-
Tomasz Stepniak authored
Goal ==== - manage the accounts of the http component via the MySQL Shell - authenticate against accounts stored in the metadata-servers of InnoDB Cluster. - using the REST APIs even when communication to the metadata-servers is lost. Implementation ============== Authentication is done based on the credentials from the 'router_rest_accounts' table. Accounts and their privileges are cached on the router side at runtime. Password hashes must be in the MCF format, only caching_sha2_password passwords hashes are supported. Authorization is not supported, therefore 'privileges' field from the router_rest_accounts should be empty. Only innodb-cluster metadata schema version 2.0.0 and higher are supported. The http_auth_backend plugin is extended to support new 'metadata_cache' value for the backend field. Two new configuration options are added for the metadata_cache plugin: - auth_cache_refresh_interval - time in seconds between auth-cache refresh attempts. - auth_cache_ttl - time in seconds until the auth cache becomes invalid if not refreshed. Both auth_cache_ttl and auth_cache_refresh_interval cannot be lett than the 'ttl' configuration option value. Additionaly auth_cache_refresh_interval cannot be greater than auth_cache_ttl. RB: 23537 Reviewed by: Andrzej Religa <andrzej.religa@oracle.com> Approved by: Omar Mendez <omar.mendez@oracle.com>
Tomasz Stepniak authoredGoal ==== - manage the accounts of the http component via the MySQL Shell - authenticate against accounts stored in the metadata-servers of InnoDB Cluster. - using the REST APIs even when communication to the metadata-servers is lost. Implementation ============== Authentication is done based on the credentials from the 'router_rest_accounts' table. Accounts and their privileges are cached on the router side at runtime. Password hashes must be in the MCF format, only caching_sha2_password passwords hashes are supported. Authorization is not supported, therefore 'privileges' field from the router_rest_accounts should be empty. Only innodb-cluster metadata schema version 2.0.0 and higher are supported. The http_auth_backend plugin is extended to support new 'metadata_cache' value for the backend field. Two new configuration options are added for the metadata_cache plugin: - auth_cache_refresh_interval - time in seconds between auth-cache refresh attempts. - auth_cache_ttl - time in seconds until the auth cache becomes invalid if not refreshed. Both auth_cache_ttl and auth_cache_refresh_interval cannot be lett than the 'ttl' configuration option value. Additionaly auth_cache_refresh_interval cannot be greater than auth_cache_ttl. RB: 23537 Reviewed by: Andrzej Religa <andrzej.religa@oracle.com> Approved by: Omar Mendez <omar.mendez@oracle.com>
Loading