diff --git a/config/quickwit.yaml b/config/quickwit.yaml
index 7072c569fc0..1d03988b737 100644
--- a/config/quickwit.yaml
+++ b/config/quickwit.yaml
@@ -150,3 +150,9 @@ indexer:
jaeger:
enable_endpoint: ${QW_ENABLE_JAEGER_ENDPOINT:-true}
+
+license: ${QW_LICENSE}
+
+# authorization:
+# root_key: ${QW_ROOT_KEY}
+# node_token: ${QW_NODE_TOKEN}
diff --git a/quickwit/Cargo.lock b/quickwit/Cargo.lock
index 558fe3bdede..d6ffd77c6f0 100644
--- a/quickwit/Cargo.lock
+++ b/quickwit/Cargo.lock
@@ -1684,6 +1684,26 @@ version = "0.9.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
+[[package]]
+name = "const-random"
+version = "0.1.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87e00182fe74b066627d63b85fd550ac2998d4b0bd86bfed477a0ae4c7c71359"
+dependencies = [
+ "const-random-macro",
+]
+
+[[package]]
+name = "const-random-macro"
+version = "0.1.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9d839f2a20b0aee515dc581a6172f2321f96cab76c1a38a4c584a194955390e"
+dependencies = [
+ "getrandom 0.2.15",
+ "once_cell",
+ "tiny-keccak",
+]
+
[[package]]
name = "constant_time_eq"
version = "0.1.5"
@@ -2439,26 +2459,6 @@ dependencies = [
"encoding_rs",
]
-[[package]]
-name = "enum-iterator"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fd242f399be1da0a5354aa462d57b4ab2b4ee0683cc552f7c007d2d12d36e94"
-dependencies = [
- "enum-iterator-derive",
-]
-
-[[package]]
-name = "enum-iterator-derive"
-version = "1.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.86",
-]
-
[[package]]
name = "env_logger"
version = "0.10.2"
@@ -5947,6 +5947,26 @@ dependencies = [
"tracing",
]
+[[package]]
+name = "quickwit-authorize"
+version = "0.8.0"
+dependencies = [
+ "anyhow",
+ "biscuit-auth",
+ "futures",
+ "http 0.2.12",
+ "itertools 0.13.0",
+ "pin-project",
+ "quickwit-common",
+ "serde",
+ "thiserror",
+ "tokio",
+ "tokio-inherit-task-local",
+ "tonic",
+ "tower",
+ "tracing",
+]
+
[[package]]
name = "quickwit-aws"
version = "0.8.0"
@@ -5988,6 +6008,7 @@ dependencies = [
"opentelemetry-otlp",
"predicates 3.1.2",
"quickwit-actors",
+ "quickwit-authorize",
"quickwit-cluster",
"quickwit-common",
"quickwit-config",
@@ -6072,6 +6093,7 @@ dependencies = [
"mockall",
"prost 0.11.9",
"quickwit-actors",
+ "quickwit-authorize",
"quickwit-codegen",
"quickwit-common",
"quickwit-proto",
@@ -6116,6 +6138,7 @@ dependencies = [
"tempfile",
"thiserror",
"tokio",
+ "tokio-inherit-task-local",
"tokio-metrics",
"tokio-stream",
"tonic",
@@ -6132,7 +6155,6 @@ dependencies = [
"bytesize",
"chrono",
"cron",
- "enum-iterator",
"http 0.2.12",
"http-serde 1.1.3",
"humantime",
@@ -6140,6 +6162,7 @@ dependencies = [
"json_comments",
"new_string_template",
"once_cell",
+ "quickwit-authorize",
"quickwit-common",
"quickwit-doc-mapper",
"quickwit-license",
@@ -6350,6 +6373,7 @@ dependencies = [
"once_cell",
"prost 0.11.9",
"quickwit-actors",
+ "quickwit-authorize",
"quickwit-cluster",
"quickwit-codegen",
"quickwit-common",
@@ -6544,6 +6568,7 @@ dependencies = [
"mockall",
"once_cell",
"ouroboros",
+ "quickwit-authorize",
"quickwit-common",
"quickwit-config",
"quickwit-doc-mapper",
@@ -6601,6 +6626,7 @@ version = "0.8.0"
dependencies = [
"anyhow",
"async-trait",
+ "biscuit-auth",
"bytes",
"bytesize",
"bytestring",
@@ -6613,6 +6639,7 @@ dependencies = [
"prost-build",
"prost-types 0.11.9",
"quickwit-actors",
+ "quickwit-authorize",
"quickwit-codegen",
"quickwit-common",
"sea-query",
@@ -6751,6 +6778,7 @@ dependencies = [
"prost 0.11.9",
"prost-types 0.11.9",
"quickwit-actors",
+ "quickwit-authorize",
"quickwit-cluster",
"quickwit-common",
"quickwit-config",
@@ -8867,6 +8895,16 @@ dependencies = [
"windows-sys 0.52.0",
]
+[[package]]
+name = "tokio-inherit-task-local"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d42db185acdff44279cff7f8765608129ae4a01a2f955008a4f96054c75e77ac"
+dependencies = [
+ "const-random",
+ "tokio",
+]
+
[[package]]
name = "tokio-io-timeout"
version = "1.2.0"
diff --git a/quickwit/Cargo.toml b/quickwit/Cargo.toml
index b91068fe5a3..f2578232b1e 100644
--- a/quickwit/Cargo.toml
+++ b/quickwit/Cargo.toml
@@ -2,6 +2,7 @@
resolver = "2"
members = [
"quickwit-actors",
+ "quickwit-authorize",
"quickwit-aws",
"quickwit-cli",
"quickwit-cluster",
@@ -20,6 +21,7 @@ members = [
"quickwit-jaeger",
"quickwit-janitor",
"quickwit-lambda",
+ "quickwit-license",
"quickwit-macros",
"quickwit-metastore",
@@ -34,13 +36,13 @@ members = [
"quickwit-serve",
"quickwit-storage",
"quickwit-telemetry",
- "quickwit-license",
]
# The following list excludes `quickwit-metastore-utils` and `quickwit-lambda`
# from the default member to ease build/deps.
default-members = [
"quickwit-actors",
+ "quickwit-authorize",
"quickwit-aws",
"quickwit-cli",
"quickwit-cluster",
@@ -52,6 +54,7 @@ default-members = [
"quickwit-datetime",
"quickwit-directories",
"quickwit-doc-mapper",
+ "quickwit-license",
"quickwit-index-management",
"quickwit-indexing",
"quickwit-ingest",
@@ -89,7 +92,6 @@ async-trait = "0.1"
base64 = "0.22"
binggan = { version = "0.14" }
biscuit-auth = "5.0.0"
-
bytes = { version = "1", features = ["serde"] }
bytesize = { version = "1.3.0", features = ["serde"] }
bytestring = "1.3.0"
@@ -238,6 +240,7 @@ tikv-jemalloc-ctl = "0.5"
tikv-jemallocator = "0.5"
time = { version = "0.3", features = ["std", "formatting", "macros"] }
tokio = { version = "1.40", features = ["full"] }
+tokio-inherit-task-local = "0.2"
tokio-metrics = { version = "0.3.1", features = ["rt"] }
tokio-stream = { version = "0.1", features = ["sync"] }
tokio-util = { version = "0.7", features = ["full"] }
@@ -303,6 +306,7 @@ opendal = { version = "0.44", default-features = false }
reqsign = { version = "0.14", default-features = false }
quickwit-actors = { path = "quickwit-actors" }
+quickwit-authorize = { path = "quickwit-authorize" }
quickwit-aws = { path = "quickwit-aws" }
quickwit-cli = { path = "quickwit-cli" }
quickwit-cluster = { path = "quickwit-cluster" }
diff --git a/quickwit/quickwit-authorize/Cargo.toml b/quickwit/quickwit-authorize/Cargo.toml
new file mode 100644
index 00000000000..e74b105e00d
--- /dev/null
+++ b/quickwit/quickwit-authorize/Cargo.toml
@@ -0,0 +1,29 @@
+[package]
+name = "quickwit-authorize"
+version.workspace = true
+edition.workspace = true
+homepage.workspace = true
+documentation.workspace = true
+repository.workspace = true
+authors.workspace = true
+license.workspace = true
+
+[dependencies]
+anyhow = { workspace = true, optional = true }
+tower = { workspace = true}
+biscuit-auth = { workspace = true, optional=true }
+futures = { workspace = true }
+http = { workspace = true }
+itertools = { workspace = true }
+tokio-inherit-task-local = { workspace = true }
+serde = { workspace = true }
+thiserror = { workspace = true }
+tonic = { workspace = true }
+tokio = { workspace = true }
+tracing = { workspace = true }
+pin-project = { workspace = true }
+
+quickwit-common = { workspace = true }
+
+[features]
+enterprise = ["dep:biscuit-auth", "dep:anyhow"]
diff --git a/quickwit/quickwit-authorize/src/community/mod.rs b/quickwit/quickwit-authorize/src/community/mod.rs
new file mode 100644
index 00000000000..0fd7c0b85ca
--- /dev/null
+++ b/quickwit/quickwit-authorize/src/community/mod.rs
@@ -0,0 +1,85 @@
+// Copyright (C) 2024 Quickwit, Inc.
+//
+// Quickwit is offered under the AGPL v3.0 and as commercial software.
+// For commercial licensing, contact us at hello@quickwit.io.
+//
+// AGPL:
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+use std::future::Future;
+
+use crate::AuthorizationError;
+
+pub type AuthorizationToken = ();
+
+pub trait Authorization {
+ fn attenuate(
+ &self,
+ _auth_token: AuthorizationToken,
+ ) -> Result {
+ Ok(())
+ }
+}
+
+impl Authorization for T {}
+
+pub trait StreamAuthorization {
+ fn attenuate(
+ _auth_token: AuthorizationToken,
+ ) -> std::result::Result {
+ Ok(())
+ }
+}
+
+impl StreamAuthorization for T {}
+
+pub fn extract_auth_token(
+ _req_metadata: &tonic::metadata::MetadataMap,
+) -> Result {
+ Ok(())
+}
+
+pub fn set_auth_token(
+ _auth_token: &AuthorizationToken,
+ _req_metadata: &mut tonic::metadata::MetadataMap,
+) {
+}
+
+pub fn authorize(
+ _req: &R,
+ _auth_token: &AuthorizationToken,
+) -> Result<(), AuthorizationError> {
+ Ok(())
+}
+
+pub fn build_tonic_request_with_auth_token(
+ req: R,
+) -> Result, AuthorizationError> {
+ Ok(tonic::Request::new(req))
+}
+
+pub fn authorize_stream(
+ _auth_token: &AuthorizationToken,
+) -> Result<(), AuthorizationError> {
+ Ok(())
+}
+
+pub fn execute_with_authorization(_: AuthorizationToken, f: F) -> impl Future