[PR] [server] Add authorization to Remote Log & Tiering RPCs [fluss]

Mon, 11 May 2026 04:00:33 -0700 


vaibhavk1992 opened a new pull request, #3301:
URL: https://github.com/apache/fluss/pull/3301

   ## Summary
   - Adds CLUSTER/WRITE authorization checks for 3 remote log and tiering 
internal RPCs
   - Implements issue #3251 (part of umbrella issue #2007 - Phase 2: Internal 
RPCs)
   - Internal sessions automatically bypass authorization via 
session.isInternal()
   
   ## Changes
   
   ### Server Side
   **TabletService.java:**
   - `notifyRemoteLogOffsets` - Added CLUSTER/WRITE authorization check
   
   **CoordinatorService.java:**
   - `commitRemoteLogManifest` - Added CLUSTER/WRITE authorization check
   - `lakeTieringHeartbeat` - Added CLUSTER/WRITE authorization check
   
   ### Test Coverage
   **FlussAuthorizationITCase.java:**
   - Added `testRemoteLogAndTieringAuthorization()` with comprehensive coverage:
     - Authorization denial tests (no permission) - verifies 
AuthorizationException for all 3 operations
     - Authorization success tests (with permission) - verifies operations 
succeed after CLUSTER/WRITE permission granted
     - Internal session bypass tests - verifies internal server calls 
automatically bypass authorization
   
   ## Technical Details
   These are internal server-to-server RPCs used for remote log tiering and 
lake tiering operations:
   
   - **notifyRemoteLogOffsets**: TabletServers receive notifications about 
remote log tier offsets from CoordinatorServer
   - **commitRemoteLogManifest**: TabletServers commit remote log manifests to 
CoordinatorServer  
   - **lakeTieringHeartbeat**: Lake tiering service sends heartbeats to 
CoordinatorServer for monitoring
   
   The authorization prevents external clients from calling internal cluster 
management APIs while allowing legitimate internal operations via 
`session.isInternal()` bypass.
   
   All operations use CLUSTER/WRITE permission type because they modify 
cluster-wide tiering state, consistent with other internal cluster management 
operations.
   
   ## Test Plan
   - Compiled successfully: `mvn compile test-compile -pl 
fluss-server,fluss-client -am`
   - All authorization checks follow existing patterns from 
rebalance/ISR/snapshot operations
   - Tests verify complete authorization lifecycle: denial → grant → success
   
   Closes #3251
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to