Skip to content
This repository has been archived by the owner on Jun 23, 2022. It is now read-only.

feat(security): make enable_acl and mandatory_auth mutable #702

Merged
merged 29 commits into from
Dec 24, 2020
Merged
Show file tree
Hide file tree
Changes from 26 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions include/dsn/http/http_server.h
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,16 @@

#include <dsn/utility/errors.h>
#include <dsn/utility/flags.h>
#include <dsn/tool-api/task_code.h>

namespace dsn {

DSN_DECLARE_bool(enable_http_server);

/// The rpc code for all the HTTP RPCs.
/// Since http is used only for system monitoring, it is restricted to lowest priority.
DEFINE_TASK_CODE_RPC(RPC_HTTP_SERVICE, TASK_PRIORITY_LOW, THREAD_POOL_DEFAULT);

enum http_method
{
HTTP_METHOD_GET = 1,
Expand Down Expand Up @@ -104,4 +109,8 @@ extern void start_http_server();
// TODO(wutao): pass `svc` as a std::unique_ptr.
extern void register_http_service(http_service *svc);

inline bool is_http_message(dsn::task_code code)
{
return code == RPC_HTTP_SERVICE || code == RPC_HTTP_SERVICE_ACK;
}
} // namespace dsn
4 changes: 0 additions & 4 deletions src/http/http_server_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,4 @@ class http_server : public serverlet<http_server>

extern void http_response_reply(const http_response &resp, message_ex *req);

/// The rpc code for all the HTTP RPCs.
/// Since http is used only for system monitoring, it is restricted to lowest priority.
DEFINE_TASK_CODE_RPC(RPC_HTTP_SERVICE, TASK_PRIORITY_LOW, THREAD_POOL_DEFAULT);

} // namespace dsn
2 changes: 2 additions & 0 deletions src/runtime/security/access_controller.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
namespace dsn {
namespace security {
DSN_DEFINE_bool("security", enable_acl, false, "whether enable access controller or not");
DSN_TAG_VARIABLE(enable_acl, FT_MUTABLE);

DSN_DEFINE_string("security", super_users, "", "super user for access controller");

access_controller::access_controller() { utils::split_args(FLAGS_super_users, _super_users, ','); }
Expand Down
1 change: 1 addition & 0 deletions src/runtime/security/negotiation.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ const std::set<std::string> supported_mechanisms{"GSSAPI"};

DSN_DEFINE_bool("security", enable_auth, false, "whether open auth or not");
DSN_DEFINE_bool("security", mandatory_auth, false, "wheter to do authertication mandatorily");
DSN_TAG_VARIABLE(mandatory_auth, FT_MUTABLE);

negotiation::~negotiation() {}

Expand Down
4 changes: 3 additions & 1 deletion src/runtime/security/negotiation_manager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
#include <dsn/tool-api/zlocks.h>
#include <dsn/dist/failure_detector/fd.code.definition.h>
#include <dsn/dist/fmt_logging.h>
#include <dsn/http/http_server.h>

namespace dsn {
namespace security {
Expand All @@ -37,7 +38,8 @@ inline bool is_negotiation_message(dsn::task_code code)

inline bool in_white_list(task_code code)
{
return is_negotiation_message(code) || fd::is_failure_detector_message(code);
return is_negotiation_message(code) || fd::is_failure_detector_message(code) ||
is_http_message(code);
}

negotiation_map negotiation_manager::_negotiations;
Expand Down