From 390b9c1971e0fec803e560365a7795e00969e118 Mon Sep 17 00:00:00 2001 From: Yang Xiufeng Date: Fri, 6 Sep 2024 19:36:44 +0800 Subject: [PATCH] feat: discovery_nodes not need auth. (#16392) --- src/query/service/src/auth.rs | 2 ++ src/query/service/src/servers/http/http_services.rs | 2 +- src/query/service/src/servers/http/middleware.rs | 7 +++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/query/service/src/auth.rs b/src/query/service/src/auth.rs index 833db58e525f..1d8386050dc1 100644 --- a/src/query/service/src/auth.rs +++ b/src/query/service/src/auth.rs @@ -50,6 +50,7 @@ pub enum Credential { password: Option>, client_ip: Option, }, + NoNeed, } impl AuthMgr { @@ -79,6 +80,7 @@ impl AuthMgr { ) -> Result> { let user_api = UserApiProvider::instance(); match credential { + Credential::NoNeed => Ok(None), Credential::DatabendToken { token, set_user, diff --git a/src/query/service/src/servers/http/http_services.rs b/src/query/service/src/servers/http/http_services.rs index 18e5afb5dcf8..ad5df4202c65 100644 --- a/src/query/service/src/servers/http/http_services.rs +++ b/src/query/service/src/servers/http/http_services.rs @@ -142,7 +142,7 @@ impl HttpHandler { "/discovery_nodes", get(discovery_nodes).with(HTTPSessionMiddleware::create( self.kind, - EndpointKind::StartQuery, + EndpointKind::NoAuth, )), ); diff --git a/src/query/service/src/servers/http/middleware.rs b/src/query/service/src/servers/http/middleware.rs index d4624295c2b1..d5853950a1c0 100644 --- a/src/query/service/src/servers/http/middleware.rs +++ b/src/query/service/src/servers/http/middleware.rs @@ -75,6 +75,7 @@ pub enum EndpointKind { StartQuery, PollQuery, Clickhouse, + NoAuth, } const USER_AGENT: &str = "User-Agent"; @@ -133,6 +134,9 @@ fn get_credential( kind: HttpHandlerKind, endpoint_kind: EndpointKind, ) -> Result { + if matches!(endpoint_kind, EndpointKind::NoAuth) { + return Ok(Credential::NoNeed); + } let std_auth_headers: Vec<_> = req.headers().get_all(AUTHORIZATION).iter().collect(); if std_auth_headers.len() > 1 { let msg = &format!("Multiple {} headers detected", AUTHORIZATION); @@ -221,6 +225,9 @@ fn auth_by_header( "clickhouse handler should not use databend auth", )); } + EndpointKind::NoAuth => { + unreachable!() + } }; Ok(Credential::DatabendToken { token,