branch-3.0: [opt](http) enable auth token with BE http request#43659
Merged
morningman merged 1 commit intobranch-3.0from Nov 12, 2024
Merged
branch-3.0: [opt](http) enable auth token with BE http request#43659morningman merged 1 commit intobranch-3.0from
morningman merged 1 commit intobranch-3.0from
Conversation
### What problem does this PR solve? Related PR: #39577 Problem Summary: In #39577, we added the auth check for all HTTP API on FE side. But it introduced an issue that when `enable_all_http_auth`, the internal http request will fail due to lack of authentication info. For example, when cloning replica from one BE to another, it use HTTP API. This PR mainly changes: 1. Unify the token generation and checking logic Move `TokenManager` from `load` package to `Env`, as a global mgr. It is responsible for generating tokens at fix interval. And the token will be sent to BE via heartbeat. BE will save last 2 tokens, and use the latest token in HTTP request. All HTTP request sent by BE will add a header `Auth-Token`, and BE's HTTP server will check if this token in header is same as token from FE heartbeat. 2. Add a new class `ClusterInfo` on BE side to replace `TMasterInfo`. `TMasterInfo` is a thrift object used to save master info and pass them from FE to BE via heartbeat. So it should only be a message payload, we should get info from it and save it in another structure: `ClusterInfo`. Co-authored-by: morningman <yunyou@selectdb.com>
github-actions
Bot
requested review from
CalvinKirs,
dataroaring and
morningman
as code owners
|
Thank you for your contribution to Apache Doris. Please clearly describe your PR:
|
|
run buildall |
Contributor
|
run buildall |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| uint32_t worker_thread_num, TMasterInfo* local_master_info) { | ||
| HeartbeatServer* heartbeat_server = new HeartbeatServer(local_master_info); | ||
| uint32_t worker_thread_num, ClusterInfo* cluster_info) { | ||
| HeartbeatServer* heartbeat_server = new HeartbeatServer(cluster_info); |
Contributor
Author
There was a problem hiding this comment.
warning: use auto when initializing with new to avoid duplicating the type name [modernize-use-auto]
Suggested change
| HeartbeatServer* heartbeat_server = new HeartbeatServer(cluster_info); | |
| auto* heartbeat_server = new HeartbeatServer(cluster_info); |
|
|
||
| #pragma once | ||
|
|
||
| #include <gen_cpp/Types_types.h> |
Contributor
Author
There was a problem hiding this comment.
warning: 'gen_cpp/Types_types.h' file not found [clang-diagnostic-error]
#include <gen_cpp/Types_types.h>
^
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cherry-picked from #41994