You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by "morningman (via GitHub)" <gi...@apache.org> on 2023/04/26 02:52:20 UTC
[GitHub] [doris] morningman commented on a diff in pull request #17753: [Enhancement](HttpServer) Add http interface authentication for BE
morningman commented on code in PR #17753:
URL: https://github.com/apache/doris/pull/17753#discussion_r1177279296
##########
be/src/service/http_service.cpp:
##########
@@ -129,42 +132,51 @@ Status HttpService::start() {
// register metrics
{
- auto action = _pool.add(new MetricsAction(DorisMetrics::instance()->metric_registry()));
+ auto action =
+ _pool.add(new MetricsAction(DorisMetrics::instance()->metric_registry(), _env));
_ev_http_server->register_handler(HttpMethod::GET, "/metrics", action);
}
- MetaAction* meta_action = _pool.add(new MetaAction());
+ MetaAction* meta_action = _pool.add(new MetaAction(_env));
+ meta_action->auth(TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN);
_ev_http_server->register_handler(HttpMethod::GET, "/api/meta/{op}/{tablet_id}", meta_action);
#ifndef BE_TEST
// Register BE checksum action
- ChecksumAction* checksum_action = _pool.add(new ChecksumAction());
+ ChecksumAction* checksum_action = _pool.add(new ChecksumAction(_env));
+ checksum_action->auth(TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN);
_ev_http_server->register_handler(HttpMethod::GET, "/api/checksum", checksum_action);
// Register BE reload tablet action
ReloadTabletAction* reload_tablet_action = _pool.add(new ReloadTabletAction(_env));
+ reload_tablet_action->auth(TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN);
_ev_http_server->register_handler(HttpMethod::GET, "/api/reload_tablet", reload_tablet_action);
RestoreTabletAction* restore_tablet_action = _pool.add(new RestoreTabletAction(_env));
+ restore_tablet_action->auth(TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN);
Review Comment:
I think this can be done in the constructor of each action.
##########
be/src/common/config.h:
##########
@@ -375,6 +375,8 @@ CONF_Bool(enable_https, "false");
CONF_String(ssl_certificate_path, "");
// Path of private key
CONF_String(ssl_private_key_path, "");
+// Whether to check authorization
+CONF_Bool(enable_auth, "false");
Review Comment:
```suggestion
CONF_Bool(enable_http_auth, "false");
```
##########
be/src/http/action/check_rpc_channel_action.h:
##########
@@ -17,17 +17,17 @@
#pragma once
-#include "http/http_handler.h"
+#include "http/http_handler_with_auth.h"
namespace doris {
class ExecEnv;
class HttpRequest;
-class CheckRPCChannelAction : public HttpHandler {
+class CheckRPCChannelAction : public HttpHandlerWithAuth {
Review Comment:
This will be called from FE, which may not contain auth info
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org