*: cp d39b7d6 and impl mtls auth (#519)

Signed-off-by: huanghaoyuanhhy <haoyuan.huang@zilliz.com>

.github/workflows/main.yaml

@@ -441,7 +441,6 @@ jobs:
         shell: bash
         run: |
           yq -i '.log.level = "debug"' configs/backup.yaml
-          yq -i '.milvus.authorizationEnabled = true' configs/backup.yaml
           yq -i '.minio.bucketName = "milvus-bucket"' configs/backup.yaml
           yq -i '.minio.rootPath = "file"' configs/backup.yaml
           yq -i '.minio.backupPort = 9010' configs/backup.yaml

cmd/backup_yaml.go

@@ -35,14 +35,15 @@ type YAMLConFig struct {
 		} `yaml:"http"`
 	} `yaml:"log"`
 	Milvus struct {
-		Address              string `yaml:"address"`
-		Port                 int    `yaml:"port"`
-		AuthorizationEnabled bool   `yaml:"authorizationEnabled"`
-		TlsMode              int    `yaml:"tlsMode"`
-		User                 string `yaml:"user"`
-		Password             string `yaml:"password"`
-		TlsCertPath          string `yaml:"tlsCertPath"`
-		ServerName           string `yaml:"serverName"`
+		Address      string `yaml:"address"`
+		Port         int    `yaml:"port"`
+		User         string `yaml:"user"`
+		Password     string `yaml:"password"`
+		TlsMode      int    `yaml:"tlsMode"`
+		CACertPath   string `yaml:"caCertPath"`
+		ServerName   string `yaml:"serverName"`
+		mtlsCertPath string `yaml:"mtlsCertPath"`
+		mtlsKeyPath  string `yaml:"mtlsKeyPath"`
 	} `yaml:"milvus"`
 	Minio struct {
 		Address          string `yaml:"address"`
@@ -77,13 +78,13 @@ func printParams(base *paramtable.BackupParams) {
 
 	yml.Milvus.Address = base.LoadWithDefault("milvus.address", "localhost")
 	yml.Milvus.Port = base.ParseIntWithDefault("milvus.port", 19530)
-	yml.Milvus.AuthorizationEnabled = base.ParseBool("milvus.authorizationEnabled", false)
 	yml.Milvus.TlsMode = base.ParseIntWithDefault("milvus.tlsMode", 0)
 	yml.Milvus.User = base.BaseTable.LoadWithDefault("milvus.user", "")
 	yml.Milvus.Password = base.BaseTable.LoadWithDefault("milvus.password", "")
-	yml.Milvus.TlsCertPath = base.BaseTable.LoadWithDefault("milvus.tlsCertPath", "")
+	yml.Milvus.CACertPath = base.BaseTable.LoadWithDefault("milvus.tlsCertPath", "")
 	yml.Milvus.ServerName = base.BaseTable.LoadWithDefault("milvus.serverName", "localhost")
-
+	yml.Milvus.mtlsCertPath = base.BaseTable.LoadWithDefault("milvus.mtlsCertPath", "")
+	yml.Milvus.mtlsKeyPath = base.BaseTable.LoadWithDefault("milvus.mtlsKeyPath", "")
 	yml.Minio.Address = base.LoadWithDefault("minio.address", "localhost")
 	yml.Minio.Port = base.ParseIntWithDefault("minio.port", 9000)
 	yml.Minio.AccessKeyID = base.BaseTable.LoadWithDefault("minio.accessKeyID", "")

configs/backup.yaml

@@ -12,14 +12,21 @@ http:
 milvus:
   address: localhost
   port: 19530
-  authorizationEnabled: false
-  # tls mode values [0, 1, 2]
-  # 0 is close, 1 is one-way authentication, 2 is two-way authentication.
-  tlsMode: 0
   user: "root"
   password: "Milvus"
-  tlsCertPath: ""
+
+  # tls mode values [0, 1, 2]
+  # 0 is close, 1 is one-way authentication, 2 is mutual authentication
+  tlsMode: 0
+  # tls cert path for validate server, will be used when tlsMode is 1 or 2
+  caCertPath: ""
   serverName: ""
+  # mutual tls cert path, for server to validate client.
+  # Will be used when tlsMode is 2
+  # for backward compatibility, if not set, will use tlsmode 1.
+  # WARN: in future version, if user set tlsmode 2, but not set mtlsCertPath, will cause error.
+  mtlsCertPath: ""
+  mtlsKeyPath: ""
 
 # Related configuration of minio, which is responsible for data persistence for Milvus.
 minio:
@@ -43,6 +50,7 @@ minio:
   backupSecretAccessKey: minioadmin # MinIO/S3 encryption string
   backupBucketName: "a-bucket" # Bucket name to store backup data. Backup data will store to backupBucketName/backupRootPath
   backupRootPath: "backup" # Rootpath to store backup data. Backup data will store to backupBucketName/backupRootPath
+  backupUseSSL: false # Access to MinIO/S3 with SSL
 
   # If you need to back up or restore data between two different storage systems, direct client-side copying is not supported. 
   # Set this option to true to enable data transfer through Milvus Backup.

core/backup_context.go

@@ -64,39 +64,8 @@ type BackupContext struct {
 	bulkinsertWorkerPools sync.Map
 }
 
-func paramsToCfg(params *paramtable.BackupParams) (*client.Cfg, error) {
-	ep := params.MilvusCfg.Address + ":" + params.MilvusCfg.Port
-	log.Debug("Start Milvus client", zap.String("endpoint", ep))
-
-	var enableTLS bool
-	switch params.MilvusCfg.TLSMode {
-	case 0:
-		enableTLS = false
-	case 1, 2:
-		enableTLS = true
-	default:
-		log.Error("milvus.TLSMode is illegal, support value 0, 1, 2")
-		return nil, fmt.Errorf("milvus.TLSMode is illegal, support value 0, 1, 2")
-	}
-
-	cfg := &client.Cfg{
-		Host:      ep,
-		EnableTLS: enableTLS,
-		Username:  params.MilvusCfg.User,
-		Password:  params.MilvusCfg.Password,
-	}
-
-	return cfg, nil
-}
-
 func CreateGrpcClient(params *paramtable.BackupParams) (client.Grpc, error) {
-	cfg, err := paramsToCfg(params)
-	if err != nil {
-		log.Error("failed to create milvus client", zap.Error(err))
-		return nil, fmt.Errorf("failed to create milvus client: %w", err)
-	}
-
-	cli, err := client.NewGrpc(cfg)
+	cli, err := client.NewGrpc(&params.MilvusCfg)
 	if err != nil {
 		log.Error("failed to create milvus client", zap.Error(err))
 		return nil, fmt.Errorf("failed to create milvus client: %w", err)
@@ -105,13 +74,7 @@ func CreateGrpcClient(params *paramtable.BackupParams) (client.Grpc, error) {
 }
 
 func CreateRestfulClient(params *paramtable.BackupParams) (client.RestfulBulkInsert, error) {
-	cfg, err := paramsToCfg(params)
-	if err != nil {
-		log.Error("failed to create restful client", zap.Error(err))
-		return nil, fmt.Errorf("failed to create restful client: %w", err)
-	}
-
-	cli, err := client.NewRestful(cfg)
+	cli, err := client.NewRestful(&params.MilvusCfg)
 	if err != nil {
 		log.Error("failed to create restful client", zap.Error(err))
 		return nil, fmt.Errorf("failed to create restful client: %w", err)