Skip to content

Commit

Permalink
[fix] Add token as authentication for python gateway (#12893)
Browse files Browse the repository at this point in the history
separate from #6407. Authentication, add secret to ensure only trusted people could connect to gateway.

fix: #8255

(cherry picked from commit 6d8befa)
  • Loading branch information
zhongjiajie committed Nov 28, 2022
1 parent 696d8ae commit 416c414
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 87 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@

package org.apache.dolphinscheduler.api.configuration;

import lombok.Data;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.stereotype.Component;
import org.springframework.context.annotation.Configuration;

@Component
@EnableConfigurationProperties
@ConfigurationProperties(value = "python-gateway", ignoreUnknownFields = false)
@Data
@Configuration
@ConfigurationProperties(value = "python-gateway")
public class PythonGatewayConfiguration {
private boolean enabled;
private String gatewayServerAddress;
Expand All @@ -32,60 +33,5 @@ public class PythonGatewayConfiguration {
private int pythonPort;
private int connectTimeout;
private int readTimeout;

public boolean getEnabled() {
return enabled;
}

public void setEnabled(boolean enabled) {
this.enabled = enabled;
}

public String getGatewayServerAddress() {
return gatewayServerAddress;
}

public void setGatewayServerAddress(String gatewayServerAddress) {
this.gatewayServerAddress = gatewayServerAddress;
}

public int getGatewayServerPort() {
return gatewayServerPort;
}

public void setGatewayServerPort(int gatewayServerPort) {
this.gatewayServerPort = gatewayServerPort;
}

public String getPythonAddress() {
return pythonAddress;
}

public void setPythonAddress(String pythonAddress) {
this.pythonAddress = pythonAddress;
}

public int getPythonPort() {
return pythonPort;
}

public void setPythonPort(int pythonPort) {
this.pythonPort = pythonPort;
}

public int getConnectTimeout() {
return connectTimeout;
}

public void setConnectTimeout(int connectTimeout) {
this.connectTimeout = connectTimeout;
}

public int getReadTimeout() {
return readTimeout;
}

public void setReadTimeout(int readTimeout) {
this.readTimeout = readTimeout;
}
private String authToken;
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,18 +17,6 @@

package org.apache.dolphinscheduler.api.python;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

import javax.annotation.PostConstruct;

import org.apache.commons.collections.CollectionUtils;
import org.apache.dolphinscheduler.api.configuration.PythonGatewayConfiguration;
import org.apache.dolphinscheduler.api.dto.EnvironmentDto;
import org.apache.dolphinscheduler.api.dto.resources.ResourceComponent;
Expand Down Expand Up @@ -72,6 +60,24 @@
import org.apache.dolphinscheduler.dao.mapper.ScheduleMapper;
import org.apache.dolphinscheduler.dao.mapper.TaskDefinitionMapper;
import org.apache.dolphinscheduler.spi.enums.ResourceType;

import py4j.GatewayServer;
import py4j.GatewayServer.GatewayServerBuilder;

import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

import javax.annotation.PostConstruct;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
Expand Down Expand Up @@ -626,29 +632,27 @@ public Integer createOrUpdateResource(

@PostConstruct
public void init() {
if (pythonGatewayConfiguration.getEnabled()) {
if (pythonGatewayConfiguration.isEnabled()) {
this.start();
}
}

private void start() {
GatewayServer server;
try {
InetAddress gatewayHost = InetAddress.getByName(pythonGatewayConfiguration.getGatewayServerAddress());
InetAddress pythonHost = InetAddress.getByName(pythonGatewayConfiguration.getPythonAddress());
server = new GatewayServer(
this,
pythonGatewayConfiguration.getGatewayServerPort(),
pythonGatewayConfiguration.getPythonPort(),
gatewayHost,
pythonHost,
pythonGatewayConfiguration.getConnectTimeout(),
pythonGatewayConfiguration.getReadTimeout(),
null
);
GatewayServerBuilder serverBuilder = new GatewayServer.GatewayServerBuilder()
.entryPoint(this)
.javaAddress(gatewayHost)
.javaPort(pythonGatewayConfiguration.getGatewayServerPort())
.connectTimeout(pythonGatewayConfiguration.getConnectTimeout())
.readTimeout(pythonGatewayConfiguration.getReadTimeout());
if (!StringUtils.isEmpty(pythonGatewayConfiguration.getAuthToken())) {
serverBuilder.authToken(pythonGatewayConfiguration.getAuthToken());
}

GatewayServer.turnLoggingOn();
logger.info("PythonGatewayService started on: " + gatewayHost.toString());
server.start();
serverBuilder.build().start();
} catch (UnknownHostException e) {
logger.error("exception occurred while constructing PythonGatewayService().", e);
}
Expand Down
3 changes: 3 additions & 0 deletions dolphinscheduler-api/src/main/resources/application.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,9 @@ metrics:
python-gateway:
# Weather enable python gateway server or not. The default value is true.
enabled: true
# Authentication token for connection from python api to python gateway server. Should be changed the default value
# when you deploy in public network.
auth-token: jwUDzpLsNKEFER4*a8gruBH_GsAurNxU7A@Xc
# The address of Python gateway server start. Set its value to `0.0.0.0` if your Python API run in different
# between Python gateway server. It could be be specific to other address like `127.0.0.1` or `localhost`
gateway-server-address: 0.0.0.0
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,9 @@ alert:
python-gateway:
# Weather enable python gateway server or not. The default value is true.
enabled: true
# Authentication token for connection from python api to python gateway server. Should be changed the default value
# when you deploy in public network.
auth-token: jwUDzpLsNKEFER4*a8gruBH_GsAurNxU7A@Xc
# The address of Python gateway server start. Set its value to `0.0.0.0` if your Python API run in different
# between Python gateway server. It could be be specific to other address like `127.0.0.1` or `localhost`
gateway-server-address: 0.0.0.0
Expand Down

0 comments on commit 416c414

Please sign in to comment.