diff --git a/be/src/common/config.h b/be/src/common/config.h index fa6a516bc4..9186e5881e 100644 --- a/be/src/common/config.h +++ b/be/src/common/config.h @@ -390,6 +390,8 @@ CONF_Bool(enable_https, "false"); CONF_String(ssl_certificate_path, ""); // Path of private key CONF_String(ssl_private_key_path, ""); +// Whether to check authorization +CONF_Bool(enable_http_auth, "false"); // Number of webserver workers CONF_Int32(webserver_num_workers, "48"); // Period to update rate counters and sampling counters in ms. diff --git a/be/src/http/CMakeLists.txt b/be/src/http/CMakeLists.txt index a2e1c3eb46..93ce59a986 100644 --- a/be/src/http/CMakeLists.txt +++ b/be/src/http/CMakeLists.txt @@ -28,13 +28,13 @@ add_library(Webserver STATIC http_channel.cpp http_status.cpp http_parser.cpp + http_handler_with_auth.cpp web_page_handler.cpp default_path_handlers.cpp utils.cpp ev_http_server.cpp http_client.cpp action/download_action.cpp - action/monitor_action.cpp action/pad_rowset_action.cpp action/health_action.cpp action/tablet_migration_action.cpp diff --git a/be/src/http/action/check_rpc_channel_action.cpp b/be/src/http/action/check_rpc_channel_action.cpp index d483fc4fa3..61702dc932 100644 --- a/be/src/http/action/check_rpc_channel_action.cpp +++ b/be/src/http/action/check_rpc_channel_action.cpp @@ -36,7 +36,9 @@ #include "util/md5.h" namespace doris { -CheckRPCChannelAction::CheckRPCChannelAction(ExecEnv* exec_env) : _exec_env(exec_env) {} +CheckRPCChannelAction::CheckRPCChannelAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} void CheckRPCChannelAction::handle(HttpRequest* req) { std::string req_ip = req->param("ip"); std::string req_port = req->param("port"); diff --git a/be/src/http/action/check_rpc_channel_action.h b/be/src/http/action/check_rpc_channel_action.h index 6847c51b08..883180f02d 100644 --- a/be/src/http/action/check_rpc_channel_action.h +++ b/be/src/http/action/check_rpc_channel_action.h @@ -17,17 +17,18 @@ #pragma once -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" namespace doris { class ExecEnv; class HttpRequest; -class CheckRPCChannelAction : public HttpHandler { +class CheckRPCChannelAction : public HttpHandlerWithAuth { public: - explicit CheckRPCChannelAction(ExecEnv* exec_env); + explicit CheckRPCChannelAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type); - virtual ~CheckRPCChannelAction() {} + ~CheckRPCChannelAction() override = default; void handle(HttpRequest* req) override; diff --git a/be/src/http/action/check_tablet_segment_action.cpp b/be/src/http/action/check_tablet_segment_action.cpp index 4b5362a587..33c4d13fbb 100644 --- a/be/src/http/action/check_tablet_segment_action.cpp +++ b/be/src/http/action/check_tablet_segment_action.cpp @@ -37,7 +37,9 @@ namespace doris { const static std::string HEADER_JSON = "application/json"; -CheckTabletSegmentAction::CheckTabletSegmentAction() { +CheckTabletSegmentAction::CheckTabletSegmentAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) { _host = BackendOptions::get_localhost(); } diff --git a/be/src/http/action/check_tablet_segment_action.h b/be/src/http/action/check_tablet_segment_action.h index 0cc26e8199..284c89fc21 100644 --- a/be/src/http/action/check_tablet_segment_action.h +++ b/be/src/http/action/check_tablet_segment_action.h @@ -19,15 +19,23 @@ #include -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" +#include "util/easy_json.h" namespace doris { class HttpRequest; -class CheckTabletSegmentAction : public HttpHandler { +class ExecEnv; + +class CheckTabletSegmentAction : public HttpHandlerWithAuth { public: - CheckTabletSegmentAction(); + CheckTabletSegmentAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type); + + ~CheckTabletSegmentAction() override = default; + void handle(HttpRequest* req) override; + std::string host() { return _host; } private: diff --git a/be/src/http/action/checksum_action.cpp b/be/src/http/action/checksum_action.cpp index 6ef7215b95..fc216ab785 100644 --- a/be/src/http/action/checksum_action.cpp +++ b/be/src/http/action/checksum_action.cpp @@ -37,7 +37,9 @@ const std::string TABLET_ID = "tablet_id"; const std::string TABLET_VERSION = "version"; const std::string SCHEMA_HASH = "schema_hash"; -ChecksumAction::ChecksumAction() {} +ChecksumAction::ChecksumAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} void ChecksumAction::handle(HttpRequest* req) { LOG(INFO) << "accept one request " << req->debug_string(); diff --git a/be/src/http/action/checksum_action.h b/be/src/http/action/checksum_action.h index 4ec478acfc..537bea5c96 100644 --- a/be/src/http/action/checksum_action.h +++ b/be/src/http/action/checksum_action.h @@ -19,17 +19,18 @@ #include -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" namespace doris { class HttpRequest; -class ChecksumAction : public HttpHandler { +class ChecksumAction : public HttpHandlerWithAuth { public: - explicit ChecksumAction(); + explicit ChecksumAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type); - virtual ~ChecksumAction() {} + ~ChecksumAction() override = default; void handle(HttpRequest* req) override; diff --git a/be/src/http/action/compaction_action.cpp b/be/src/http/action/compaction_action.cpp index 96d450c599..48dbe78ab4 100644 --- a/be/src/http/action/compaction_action.cpp +++ b/be/src/http/action/compaction_action.cpp @@ -48,6 +48,9 @@ using namespace ErrorCode; const static std::string HEADER_JSON = "application/json"; +CompactionAction::CompactionAction(CompactionActionType ctype, ExecEnv* exec_env, + TPrivilegeHier::type hier, TPrivilegeType::type ptype) + : HttpHandlerWithAuth(exec_env, hier, ptype), _type(ctype) {} Status CompactionAction::_check_param(HttpRequest* req, uint64_t* tablet_id) { std::string req_tablet_id = req->param(TABLET_ID_KEY); if (req_tablet_id == "") { diff --git a/be/src/http/action/compaction_action.h b/be/src/http/action/compaction_action.h index 8fc487d4a0..1feb7989e7 100644 --- a/be/src/http/action/compaction_action.h +++ b/be/src/http/action/compaction_action.h @@ -22,12 +22,14 @@ #include #include "common/status.h" -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" #include "olap/tablet.h" namespace doris { class HttpRequest; +class ExecEnv; + enum class CompactionActionType { SHOW_INFO = 1, RUN_COMPACTION = 2, @@ -40,9 +42,10 @@ const std::string PARAM_COMPACTION_CUMULATIVE = "cumulative"; /// This action is used for viewing the compaction status. /// See compaction-action.md for details. -class CompactionAction : public HttpHandler { +class CompactionAction : public HttpHandlerWithAuth { public: - CompactionAction(CompactionActionType type) : _type(type) {} + CompactionAction(CompactionActionType ctype, ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type ptype); ~CompactionAction() override = default; diff --git a/be/src/http/action/download_action.cpp b/be/src/http/action/download_action.cpp index d258842f65..259bbfc7be 100644 --- a/be/src/http/action/download_action.cpp +++ b/be/src/http/action/download_action.cpp @@ -34,8 +34,6 @@ namespace doris { const std::string FILE_PARAMETER = "file"; -const std::string DB_PARAMETER = "db"; -const std::string LABEL_PARAMETER = "label"; const std::string TOKEN_PARAMETER = "token"; DownloadAction::DownloadAction(ExecEnv* exec_env, const std::vector& allow_dirs) diff --git a/be/src/http/action/meta_action.cpp b/be/src/http/action/meta_action.cpp index ede286e3d9..6344aadbfc 100644 --- a/be/src/http/action/meta_action.cpp +++ b/be/src/http/action/meta_action.cpp @@ -46,6 +46,8 @@ const static std::string OP = "op"; const static std::string DATA_SIZE = "data_size"; const static std::string HEADER = "header"; +MetaAction::MetaAction(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} Status MetaAction::_handle_header(HttpRequest* req, std::string* json_meta) { req->add_output_header(HttpHeaders::CONTENT_TYPE, HEADER_JSON.c_str()); std::string req_tablet_id = req->param(TABLET_ID_KEY); diff --git a/be/src/http/action/meta_action.h b/be/src/http/action/meta_action.h index fe59ed2744..114ec7e388 100644 --- a/be/src/http/action/meta_action.h +++ b/be/src/http/action/meta_action.h @@ -20,18 +20,18 @@ #include #include "common/status.h" -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" namespace doris { class HttpRequest; // Get Meta Info -class MetaAction : public HttpHandler { +class MetaAction : public HttpHandlerWithAuth { public: - MetaAction() = default; + MetaAction(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type); - virtual ~MetaAction() {} + ~MetaAction() override = default; void handle(HttpRequest* req) override; diff --git a/be/src/http/action/metrics_action.h b/be/src/http/action/metrics_action.h index 2051aed53a..85db3031b8 100644 --- a/be/src/http/action/metrics_action.h +++ b/be/src/http/action/metrics_action.h @@ -17,17 +17,20 @@ #pragma once -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" namespace doris { class HttpRequest; class MetricRegistry; -class MetricsAction : public HttpHandler { +class MetricsAction : public HttpHandlerWithAuth { public: - MetricsAction(MetricRegistry* metric_registry) : _metric_registry(metric_registry) {} - virtual ~MetricsAction() {} + MetricsAction(MetricRegistry* metric_registry, ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type), _metric_registry(metric_registry) {} + + ~MetricsAction() override = default; void handle(HttpRequest* req) override; diff --git a/be/src/http/action/monitor_action.h b/be/src/http/action/monitor_action.h deleted file mode 100644 index b4bbe7a09c..0000000000 --- a/be/src/http/action/monitor_action.h +++ /dev/null @@ -1,44 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -#pragma once - -#include -#include - -#include "http/http_handler.h" - -namespace doris { - -class HttpRequest; -class RestMonitorIface; - -class MonitorAction : public HttpHandler { -public: - MonitorAction(); - - virtual ~MonitorAction() {} - - void register_module(const std::string& name, RestMonitorIface* module); - - void handle(HttpRequest* req) override; - -private: - std::map _module_by_name; -}; - -} // namespace doris diff --git a/be/src/http/action/pad_rowset_action.h b/be/src/http/action/pad_rowset_action.h index 26ff6b6854..bf4da66c42 100644 --- a/be/src/http/action/pad_rowset_action.h +++ b/be/src/http/action/pad_rowset_action.h @@ -18,16 +18,20 @@ #pragma once #include "common/status.h" -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" +#include "http/http_request.h" #include "olap/tablet.h" namespace doris { class HttpRequest; struct Version; -class PadRowsetAction : public HttpHandler { +class ExecEnv; + +class PadRowsetAction : public HttpHandlerWithAuth { public: - PadRowsetAction() = default; + PadRowsetAction(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} ~PadRowsetAction() override = default; @@ -42,4 +46,4 @@ public: #endif Status _pad_rowset(TabletSharedPtr tablet, const Version& version); }; -} // end namespace doris \ No newline at end of file +} // end namespace doris diff --git a/be/src/http/action/reload_tablet_action.cpp b/be/src/http/action/reload_tablet_action.cpp index 30f65fccce..de54ad66bb 100644 --- a/be/src/http/action/reload_tablet_action.cpp +++ b/be/src/http/action/reload_tablet_action.cpp @@ -38,7 +38,9 @@ const std::string PATH = "path"; const std::string TABLET_ID = "tablet_id"; const std::string SCHEMA_HASH = "schema_hash"; -ReloadTabletAction::ReloadTabletAction(ExecEnv* exec_env) : _exec_env(exec_env) {} +ReloadTabletAction::ReloadTabletAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} void ReloadTabletAction::handle(HttpRequest* req) { LOG(INFO) << "accept one request " << req->debug_string(); diff --git a/be/src/http/action/reload_tablet_action.h b/be/src/http/action/reload_tablet_action.h index 8ecc946bb0..6c984fbf27 100644 --- a/be/src/http/action/reload_tablet_action.h +++ b/be/src/http/action/reload_tablet_action.h @@ -21,18 +21,18 @@ #include -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" namespace doris { class ExecEnv; class HttpRequest; -class ReloadTabletAction : public HttpHandler { +class ReloadTabletAction : public HttpHandlerWithAuth { public: - ReloadTabletAction(ExecEnv* exec_env); + ReloadTabletAction(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type); - virtual ~ReloadTabletAction() {} + ~ReloadTabletAction() override = default; void handle(HttpRequest* req) override; @@ -40,7 +40,6 @@ private: void reload(const std::string& path, int64_t tablet_id, int32_t schema_hash, HttpRequest* req); ExecEnv* _exec_env; - }; // end class ReloadTabletAction } // end namespace doris diff --git a/be/src/http/action/reset_rpc_channel_action.cpp b/be/src/http/action/reset_rpc_channel_action.cpp index 95f9ba9e7e..e1b180a61d 100644 --- a/be/src/http/action/reset_rpc_channel_action.cpp +++ b/be/src/http/action/reset_rpc_channel_action.cpp @@ -32,7 +32,9 @@ #include "util/string_util.h" namespace doris { -ResetRPCChannelAction::ResetRPCChannelAction(ExecEnv* exec_env) : _exec_env(exec_env) {} +ResetRPCChannelAction::ResetRPCChannelAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} void ResetRPCChannelAction::handle(HttpRequest* req) { std::string endpoints = req->param("endpoints"); if (iequal(endpoints, "all")) { diff --git a/be/src/http/action/reset_rpc_channel_action.h b/be/src/http/action/reset_rpc_channel_action.h index 52df0d6817..16efecfee2 100644 --- a/be/src/http/action/reset_rpc_channel_action.h +++ b/be/src/http/action/reset_rpc_channel_action.h @@ -17,17 +17,18 @@ #pragma once -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" namespace doris { class ExecEnv; class HttpRequest; -class ResetRPCChannelAction : public HttpHandler { +class ResetRPCChannelAction : public HttpHandlerWithAuth { public: - explicit ResetRPCChannelAction(ExecEnv* exec_env); + explicit ResetRPCChannelAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type); - virtual ~ResetRPCChannelAction() {} + ~ResetRPCChannelAction() override = default; void handle(HttpRequest* req) override; diff --git a/be/src/http/action/restore_tablet_action.cpp b/be/src/http/action/restore_tablet_action.cpp index 7ff9aa37f3..363c895788 100644 --- a/be/src/http/action/restore_tablet_action.cpp +++ b/be/src/http/action/restore_tablet_action.cpp @@ -51,7 +51,9 @@ namespace doris { const std::string TABLET_ID = "tablet_id"; const std::string SCHEMA_HASH = "schema_hash"; -RestoreTabletAction::RestoreTabletAction(ExecEnv* exec_env) : _exec_env(exec_env) {} +RestoreTabletAction::RestoreTabletAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} void RestoreTabletAction::handle(HttpRequest* req) { LOG(INFO) << "accept one request " << req->debug_string(); diff --git a/be/src/http/action/restore_tablet_action.h b/be/src/http/action/restore_tablet_action.h index 2eccb22303..845061789f 100644 --- a/be/src/http/action/restore_tablet_action.h +++ b/be/src/http/action/restore_tablet_action.h @@ -24,18 +24,18 @@ #include #include "common/status.h" -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" namespace doris { class ExecEnv; class HttpRequest; -class RestoreTabletAction : public HttpHandler { +class RestoreTabletAction : public HttpHandlerWithAuth { public: - RestoreTabletAction(ExecEnv* exec_env); + RestoreTabletAction(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type); - virtual ~RestoreTabletAction() {} + ~RestoreTabletAction() override = default; void handle(HttpRequest* req) override; diff --git a/be/src/http/action/snapshot_action.cpp b/be/src/http/action/snapshot_action.cpp index 19e603fa34..c705d3c9ba 100644 --- a/be/src/http/action/snapshot_action.cpp +++ b/be/src/http/action/snapshot_action.cpp @@ -36,7 +36,9 @@ namespace doris { const std::string TABLET_ID = "tablet_id"; const std::string SCHEMA_HASH = "schema_hash"; -SnapshotAction::SnapshotAction() {} +SnapshotAction::SnapshotAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} void SnapshotAction::handle(HttpRequest* req) { LOG(INFO) << "accept one request " << req->debug_string(); diff --git a/be/src/http/action/snapshot_action.h b/be/src/http/action/snapshot_action.h index b1b58bee10..677d04e125 100644 --- a/be/src/http/action/snapshot_action.h +++ b/be/src/http/action/snapshot_action.h @@ -20,7 +20,7 @@ #include #include -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" namespace doris { @@ -28,11 +28,12 @@ class HttpRequest; // make snapshot // be_host:be_http_port/api/snapshot?tablet_id=123&schema_hash=456 -class SnapshotAction : public HttpHandler { +class SnapshotAction : public HttpHandlerWithAuth { public: - explicit SnapshotAction(); + explicit SnapshotAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type); - virtual ~SnapshotAction() {} + ~SnapshotAction() override = default; void handle(HttpRequest* req) override; diff --git a/be/src/http/action/tablet_migration_action.cpp b/be/src/http/action/tablet_migration_action.cpp index 3f0fbed297..9720b8863d 100644 --- a/be/src/http/action/tablet_migration_action.cpp +++ b/be/src/http/action/tablet_migration_action.cpp @@ -36,10 +36,6 @@ namespace doris { const static std::string HEADER_JSON = "application/json"; -TabletMigrationAction::TabletMigrationAction() { - _init_migration_action(); -} - void TabletMigrationAction::_init_migration_action() { int32_t max_thread_num = config::max_tablet_migration_threads; int32_t min_thread_num = config::min_tablet_migration_threads; diff --git a/be/src/http/action/tablet_migration_action.h b/be/src/http/action/tablet_migration_action.h index 11933e7fc7..0401ee8fe2 100644 --- a/be/src/http/action/tablet_migration_action.h +++ b/be/src/http/action/tablet_migration_action.h @@ -28,8 +28,11 @@ #include #include "common/status.h" +#include "gutil/stringprintf.h" +#include "gutil/strings/numbers.h" #include "gutil/strings/substitute.h" -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" +#include "olap/data_dir.h" #include "olap/tablet.h" #include "util/threadpool.h" @@ -37,13 +40,24 @@ namespace doris { class DataDir; class HttpRequest; +class ExecEnv; + // Migrate a tablet from a disk to another. -class TabletMigrationAction : public HttpHandler { +class TabletMigrationAction : public HttpHandlerWithAuth { public: - TabletMigrationAction(); + TabletMigrationAction(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) { + _init_migration_action(); + } + + ~TabletMigrationAction() override = default; + void handle(HttpRequest* req) override; + void _init_migration_action(); + Status _execute_tablet_migration(TabletSharedPtr tablet, DataDir* dest_store); + Status _check_param(HttpRequest* req, int64_t& tablet_id, int32_t& schema_hash, string& dest_disk, string& goal); Status _check_migrate_request(int64_t tablet_id, int32_t schema_hash, string dest_disk, diff --git a/be/src/http/action/tablets_distribution_action.cpp b/be/src/http/action/tablets_distribution_action.cpp index 605f900b17..95ece915a0 100644 --- a/be/src/http/action/tablets_distribution_action.cpp +++ b/be/src/http/action/tablets_distribution_action.cpp @@ -42,7 +42,9 @@ namespace doris { const static std::string HEADER_JSON = "application/json"; -TabletsDistributionAction::TabletsDistributionAction() { +TabletsDistributionAction::TabletsDistributionAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) { _host = BackendOptions::get_localhost(); } diff --git a/be/src/http/action/tablets_distribution_action.h b/be/src/http/action/tablets_distribution_action.h index 0e400f9feb..b79d5f2c85 100644 --- a/be/src/http/action/tablets_distribution_action.h +++ b/be/src/http/action/tablets_distribution_action.h @@ -21,18 +21,26 @@ #include -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" #include "util/easy_json.h" namespace doris { class HttpRequest; +class ExecEnv; + // Get BE tablets distribution info from http API. -class TabletsDistributionAction : public HttpHandler { +class TabletsDistributionAction : public HttpHandlerWithAuth { public: - TabletsDistributionAction(); + TabletsDistributionAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type); + + ~TabletsDistributionAction() override = default; + void handle(HttpRequest* req) override; + EasyJson get_tablets_distribution_group_by_partition(uint64_t partition_id); + std::string host() { return _host; } private: diff --git a/be/src/http/action/tablets_info_action.cpp b/be/src/http/action/tablets_info_action.cpp index 374f7b2136..c75baee954 100644 --- a/be/src/http/action/tablets_info_action.cpp +++ b/be/src/http/action/tablets_info_action.cpp @@ -40,9 +40,9 @@ namespace doris { const static std::string HEADER_JSON = "application/json"; -TabletsInfoAction::TabletsInfoAction() { - _host = BackendOptions::get_localhost(); -} +TabletsInfoAction::TabletsInfoAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} void TabletsInfoAction::handle(HttpRequest* req) { const std::string& tablet_num_to_return = req->param("limit"); @@ -74,7 +74,7 @@ EasyJson TabletsInfoAction::get_tablets_info(string tablet_num_to_return) { tablets_info_ej["msg"] = msg; tablets_info_ej["code"] = 0; EasyJson data = tablets_info_ej.Set("data", EasyJson::kObject); - data["host"] = _host; + data["host"] = BackendOptions::get_localhost(); EasyJson tablets = data.Set("tablets", EasyJson::kArray); for (TabletInfo tablet_info : tablets_info) { EasyJson tablet = tablets.PushBack(EasyJson::kObject); @@ -84,4 +84,5 @@ EasyJson TabletsInfoAction::get_tablets_info(string tablet_num_to_return) { tablets_info_ej["count"] = tablets_info.size(); return tablets_info_ej; } + } // namespace doris diff --git a/be/src/http/action/tablets_info_action.h b/be/src/http/action/tablets_info_action.h index 22f8634faf..988ab1e4db 100644 --- a/be/src/http/action/tablets_info_action.h +++ b/be/src/http/action/tablets_info_action.h @@ -19,21 +19,23 @@ #include -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" #include "util/easy_json.h" namespace doris { class HttpRequest; -// Get BE tablets info from http API. -class TabletsInfoAction : public HttpHandler { -public: - TabletsInfoAction(); - void handle(HttpRequest* req) override; - EasyJson get_tablets_info(std::string tablet_num_to_return); - std::string host() { return _host; } +class ExecEnv; -private: - std::string _host; +// Get BE tablets info from http API. +class TabletsInfoAction : public HttpHandlerWithAuth { +public: + TabletsInfoAction(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type); + + ~TabletsInfoAction() override = default; + + void handle(HttpRequest* req) override; + + static EasyJson get_tablets_info(std::string tablet_num_to_return); }; } // namespace doris diff --git a/be/src/http/action/version_action.cpp b/be/src/http/action/version_action.cpp index 18b05ed3c4..a555dfe1d2 100644 --- a/be/src/http/action/version_action.cpp +++ b/be/src/http/action/version_action.cpp @@ -31,7 +31,9 @@ namespace doris { const static std::string HEADER_JSON = "application/json"; -VersionAction::VersionAction() {} +VersionAction::VersionAction(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} void VersionAction::handle(HttpRequest* req) { EasyJson be_version_info; diff --git a/be/src/http/action/version_action.h b/be/src/http/action/version_action.h index ed9a48ec61..e3273d5c23 100644 --- a/be/src/http/action/version_action.h +++ b/be/src/http/action/version_action.h @@ -15,25 +15,22 @@ // specific language governing permissions and limitations // under the License. -#ifndef DORIS_BE_SRC_HTTP_ACTION_VERSION_ACTION_H -#define DORIS_BE_SRC_HTTP_ACTION_VERSION_ACTION_H +#pragma once -#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" namespace doris { class HttpRequest; // Get BE version info from http API. -class VersionAction : public HttpHandler { +class VersionAction : public HttpHandlerWithAuth { public: - VersionAction(); + VersionAction(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type); ~VersionAction() override = default; void handle(HttpRequest* req) override; }; -} // end namespace doris - -#endif // DORIS_BE_SRC_HTTP_ACTION_VERSION_ACTION_H +} // end namespace doris \ No newline at end of file diff --git a/be/src/http/default_path_handlers.cpp b/be/src/http/default_path_handlers.cpp index 539268f693..b997a3466c 100644 --- a/be/src/http/default_path_handlers.cpp +++ b/be/src/http/default_path_handlers.cpp @@ -126,7 +126,6 @@ void mem_usage_handler(const WebPageHandler::ArgumentMap& args, std::stringstrea } void display_tablets_callback(const WebPageHandler::ArgumentMap& args, EasyJson* ej) { - TabletsInfoAction tablet_info_action; std::string tablet_num_to_return; WebPageHandler::ArgumentMap::const_iterator it = args.find("limit"); if (it != args.end()) { @@ -134,7 +133,7 @@ void display_tablets_callback(const WebPageHandler::ArgumentMap& args, EasyJson* } else { tablet_num_to_return = "1000"; // default } - (*ej) = tablet_info_action.get_tablets_info(tablet_num_to_return); + (*ej) = TabletsInfoAction::get_tablets_info(tablet_num_to_return); } // Registered to handle "/mem_tracker", and prints out memory tracker information. diff --git a/be/src/http/http_handler_with_auth.cpp b/be/src/http/http_handler_with_auth.cpp new file mode 100644 index 0000000000..6c69390c36 --- /dev/null +++ b/be/src/http/http_handler_with_auth.cpp @@ -0,0 +1,86 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#include "http_handler_with_auth.h" + +#include + +#include "http/http_channel.h" +#include "runtime/client_cache.h" +#include "util/thrift_rpc_helper.h" +#include "utils.h" + +namespace doris { + +class TPrivilegeType; +class TPrivilegeHier; +class ThriftRpcHelper; + +HttpHandlerWithAuth::HttpHandlerWithAuth(ExecEnv* exec_env, TPrivilegeHier::type hier, + TPrivilegeType::type type) + : _exec_env(exec_env), _hier(hier), _type(type) {} + +int HttpHandlerWithAuth::on_header(HttpRequest* req) { + TCheckAuthRequest auth_request; + TCheckAuthResult auth_result; + AuthInfo auth_info; + + if (!config::enable_http_auth) { + return 0; + } + + if (!parse_basic_auth(*req, &auth_info)) { + LOG(WARNING) << "parse basic authorization failed" + << ", request: " << req->debug_string(); + HttpChannel::send_error(req, HttpStatus::UNAUTHORIZED); + return -1; + } + + auth_request.user = auth_info.user; + auth_request.passwd = auth_info.passwd; + auth_request.__set_cluster(auth_info.cluster); + auth_request.__set_user_ip(auth_info.user_ip); + auth_request.__set_thrift_rpc_timeout_ms(config::thrift_rpc_timeout_ms); + + if (!on_privilege(*req, auth_request)) { + LOG(WARNING) << "invalid privilege, request: " << req->debug_string(); + HttpChannel::send_error(req, HttpStatus::BAD_REQUEST); + return -1; + } + +#ifndef BE_TEST + TNetworkAddress master_addr = _exec_env->master_info()->network_address; + RETURN_WITH_WARN_IF_ERROR( + ThriftRpcHelper::rpc( + master_addr.hostname, master_addr.port, + [&auth_result, &auth_request](FrontendServiceConnection& client) { + client->checkAuth(auth_result, auth_request); + }), + -1, "checkAuth failed"); +#else + CHECK(_exec_env == nullptr); +#endif + Status status(auth_result.status); + if (!status.ok()) { + LOG(WARNING) << "permission verification failed, request: " << auth_request; + HttpChannel::send_error(req, HttpStatus::FORBIDDEN); + return -1; + } + return 0; +} + +} // namespace doris diff --git a/be/src/http/http_handler_with_auth.h b/be/src/http/http_handler_with_auth.h new file mode 100644 index 0000000000..178971560c --- /dev/null +++ b/be/src/http/http_handler_with_auth.h @@ -0,0 +1,60 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#pragma once + +#include + +#include "http_handler.h" +#include "runtime/exec_env.h" + +namespace doris { + +class ExecEnv; +class HttpRequest; +class RestMonitorIface; +class TCheckAuthRequest; +class TPrivilegeCtrl; +class TPrivilegeHier; +class TPrivilegeType; + +// Handler for on http request with auth +class HttpHandlerWithAuth : public HttpHandler { +public: + HttpHandlerWithAuth(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type); + + ~HttpHandlerWithAuth() override = default; + + // return 0 if auth pass, otherwise -1. + int on_header(HttpRequest* req) override; + + // return true if fill privilege success, otherwise false. + virtual bool on_privilege(const HttpRequest& req, TCheckAuthRequest& auth_request) { + TPrivilegeCtrl priv_ctrl; + priv_ctrl.priv_hier = _hier; + auth_request.__set_priv_ctrl(priv_ctrl); + auth_request.__set_priv_type(_type); + return true; + } + +private: + ExecEnv* _exec_env; + TPrivilegeHier::type _hier; + TPrivilegeType::type _type; +}; + +} // namespace doris diff --git a/be/src/http/utils.h b/be/src/http/utils.h index dd62a9b8a9..5928039c49 100644 --- a/be/src/http/utils.h +++ b/be/src/http/utils.h @@ -19,6 +19,7 @@ #include +#include "common/utils.h" #include "http/http_request.h" namespace doris { diff --git a/be/src/service/http_service.cpp b/be/src/service/http_service.cpp index 91e2a85044..7e52f5f3cd 100644 --- a/be/src/service/http_service.cpp +++ b/be/src/service/http_service.cpp @@ -99,7 +99,8 @@ Status HttpService::start() { error_log_download_action); // Register BE version action - VersionAction* version_action = _pool.add(new VersionAction()); + VersionAction* version_action = + _pool.add(new VersionAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::NONE)); _ev_http_server->register_handler(HttpMethod::GET, "/api/be_version_info", version_action); // Register BE health action @@ -107,17 +108,19 @@ Status HttpService::start() { _ev_http_server->register_handler(HttpMethod::GET, "/api/health", health_action); // Register Tablets Info action - TabletsInfoAction* tablets_info_action = _pool.add(new TabletsInfoAction()); + TabletsInfoAction* tablets_info_action = + _pool.add(new TabletsInfoAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/tablets_json", tablets_info_action); // Register Tablets Distribution action - TabletsDistributionAction* tablets_distribution_action = - _pool.add(new TabletsDistributionAction()); + TabletsDistributionAction* tablets_distribution_action = _pool.add( + new TabletsDistributionAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/tablets_distribution", tablets_distribution_action); // Register tablet migration action - TabletMigrationAction* tablet_migration_action = _pool.add(new TabletMigrationAction()); + TabletMigrationAction* tablet_migration_action = _pool.add( + new TabletMigrationAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/tablet_migration", tablet_migration_action); @@ -129,42 +132,50 @@ Status HttpService::start() { // register metrics { - auto action = _pool.add(new MetricsAction(DorisMetrics::instance()->metric_registry())); + auto action = _pool.add(new MetricsAction(DorisMetrics::instance()->metric_registry(), _env, + TPrivilegeHier::GLOBAL, TPrivilegeType::NONE)); _ev_http_server->register_handler(HttpMethod::GET, "/metrics", action); } - MetaAction* meta_action = _pool.add(new MetaAction()); + MetaAction* meta_action = + _pool.add(new MetaAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/meta/{op}/{tablet_id}", meta_action); #ifndef BE_TEST // Register BE checksum action - ChecksumAction* checksum_action = _pool.add(new ChecksumAction()); + ChecksumAction* checksum_action = + _pool.add(new ChecksumAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/checksum", checksum_action); // Register BE reload tablet action - ReloadTabletAction* reload_tablet_action = _pool.add(new ReloadTabletAction(_env)); + ReloadTabletAction* reload_tablet_action = + _pool.add(new ReloadTabletAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/reload_tablet", reload_tablet_action); - RestoreTabletAction* restore_tablet_action = _pool.add(new RestoreTabletAction(_env)); + RestoreTabletAction* restore_tablet_action = + _pool.add(new RestoreTabletAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::POST, "/api/restore_tablet", restore_tablet_action); // Register BE snapshot action - SnapshotAction* snapshot_action = _pool.add(new SnapshotAction()); + SnapshotAction* snapshot_action = + _pool.add(new SnapshotAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/snapshot", snapshot_action); #endif // 2 compaction actions - CompactionAction* show_compaction_action = - _pool.add(new CompactionAction(CompactionActionType::SHOW_INFO)); + CompactionAction* show_compaction_action = _pool.add(new CompactionAction( + CompactionActionType::SHOW_INFO, _env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/compaction/show", show_compaction_action); CompactionAction* run_compaction_action = - _pool.add(new CompactionAction(CompactionActionType::RUN_COMPACTION)); + _pool.add(new CompactionAction(CompactionActionType::RUN_COMPACTION, _env, + TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::POST, "/api/compaction/run", run_compaction_action); CompactionAction* run_status_compaction_action = - _pool.add(new CompactionAction(CompactionActionType::RUN_COMPACTION_STATUS)); + _pool.add(new CompactionAction(CompactionActionType::RUN_COMPACTION_STATUS, _env, + TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/compaction/run_status", run_status_compaction_action); @@ -176,21 +187,24 @@ Status HttpService::start() { _ev_http_server->register_handler(HttpMethod::GET, "/api/show_config", show_config_action); // 3 check action - CheckRPCChannelAction* check_rpc_channel_action = _pool.add(new CheckRPCChannelAction(_env)); + CheckRPCChannelAction* check_rpc_channel_action = _pool.add( + new CheckRPCChannelAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/check_rpc_channel/{ip}/{port}/{payload_size}", check_rpc_channel_action); - ResetRPCChannelAction* reset_rpc_channel_action = _pool.add(new ResetRPCChannelAction(_env)); + ResetRPCChannelAction* reset_rpc_channel_action = _pool.add( + new ResetRPCChannelAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::GET, "/api/reset_rpc_channel/{endpoints}", reset_rpc_channel_action); - CheckTabletSegmentAction* check_tablet_segment_action = - _pool.add(new CheckTabletSegmentAction()); + CheckTabletSegmentAction* check_tablet_segment_action = _pool.add( + new CheckTabletSegmentAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::POST, "/api/check_tablet_segment_lost", check_tablet_segment_action); - PadRowsetAction* pad_rowset_action = _pool.add(new PadRowsetAction()); + PadRowsetAction* pad_rowset_action = + _pool.add(new PadRowsetAction(_env, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN)); _ev_http_server->register_handler(HttpMethod::POST, "api/pad_rowset", pad_rowset_action); _ev_http_server->start(); diff --git a/be/test/CMakeLists.txt b/be/test/CMakeLists.txt index 50cc5ad6c4..051db1a8ef 100644 --- a/be/test/CMakeLists.txt +++ b/be/test/CMakeLists.txt @@ -62,6 +62,7 @@ set(HTTP_TEST_FILES http/message_body_sink_test.cpp http/http_utils_test.cpp http/http_client_test.cpp + http/http_auth_test.cpp # TODO this will overide HttpChannel and make other test failed # http/metrics_action_test.cpp ) diff --git a/be/test/http/http_auth_test.cpp b/be/test/http/http_auth_test.cpp new file mode 100644 index 0000000000..d303a0de11 --- /dev/null +++ b/be/test/http/http_auth_test.cpp @@ -0,0 +1,91 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#include + +#include "common/config.h" +#include "http/ev_http_server.h" +#include "http/http_channel.h" +#include "http/http_handler.h" +#include "http/http_handler_with_auth.h" +#include "http/http_headers.h" +#include "http/http_request.h" +#include "http/utils.h" + +namespace doris { + +class HttpAuthTestHandler : public HttpHandlerWithAuth { +public: + HttpAuthTestHandler(ExecEnv* exec_env, TPrivilegeHier::type hier, TPrivilegeType::type type) + : HttpHandlerWithAuth(exec_env, hier, type) {} + + ~HttpAuthTestHandler() override = default; + + void handle(HttpRequest* req) override {} + +private: + bool on_privilege(const HttpRequest& req, TCheckAuthRequest& auth_request) override { + return !req.param("table").empty(); + }; +}; + +static HttpAuthTestHandler s_auth_handler = + HttpAuthTestHandler(nullptr, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN); + +class HttpAuthTest : public testing::Test {}; + +TEST_F(HttpAuthTest, disable_auth) { + EXPECT_FALSE(config::enable_http_auth); + + auto evhttp_req = evhttp_request_new(nullptr, nullptr); + HttpRequest req(evhttp_req); + EXPECT_EQ(s_auth_handler.on_header(&req), 0); + evhttp_request_free(evhttp_req); +} + +TEST_F(HttpAuthTest, enable_http_auth) { + config::enable_http_auth = true; + + // 1. empty auth info + { + auto evhttp_req = evhttp_request_new(nullptr, nullptr); + HttpRequest req1(evhttp_req); + EXPECT_EQ(s_auth_handler.on_header(&req1), -1); + } + + // 2. empty param + { + auto evhttp_req = evhttp_request_new(nullptr, nullptr); + HttpRequest req2(evhttp_req); + auto auth = encode_basic_auth("doris", "passwd"); + req2._headers.emplace(HttpHeaders::AUTHORIZATION, auth); + EXPECT_EQ(s_auth_handler.on_header(&req2), -1); + } + + // 3. OK + { + auto evhttp_req = evhttp_request_new(nullptr, nullptr); + HttpRequest req3(evhttp_req); + auto auth = encode_basic_auth("doris", "passwd"); + req3._headers.emplace(HttpHeaders::AUTHORIZATION, auth); + req3._params.emplace("table", "T"); + EXPECT_EQ(s_auth_handler.on_header(&req3), 0); + evhttp_request_free(evhttp_req); + } +} + +} // namespace doris diff --git a/be/test/olap/tablet_test.cpp b/be/test/olap/tablet_test.cpp index 7f02295209..05480a50f7 100644 --- a/be/test/olap/tablet_test.cpp +++ b/be/test/olap/tablet_test.cpp @@ -41,8 +41,6 @@ using namespace std; namespace doris { -using namespace ErrorCode; - using RowsetMetaSharedContainerPtr = std::shared_ptr>; static StorageEngine* k_engine = nullptr; @@ -275,7 +273,7 @@ TEST_F(TestTablet, pad_rowset) { ASSERT_FALSE(_tablet->capture_rs_readers(version, &readers).ok()); readers.clear(); - PadRowsetAction action; + PadRowsetAction action(nullptr, TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN); action._pad_rowset(_tablet, version); ASSERT_TRUE(_tablet->capture_rs_readers(version, &readers).ok()); } @@ -418,23 +416,31 @@ TEST_F(TestTablet, rowset_tree_update) { RowLocation loc; // Key not in range. - ASSERT_TRUE(tablet->lookup_row_key("99", true, &rowset_ids, &loc, 7).is()); + ASSERT_TRUE( + tablet->lookup_row_key("99", true, &rowset_ids, &loc, 7).is()); // Version too low. - ASSERT_TRUE(tablet->lookup_row_key("101", true, &rowset_ids, &loc, 3).is()); + ASSERT_TRUE( + tablet->lookup_row_key("101", true, &rowset_ids, &loc, 3).is()); // Hit a segment, but since we don't have real data, return an internal error when loading the // segment. LOG(INFO) << tablet->lookup_row_key("101", true, &rowset_ids, &loc, 7).to_string(); - ASSERT_TRUE(tablet->lookup_row_key("101", true, &rowset_ids, &loc, 7).is()); + ASSERT_TRUE( + tablet->lookup_row_key("101", true, &rowset_ids, &loc, 7).is()); // Key not in range. - ASSERT_TRUE(tablet->lookup_row_key("201", true, &rowset_ids, &loc, 7).is()); - ASSERT_TRUE(tablet->lookup_row_key("300", true, &rowset_ids, &loc, 7).is()); + ASSERT_TRUE( + tablet->lookup_row_key("201", true, &rowset_ids, &loc, 7).is()); + ASSERT_TRUE( + tablet->lookup_row_key("300", true, &rowset_ids, &loc, 7).is()); // Key not in range. - ASSERT_TRUE(tablet->lookup_row_key("499", true, &rowset_ids, &loc, 7).is()); + ASSERT_TRUE( + tablet->lookup_row_key("499", true, &rowset_ids, &loc, 7).is()); // Version too low. - ASSERT_TRUE(tablet->lookup_row_key("500", true, &rowset_ids, &loc, 7).is()); + ASSERT_TRUE( + tablet->lookup_row_key("500", true, &rowset_ids, &loc, 7).is()); // Hit a segment, but since we don't have real data, return an internal error when loading the // segment. - ASSERT_TRUE(tablet->lookup_row_key("500", true, &rowset_ids, &loc, 8).is()); + ASSERT_TRUE( + tablet->lookup_row_key("500", true, &rowset_ids, &loc, 8).is()); } } // namespace doris diff --git a/conf/be.conf b/conf/be.conf index 2b64219f31..2dc228dc07 100644 --- a/conf/be.conf +++ b/conf/be.conf @@ -43,6 +43,9 @@ ssl_certificate_path = "$DORIS_HOME/conf/cert.pem" # path of private key in PEM format. ssl_private_key_path = "$DORIS_HOME/conf/key.pem" +# enable auth check +enable_auth = false + # Choose one if there are more than one ip except loopback address. # Note that there should at most one ip match this list. # If no ip match this rule, will choose one randomly. diff --git a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java index e4c3c465d7..4da51345c7 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java +++ b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java @@ -1522,6 +1522,9 @@ public class FrontendServiceImpl implements FrontendService.Iface { } private PrivPredicate getPrivPredicate(TPrivilegeType privType) { + if (privType == null) { + return null; + } switch (privType) { case SHOW: return PrivPredicate.SHOW; diff --git a/gensrc/thrift/FrontendService.thrift b/gensrc/thrift/FrontendService.thrift index 5a049ef589..d2b13bbb43 100644 --- a/gensrc/thrift/FrontendService.thrift +++ b/gensrc/thrift/FrontendService.thrift @@ -800,6 +800,7 @@ struct TPrivilegeCtrl { } enum TPrivilegeType { + NONE = -1, SHOW = 0, SHOW_RESOURCES = 1, GRANT = 2,