Fix BasicAuth token configuration naming consistency across Pinot com…

pinot-controller/src/test/java/org/apache/pinot/controller/helix/ControllerTest.java

@@ -1268,7 +1268,7 @@ public final Map<String, Object> getSharedControllerConfiguration() {
     properties.put(ControllerConf.TABLE_MIN_REPLICAS, DEFAULT_MIN_NUM_REPLICAS);
 
     // Used in PinotControllerAppConfigsTest to test obfuscation
-    properties.put("controller.segment.fetcher.auth.token", "*personal*");
+    properties.put("pinot.controller.segment.fetcher.auth.token", "*personal*");
     properties.put("controller.admin.access.control.principals.user.password", "*personal*");
 
     return properties;

pinot-integration-test-base/src/test/java/org/apache/pinot/integration/tests/BasicAuthTestUtils.java

@@ -27,18 +27,20 @@ public final class BasicAuthTestUtils {
   private BasicAuthTestUtils() {
   }
 
-  public static final String AUTH_TOKEN = "Basic YWRtaW46dmVyeXNlY3JldA=====";
+  public static final String AUTH_TOKEN = "Basic YWRtaW46dmVyeXNlY3JldA==";
   public static final String AUTH_TOKEN_USER = "Basic dXNlcjpzZWNyZXQ==";
   public static final Map<String, String> AUTH_HEADER = Map.of("Authorization", AUTH_TOKEN);
   public static final BasicHeader AUTH_HEADER_BASIC = new BasicHeader("Authorization", AUTH_TOKEN);
   public static final Map<String, String> AUTH_HEADER_USER = Map.of("Authorization", AUTH_TOKEN_USER);
 
   public static void addControllerConfiguration(Map<String, Object> properties) {
-    properties.put("controller.segment.fetcher.auth.token", AUTH_TOKEN);
+    properties.put("pinot.controller.segment.fetcher.auth.token", AUTH_TOKEN);
     properties.put("controller.admin.access.control.factory.class",
         "org.apache.pinot.controller.api.access.BasicAuthAccessControlFactory");
     properties.put("controller.admin.access.control.principals", "admin, user");
     properties.put("controller.admin.access.control.principals.admin.password", "verysecret");
+    // Admin user has access to all tables (no tables restriction means all tables)
+    // Admin user has all permissions (no permissions restriction means all permissions)
     properties.put("controller.admin.access.control.principals.user.password", "secret");
     properties.put("controller.admin.access.control.principals.user.tables", "userTableOnly");
     properties.put("controller.admin.access.control.principals.user.permissions", "read");
@@ -61,7 +63,7 @@ public static void addServerConfiguration(PinotConfiguration serverConf) {
   }
 
   public static void addMinionConfiguration(PinotConfiguration minionConf) {
-    minionConf.setProperty("segment.fetcher.auth.token", AUTH_TOKEN);
-    minionConf.setProperty("task.auth.token", AUTH_TOKEN);
+    minionConf.setProperty("pinot.minion.segment.fetcher.auth.token", AUTH_TOKEN);
+    minionConf.setProperty("pinot.minion.task.auth.token", AUTH_TOKEN);
   }
 }

pinot-integration-tests/src/test/java/org/apache/pinot/integration/tests/CursorWithAuthIntegrationTest.java

@@ -48,9 +48,9 @@ protected Object[][] getPageSizesAndQueryEngine() {
   @Override
   protected void overrideControllerConf(Map<String, Object> properties) {
     BasicAuthTestUtils.addControllerConfiguration(properties);
-    properties.put("controller.segment.fetcher.auth.provider.class", AUTH_PROVIDER_CLASS);
-    properties.put("controller.segment.fetcher.auth.url", AUTH_URL);
-    properties.put("controller.segment.fetcher.auth.prefix", AUTH_PREFIX);
+    properties.put("pinot.controller.segment.fetcher.auth.provider.class", AUTH_PROVIDER_CLASS);
+    properties.put("pinot.controller.segment.fetcher.auth.url", AUTH_URL);
+    properties.put("pinot.controller.segment.fetcher.auth.prefix", AUTH_PREFIX);
     properties.put(ControllerConf.CONTROLLER_BROKER_AUTH_PREFIX + ".provider.class", AUTH_PROVIDER_CLASS);
     properties.put(ControllerConf.CONTROLLER_BROKER_AUTH_PREFIX + ".url", AUTH_URL);
     properties.put(ControllerConf.CONTROLLER_BROKER_AUTH_PREFIX + ".prefix", AUTH_PREFIX);

pinot-integration-tests/src/test/java/org/apache/pinot/integration/tests/RowLevelSecurityIntegrationTest.java

@@ -57,7 +57,7 @@ public class RowLevelSecurityIntegrationTest extends BaseClusterIntegrationTest
 
   @Override
   protected void overrideControllerConf(Map<String, Object> properties) {
-    properties.put("controller.segment.fetcher.auth.token", AUTH_TOKEN);
+    properties.put("pinot.controller.segment.fetcher.auth.token", AUTH_TOKEN);
     properties.put("controller.admin.access.control.factory.class",
         "org.apache.pinot.controller.api.access.BasicAuthAccessControlFactory");
     properties.put("controller.admin.access.control.principals", "admin, user, user2");

pinot-integration-tests/src/test/java/org/apache/pinot/integration/tests/TlsIntegrationTest.java

@@ -482,6 +482,7 @@ public void testRealtimeSegmentUploadDownload()
     Assert.assertNotNull(_controllerStarter.getTaskManager().scheduleTasks(new TaskSchedulingContext()));
 
     // wait for offline segments
+    // Increased timeout from 30s to 90s to account for CI resource contention when running parallel test sets
     JsonNode offlineSegments = TestUtils.waitForResult(() -> {
       JsonNode segmentSets = JsonUtils.stringToJsonNode(
           sendGetRequest(_controllerRequestURLBuilder.forSegmentListAPI(getTableName()), AUTH_HEADER));
@@ -490,7 +491,7 @@ public void testRealtimeSegmentUploadDownload()
               .map(s -> s.get("OFFLINE")).findFirst().get();
       Assert.assertFalse(currentOfflineSegments.isEmpty());
       return currentOfflineSegments;
-    }, 30000);
+    }, 90000);
 
     // Verify constant row count
     ResultSetGroup resultAfterOffline = getPinotConnection().execute(query);

pinot-integration-tests/src/test/java/org/apache/pinot/integration/tests/UrlAuthRealtimeIntegrationTest.java

@@ -92,9 +92,9 @@ public void tearDown()
   @Override
   protected void overrideControllerConf(Map<String, Object> properties) {
     BasicAuthTestUtils.addControllerConfiguration(properties);
-    properties.put("controller.segment.fetcher.auth.provider.class", AUTH_PROVIDER_CLASS);
-    properties.put("controller.segment.fetcher.auth.url", AUTH_URL);
-    properties.put("controller.segment.fetcher.auth.prefix", AUTH_PREFIX);
+    properties.put("pinot.controller.segment.fetcher.auth.provider.class", AUTH_PROVIDER_CLASS);
+    properties.put("pinot.controller.segment.fetcher.auth.url", AUTH_URL);
+    properties.put("pinot.controller.segment.fetcher.auth.prefix", AUTH_PREFIX);
   }
 
   @Override
@@ -119,12 +119,16 @@ protected void overrideServerConf(PinotConfiguration serverConf) {
   @Override
   protected void overrideMinionConf(PinotConfiguration minionConf) {
     BasicAuthTestUtils.addMinionConfiguration(minionConf);
-    minionConf.setProperty("segment.fetcher.auth.provider.class", AUTH_PROVIDER_CLASS);
-    minionConf.setProperty("segment.fetcher.auth.url", AUTH_URL_PREFIXED);
-    minionConf.setProperty("segment.fetcher.auth.prefix", AUTH_PREFIX);
-    minionConf.setProperty("task.auth.provider.class", AUTH_PROVIDER_CLASS);
-    minionConf.setProperty("task.auth.url", AUTH_URL_PREFIXED);
-    minionConf.setProperty("task.auth.prefix", AUTH_PREFIX);
+    minionConf.setProperty("pinot.minion.segment.fetcher.auth.provider.class", AUTH_PROVIDER_CLASS);
+    minionConf.setProperty("pinot.minion.segment.fetcher.auth.url", AUTH_URL_PREFIXED);
+    minionConf.setProperty("pinot.minion.segment.fetcher.auth.prefix", AUTH_PREFIX);
+    // Add explicit token as fallback
+    minionConf.setProperty("pinot.minion.segment.fetcher.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
+    minionConf.setProperty("pinot.minion.task.auth.provider.class", AUTH_PROVIDER_CLASS);
+    minionConf.setProperty("pinot.minion.task.auth.url", AUTH_URL_PREFIXED);
+    minionConf.setProperty("pinot.minion.task.auth.prefix", AUTH_PREFIX);
+    // Add explicit token as fallback
+    minionConf.setProperty("pinot.minion.task.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
   }
 
   @Override
@@ -165,12 +169,13 @@ public void testSegmentUploadDownload()
     Assert.assertNotNull(_controllerStarter.getTaskManager().scheduleTasks(new TaskSchedulingContext()));
 
     // wait for offline segments
+    // Increased timeout from 30s to 90s to account for CI resource contention when running parallel test sets
     List<String> offlineSegments = TestUtils.waitForResult(() -> {
       List<String> currentOfflineSegments =
           getControllerRequestClient().listSegments(getTableName(), TableType.OFFLINE.name(), false);
       Assert.assertFalse(currentOfflineSegments.isEmpty());
       return currentOfflineSegments;
-    }, 30000);
+    }, 90000);
 
     // Verify constant row count
     ResultSetGroup resultAfterOffline = getPinotConnection().execute(query);

pinot-tools/src/main/java/org/apache/pinot/tools/AuthZkBasicQuickstart.java

@@ -59,8 +59,8 @@ public Map<String, Object> getConfigOverrides() {
     properties.put("pinot.server.segment.uploader.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
 
     // minion
-    properties.put("segment.fetcher.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
-    properties.put("task.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
+    properties.put("pinot.minion.segment.fetcher.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
+    properties.put("pinot.minion.task.auth.token", "Basic YWRtaW46dmVyeXNlY3JldA==");
 
     return properties;
   }

pinot-tools/src/main/java/org/apache/pinot/tools/utils/AuthUtils.java

@@ -58,8 +58,8 @@ public static Map<String, Object> getAuthQuickStartDefaultConfigs() {
     properties.put("pinot.server.instance.auth.token", DEFAULT_AUTH_TOKEN);
 
     // minion
-    properties.put("segment.fetcher.auth.token", DEFAULT_AUTH_TOKEN);
-    properties.put("task.auth.token", DEFAULT_AUTH_TOKEN);
+    properties.put("pinot.minion.segment.fetcher.auth.token", DEFAULT_AUTH_TOKEN);
+    properties.put("pinot.minion.task.auth.token", DEFAULT_AUTH_TOKEN);
 
     // loggers
     properties.put("pinot.controller.logger.root.dir", "logs");