedHeaders: true
keyStorePath: /opt/trino/standard_trusts.jks
keyStorePassword: "password"
adminConnectors:
- type: https
port: 8091
useForwardedHeaders: true
keyStorePath: /opt/trino/standard_trusts.jks
keyStorePassword: "password"
modules:
- io.trino.gateway.ha.module.HaGatewayProviderModule
- io.trino.gateway.ha.module.ClusterStateListenerModule
- io.trino.gateway.ha.module.ClusterStatsMonitorModule
managedApps:
- io.trino.gateway.ha.GatewayManagedApp
- io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor
# Logging settings.
logging:
type: external
authentication:
defaultType: "oauth"
oauth:
issuer: "https://login.microsoftonline.com/<tenant_id>/v2.0"
clientId: <client_id>
clientSecret: <client_secret>
tokenEndpoint: "https://login.microsoftonline.com/<tenent_id>/oauth2/v2.0/authorize"
authorizationEndpoint: "https://login.microsoftonline.com/<tenent_id>/oauth2/v2.0/authorize"
jwkEndpoint: "https://login.microsoftonline.com/<tenent_id>/discovery/v2.0/keys" // want to know more about this
redirectUrl: "https://localhost:8080/oidc/callback"
redirectWebUrl: "https://localhost:8080/oidc/callback"
userIdField: "" // want to know more about this
scopes:
- https://<scope>/.default
- openid
docker container is starting and unhealthy. By looking at the logs, I am getting
2024-06-12T07:21:08.217Z INFO main io.trino.gateway.baseapp.BaseApp op=register_start configuration=Configuration{server=DefaultServerFactory{applicationConnectors=[io.dropwizard.jetty.HttpsConnectorFactory@4a3be6a5], adminConnectors=[io.dropwizard.jetty.HttpsConnectorFactory@6b760460], adminMaxThreads=64, adminMinThreads=1, applicationContextPath='/', adminContextPath='/'}, logging=io.dropwizard.logging.common.ExternalLoggingFactory@1b005a0b, metrics=MetricsFactory{frequency=1 minute, reporters=[], reportOnStop=false}, admin=AdminFactory[healthChecks=HealthCheckConfiguration[servletEnabled= true, minThreads=1, maxThreads=4, workQueueSize=1], tasks=TaskConfiguration[printStackTraceOnError=false]], health=null}
2024-06-12T07:21:08.219Z INFO main io.trino.gateway.baseapp.BaseApp op=register type=auth filter item=class io.dropwizard.auth.AuthFilter
2024-06-12T07:21:08.226Z INFO main io.trino.gateway.baseapp.BaseApp op=register type=provider item=class io.trino.gateway.ha.security.AuthorizedExceptionMapper
2024-06-12T07:21:08.277Z ERROR main io.trino.gateway.baseapp.BaseApp Error loading managed app
com.google.inject.ProvisionException: Unable to provision, see the following errors:
1) [Guice/ErrorInCustomProvider]: IllegalStateException
at HaGatewayProviderModule.provideGateway(HaGatewayProviderModule.java:216)
at GatewayManagedApp.<init>(GatewayManagedApp.java:29)
\_ for 1st parameter gateway
while locating GatewayManagedApp
Learn more:
https://github.com/google/guice/wiki/ERROR_IN_CUSTOM_PROVIDER
1 error
Need help on enabling oauth on gateway apis.
Any updates on this
The error message was trimmed, making it difficult to determine the cause.
I think this is the same as #242.
I am adding the whole log @oneonestar
2024-06-17T06:16:26.967Z ERROR main io.trino.gateway.baseapp.BaseApp Error loading managed app
com.google.inject.ProvisionException: Unable to provision, see the following errors:
1) [Guice/ErrorInCustomProvider]: IllegalStateException
at HaGatewayProviderModule.provideGateway(HaGatewayProviderModule.java:216)
at GatewayManagedApp.<init>(GatewayManagedApp.java:29)
\_ for 1st parameter gateway
while locating GatewayManagedApp
Learn more:
https://github.com/google/guice/wiki/ERROR_IN_CUSTOM_PROVIDER
1 error
======================
Full classname legend:
======================
GatewayManagedApp: "io.trino.gateway.ha.GatewayManagedApp"
HaGatewayProviderModule: "io.trino.gateway.ha.module.HaGatewayProviderModule"
========================
End of classname legend:
========================
at com.google.inject.internal.InternalProvisionException.toProvisionException(InternalProvisionException.java:251)
at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1151)
at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1186)
at io.trino.gateway.baseapp.BaseApp.lambda$addManagedApps$1(BaseApp.java:187)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
at io.trino.gateway.baseapp.BaseApp.addManagedApps(BaseApp.java:182)
at io.trino.gateway.baseapp.BaseApp.registerWithInjector(BaseApp.java:142)
at io.trino.gateway.baseapp.BaseApp.configureGuice(BaseApp.java:134)
at io.trino.gateway.baseapp.BaseApp.run(BaseApp.java:125)
at io.trino.gateway.baseapp.BaseApp.run(BaseApp.java:66)
at io.dropwizard.core.cli.EnvironmentCommand.run(EnvironmentCommand.java:66)
at io.dropwizard.core.cli.ConfiguredCommand.run(ConfiguredCommand.java:98)
at io.dropwizard.core.cli.Cli.run(Cli.java:78)
at io.dropwizard.core.Application.run(Application.java:94)
at io.trino.gateway.ha.HaGatewayLauncher.main(HaGatewayLauncher.java:49)
Caused by: java.lang.IllegalStateException
at java.base/java.util.OptionalInt.orElseThrow(OptionalInt.java:273)
at io.trino.gateway.ha.module.HaGatewayProviderModule.getApplicationPort(HaGatewayProviderModule.java:190)
at io.trino.gateway.ha.module.HaGatewayProviderModule.getProxyHandler(HaGatewayProviderModule.java:171)
at io.trino.gateway.ha.module.HaGatewayProviderModule.provideGateway(HaGatewayProviderModule.java:235)
at io.trino.gateway.ha.module.HaGatewayProviderModule$$FastClassByGuice$$86152.GUICE$TRAMPOLINE(<generated>)
at io.trino.gateway.ha.module.HaGatewayProviderModule$$FastClassByGuice$$86152.apply(<generated>)
at com.google.inject.internal.ProviderMethod$FastClassProviderMethod.doProvision(ProviderMethod.java:260)
at com.google.inject.internal.ProviderMethod.doProvision(ProviderMethod.java:171)
at com.google.inject.internal.InternalProviderInstanceBindingImpl$CyclicFactory.provision(InternalProviderInstanceBindingImpl.java:185)
at com.google.inject.internal.InternalProviderInstanceBindingImpl$CyclicFactory.get(InternalProviderInstanceBindingImpl.java:162)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:169)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:40)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:60)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:300)
at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1148)
... 13 more
2024-06-17T06:16:27.055Z INFO main stdout # WARNING: Unable to get Instrumentation. Dynamic Attach failed. You may add this JAR as -javaagent manually, or supply -Djdk.attach.allowAttachSelf
There is some large-scale refactoring ongoing.
Please try #382 or wait for things to settle down a bit.
@oneonestar I see the PR mentioned above is merged. Is there a docker image release, you guys are planning?
We are working towards release 10 which will include a docker container. Stay tuned, but feel free to build it all locally from the main branch now and help us with testing.