Add missing authentication for RPC calls #2007
Description
Search before asking
- I searched in the issues and found nothing similar.
Description
Currently, nearly half of the RPC calls in Fluss do not have authentication implemented, which poses a significant risk in production environments. I have listed all the RPC calls along with the current status of their authentication implementation.
In the "action" column, entries marked as "OK" indicate that authentication has been fully implemented, while those marked as "Fix" indicate that improvements are needed.
| RPC Call | Resource Type | Operation Type | IS Internal | Action |
|---|---|---|---|---|
| apiVersions | CLUSTER | DESCRIBE | F | OK |
| listDatabases | DATABASE | DESCRIBE | F | OK |
| getDatabaseInfo | DATABASE | DESCRIBE | F | OK |
| databaseExists | DATABASE | DESCRIBE | F | Fix |
| listTables | TABLE | DESCRIBE | F | OK |
| getTableInfo | TABLE | DESCRIBE | F | OK |
| getTableSchema | TABLE | DESCRIBE | F | Fix |
| tableExists | TABLE | DESCRIBE | F | Fix |
| getLatestKvSnapshots | TABLE | DESCRIBE | F | Fix |
| getKvSnapshotMetadata | TABLE | DESCRIBE | F | Fix |
| getFileSystemSecurityToken | TABLE | READ | F | #752 |
| listPartitionInfos | TABLE | DESCRIBE | F | Fix |
| getLatestLakeSnapshot | TABLE | DESCRIBE | F | Fix |
| listAcls | DESCRIBE | F | OK | |
| describeClusterConfigs | CLUSTER | DESCRIBE | F | OK |
| createDatabase | CLUSTER | CREATE | F | OK |
| dropDatabase | CLUSTER | DROP | F | OK |
| createTable | DATABASE | CREATE | F | OK |
| alterTable | TABLE | ALTER | F | OK |
| dropTable | TABLE | DROP | F | OK |
| createPartition | TABLE | WRITE | F | OK |
| dropPartition | TABLE | WRITE | F | OK |
| metadata | TABLE | DESCRIBE | F | OK |
| adjustIsr | CLUSTER | WRITE | T | Fix |
| commitKvSnapshot | CLUSTER | WRITE | T | Fix |
| commitRemoteLogManifest | CLUSTER | WRITE | T | Fix |
| createAcls | TABLE/DATABASE | ALTER | F | OK |
| dropAcls | TABLE/DATABASE | ALTER | F | OK |
| commitLakeTableSnapshot | CLUSTER | WRITE | T | Fix |
| lakeTieringHeartbeat | CLUSTER | WRITE | T | Fix |
| controlledShutdown | CLUSTER | WRITE | T | Fix |
| alterClusterConfigs | CLUSTER | ALTER | F | OK |
| produceLog | TABLE | WRITE | F | OK |
| fetchLog | TABLE | READ | Both internal and external | OK |
| putKv | TABLE | WRITE | F | OK |
| lookup | TABLE | READ | F | OK |
| prefixLookup | TABLE | READ | F | OK |
| limitScan | TABLE | READ | F | OK |
| notifyLeaderAndIsr | CLUSTER | WRITE | T | Fix |
| updateMetadata | CLUSTER | WRITE | T | Fix |
| stopReplica | CLUSTER | WRITE | T | Fix |
| listOffsets | TABLE | DESCRIBE | F | Fix |
| initWriter | TABLE | WRITE | F | OK |
| notifyRemoteLogOffsets | CLUSTER | WRITE | T | Fix |
| notifyKvSnapshotOffset | CLUSTER | WRITE | T | Fix |
| notifyLakeTableOffset | CLUSTER | WRITE | T | Fix |
Willingness to contribute
- I'm willing to submit a PR!