Skip to content

[Core] Add authentication token logic and related tests #58046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
edoakes merged 5 commits into from
Oct 24, 2025
Merged

[Core] Add authentication token logic and related tests #58046

edoakes merged 5 commits into from
Oct 24, 2025

Conversation

@sampan-s-nayak
Copy link
Contributor

@sampan-s-nayak sampan-s-nayak commented Oct 23, 2025
edited
Loading

Description

this pr sets up the helper classes and utils to enable token based authentication for ray core rpc calls.

Related issues

NA

Additional information

Add authentication token logic and related tests
ce73705 
Signed-off-by: sampan <sampan@anyscale.com>
@sampan-s-nayak sampan-s-nayak requested a review from a team as a code owner October 23, 2025 16:19
@cursor
Copy link

cursor bot commented Oct 23, 2025

Bug: Whitespace Handling Causes Undefined Behavior

The TrimWhitespace function relies on undefined behavior when an input string contains only whitespace. If find_last_not_of returns std::string::npos, adding 1 to it causes integer wraparound, leading to erase(0). While this happens to produce the correct empty string, the underlying logic is fragile.

Fix in Cursor Fix in Web

@cursor
Copy link

cursor bot commented Oct 23, 2025

Bug: Environment Variables Reference Invalid Memory

On Windows, _putenv is called with temporary strings, such as in set_env_var and the USERPROFILE setup. This results in environment variables pointing to invalid memory after the temporary string is destroyed.

Additional Locations (1)

Fix in Cursor Fix in Web

gemini-code-assist[bot]
gemini-code-assist bot reviewed Oct 23, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces token-based authentication for Ray Core RPCs, which is a great security enhancement. The changes include a secure AuthenticationToken class, a loader for tokens from various sources, and related configuration. The implementation is well-structured and includes comprehensive tests.

I've found a critical issue in the test suite on Windows related to environment variable handling that needs to be addressed. I've also left a few other comments for improving code style, efficiency, and robustness. Overall, this is a solid contribution.

This was referenced Oct 23, 2025
Merged
Closed
sampan added 2 commits October 23, 2025 16:25
revert unneeded changs from src/ray/rpc/tests/BUILD.bazel
c821c21 
Signed-off-by: sampan <sampan@anyscale.com>
readd dependencies
a14dc69 
Signed-off-by: sampan <sampan@anyscale.com>
@cursor
Copy link

cursor bot commented Oct 23, 2025

Bug: Whitespace Handling Bug in TrimWhitespace Function

The TrimWhitespace function incorrectly handles strings containing only whitespace. When find_last_not_of returns std::string::npos after leading whitespace is removed, adding 1 causes integer wraparound. This leads to an erase call that fails to clear the string, leaving it with whitespace instead of empty.

Fix in Cursor Fix in Web

@sampan-s-nayak sampan-s-nayak added the go add ONLY when ready to merge, run all tests label Oct 23, 2025
@ray-gardener ray-gardener bot added the core Issues that should be addressed in Ray Core label Oct 23, 2025
cursor[bot]

This comment was marked as outdated.

Sign in to view

address comments + fix build
4801ed7 
Signed-off-by: sampan <sampan@anyscale.com>
edoakes
edoakes approved these changes Oct 24, 2025
View reviewed changes
src/ray/rpc/authentication/authentication_token.h
Comment on lines +149 to +152
// Clear the moved-from object explicitly for security
// Note: 'other' is already an rvalue reference, no need to move again
other.SecureClear();
}
Copy link
Collaborator

@edoakes edoakes Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my only concern here is that this is a bit of an expensive move operation... we should keep it in mind once we run release/performance tests if there is any significant regression.

@edoakes edoakes merged commit b197fa8 into master Oct 24, 2025
6 checks passed
@edoakes edoakes deleted the token_auth_1 branch October 24, 2025 21:46
xinyuangui2 pushed a commit to xinyuangui2/ray that referenced this pull request Oct 27, 2025
@sampan-s-nayak @xinyuangui2
[Core] Add authentication token logic and related tests (ray-project#…
21eca21 
…58046)

This pr sets up the helper classes and utils to enable token based
authentication for ray core rpc calls.

---------

Signed-off-by: sampan <sampan@anyscale.com>
Co-authored-by: sampan <sampan@anyscale.com>
Signed-off-by: xgui <xgui@anyscale.com>
edoakes added a commit that referenced this pull request Oct 28, 2025
@sampan-s-nayak @edoakes
[Core] support token based authentication in c++ grpc client and serv…
38fb12b 
…er interfaces (#58047)

## Description
builds on top of #58046 and adds
support for token based authentication in all grpc services and clients
which are built on top of the grpc client server framework

## Related issues


## Additional information

---------

Signed-off-by: sampan <sampan@anyscale.com>
Signed-off-by: Edward Oakes <ed.nmi.oakes@gmail.com>
Co-authored-by: sampan <sampan@anyscale.com>
Co-authored-by: Edward Oakes <ed.nmi.oakes@gmail.com>
landscapepainter pushed a commit to landscapepainter/ray that referenced this pull request Nov 17, 2025
@sampan-s-nayak @landscapepainter
[Core] Add authentication token logic and related tests (ray-project#…
8173cc4 
…58046)

This pr sets up the helper classes and utils to enable token based
authentication for ray core rpc calls.

---------

Signed-off-by: sampan <sampan@anyscale.com>
Co-authored-by: sampan <sampan@anyscale.com>
landscapepainter pushed a commit to landscapepainter/ray that referenced this pull request Nov 17, 2025
@sampan-s-nayak @edoakes @landscapepainter
[Core] support token based authentication in c++ grpc client and serv…
cde18d0 
…er interfaces (ray-project#58047)

## Description
builds on top of ray-project#58046 and adds
support for token based authentication in all grpc services and clients
which are built on top of the grpc client server framework

## Related issues


## Additional information

---------

Signed-off-by: sampan <sampan@anyscale.com>
Signed-off-by: Edward Oakes <ed.nmi.oakes@gmail.com>
Co-authored-by: sampan <sampan@anyscale.com>
Co-authored-by: Edward Oakes <ed.nmi.oakes@gmail.com>
Aydin-ab pushed a commit to Aydin-ab/ray-aydin that referenced this pull request Nov 19, 2025
@sampan-s-nayak
[Core] Add authentication token logic and related tests (ray-project#…
776d505 
…58046)

This pr sets up the helper classes and utils to enable token based
authentication for ray core rpc calls.

---------

Signed-off-by: sampan <sampan@anyscale.com>
Co-authored-by: sampan <sampan@anyscale.com>
Signed-off-by: Aydin Abiar <aydin@anyscale.com>
Aydin-ab pushed a commit to Aydin-ab/ray-aydin that referenced this pull request Nov 19, 2025
@sampan-s-nayak @edoakes
[Core] support token based authentication in c++ grpc client and serv…
6ffa715 
…er interfaces (ray-project#58047)

## Description
builds on top of ray-project#58046 and adds
support for token based authentication in all grpc services and clients
which are built on top of the grpc client server framework

## Related issues

## Additional information

---------

Signed-off-by: sampan <sampan@anyscale.com>
Signed-off-by: Edward Oakes <ed.nmi.oakes@gmail.com>
Co-authored-by: sampan <sampan@anyscale.com>
Co-authored-by: Edward Oakes <ed.nmi.oakes@gmail.com>
Signed-off-by: Aydin Abiar <aydin@anyscale.com>
Future-Outlier pushed a commit to Future-Outlier/ray that referenced this pull request Dec 7, 2025
@sampan-s-nayak @Future-Outlier
[Core] Add authentication token logic and related tests (ray-project#…
17c2f9c 
…58046)

This pr sets up the helper classes and utils to enable token based
authentication for ray core rpc calls.

---------

Signed-off-by: sampan <sampan@anyscale.com>
Co-authored-by: sampan <sampan@anyscale.com>
Signed-off-by: Future-Outlier <eric901201@gmail.com>
Future-Outlier pushed a commit to Future-Outlier/ray that referenced this pull request Dec 7, 2025
@sampan-s-nayak @edoakes @Future-Outlier
[Core] support token based authentication in c++ grpc client and serv…
0e3bbac 
…er interfaces (ray-project#58047)

## Description
builds on top of ray-project#58046 and adds
support for token based authentication in all grpc services and clients
which are built on top of the grpc client server framework

## Related issues

## Additional information

---------

Signed-off-by: sampan <sampan@anyscale.com>
Signed-off-by: Edward Oakes <ed.nmi.oakes@gmail.com>
Co-authored-by: sampan <sampan@anyscale.com>
Co-authored-by: Edward Oakes <ed.nmi.oakes@gmail.com>
Signed-off-by: Future-Outlier <eric901201@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@edoakes edoakes edoakes approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

core Issues that should be addressed in Ray Core go add ONLY when ready to merge, run all tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sampan-s-nayak @edoakes