CalvinKirs opened a new pull request, #65042:
URL: https://github.com/apache/doris/pull/65042

   ## Proposed changes
   
   Several manager REST APIs under `/rest/v2/manager` were missing 
authentication and/or authorization. This PR closes those gaps.
   
   ### 1. Node management endpoints — missing auth + authz
   
   `POST /rest/v2/manager/node/{action}/fe`, `/{action}/be`, `/{action}/broker` 
(`operateFrontends` / `operateBackend` / `operateBroker`) could add or drop FE 
/ BE / Broker nodes **without any authentication or authorization**. Any caller 
able to reach the FE HTTP port could change cluster topology.
   
   Added, consistent with the sibling `set_config/fe` and `set_config/be` 
endpoints:
   
   ```java
   ActionAuthorizationInfo authInfo = executeCheckPassword(request, response);
   checkAdminAuth(authInfo.userIdentity);
   ```
   
   ### 2. `GET /rest/v2/manager/query/qerror/{id}` (`getStats`) — fully 
unauthenticated
   
   This endpoint had **neither authentication nor authorization**: its method 
signature didn't even take `HttpServletRequest`/`HttpServletResponse`, so it 
could not call `executeCheckPassword`, and the global `AuthInterceptor` only 
covers `/rest/v1/**`. As a result it was reachable anonymously **even with 
`enable_all_http_auth=true`**, leaking per-query stats-error information.
   
   Aligned it with the `/profile` and `/trace_id` endpoints — authenticate, 
then restrict non-admin users to their own queries:
   
   ```java
   executeCheckPassword(request, response);
   try {
       checkAuthByUserAndQueryId(id);
   } catch (AuthenticationException e) {
       return ResponseEntityBuilder.badRequest(e.getMessage());
   }
   ```
   
   ## Test
   
   Added `regression-test/suites/auth_p0/test_http_node_action_auth.groovy` 
(`p0,auth,nonConcurrent`):
   - a non-admin user calling `ADD /fe` and `ADD /be` is rejected;
   - after `grant 'admin'`, the request passes the auth check;
   - an unauthenticated call to `/qerror/{id}` is rejected.
   
   FE compiles cleanly (`build.sh --fe`).
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to