Line | Count | Source |
1 | | // Licensed to the Apache Software Foundation (ASF) under one |
2 | | // or more contributor license agreements. See the NOTICE file |
3 | | // distributed with this work for additional information |
4 | | // regarding copyright ownership. The ASF licenses this file |
5 | | // to you under the Apache License, Version 2.0 (the |
6 | | // "License"); you may not use this file except in compliance |
7 | | // with the License. You may obtain a copy of the License at |
8 | | // |
9 | | // http://www.apache.org/licenses/LICENSE-2.0 |
10 | | // |
11 | | // Unless required by applicable law or agreed to in writing, |
12 | | // software distributed under the License is distributed on an |
13 | | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
14 | | // KIND, either express or implied. See the License for the |
15 | | // specific language governing permissions and limitations |
16 | | // under the License. |
17 | | |
18 | | #pragma once |
19 | | |
20 | | #include <random> |
21 | | #include <string> |
22 | | |
23 | | #include "gen_cpp/FrontendService_types.h" |
24 | | |
25 | | namespace doris { |
26 | | |
27 | | #ifndef ARRAY_SIZE |
28 | | #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0])) |
29 | | #endif |
30 | | |
31 | | inline constexpr const char* HTTP_HEADER_CLIENT_CERT_PEM = "x-doris-client-cert-pem"; |
32 | | inline constexpr const char* HTTP_HEADER_CLIENT_CERT_SUBJECT = "x-doris-client-cert-subject"; |
33 | | inline constexpr const char* HTTP_HEADER_CLIENT_CERT_SAN = "x-doris-client-cert-san"; |
34 | | inline constexpr const char* HTTP_HEADER_CLIENT_CERT_ISSUER = "x-doris-client-cert-issuer"; |
35 | | inline constexpr const char* HTTP_HEADER_CLIENT_CERT_CIPHER = "x-doris-client-cert-cipher"; |
36 | | inline constexpr const char* HTTP_HEADER_CLIENT_CERT_NOT_BEFORE = "x-doris-client-cert-not-before"; |
37 | | inline constexpr const char* HTTP_HEADER_CLIENT_CERT_NOT_AFTER = "x-doris-client-cert-not-after"; |
38 | | |
39 | | struct AuthInfo { |
40 | | std::string user; |
41 | | std::string passwd; |
42 | | std::string cluster; |
43 | | std::string user_ip; |
44 | | // -1 as unset |
45 | | int64_t auth_code = -1; // deprecated |
46 | | std::string token; |
47 | | |
48 | | std::string cert_pem; |
49 | | std::string cert_subject; |
50 | | std::string cert_san; |
51 | | std::string cert_issuer; |
52 | | std::string cert_cipher; |
53 | | std::string cert_validity_not_before; |
54 | | std::string cert_validity_not_after; |
55 | | |
56 | 5.92k | bool has_cert_info() const { return !cert_san.empty() || !cert_subject.empty(); } |
57 | | }; |
58 | | |
59 | | template <class T> |
60 | 5.92k | void set_request_auth(T* req, const AuthInfo& auth) { |
61 | 5.92k | req->user = auth.user; // always set user, because it may be used by FE |
62 | | // auth code is deprecated and should be removed in 3.1 |
63 | 5.92k | if (auth.auth_code != -1) { |
64 | | // if auth_code is set, no need to set other info |
65 | 81 | req->__set_auth_code(auth.auth_code); |
66 | | // user name and passwd is unused, but they are required field. |
67 | | // so they have to be set. |
68 | 81 | req->passwd = ""; |
69 | 5.84k | } else if (auth.token != "") { |
70 | 378 | req->__isset.token = true; |
71 | 378 | req->token = auth.token; |
72 | 5.46k | } else { |
73 | 5.46k | req->passwd = auth.passwd; |
74 | 5.46k | if (!auth.cluster.empty()) { |
75 | 3 | req->__set_cluster(auth.cluster); |
76 | 3 | } |
77 | 5.46k | req->__set_user_ip(auth.user_ip); |
78 | 5.46k | } |
79 | | |
80 | | if constexpr (requires(T req_obj, TCertBasedAuth cert_auth_obj) { |
81 | | req_obj.__set_cert_based_auth(cert_auth_obj); |
82 | 5.92k | }) { |
83 | 5.92k | if (auth.has_cert_info()) { |
84 | 0 | TCertBasedAuth cert_auth; |
85 | 0 | cert_auth.__set_cert_pem(auth.cert_pem); |
86 | 0 | cert_auth.__set_subject(auth.cert_subject); |
87 | 0 | cert_auth.__set_san(auth.cert_san); |
88 | 0 | cert_auth.__set_issuer(auth.cert_issuer); |
89 | 0 | cert_auth.__set_cipher(auth.cert_cipher); |
90 | 0 | cert_auth.__set_validity_not_before(auth.cert_validity_not_before); |
91 | 0 | cert_auth.__set_validity_not_after(auth.cert_validity_not_after); |
92 | 0 | req->__set_cert_based_auth(cert_auth); |
93 | 0 | } |
94 | 5.92k | } |
95 | 5.92k | } _ZN5doris16set_request_authINS_21TStreamLoadPutRequestEEEvPT_RKNS_8AuthInfoE Line | Count | Source | 60 | 2.15k | void set_request_auth(T* req, const AuthInfo& auth) { | 61 | 2.15k | req->user = auth.user; // always set user, because it may be used by FE | 62 | | // auth code is deprecated and should be removed in 3.1 | 63 | 2.15k | if (auth.auth_code != -1) { | 64 | | // if auth_code is set, no need to set other info | 65 | 9 | req->__set_auth_code(auth.auth_code); | 66 | | // user name and passwd is unused, but they are required field. | 67 | | // so they have to be set. | 68 | 9 | req->passwd = ""; | 69 | 2.14k | } else if (auth.token != "") { | 70 | 115 | req->__isset.token = true; | 71 | 115 | req->token = auth.token; | 72 | 2.03k | } else { | 73 | 2.03k | req->passwd = auth.passwd; | 74 | 2.03k | if (!auth.cluster.empty()) { | 75 | 1 | req->__set_cluster(auth.cluster); | 76 | 1 | } | 77 | 2.03k | req->__set_user_ip(auth.user_ip); | 78 | 2.03k | } | 79 | | | 80 | | if constexpr (requires(T req_obj, TCertBasedAuth cert_auth_obj) { | 81 | | req_obj.__set_cert_based_auth(cert_auth_obj); | 82 | 2.15k | }) { | 83 | 2.15k | if (auth.has_cert_info()) { | 84 | 0 | TCertBasedAuth cert_auth; | 85 | 0 | cert_auth.__set_cert_pem(auth.cert_pem); | 86 | 0 | cert_auth.__set_subject(auth.cert_subject); | 87 | 0 | cert_auth.__set_san(auth.cert_san); | 88 | 0 | cert_auth.__set_issuer(auth.cert_issuer); | 89 | 0 | cert_auth.__set_cipher(auth.cert_cipher); | 90 | 0 | cert_auth.__set_validity_not_before(auth.cert_validity_not_before); | 91 | 0 | cert_auth.__set_validity_not_after(auth.cert_validity_not_after); | 92 | 0 | req->__set_cert_based_auth(cert_auth); | 93 | 0 | } | 94 | 2.15k | } | 95 | 2.15k | } |
_ZN5doris16set_request_authINS_20TLoadTxnBeginRequestEEEvPT_RKNS_8AuthInfoE Line | Count | Source | 60 | 2.01k | void set_request_auth(T* req, const AuthInfo& auth) { | 61 | 2.01k | req->user = auth.user; // always set user, because it may be used by FE | 62 | | // auth code is deprecated and should be removed in 3.1 | 63 | 2.01k | if (auth.auth_code != -1) { | 64 | | // if auth_code is set, no need to set other info | 65 | 0 | req->__set_auth_code(auth.auth_code); | 66 | | // user name and passwd is unused, but they are required field. | 67 | | // so they have to be set. | 68 | 0 | req->passwd = ""; | 69 | 2.01k | } else if (auth.token != "") { | 70 | 115 | req->__isset.token = true; | 71 | 115 | req->token = auth.token; | 72 | 1.90k | } else { | 73 | 1.90k | req->passwd = auth.passwd; | 74 | 1.90k | if (!auth.cluster.empty()) { | 75 | 1 | req->__set_cluster(auth.cluster); | 76 | 1 | } | 77 | 1.90k | req->__set_user_ip(auth.user_ip); | 78 | 1.90k | } | 79 | | | 80 | | if constexpr (requires(T req_obj, TCertBasedAuth cert_auth_obj) { | 81 | | req_obj.__set_cert_based_auth(cert_auth_obj); | 82 | 2.01k | }) { | 83 | 2.01k | if (auth.has_cert_info()) { | 84 | 0 | TCertBasedAuth cert_auth; | 85 | 0 | cert_auth.__set_cert_pem(auth.cert_pem); | 86 | 0 | cert_auth.__set_subject(auth.cert_subject); | 87 | 0 | cert_auth.__set_san(auth.cert_san); | 88 | 0 | cert_auth.__set_issuer(auth.cert_issuer); | 89 | 0 | cert_auth.__set_cipher(auth.cert_cipher); | 90 | 0 | cert_auth.__set_validity_not_before(auth.cert_validity_not_before); | 91 | 0 | cert_auth.__set_validity_not_after(auth.cert_validity_not_after); | 92 | 0 | req->__set_cert_based_auth(cert_auth); | 93 | 0 | } | 94 | 2.01k | } | 95 | 2.01k | } |
_ZN5doris16set_request_authINS_18TLoadTxn2PCRequestEEEvPT_RKNS_8AuthInfoE Line | Count | Source | 60 | 54 | void set_request_auth(T* req, const AuthInfo& auth) { | 61 | 54 | req->user = auth.user; // always set user, because it may be used by FE | 62 | | // auth code is deprecated and should be removed in 3.1 | 63 | 54 | if (auth.auth_code != -1) { | 64 | | // if auth_code is set, no need to set other info | 65 | 0 | req->__set_auth_code(auth.auth_code); | 66 | | // user name and passwd is unused, but they are required field. | 67 | | // so they have to be set. | 68 | 0 | req->passwd = ""; | 69 | 54 | } else if (auth.token != "") { | 70 | 0 | req->__isset.token = true; | 71 | 0 | req->token = auth.token; | 72 | 54 | } else { | 73 | 54 | req->passwd = auth.passwd; | 74 | 54 | if (!auth.cluster.empty()) { | 75 | 0 | req->__set_cluster(auth.cluster); | 76 | 0 | } | 77 | 54 | req->__set_user_ip(auth.user_ip); | 78 | 54 | } | 79 | | | 80 | | if constexpr (requires(T req_obj, TCertBasedAuth cert_auth_obj) { | 81 | | req_obj.__set_cert_based_auth(cert_auth_obj); | 82 | 54 | }) { | 83 | 54 | if (auth.has_cert_info()) { | 84 | 0 | TCertBasedAuth cert_auth; | 85 | 0 | cert_auth.__set_cert_pem(auth.cert_pem); | 86 | 0 | cert_auth.__set_subject(auth.cert_subject); | 87 | 0 | cert_auth.__set_san(auth.cert_san); | 88 | 0 | cert_auth.__set_issuer(auth.cert_issuer); | 89 | 0 | cert_auth.__set_cipher(auth.cert_cipher); | 90 | 0 | cert_auth.__set_validity_not_before(auth.cert_validity_not_before); | 91 | 0 | cert_auth.__set_validity_not_after(auth.cert_validity_not_after); | 92 | 0 | req->__set_cert_based_auth(cert_auth); | 93 | 0 | } | 94 | 54 | } | 95 | 54 | } |
_ZN5doris16set_request_authINS_21TLoadTxnCommitRequestEEEvPT_RKNS_8AuthInfoE Line | Count | Source | 60 | 1.69k | void set_request_auth(T* req, const AuthInfo& auth) { | 61 | 1.69k | req->user = auth.user; // always set user, because it may be used by FE | 62 | | // auth code is deprecated and should be removed in 3.1 | 63 | 1.69k | if (auth.auth_code != -1) { | 64 | | // if auth_code is set, no need to set other info | 65 | 70 | req->__set_auth_code(auth.auth_code); | 66 | | // user name and passwd is unused, but they are required field. | 67 | | // so they have to be set. | 68 | 70 | req->passwd = ""; | 69 | 1.62k | } else if (auth.token != "") { | 70 | 148 | req->__isset.token = true; | 71 | 148 | req->token = auth.token; | 72 | 1.47k | } else { | 73 | 1.47k | req->passwd = auth.passwd; | 74 | 1.47k | if (!auth.cluster.empty()) { | 75 | 1 | req->__set_cluster(auth.cluster); | 76 | 1 | } | 77 | 1.47k | req->__set_user_ip(auth.user_ip); | 78 | 1.47k | } | 79 | | | 80 | | if constexpr (requires(T req_obj, TCertBasedAuth cert_auth_obj) { | 81 | | req_obj.__set_cert_based_auth(cert_auth_obj); | 82 | 1.69k | }) { | 83 | 1.69k | if (auth.has_cert_info()) { | 84 | 0 | TCertBasedAuth cert_auth; | 85 | 0 | cert_auth.__set_cert_pem(auth.cert_pem); | 86 | 0 | cert_auth.__set_subject(auth.cert_subject); | 87 | 0 | cert_auth.__set_san(auth.cert_san); | 88 | 0 | cert_auth.__set_issuer(auth.cert_issuer); | 89 | 0 | cert_auth.__set_cipher(auth.cert_cipher); | 90 | 0 | cert_auth.__set_validity_not_before(auth.cert_validity_not_before); | 91 | 0 | cert_auth.__set_validity_not_after(auth.cert_validity_not_after); | 92 | 0 | req->__set_cert_based_auth(cert_auth); | 93 | 0 | } | 94 | 1.69k | } | 95 | 1.69k | } |
_ZN5doris16set_request_authINS_23TLoadTxnRollbackRequestEEEvPT_RKNS_8AuthInfoE Line | Count | Source | 60 | 2 | void set_request_auth(T* req, const AuthInfo& auth) { | 61 | 2 | req->user = auth.user; // always set user, because it may be used by FE | 62 | | // auth code is deprecated and should be removed in 3.1 | 63 | 2 | if (auth.auth_code != -1) { | 64 | | // if auth_code is set, no need to set other info | 65 | 2 | req->__set_auth_code(auth.auth_code); | 66 | | // user name and passwd is unused, but they are required field. | 67 | | // so they have to be set. | 68 | 2 | req->passwd = ""; | 69 | 2 | } else if (auth.token != "") { | 70 | 0 | req->__isset.token = true; | 71 | 0 | req->token = auth.token; | 72 | 0 | } else { | 73 | 0 | req->passwd = auth.passwd; | 74 | 0 | if (!auth.cluster.empty()) { | 75 | 0 | req->__set_cluster(auth.cluster); | 76 | 0 | } | 77 | 0 | req->__set_user_ip(auth.user_ip); | 78 | 0 | } | 79 | | | 80 | | if constexpr (requires(T req_obj, TCertBasedAuth cert_auth_obj) { | 81 | | req_obj.__set_cert_based_auth(cert_auth_obj); | 82 | | }) { | 83 | | if (auth.has_cert_info()) { | 84 | | TCertBasedAuth cert_auth; | 85 | | cert_auth.__set_cert_pem(auth.cert_pem); | 86 | | cert_auth.__set_subject(auth.cert_subject); | 87 | | cert_auth.__set_san(auth.cert_san); | 88 | | cert_auth.__set_issuer(auth.cert_issuer); | 89 | | cert_auth.__set_cipher(auth.cert_cipher); | 90 | | cert_auth.__set_validity_not_before(auth.cert_validity_not_before); | 91 | | cert_auth.__set_validity_not_after(auth.cert_validity_not_after); | 92 | | req->__set_cert_based_auth(cert_auth); | 93 | | } | 94 | | } | 95 | 2 | } |
|
96 | | |
97 | | // This is the threshold used to periodically release the memory occupied by the expression. |
98 | | // RELEASE_CONTEXT_COUNTER should be power of 2 |
99 | | // GCC will optimize the modulo operation to &(release_context_counter - 1) |
100 | | // _conjunct_ctxs will free local alloc after this probe calculations |
101 | | static constexpr int RELEASE_CONTEXT_COUNTER = 1 << 7; |
102 | | static_assert((RELEASE_CONTEXT_COUNTER & (RELEASE_CONTEXT_COUNTER - 1)) == 0, |
103 | | "should be power of 2"); |
104 | | |
105 | | template <typename To, typename From> |
106 | | To convert_to(From from) { |
107 | | union { |
108 | | From _from; |
109 | | To _to; |
110 | | }; |
111 | | _from = from; |
112 | | return _to; |
113 | | } |
114 | | |
115 | 0 | inline bool random_bool_slow(double probability_of_true = 0.5) { |
116 | | // Due to an unknown JNI bug, we cannot use thread_local variables here. |
117 | 0 | static std::random_device seed; |
118 | 0 | static std::mt19937 gen(seed()); |
119 | 0 | std::bernoulli_distribution d(probability_of_true); |
120 | 0 | return d(gen); |
121 | 0 | } |
122 | | } // namespace doris |