...
- Create credential for each milvus instance and store encrypted password in etcd. Here we use package bcrypt for encrypting the password which implements Provos and Mazières's adaptive hashing algorithm.
- SDK client sends credential with password encrypted when connecting milvus service.
- Milvus proxy component intercepts the request and verify the credential.
- Credentials are cached locally on Proxy component.
Cache Update Workflow1、Credential
- Credential apis are provided by RootCoord.
...
- Credential apis persist credentials on etcd (or other storage like mysql), and create task called CredTask for updating local caches in all proxy components.
...
- CredTask will iterate all the proxy components, and call every proxy's rpc for updating the local cache until all of them are success.
...
- Auth interceptor in proxy component will just search credential records from local cache.
Etcd model for credentials
...