Skip to content

Feature/username password auth#28

Draft
StevenMPhillips wants to merge 2 commits into
dremio:mainfrom
StevenMPhillips:feature/username-password-auth
Draft

Feature/username password auth#28
StevenMPhillips wants to merge 2 commits into
dremio:mainfrom
StevenMPhillips:feature/username-password-auth

Conversation

@StevenMPhillips
Copy link
Copy Markdown

@StevenMPhillips StevenMPhillips commented Jun 9, 2025

No description provided.

@StevenMPhillips
feat: Add username/password authentication support alongside PAT
31f98b3 
- Add username and password fields to Dremio configuration model
- Implement username/password authentication via Dremio's /apiv2/login endpoint
- Add validation to prevent conflicting authentication methods
- Update CLI commands to support both --username/--password and --pat options
- Maintain full backward compatibility with existing PAT configurations
- Add comprehensive validation and error handling
- Update documentation with examples for both authentication methods

Changes:
- src/dremioai/config/settings.py: Add username/password fields and validation
- src/dremioai/api/transport.py: Implement username/password authentication logic
- src/dremioai/servers/mcp.py: Add CLI options and validation for new auth method
- README.md: Update documentation with authentication options and examples

All existing tests pass (74/74) ensuring backward compatibility.
@StevenMPhillips
chore: Update .gitignore to exclude IDE files
6619d57 
- Add .idea/, .vscode/, and editor swap files to .gitignore
- Prevent IDE-specific files from being tracked in version control
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Jun 9, 2025

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@serra
Copy link
Copy Markdown
Contributor

serra commented Jun 25, 2025
edited
Loading

@StevenMPhillips I was thinking about implementing sth similar, but IMO another approach would be better - curious about your thoughts.

From Dremio's perspective, I see two important downsides to this approach:
1/ Using usernames and passwords like this is not a good security practice in general and high quality software should not encourage bad practices.
2/ Creating personal access tokens for users is a differentiating feature of Dremio's enterprise edition.

To me, 1/ outweighs 2/ by a landslide, but I can imagine that in the current AI hype 2/ helps in persuading enterprise people who want leverage MCP to purchase an enterprise edition.

That being said, the community should be able to use this MCP server too.

My solution would be to keep the code to get a login token from the api outside this codebase. E.g. create a script that:
1/ retrieves a token from the api (valid for ~30hours iirc)
2/ starts the dremio-mcp service with this this token (command line parameter? docker mount? docker secret? env var?)
3/ restart before toke expiration (say daily)

It might be a bit hack-ish, but OK to me for community edition use.

And then the code here can stay secure and evolve with enterprise as well as community editions.

Thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@StevenMPhillips @CLAassistant @serra