fresh-borzoni commented on code in PR #375:
URL: https://github.com/apache/fluss-rust/pull/375#discussion_r2852991779
##########
crates/fluss/src/rpc/server_connection.rs:
##########
@@ -100,7 +134,74 @@ impl RpcClient {
self.max_message_size,
self.client_id.clone(),
);
- Ok(ServerConnection::new(messenger))
+ let connection = ServerConnection::new(messenger);
+
+ if let Some(ref sasl) = self.sasl_config {
+ Self::authenticate(&connection, &sasl.username,
&sasl.password).await?;
+ }
+
+ Ok(connection)
+ }
+
+ /// Perform SASL/PLAIN authentication handshake.
+ ///
+ /// Retries on `RetriableAuthenticateException` with exponential backoff
+ /// (matching Java's unbounded retry behaviour). Non-retriable errors
+ /// (wrong password, unknown user) propagate immediately as
+ /// `Error::FlussAPIError` with the original error code.
+ async fn authenticate(
+ connection: &ServerConnection,
+ username: &str,
+ password: &str,
+ ) -> Result<(), Error> {
+ use crate::rpc::fluss_api_error::FlussError;
+ use crate::rpc::message::AuthenticateRequest;
+ use rand::Rng;
+
+ let initial_request = AuthenticateRequest::new_plain(username,
password);
+ let mut retry_count: u32 = 0;
+
+ loop {
+ let request = initial_request.clone();
+ let result = connection.request(request).await;
+
+ match result {
+ Ok(response) => {
+ // Check for server challenge (multi-round auth).
+ // PLAIN mechanism never sends a challenge, but we handle
it
+ // for protocol correctness matching Java's
handleAuthenticateResponse.
+ if let Some(challenge) = response.challenge {
+ let challenge_req =
AuthenticateRequest::from_challenge("PLAIN", challenge);
+ connection.request(challenge_req).await?;
+ }
+ return Ok(());
+ }
+ Err(Error::FlussAPIError { ref api_error })
+ if FlussError::for_code(api_error.code)
+ == FlussError::RetriableAuthenticateException =>
+ {
+ retry_count += 1;
+ // Cap the exponent like Java's ExponentialBackoff.expMax
so that
+ // jitter still produces a range at steady state instead
of being
+ // clamped to AUTH_MAX_BACKOFF_MS.
+ let exp_max = (AUTH_MAX_BACKOFF_MS /
AUTH_INITIAL_BACKOFF_MS).log2();
+ let exp = ((retry_count as f64) - 1.0).min(exp_max);
+ let term = AUTH_INITIAL_BACKOFF_MS *
AUTH_BACKOFF_MULTIPLIER.powf(exp);
+ let jitter_factor =
+ 1.0 - AUTH_JITTER + rand::rng().random::<f64>() * (2.0
* AUTH_JITTER);
Review Comment:
I just match java, cosmetic
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
