morningman commented on code in PR #17753:
URL: https://github.com/apache/doris/pull/17753#discussion_r1177279296
##########
be/src/service/http_service.cpp:
##########
@@ -129,42 +132,51 @@ Status HttpService::start() {
// register metrics
{
- auto action = _pool.add(new
MetricsAction(DorisMetrics::instance()->metric_registry()));
+ auto action =
+ _pool.add(new
MetricsAction(DorisMetrics::instance()->metric_registry(), _env));
_ev_http_server->register_handler(HttpMethod::GET, "/metrics", action);
}
- MetaAction* meta_action = _pool.add(new MetaAction());
+ MetaAction* meta_action = _pool.add(new MetaAction(_env));
+ meta_action->auth(TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN);
_ev_http_server->register_handler(HttpMethod::GET,
"/api/meta/{op}/{tablet_id}", meta_action);
#ifndef BE_TEST
// Register BE checksum action
- ChecksumAction* checksum_action = _pool.add(new ChecksumAction());
+ ChecksumAction* checksum_action = _pool.add(new ChecksumAction(_env));
+ checksum_action->auth(TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN);
_ev_http_server->register_handler(HttpMethod::GET, "/api/checksum",
checksum_action);
// Register BE reload tablet action
ReloadTabletAction* reload_tablet_action = _pool.add(new
ReloadTabletAction(_env));
+ reload_tablet_action->auth(TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN);
_ev_http_server->register_handler(HttpMethod::GET, "/api/reload_tablet",
reload_tablet_action);
RestoreTabletAction* restore_tablet_action = _pool.add(new
RestoreTabletAction(_env));
+ restore_tablet_action->auth(TPrivilegeHier::GLOBAL, TPrivilegeType::ADMIN);
Review Comment:
I think this can be done in the constructor of each action.
##########
be/src/common/config.h:
##########
@@ -375,6 +375,8 @@ CONF_Bool(enable_https, "false");
CONF_String(ssl_certificate_path, "");
// Path of private key
CONF_String(ssl_private_key_path, "");
+// Whether to check authorization
+CONF_Bool(enable_auth, "false");
Review Comment:
```suggestion
CONF_Bool(enable_http_auth, "false");
```
##########
be/src/http/action/check_rpc_channel_action.h:
##########
@@ -17,17 +17,17 @@
#pragma once
-#include "http/http_handler.h"
+#include "http/http_handler_with_auth.h"
namespace doris {
class ExecEnv;
class HttpRequest;
-class CheckRPCChannelAction : public HttpHandler {
+class CheckRPCChannelAction : public HttpHandlerWithAuth {
Review Comment:
This will be called from FE, which may not contain auth info
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
