add header authentication support for the web-ui

[kenandominic]

Description

Installs the header authenticator and header authenticator manager modules in the web UI authentication module

relevant configuration

web-ui.authentication.type=header

in place of #14450

Additional context and related issues

Release notes

( ) This is not user-visible or docs only and no release notes are required.
(x) Release notes are required, please propose a release note for me.
( ) Release notes are required, with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

[kenandominic]

hey @lukasz-walkiewicz could you ptal when you get the chance. wrote tests as you asked in #14450

[github-actions]

This pull request has gone a while without any activity. Tagging the Trino developer relations team: @bitsondatadev @colebow @mosabua

[mosabua]

👋 @kenandominic - this PR has become inactive. We hope you are still interested in working on it. Please let us know, and we can try to get reviewers to help with that.

We're working on closing out old and inactive PRs, so if you're too busy or this has too many merge conflicts to be worth picking back up, we'll be making another pass to close it out in a few weeks.

[huw0]

I'm also interested in this feature. @hashhar @lukasz-walkiewicz what is outstanding to merge this?

[github-actions]

This pull request has gone a while without any activity. Tagging the Trino developer relations team: @bitsondatadev @colebow @mosabua

[kenandominic]

hey @mosabua, I'll spend some time again, hopefully later today, to resolve the merge conflicts if you can get someone to review it.

[kenandominic]

hey @huw0, you can apply the changes in this PR if you have a fork of trino. we've (salesforce) been using header authn to guard our UI for nearly a year now

[cla-bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic.
This is most likely caused by a git client misconfiguration; please make sure to:

1. check if your git client is configured with an email to sign commits git config --list | grep email
2. If not, set it up using git config --global user.email [email protected]
3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

[cla-bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic.
This is most likely caused by a git client misconfiguration; please make sure to:

1. check if your git client is configured with an email to sign commits git config --list | grep email
2. If not, set it up using git config --global user.email [email protected]
3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

[cla-bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic.
This is most likely caused by a git client misconfiguration; please make sure to:

1. check if your git client is configured with an email to sign commits git config --list | grep email
2. If not, set it up using git config --global user.email [email protected]
3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

[cla-bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic.
This is most likely caused by a git client misconfiguration; please make sure to:

1. check if your git client is configured with an email to sign commits git config --list | grep email
2. If not, set it up using git config --global user.email [email protected]
3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

[cla-bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic.
This is most likely caused by a git client misconfiguration; please make sure to:

1. check if your git client is configured with an email to sign commits git config --list | grep email
2. If not, set it up using git config --global user.email [email protected]
3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

[kenandominic]

hey @mosabua I have resolved all the conflicts

[mosabua]

@cla-bot check

[cla-bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic.
This is most likely caused by a git client misconfiguration; please make sure to:

1. check if your git client is configured with an email to sign commits git config --list | grep email
2. If not, set it up using git config --global user.email [email protected]
3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

[cla-bot]

The cla-bot has been summoned, and re-checked this pull request!

[mosabua]

Can you submit a signed CLA and check the build failures out @kenandominic ?

[cla-bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic.
This is most likely caused by a git client misconfiguration; please make sure to:

1. check if your git client is configured with an email to sign commits git config --list | grep email
2. If not, set it up using git config --global user.email [email protected]
3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

[cla-bot]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Kenan Dominic.
This is most likely caused by a git client misconfiguration; please make sure to:

1. check if your git client is configured with an email to sign commits git config --list | grep email
2. If not, set it up using git config --global user.email [email protected]
3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

[kenandominic]

hey @mosabua I was able to fix the issue with the cla check not passing. all tests pass except trino-delta-lake which is unrelated to the changes in this pr. is there a way to run just that check again?

[mosabua]

Thanks for the CLA and such @kenandominic . The test results coming from the Delta Lake test are probably just a CI failure. Every new push will trigger the whole build again but I would wait until we get further review comments.

[mosabua]

Can @lukasz-walkiewicz @hashhar or maybe @dain help here?

[huw0]

hey @huw0, you can apply the changes in this PR if you have a fork of trino. we've (salesforce) been using header authn to guard our UI for nearly a year now

Great to hear that this has been battle tested!
So far I've been trying to avoid forking and sticking with upstream as closely as possible to reduce the overhead of staying up to date.

---

Is there anything that can be done to progress this PR?

[github-actions]

This pull request has gone a while without any activity. Tagging the Trino developer relations team: @bitsondatadev @colebow @mosabua

[github-actions]

Closing this pull request, as it has been stale for six weeks. Feel free to re-open at any time.

[mosabua]

Reopening .. we still want this feature to get in. Adding stale-ignore label.

[huw0]

Hi @mosabua, @lukasz-walkiewicz - would be great to get this in soon if possible?

[mosabua]

@wendigo @koszti .. you are working on this a bit recently. Any input?

Also @kenandominic can you change commit message to

"Add header authentication support to the Web UI"

[mosabua]

It would be nice to get user facing docs for header authentication going as well at some stage.