From 5823fc80ef32c964b9a60348d53b8848bd6ce6dd Mon Sep 17 00:00:00 2001 From: Yang Xiufeng Date: Thu, 5 Sep 2024 00:01:09 +0800 Subject: [PATCH] feat: discovery_nodes not need auth. --- Cargo.lock | 1 + src/query/service/src/auth.rs | 2 ++ src/query/service/src/servers/http/http_services.rs | 2 +- src/query/service/src/servers/http/middleware.rs | 7 +++++++ 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index 8f09dbd5ae09..2d7f73afa8e0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3634,6 +3634,7 @@ dependencies = [ "databend-common-meta-stoerr", "databend-common-meta-types", "databend-common-proto-conv", + "enumflags2", "fastrace", "futures", "log", diff --git a/src/query/service/src/auth.rs b/src/query/service/src/auth.rs index 833db58e525f..1d8386050dc1 100644 --- a/src/query/service/src/auth.rs +++ b/src/query/service/src/auth.rs @@ -50,6 +50,7 @@ pub enum Credential { password: Option>, client_ip: Option, }, + NoNeed, } impl AuthMgr { @@ -79,6 +80,7 @@ impl AuthMgr { ) -> Result> { let user_api = UserApiProvider::instance(); match credential { + Credential::NoNeed => Ok(None), Credential::DatabendToken { token, set_user, diff --git a/src/query/service/src/servers/http/http_services.rs b/src/query/service/src/servers/http/http_services.rs index 18e5afb5dcf8..ad5df4202c65 100644 --- a/src/query/service/src/servers/http/http_services.rs +++ b/src/query/service/src/servers/http/http_services.rs @@ -142,7 +142,7 @@ impl HttpHandler { "/discovery_nodes", get(discovery_nodes).with(HTTPSessionMiddleware::create( self.kind, - EndpointKind::StartQuery, + EndpointKind::NoAuth, )), ); diff --git a/src/query/service/src/servers/http/middleware.rs b/src/query/service/src/servers/http/middleware.rs index d4624295c2b1..d5853950a1c0 100644 --- a/src/query/service/src/servers/http/middleware.rs +++ b/src/query/service/src/servers/http/middleware.rs @@ -75,6 +75,7 @@ pub enum EndpointKind { StartQuery, PollQuery, Clickhouse, + NoAuth, } const USER_AGENT: &str = "User-Agent"; @@ -133,6 +134,9 @@ fn get_credential( kind: HttpHandlerKind, endpoint_kind: EndpointKind, ) -> Result { + if matches!(endpoint_kind, EndpointKind::NoAuth) { + return Ok(Credential::NoNeed); + } let std_auth_headers: Vec<_> = req.headers().get_all(AUTHORIZATION).iter().collect(); if std_auth_headers.len() > 1 { let msg = &format!("Multiple {} headers detected", AUTHORIZATION); @@ -221,6 +225,9 @@ fn auth_by_header( "clickhouse handler should not use databend auth", )); } + EndpointKind::NoAuth => { + unreachable!() + } }; Ok(Credential::DatabendToken { token,