THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
For older requests that need redirection, we shall create a new RPC called `Envelope` to embed the actual request. This request will be fully wrapping an older version client request, including its header, security information, actual data fields, etc. The request requires ClusterAction on CLUSTER.
Forwarding broker will blindly do the authentication first on the request. If the client request looks good, forwarding broker will redirect the incoming request, and let the controller to continue the security verification for consistency.
...
We are also going to add a new RPC type to wrap the original request during the forwarding. We will make corresponding changes to `ApiMessageTypeGenerator` class to recognize the new field `Header` and `ApiMessage` during the auto generation. The PrincipalName and PrincipalType fields are for logging purpose.
| Code Block | ||
|---|---|---|
| ||
{
"apiKey": N,
"type": "request",
"name": "EnvelopeRequest",
"validVersions": "0",
"flexibleVersions": "0+",
"fields": [
{ "name": "RequestHeader", "type": "Header", "versions": "0+",
"about": "The embedded request header." },
{ "name": "RequestData", "type": "ApiMessage", "versions": "0+",
"about": "The embedded request data."},
{ "name": "PrincipalType", "type": "string", "versions": "0+",
"about": "The embedded request principal type."},
{ "name": "PrincipalName", "type": "string", "versions": "0+",
"about": "The embedded request principal name."},
]
} |
...
The CLUSTER authorization for EnvelopeRequest takes place during the request handling, similar to LeaderAndIsrRequest. This ensures the EnvelopeRequest is not sent from a malicious client pretending to be a fellow broker. Once that part is done, we shall replace the request context with Principal information embedded inside the EnvelopeRequest to complete the inner request permission checkthe controller broker will not do a second authentication as it should already be done by the forwarding broker (consider a connecting flight, when entering the boarder of one country we always do the customs review in first hop). For inner request error, it will still be embedded inside the `ResponseData` struct defined in EnvelopeResponse below.
...