CalvinKirs opened a new pull request, #65042:
URL: https://github.com/apache/doris/pull/65042
## Proposed changes
Several manager REST APIs under `/rest/v2/manager` were missing
authentication and/or authorization. This PR closes those gaps.
### 1. Node management endpoints — missing auth + authz
`POST /rest/v2/manager/node/{action}/fe`, `/{action}/be`, `/{action}/broker`
(`operateFrontends` / `operateBackend` / `operateBroker`) could add or drop FE
/ BE / Broker nodes **without any authentication or authorization**. Any caller
able to reach the FE HTTP port could change cluster topology.
Added, consistent with the sibling `set_config/fe` and `set_config/be`
endpoints:
```java
ActionAuthorizationInfo authInfo = executeCheckPassword(request, response);
checkAdminAuth(authInfo.userIdentity);
```
### 2. `GET /rest/v2/manager/query/qerror/{id}` (`getStats`) — fully
unauthenticated
This endpoint had **neither authentication nor authorization**: its method
signature didn't even take `HttpServletRequest`/`HttpServletResponse`, so it
could not call `executeCheckPassword`, and the global `AuthInterceptor` only
covers `/rest/v1/**`. As a result it was reachable anonymously **even with
`enable_all_http_auth=true`**, leaking per-query stats-error information.
Aligned it with the `/profile` and `/trace_id` endpoints — authenticate,
then restrict non-admin users to their own queries:
```java
executeCheckPassword(request, response);
try {
checkAuthByUserAndQueryId(id);
} catch (AuthenticationException e) {
return ResponseEntityBuilder.badRequest(e.getMessage());
}
```
## Test
Added `regression-test/suites/auth_p0/test_http_node_action_auth.groovy`
(`p0,auth,nonConcurrent`):
- a non-admin user calling `ADD /fe` and `ADD /be` is rejected;
- after `grant 'admin'`, the request passes the auth check;
- an unauthenticated call to `/qerror/{id}` is rejected.
FE compiles cleanly (`build.sh --fe`).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]