Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BugFix] do not set basic auth header if credentials not provided #54960

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[BugFix] do not set basic auth header if credentials not provided #54960

wants to merge 1 commit into from
+9 −3

Conversation

trapped
Copy link

@trapped trapped commented Jan 10, 2025

Why I'm doing:

While the FE already has this logic, the BE would still send an empty Authorization: Basic header to ElasticSearch even if credentials were not provided; this causes a 403 even if the ES cluster has no AuthN/AuthZ settings. This change allows using StarRocks with ElasticSearch external catalogs even with Basic Auth disabled.

What I'm doing:

Adds a check for empty credentials (both username and password) in the ElasticSearch scan reader, in which case the Authorization: Basic ... header is not set.

What type of PR is this:

  • BugFix
  • Feature
  • Enhancement
  • Refactor
  • UT
  • Doc
  • Tool

Does this PR entail a change in behavior?

  • Yes, this PR will result in a change in behavior.
  • No, this PR will not result in a change in behavior.

If yes, please specify the type of change:

  • Interface/UI changes: syntax, type conversion, expression evaluation, display information
  • Parameter changes: default values, similar parameters but with different default values
  • Policy changes: use new policy to replace old one, functionality automatically enabled
  • Feature removed
  • Miscellaneous: upgrade & downgrade compatibility, etc.

Checklist:

  • I have added test cases for my bug fix or my new feature
  • This pr needs user documentation (for new or modified features or behaviors)
    • I have added documentation for my new feature or new function
  • This is a backport pr

Bugfix cherry-pick branch check:

  • I have checked the version labels which the pr will be auto-backported to the target branch
    • 3.4
    • 3.3
    • 3.2
    • 3.1
    • 3.0

@trapped
fix: do not set basic auth header if credentials not provided
831ef4b 
While the FE already has this logic, the BE would still send an empty Authorization: Basic header to ElasticSearch even if credentials were not provided; this causes a 403 even if the ES cluster has no AuthN/AuthZ settings.
This change allows using StarRocks with ElasticSearch external catalogs even with Basic Auth disabled.

Signed-off-by: Giorgio Pellero <[email protected]>
@trapped trapped requested a review from a team as a code owner January 10, 2025 12:10
@CLAassistant
Copy link

CLAassistant commented Jan 10, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@trapped trapped changed the title fix: do not set basic auth header if credentials not provided [BugFix] do not set basic auth header if credentials not provided Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@trapped trapped

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trapped @CLAassistant