hanahmily commented on code in PR #734: URL: https://github.com/apache/skywalking-banyandb/pull/734#discussion_r2297528202
########## banyand/liaison/pkg/auth/reloader.go: ########## @@ -0,0 +1,279 @@ +// Licensed to Apache Software Foundation (ASF) under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Apache Software Foundation (ASF) licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Package auth provides configuration management and validation logic for authentication. +package auth + +import ( + "bytes" + "crypto/sha256" + "crypto/subtle" + "fmt" + "os" + "strings" + "sync" + "time" + + "github.com/fsnotify/fsnotify" + "github.com/pkg/errors" + "sigs.k8s.io/yaml" + + "github.com/apache/skywalking-banyandb/pkg/logger" +) + +// Config AuthConfig. +type Config struct { + Users []User `yaml:"users"` + Enabled bool `yaml:"-"` + HealthAuthEnabled bool `yaml:"-"` +} + +// User details from config file. +type User struct { + Username string `yaml:"username"` + Password string `yaml:"password"` +} + +// InitCfg returns Config with default values. +func InitCfg() *Config { + return &Config{ + Enabled: false, + HealthAuthEnabled: false, + Users: []User{}, + } +} + +// loadConfig implements the reading of the authentication configuration. +func (ar *Reloader) loadConfig(filePath string) error { + if filePath == "" { + return errors.New("configFile must be provided") + } + cfg := ar.GetConfig() + originalHealthAuthEnabled := cfg.HealthAuthEnabled + info, err := os.Stat(filePath) + if err != nil { + return err + } + perm := info.Mode().Perm() + if perm != 0o600 { + return fmt.Errorf("config file %s has unsafe permissions: %o (expected 0600)", filePath, perm) + } + + data, err := os.ReadFile(filePath) + if err != nil { + return err + } + err = yaml.Unmarshal(data, cfg) + if err != nil { + return err + } + cfg.Enabled = true + cfg.HealthAuthEnabled = originalHealthAuthEnabled + return nil +} + +// Reloader manages dynamic reloading of auth config. +type Reloader struct { + debounceTimer *time.Timer + updateCh chan struct{} + configFile string + Config *Config + watcher *fsnotify.Watcher + log *logger.Logger + lastConfigHash []byte + mu sync.RWMutex +} + +// InitAuthReloader returns Reloader with default values. +func InitAuthReloader() *Reloader { + return &Reloader{ + Config: InitCfg(), + } +} + +// ConfigAuthReloader returns a Reloader instance with properties populated. +func (ar *Reloader) ConfigAuthReloader(configFile string, healthAuthEnabled bool, log *logger.Logger) error { + if configFile == "" { + return errors.New("configFile must be provided") + } + if log == nil { + return errors.New("logger must not be nil") + } + err := ar.loadConfig(configFile) + cfg := ar.GetConfig() + cfg.HealthAuthEnabled = healthAuthEnabled + if err != nil { Review Comment: move it under the creation of the err. ########## banyand/liaison/pkg/auth/reloader.go: ########## @@ -0,0 +1,279 @@ +// Licensed to Apache Software Foundation (ASF) under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Apache Software Foundation (ASF) licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Package auth provides configuration management and validation logic for authentication. +package auth + +import ( + "bytes" + "crypto/sha256" + "crypto/subtle" + "fmt" + "os" + "strings" + "sync" + "time" + + "github.com/fsnotify/fsnotify" + "github.com/pkg/errors" + "sigs.k8s.io/yaml" + + "github.com/apache/skywalking-banyandb/pkg/logger" +) + +// Config AuthConfig. +type Config struct { + Users []User `yaml:"users"` + Enabled bool `yaml:"-"` + HealthAuthEnabled bool `yaml:"-"` +} + +// User details from config file. +type User struct { + Username string `yaml:"username"` + Password string `yaml:"password"` +} + +// InitCfg returns Config with default values. +func InitCfg() *Config { + return &Config{ + Enabled: false, + HealthAuthEnabled: false, + Users: []User{}, + } +} + +// loadConfig implements the reading of the authentication configuration. +func (ar *Reloader) loadConfig(filePath string) error { + if filePath == "" { + return errors.New("configFile must be provided") + } + cfg := ar.GetConfig() + originalHealthAuthEnabled := cfg.HealthAuthEnabled + info, err := os.Stat(filePath) + if err != nil { + return err + } + perm := info.Mode().Perm() + if perm != 0o600 { + return fmt.Errorf("config file %s has unsafe permissions: %o (expected 0600)", filePath, perm) + } + + data, err := os.ReadFile(filePath) + if err != nil { + return err + } + err = yaml.Unmarshal(data, cfg) + if err != nil { + return err + } + cfg.Enabled = true + cfg.HealthAuthEnabled = originalHealthAuthEnabled + return nil +} + +// Reloader manages dynamic reloading of auth config. +type Reloader struct { + debounceTimer *time.Timer + updateCh chan struct{} + configFile string + Config *Config + watcher *fsnotify.Watcher + log *logger.Logger + lastConfigHash []byte + mu sync.RWMutex +} + +// InitAuthReloader returns Reloader with default values. +func InitAuthReloader() *Reloader { + return &Reloader{ + Config: InitCfg(), + } +} + +// ConfigAuthReloader returns a Reloader instance with properties populated. +func (ar *Reloader) ConfigAuthReloader(configFile string, healthAuthEnabled bool, log *logger.Logger) error { + if configFile == "" { + return errors.New("configFile must be provided") + } + if log == nil { + return errors.New("logger must not be nil") + } + err := ar.loadConfig(configFile) + cfg := ar.GetConfig() + cfg.HealthAuthEnabled = healthAuthEnabled Review Comment: data race: do not update the field of a object which is under a lock's protection. ########## banyand/liaison/pkg/auth/reloader.go: ########## @@ -0,0 +1,279 @@ +// Licensed to Apache Software Foundation (ASF) under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Apache Software Foundation (ASF) licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Package auth provides configuration management and validation logic for authentication. +package auth + +import ( + "bytes" + "crypto/sha256" + "crypto/subtle" + "fmt" + "os" + "strings" + "sync" + "time" + + "github.com/fsnotify/fsnotify" + "github.com/pkg/errors" + "sigs.k8s.io/yaml" + + "github.com/apache/skywalking-banyandb/pkg/logger" +) + +// Config AuthConfig. +type Config struct { + Users []User `yaml:"users"` + Enabled bool `yaml:"-"` + HealthAuthEnabled bool `yaml:"-"` +} + +// User details from config file. +type User struct { + Username string `yaml:"username"` + Password string `yaml:"password"` +} + +// InitCfg returns Config with default values. +func InitCfg() *Config { + return &Config{ + Enabled: false, + HealthAuthEnabled: false, + Users: []User{}, + } +} + +// loadConfig implements the reading of the authentication configuration. +func (ar *Reloader) loadConfig(filePath string) error { + if filePath == "" { + return errors.New("configFile must be provided") + } + cfg := ar.GetConfig() + originalHealthAuthEnabled := cfg.HealthAuthEnabled + info, err := os.Stat(filePath) + if err != nil { + return err + } + perm := info.Mode().Perm() + if perm != 0o600 { + return fmt.Errorf("config file %s has unsafe permissions: %o (expected 0600)", filePath, perm) + } + + data, err := os.ReadFile(filePath) + if err != nil { + return err + } + err = yaml.Unmarshal(data, cfg) + if err != nil { + return err + } + cfg.Enabled = true + cfg.HealthAuthEnabled = originalHealthAuthEnabled + return nil Review Comment: create a new Config to load yaml. Then copy its Users to ar.Config. ########## banyand/liaison/pkg/auth/reloader.go: ########## @@ -0,0 +1,279 @@ +// Licensed to Apache Software Foundation (ASF) under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Apache Software Foundation (ASF) licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Package auth provides configuration management and validation logic for authentication. +package auth + +import ( + "bytes" + "crypto/sha256" + "crypto/subtle" + "fmt" + "os" + "strings" + "sync" + "time" + + "github.com/fsnotify/fsnotify" + "github.com/pkg/errors" + "sigs.k8s.io/yaml" + + "github.com/apache/skywalking-banyandb/pkg/logger" +) + +// Config AuthConfig. +type Config struct { + Users []User `yaml:"users"` + Enabled bool `yaml:"-"` + HealthAuthEnabled bool `yaml:"-"` +} + +// User details from config file. +type User struct { + Username string `yaml:"username"` + Password string `yaml:"password"` +} + +// InitCfg returns Config with default values. +func InitCfg() *Config { + return &Config{ + Enabled: false, + HealthAuthEnabled: false, + Users: []User{}, + } +} + +// loadConfig implements the reading of the authentication configuration. +func (ar *Reloader) loadConfig(filePath string) error { + if filePath == "" { + return errors.New("configFile must be provided") + } + cfg := ar.GetConfig() + originalHealthAuthEnabled := cfg.HealthAuthEnabled + info, err := os.Stat(filePath) + if err != nil { + return err + } + perm := info.Mode().Perm() + if perm != 0o600 { + return fmt.Errorf("config file %s has unsafe permissions: %o (expected 0600)", filePath, perm) + } + + data, err := os.ReadFile(filePath) + if err != nil { + return err + } + err = yaml.Unmarshal(data, cfg) + if err != nil { + return err + } + cfg.Enabled = true + cfg.HealthAuthEnabled = originalHealthAuthEnabled + return nil +} + +// Reloader manages dynamic reloading of auth config. +type Reloader struct { + debounceTimer *time.Timer + updateCh chan struct{} + configFile string + Config *Config + watcher *fsnotify.Watcher + log *logger.Logger + lastConfigHash []byte + mu sync.RWMutex +} + +// InitAuthReloader returns Reloader with default values. +func InitAuthReloader() *Reloader { + return &Reloader{ + Config: InitCfg(), + } +} + +// ConfigAuthReloader returns a Reloader instance with properties populated. +func (ar *Reloader) ConfigAuthReloader(configFile string, healthAuthEnabled bool, log *logger.Logger) error { + if configFile == "" { + return errors.New("configFile must be provided") + } + if log == nil { + return errors.New("logger must not be nil") + } + err := ar.loadConfig(configFile) + cfg := ar.GetConfig() + cfg.HealthAuthEnabled = healthAuthEnabled + if err != nil { + return errors.Wrap(err, "failed to load initial auth config") Review Comment: Could be more specific about the config file path. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@skywalking.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
