[GitHub] [shardingsphere] RaigorJiang opened a new issue, #21611: Proposal to remove `AUTHORITY` configuration from global rules in `server.yaml`

[GitBox]

RaigorJiang opened a new issue, #21611:
URL: https://github.com/apache/shardingsphere/issues/21611

   Hi community,
   
   I would like to start a discussion to remove the `!AUTHORITY` rule in 
server.yaml.
   
   In fact, in Proxy, we now have two ways to configure authority rule:
   
   1. Inside global rules
   ```yaml
   mode:
      ...
   
   rules:
      - !AUTHORITY
        users:
          - root@%:root
          - sharding@:sharding
        provider:
          type: ALL_PERMITTED
      - !TRANSACTION
        ...
   ```
   
   2. Outside global rules
   ```yaml
   mode:
      xxx
   
   authority:
       users:
         - user: root@%
           password: root
         - user: sharding
           password: sharding
       privilege:
         type: ALL_PERMITTED
   
   rules:
      - !TRANSACTION
        ...
   ```
   
   After investigation, we found that the second configuration is a bit more 
powerful:
   1. It supports optional `auth` configuration, in the future it is possible 
to specify different authentication algorithms for users, just like [this 
PR](https://github.com/apache/shardingsphere/pull/20620) wants to do.
   Here is a sample:
   ```yaml
   authority:
      users:
        - user: root@%
          password: root
        - user: sharding@%
          password: sharding
          auth: # MD5, TEXT, SHA256 ...
          props: 
              ...
      privilege:
        type: ALL_PERMITTED
   ```
   
   2. `provider` type was renamed to `privilege` type, because `ALL_PERMITTED` 
is not used for authentication, but for permission verification.
   
   3. At the same time, the new configuration is more friendly to the 
sub-project [ShardingSphere on 
Cloud](https://github.com/apache/shardingsphere-on-cloud), which can simplify 
the difficulty of helm access.
   
   Therefore, I propose to remove the original authority configuration (from 
global rules) and recommend users to use the new API.
   
   By the way, it is now possible to start Proxy without authority 
configuration, and ShardingSphere has provided a built-in default user `root` 
for users to quickly experience.  (Since 
d3a91a03971edfc288c66aae265f86ed64f25bdf)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: 
notifications-unsubscr...@shardingsphere.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org