From da856c7c8f7bb7d72394d10defdc3a7bfd3e043d Mon Sep 17 00:00:00 2001 From: Mingyu Chen Date: Wed, 29 Nov 2023 16:11:51 +0800 Subject: [PATCH 1/2] [refactor](http) disable snapshot and get_log_file api (#27724) Disable 2 http api by default: 1. BE's `/api/snapshot` 2. FE's `/get_log_file` --- be/src/common/config.cpp | 3 +++ be/src/common/config.h | 3 +++ be/src/http/action/snapshot_action.cpp | 4 ++++ .../src/main/java/org/apache/doris/common/Config.java | 4 ++++ .../java/org/apache/doris/httpv2/rest/GetLogFileAction.java | 3 +++ 5 files changed, 17 insertions(+) diff --git a/be/src/common/config.cpp b/be/src/common/config.cpp index c6ff22c626478e..7f16f60a9b0b13 100644 --- a/be/src/common/config.cpp +++ b/be/src/common/config.cpp @@ -1103,6 +1103,9 @@ DEFINE_Int32(ingest_binlog_work_pool_size, "-1"); // Download binlog rate limit, unit is KB/s, 0 means no limit DEFINE_Int32(download_binlog_rate_limit_kbs, "0"); + +DEFINE_Bool(enable_snapshot_action, "false"); + // clang-format off #ifdef BE_TEST // test s3 diff --git a/be/src/common/config.h b/be/src/common/config.h index f621b442568ef3..602fdff53f00e0 100644 --- a/be/src/common/config.h +++ b/be/src/common/config.h @@ -1159,6 +1159,9 @@ DECLARE_Int32(ingest_binlog_work_pool_size); // Download binlog rate limit, unit is KB/s DECLARE_Int32(download_binlog_rate_limit_kbs); +// whether to enable /api/snapshot api +DECLARE_Bool(enable_snapshot_action); + #ifdef BE_TEST // test s3 DECLARE_String(test_s3_resource); diff --git a/be/src/http/action/snapshot_action.cpp b/be/src/http/action/snapshot_action.cpp index c705d3c9bac74b..c93220ac0f8cb4 100644 --- a/be/src/http/action/snapshot_action.cpp +++ b/be/src/http/action/snapshot_action.cpp @@ -41,6 +41,10 @@ SnapshotAction::SnapshotAction(ExecEnv* exec_env, TPrivilegeHier::type hier, : HttpHandlerWithAuth(exec_env, hier, type) {} void SnapshotAction::handle(HttpRequest* req) { + if (!config::enable_snapshot_action) { + HttpChannel::send_reply(req, HttpStatus::BAD_REQUEST, "feature disabled"); + return; + } LOG(INFO) << "accept one request " << req->debug_string(); // Get tablet id const std::string& tablet_id_str = req->param(TABLET_ID); diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java index 92fa8130757be3..d02ea3a8e07ea1 100644 --- a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java +++ b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java @@ -2227,4 +2227,8 @@ public class Config extends ConfigBase { "the max package size fe thrift server can receive,avoid accepting error" + "or too large package causing OOM,default 20000000(20M),set -1 for unlimited. "}) public static int fe_thrift_max_pkg_bytes = 20000000; + + @ConfField(description = {"是否开启通过http接口获取log文件的功能", + "Whether to enable the function of getting log files through http interface"}) + public static boolean enable_get_log_file_api = false; } diff --git a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/GetLogFileAction.java b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/GetLogFileAction.java index c96e19971b155b..475ee5ace1ea0d 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/GetLogFileAction.java +++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/GetLogFileAction.java @@ -55,6 +55,9 @@ public class GetLogFileAction extends RestBaseController { @RequestMapping(path = "/api/get_log_file", method = {RequestMethod.GET, RequestMethod.HEAD}) public Object execute(HttpServletRequest request, HttpServletResponse response) { + if (!Config.enable_get_log_file_api) { + return ResponseEntityBuilder.badRequest("feature disabled"); + } executeCheckPassword(request, response); checkGlobalAuth(ConnectContext.get().getCurrentUserIdentity(), PrivPredicate.ADMIN); From 5efdc6d65a302ad6359e747698999349b41dac31 Mon Sep 17 00:00:00 2001 From: morningman Date: Wed, 29 Nov 2023 18:45:13 +0800 Subject: [PATCH 2/2] 1 --- be/src/common/config.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/be/src/common/config.cpp b/be/src/common/config.cpp index 7f16f60a9b0b13..b83794795e8eb4 100644 --- a/be/src/common/config.cpp +++ b/be/src/common/config.cpp @@ -1103,7 +1103,6 @@ DEFINE_Int32(ingest_binlog_work_pool_size, "-1"); // Download binlog rate limit, unit is KB/s, 0 means no limit DEFINE_Int32(download_binlog_rate_limit_kbs, "0"); - DEFINE_Bool(enable_snapshot_action, "false"); // clang-format off