gavinchou opened a new pull request, #60761: URL: https://github.com/apache/doris/pull/60761
## Summary - Add comprehensive HTTP API authentication system distinguishing between public APIs, user APIs, and admin APIs - FE: Add `userIdentity` field to `ActionAuthorizationInfo`, add `checkAdminAuth()` helper, update 17 Actions to use the new pattern - BE: Add `TPrivilegeType::NONE` optimization to skip FE RPC for public APIs (health, metrics) - Public APIs (`/api/health`, `/metrics`) never require authentication regardless of `enable_all_http_auth` setting - Admin APIs require `ADMIN_PRIV` when `enable_all_http_auth=true` ## Test Plan - [x] FE unit tests (`HttpApiAuthTest.java`) - 5 test cases - [x] BE unit tests (`http_auth_test.cpp`) - 3 test cases - [x] Docker system tests (`test_http_api_auth.groovy`) - comprehensive coverage - [x] All tests pass with `enable_all_http_auth=true` and `enable_all_http_auth=false` ## API Classification | Type | Endpoints | Behavior | |------|-----------|----------| | Public | `/api/health`, `/metrics` | Always accessible, no auth | | User | Stream load APIs | Require LOAD privilege | | Admin | `/_set_config`, `/backends`, etc. | Require ADMIN privilege | 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
