This is an automated email from the ASF dual-hosted git repository.
zhongjiajie pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new 6d8befa075 [fix] Add token as authentication for python gateway
(#12893)
6d8befa075 is described below
commit 6d8befa0752c1e8005651c7b57b2301c7b9606fc
Author: Jay Chung <[email protected]>
AuthorDate: Mon Nov 14 18:43:08 2022 +0800
[fix] Add token as authentication for python gateway (#12893)
separate from #6407. Authentication, add secret to ensure only trusted
people could connect to gateway.
fix: #8255
---
.../configuration/PythonGatewayConfiguration.java | 68 +++-------------------
.../dolphinscheduler/api/python/PythonGateway.java | 27 ++++-----
.../src/main/resources/application.yaml | 3 +
.../src/main/resources/application.yaml | 3 +
4 files changed, 27 insertions(+), 74 deletions(-)
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/configuration/PythonGatewayConfiguration.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/configuration/PythonGatewayConfiguration.java
index fcfa973424..a3f5f0dad7 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/configuration/PythonGatewayConfiguration.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/configuration/PythonGatewayConfiguration.java
@@ -17,13 +17,14 @@
package org.apache.dolphinscheduler.api.configuration;
+import lombok.Data;
+
import org.springframework.boot.context.properties.ConfigurationProperties;
-import
org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.stereotype.Component;
+import org.springframework.context.annotation.Configuration;
-@Component
-@EnableConfigurationProperties
-@ConfigurationProperties(value = "python-gateway", ignoreUnknownFields = false)
+@Data
+@Configuration
+@ConfigurationProperties(value = "python-gateway")
public class PythonGatewayConfiguration {
private boolean enabled;
@@ -33,60 +34,5 @@ public class PythonGatewayConfiguration {
private int pythonPort;
private int connectTimeout;
private int readTimeout;
-
- public boolean getEnabled() {
- return enabled;
- }
-
- public void setEnabled(boolean enabled) {
- this.enabled = enabled;
- }
-
- public String getGatewayServerAddress() {
- return gatewayServerAddress;
- }
-
- public void setGatewayServerAddress(String gatewayServerAddress) {
- this.gatewayServerAddress = gatewayServerAddress;
- }
-
- public int getGatewayServerPort() {
- return gatewayServerPort;
- }
-
- public void setGatewayServerPort(int gatewayServerPort) {
- this.gatewayServerPort = gatewayServerPort;
- }
-
- public String getPythonAddress() {
- return pythonAddress;
- }
-
- public void setPythonAddress(String pythonAddress) {
- this.pythonAddress = pythonAddress;
- }
-
- public int getPythonPort() {
- return pythonPort;
- }
-
- public void setPythonPort(int pythonPort) {
- this.pythonPort = pythonPort;
- }
-
- public int getConnectTimeout() {
- return connectTimeout;
- }
-
- public void setConnectTimeout(int connectTimeout) {
- this.connectTimeout = connectTimeout;
- }
-
- public int getReadTimeout() {
- return readTimeout;
- }
-
- public void setReadTimeout(int readTimeout) {
- this.readTimeout = readTimeout;
- }
+ private String authToken;
}
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java
index 95a7dde6b0..c1cd15c807 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/python/PythonGateway.java
@@ -62,8 +62,10 @@ import
org.apache.dolphinscheduler.dao.mapper.TaskDefinitionMapper;
import org.apache.dolphinscheduler.spi.enums.ResourceType;
import py4j.GatewayServer;
+import py4j.GatewayServer.GatewayServerBuilder;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
import java.io.IOException;
import java.net.InetAddress;
@@ -657,28 +659,27 @@ public class PythonGateway {
@PostConstruct
public void init() {
- if (pythonGatewayConfiguration.getEnabled()) {
+ if (pythonGatewayConfiguration.isEnabled()) {
this.start();
}
}
private void start() {
- GatewayServer server;
try {
InetAddress gatewayHost =
InetAddress.getByName(pythonGatewayConfiguration.getGatewayServerAddress());
- InetAddress pythonHost =
InetAddress.getByName(pythonGatewayConfiguration.getPythonAddress());
- server = new GatewayServer(
- this,
- pythonGatewayConfiguration.getGatewayServerPort(),
- pythonGatewayConfiguration.getPythonPort(),
- gatewayHost,
- pythonHost,
- pythonGatewayConfiguration.getConnectTimeout(),
- pythonGatewayConfiguration.getReadTimeout(),
- null);
+ GatewayServerBuilder serverBuilder = new
GatewayServer.GatewayServerBuilder()
+ .entryPoint(this)
+ .javaAddress(gatewayHost)
+
.javaPort(pythonGatewayConfiguration.getGatewayServerPort())
+
.connectTimeout(pythonGatewayConfiguration.getConnectTimeout())
+ .readTimeout(pythonGatewayConfiguration.getReadTimeout());
+ if
(!StringUtils.isEmpty(pythonGatewayConfiguration.getAuthToken())) {
+
serverBuilder.authToken(pythonGatewayConfiguration.getAuthToken());
+ }
+
GatewayServer.turnLoggingOn();
logger.info("PythonGatewayService started on: " +
gatewayHost.toString());
- server.start();
+ serverBuilder.build().start();
} catch (UnknownHostException e) {
logger.error("exception occurred while constructing
PythonGatewayService().", e);
}
diff --git a/dolphinscheduler-api/src/main/resources/application.yaml
b/dolphinscheduler-api/src/main/resources/application.yaml
index 1a4ef1cb3f..676f471d08 100644
--- a/dolphinscheduler-api/src/main/resources/application.yaml
+++ b/dolphinscheduler-api/src/main/resources/application.yaml
@@ -127,6 +127,9 @@ metrics:
python-gateway:
# Weather enable python gateway server or not. The default value is true.
enabled: true
+ # Authentication token for connection from python api to python gateway
server. Should be changed the default value
+ # when you deploy in public network.
+ auth-token: jwUDzpLsNKEFER4*a8gruBH_GsAurNxU7A@Xc
# The address of Python gateway server start. Set its value to `0.0.0.0` if
your Python API run in different
# between Python gateway server. It could be be specific to other address
like `127.0.0.1` or `localhost`
gateway-server-address: 0.0.0.0
diff --git
a/dolphinscheduler-standalone-server/src/main/resources/application.yaml
b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
index bdc079d703..fdd47afcfe 100644
--- a/dolphinscheduler-standalone-server/src/main/resources/application.yaml
+++ b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
@@ -188,6 +188,9 @@ alert:
python-gateway:
# Weather enable python gateway server or not. The default value is true.
enabled: true
+ # Authentication token for connection from python api to python gateway
server. Should be changed the default value
+ # when you deploy in public network.
+ auth-token: jwUDzpLsNKEFER4*a8gruBH_GsAurNxU7A@Xc
# The address of Python gateway server start. Set its value to `0.0.0.0` if
your Python API run in different
# between Python gateway server. It could be be specific to other address
like `127.0.0.1` or `localhost`
gateway-server-address: 0.0.0.0
