feat: impl static_user_provider (#739)

* feat: add MemUserProvider and impl auth * feat: impl user_provider option in fe and standalone mode * chore: add file impl for mem provider * chore: remove mem opts * chore: minor change * chore: refac pg server to use user_provider as indicator for using pwd auth * chore: fix test * chore: extract common code * chore: add unit test * chore: rebase develop * chore: add user provider to http server * chore: minor rename * chore: change to ref when convert to anymap * chore: fix according to clippy * chore: remove clone on startcommand * chore: fix cr issue * chore: update tempdir use * chore: change TryFrom to normal func while parsing anymap * chore: minor change * chore: remove to_lowercase
2026-05-20 06:50:37 +00:00 · 2022-12-14 16:38:29 +08:00
parent 756c068166
commit fda9e80cbf
17 changed files with 482 additions and 73 deletions
--- a/src/cmd/Cargo.toml
+++ b/src/cmd/Cargo.toml
@@ -10,6 +10,7 @@ name = "greptime"
 path = "src/bin/greptime.rs"

 [dependencies]
+anymap = "1.0.0-beta.2"
 clap = { version = "3.1", features = ["derive"] }
 common-error = { path = "../common/error" }
 common-telemetry = { path = "../common/telemetry", features = [
--- a/src/cmd/src/error.rs
+++ b/src/cmd/src/error.rs
@@ -55,6 +55,12 @@ pub enum Error {

    #[snafu(display("Illegal config: {}", msg))]
    IllegalConfig { msg: String, backtrace: Backtrace },
+
+    #[snafu(display("Illegal auth config: {}", source))]
+    IllegalAuthConfig {
+        #[snafu(backtrace)]
+        source: servers::auth::Error,
+    },
 }

 pub type Result<T> = std::result::Result<T, Error>;
@@ -69,6 +75,7 @@ impl ErrorExt for Error {
                StatusCode::InvalidArguments
            }
            Error::IllegalConfig { .. } => StatusCode::InvalidArguments,
+            Error::IllegalAuthConfig { .. } => StatusCode::InvalidArguments,
        }
    }

--- a/src/cmd/src/frontend.rs
+++ b/src/cmd/src/frontend.rs
@@ -14,6 +14,7 @@

 use std::sync::Arc;

+use anymap::AnyMap;
 use clap::Parser;
 use frontend::frontend::{Frontend, FrontendOptions};
 use frontend::grpc::GrpcOptions;
@@ -23,12 +24,13 @@ use frontend::mysql::MysqlOptions;
 use frontend::opentsdb::OpentsdbOptions;
 use frontend::postgres::PostgresOptions;
 use meta_client::MetaClientOpts;
+use servers::auth::UserProviderRef;
 use servers::http::HttpOptions;
 use servers::tls::{TlsMode, TlsOption};
-use servers::Mode;
+use servers::{auth, Mode};
 use snafu::ResultExt;

-use crate::error::{self, Result};
+use crate::error::{self, IllegalAuthConfigSnafu, Result};
 use crate::toml_loader;

 #[derive(Parser)]
@@ -80,21 +82,35 @@ pub struct StartCommand {
    tls_cert_path: Option<String>,
    #[clap(long)]
    tls_key_path: Option<String>,
+    #[clap(long)]
+    user_provider: Option<String>,
 }

 impl StartCommand {
    async fn run(self) -> Result<()> {
+        let plugins = load_frontend_plugins(&self.user_provider)?;
        let opts: FrontendOptions = self.try_into()?;
        let mut frontend = Frontend::new(
            opts.clone(),
            Instance::try_new_distributed(&opts)
                .await
                .context(error::StartFrontendSnafu)?,
+            plugins,
        );
        frontend.start().await.context(error::StartFrontendSnafu)
    }
 }

+pub fn load_frontend_plugins(user_provider: &Option<String>) -> Result<AnyMap> {
+    let mut plugins = AnyMap::new();
+
+    if let Some(provider) = user_provider {
+        let provider = auth::user_provider_from_option(provider).context(IllegalAuthConfigSnafu)?;
+        plugins.insert::<UserProviderRef>(provider);
+    }
+    Ok(plugins)
+}
+
 impl TryFrom<StartCommand> for FrontendOptions {
    type Error = error::Error;

@@ -160,6 +176,8 @@ impl TryFrom<StartCommand> for FrontendOptions {
 mod tests {
    use std::time::Duration;

+    use servers::auth::{Identity, Password, UserProviderRef};
+
    use super::*;

    #[test]
@@ -176,6 +194,7 @@ mod tests {
            tls_mode: None,
            tls_cert_path: None,
            tls_key_path: None,
+            user_provider: None,
        };

        let opts: FrontendOptions = command.try_into().unwrap();
@@ -228,6 +247,7 @@ mod tests {
            tls_mode: None,
            tls_cert_path: None,
            tls_key_path: None,
+            user_provider: None,
        };

        let fe_opts = FrontendOptions::try_from(command).unwrap();
@@ -241,4 +261,34 @@ mod tests {
            fe_opts.http_options.as_ref().unwrap().timeout
        );
    }
+
+    #[tokio::test]
+    async fn test_try_from_start_command_to_anymap() {
+        let command = StartCommand {
+            http_addr: None,
+            grpc_addr: None,
+            mysql_addr: None,
+            postgres_addr: None,
+            opentsdb_addr: None,
+            influxdb_enable: None,
+            config_file: None,
+            metasrv_addr: None,
+            tls_mode: None,
+            tls_cert_path: None,
+            tls_key_path: None,
+            user_provider: Some("static_user_provider:cmd:test=test".to_string()),
+        };
+
+        let plugins = load_frontend_plugins(&command.user_provider);
+        assert!(plugins.is_ok());
+        let plugins = plugins.unwrap();
+        let provider = plugins.get::<UserProviderRef>();
+        assert!(provider.is_some());
+
+        let provider = provider.unwrap();
+        let result = provider
+            .auth(Identity::UserId("test", None), Password::PlainText("test"))
+            .await;
+        assert!(result.is_ok());
+    }
 }
--- a/src/cmd/src/standalone.rs
+++ b/src/cmd/src/standalone.rs
@@ -14,6 +14,7 @@

 use std::sync::Arc;

+use anymap::AnyMap;
 use clap::Parser;
 use common_telemetry::info;
 use datanode::datanode::{Datanode, DatanodeOptions, ObjectStoreConfig};
@@ -33,6 +34,7 @@ use servers::Mode;
 use snafu::ResultExt;

 use crate::error::{Error, IllegalConfigSnafu, Result, StartDatanodeSnafu, StartFrontendSnafu};
+use crate::frontend::load_frontend_plugins;
 use crate::toml_loader;

 #[derive(Parser)]
@@ -142,12 +144,15 @@ struct StartCommand {
    tls_cert_path: Option<String>,
    #[clap(long)]
    tls_key_path: Option<String>,
+    #[clap(long)]
+    user_provider: Option<String>,
 }

 impl StartCommand {
    async fn run(self) -> Result<()> {
        let enable_memory_catalog = self.enable_memory_catalog;
        let config_file = self.config_file.clone();
+        let plugins = load_frontend_plugins(&self.user_provider)?;
        let fe_opts = FrontendOptions::try_from(self)?;
        let dn_opts: DatanodeOptions = {
            let mut opts: StandaloneOptions = if let Some(path) = config_file {
@@ -167,7 +172,7 @@ impl StartCommand {
        let mut datanode = Datanode::new(dn_opts.clone())
            .await
            .context(StartDatanodeSnafu)?;
-        let mut frontend = build_frontend(fe_opts, datanode.get_instance()).await?;
+        let mut frontend = build_frontend(fe_opts, plugins, datanode.get_instance()).await?;

        // Start datanode instance before starting services, to avoid requests come in before internal components are started.
        datanode
@@ -184,12 +189,13 @@ impl StartCommand {
 /// Build frontend instance in standalone mode
 async fn build_frontend(
    fe_opts: FrontendOptions,
+    plugins: AnyMap,
    datanode_instance: InstanceRef,
 ) -> Result<Frontend<FeInstance>> {
    let mut frontend_instance = FeInstance::new_standalone(datanode_instance.clone());
    frontend_instance.set_catalog_manager(datanode_instance.catalog_manager().clone());
    frontend_instance.set_script_handler(datanode_instance);
-    Ok(Frontend::new(fe_opts, frontend_instance))
+    Ok(Frontend::new(fe_opts, frontend_instance, plugins))
 }

 impl TryFrom<StartCommand> for FrontendOptions {
@@ -274,6 +280,8 @@ impl TryFrom<StartCommand> for FrontendOptions {
 mod tests {
    use std::time::Duration;

+    use servers::auth::{Identity, Password, UserProviderRef};
+
    use super::*;

    #[test]
@@ -293,6 +301,7 @@ mod tests {
            tls_mode: None,
            tls_cert_path: None,
            tls_key_path: None,
+            user_provider: None,
        };

        let fe_opts = FrontendOptions::try_from(cmd).unwrap();
@@ -316,4 +325,33 @@ mod tests {
        assert_eq!(2, fe_opts.mysql_options.as_ref().unwrap().runtime_size);
        assert!(fe_opts.influxdb_options.as_ref().unwrap().enable);
    }
+
+    #[tokio::test]
+    async fn test_try_from_start_command_to_anymap() {
+        let command = StartCommand {
+            http_addr: None,
+            rpc_addr: None,
+            mysql_addr: None,
+            postgres_addr: None,
+            opentsdb_addr: None,
+            config_file: None,
+            influxdb_enable: false,
+            enable_memory_catalog: false,
+            tls_mode: None,
+            tls_cert_path: None,
+            tls_key_path: None,
+            user_provider: Some("static_user_provider:cmd:test=test".to_string()),
+        };
+
+        let plugins = load_frontend_plugins(&command.user_provider);
+        assert!(plugins.is_ok());
+        let plugins = plugins.unwrap();
+        let provider = plugins.get::<UserProviderRef>();
+        assert!(provider.is_some());
+        let provider = provider.unwrap();
+        let result = provider
+            .auth(Identity::UserId("test", None), Password::PlainText("test"))
+            .await;
+        assert!(result.is_ok());
+    }
 }