From 08ba3041a80daacba238c06271bd9481fa58242b Mon Sep 17 00:00:00 2001 From: renyuhua Date: Tue, 10 May 2022 15:41:31 +0800 Subject: [PATCH 01/17] change AuthorManager --- .../manage/MetaSingleSnapshotLogManager.java | 19 +- .../log/snapshot/MetaSimpleSnapshot.java | 13 +- .../log/snapshot/MetaSimpleSnapshotTest.java | 10 +- .../persistence/AuthorInfoTest.java | 325 ++++++++++++++++++ .../iotdb/db/auth/AuthorityChecker.java | 1 - .../iotdb/db/auth}/AuthorizerManager.java | 10 +- .../db/protocol/mqtt/BrokerAuthenticator.java | 4 +- .../rest/filter/AuthorizationFilter.java | 4 +- .../iotdb/db/qp/executor/PlanExecutor.java | 2 +- .../db/query/control/SessionManager.java | 2 +- .../db/service/thrift/impl/TSServiceImpl.java | 9 +- .../iotdb/db/auth/AuthorityCheckerTest.java | 3 +- .../authorizer/LocalFileAuthorizerTest.java | 12 +- .../iotdb/db/utils/EnvironmentUtils.java | 4 +- 14 files changed, 365 insertions(+), 53 deletions(-) create mode 100644 confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java rename {node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer => server/src/main/java/org/apache/iotdb/db/auth}/AuthorizerManager.java (95%) diff --git a/cluster/src/main/java/org/apache/iotdb/cluster/log/manage/MetaSingleSnapshotLogManager.java b/cluster/src/main/java/org/apache/iotdb/cluster/log/manage/MetaSingleSnapshotLogManager.java index d9bc9e8f9fb7f..6249e4885dad1 100644 --- a/cluster/src/main/java/org/apache/iotdb/cluster/log/manage/MetaSingleSnapshotLogManager.java +++ b/cluster/src/main/java/org/apache/iotdb/cluster/log/manage/MetaSingleSnapshotLogManager.java @@ -24,12 +24,11 @@ import org.apache.iotdb.cluster.log.manage.serializable.SyncLogDequeSerializer; import org.apache.iotdb.cluster.log.snapshot.MetaSimpleSnapshot; import org.apache.iotdb.cluster.server.member.MetaGroupMember; -import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; import org.apache.iotdb.commons.auth.authorizer.IAuthorizer; import org.apache.iotdb.commons.auth.entity.Role; import org.apache.iotdb.commons.auth.entity.User; import org.apache.iotdb.commons.path.PartialPath; +import org.apache.iotdb.db.auth.AuthorizerManager; import org.apache.iotdb.db.metadata.template.Template; import org.apache.iotdb.db.metadata.template.TemplateManager; import org.apache.iotdb.db.service.IoTDB; @@ -64,16 +63,12 @@ public void takeSnapshot() throws IOException { super.takeSnapshot(); synchronized (this) { storageGroupTTLMap = IoTDB.schemaProcessor.getStorageGroupsTTL(); - try { - IAuthorizer authorizer = BasicAuthorizer.getInstance(); - userMap = authorizer.getAllUsers(); - roleMap = authorizer.getAllRoles(); - templateMap = TemplateManager.getInstance().getTemplateMap(); - commitIndex = getCommitLogIndex(); - term = getCommitLogTerm(); - } catch (AuthException e) { - logger.error("get user or role info failed", e); - } + IAuthorizer authorizer = AuthorizerManager.getInstance(); + userMap = authorizer.getAllUsers(); + roleMap = authorizer.getAllRoles(); + templateMap = TemplateManager.getInstance().getTemplateMap(); + commitIndex = getCommitLogIndex(); + term = getCommitLogTerm(); } } diff --git a/cluster/src/main/java/org/apache/iotdb/cluster/log/snapshot/MetaSimpleSnapshot.java b/cluster/src/main/java/org/apache/iotdb/cluster/log/snapshot/MetaSimpleSnapshot.java index 0d109a9b23c37..affd69844f3f2 100644 --- a/cluster/src/main/java/org/apache/iotdb/cluster/log/snapshot/MetaSimpleSnapshot.java +++ b/cluster/src/main/java/org/apache/iotdb/cluster/log/snapshot/MetaSimpleSnapshot.java @@ -23,7 +23,6 @@ import org.apache.iotdb.cluster.server.member.MetaGroupMember; import org.apache.iotdb.cluster.server.member.RaftMember; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; import org.apache.iotdb.commons.auth.authorizer.IAuthorizer; import org.apache.iotdb.commons.auth.entity.Role; import org.apache.iotdb.commons.auth.entity.User; @@ -31,6 +30,7 @@ import org.apache.iotdb.commons.exception.MetadataException; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.commons.utils.SerializeUtils; +import org.apache.iotdb.db.auth.AuthorizerManager; import org.apache.iotdb.db.engine.StorageEngine; import org.apache.iotdb.db.exception.metadata.StorageGroupAlreadySetException; import org.apache.iotdb.db.metadata.template.Template; @@ -251,14 +251,9 @@ private void installSnapshot(MetaSimpleSnapshot snapshot) { } // 3. replace all users and roles - try { - IAuthorizer authorizer = BasicAuthorizer.getInstance(); - installSnapshotUsers(authorizer, snapshot); - installSnapshotRoles(authorizer, snapshot); - } catch (AuthException e) { - logger.error( - "{}: Cannot get authorizer instance, error is: ", metaGroupMember.getName(), e); - } + IAuthorizer authorizer = AuthorizerManager.getInstance(); + installSnapshotUsers(authorizer, snapshot); + installSnapshotRoles(authorizer, snapshot); // 4. accept template map TemplateManager.getInstance().setTemplateMap(snapshot.templateMap); diff --git a/cluster/src/test/java/org/apache/iotdb/cluster/log/snapshot/MetaSimpleSnapshotTest.java b/cluster/src/test/java/org/apache/iotdb/cluster/log/snapshot/MetaSimpleSnapshotTest.java index 8cc13e4681927..962f84596c949 100644 --- a/cluster/src/test/java/org/apache/iotdb/cluster/log/snapshot/MetaSimpleSnapshotTest.java +++ b/cluster/src/test/java/org/apache/iotdb/cluster/log/snapshot/MetaSimpleSnapshotTest.java @@ -27,12 +27,12 @@ import org.apache.iotdb.cluster.server.member.MetaGroupMember; import org.apache.iotdb.cluster.utils.CreateTemplatePlanUtil; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; import org.apache.iotdb.commons.auth.entity.Role; import org.apache.iotdb.commons.auth.entity.User; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.exception.StartupException; import org.apache.iotdb.commons.path.PartialPath; +import org.apache.iotdb.db.auth.AuthorizerManager; import org.apache.iotdb.db.exception.StorageEngineException; import org.apache.iotdb.db.exception.metadata.template.UndefinedTemplateException; import org.apache.iotdb.db.metadata.template.Template; @@ -207,13 +207,13 @@ public void testInstallSuccessfully() for (int i = 0; i < 5; i++) { String userName = "user_" + i; - User user = BasicAuthorizer.getInstance().getUser(userName); + User user = AuthorizerManager.getInstance().getUser(userName); assertEquals(userMap.get(userName), user); } for (int i = 0; i < 10; i++) { String roleName = "role_" + i; - Role role = BasicAuthorizer.getInstance().getRole(roleName); + Role role = AuthorizerManager.getInstance().getRole(roleName); assertEquals(roleMap.get(roleName), role); } @@ -315,13 +315,13 @@ public void testInstallOmitted() for (int i = 0; i < 5; i++) { String userName = "user_" + i; - User user = BasicAuthorizer.getInstance().getUser(userName); + User user = AuthorizerManager.getInstance().getUser(userName); assertNull(user); } for (int i = 0; i < 10; i++) { String roleName = "role_" + i; - Role role = BasicAuthorizer.getInstance().getRole(roleName); + Role role = AuthorizerManager.getInstance().getRole(roleName); assertNull(role); } diff --git a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java new file mode 100644 index 0000000000000..0a5ec1c006d80 --- /dev/null +++ b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java @@ -0,0 +1,325 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.iotdb.confignode.persistence; + +import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.commons.auth.AuthException; +import org.apache.iotdb.commons.auth.entity.PrivilegeType; +import org.apache.iotdb.commons.conf.IoTDBConstant; +import org.apache.iotdb.confignode.consensus.request.ConfigRequestType; +import org.apache.iotdb.confignode.consensus.request.auth.AuthorReq; +import org.apache.iotdb.confignode.consensus.response.PermissionInfoResp; +import org.apache.iotdb.confignode.rpc.thrift.TCheckUserPrivilegesReq; +import org.apache.iotdb.rpc.TSStatusCode; + +import org.apache.thrift.TException; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +public class AuthorInfoTest { + + private static AuthorInfo authorInfo; + + @BeforeClass + public static void setup() { + authorInfo = AuthorInfo.getInstance(); + } + + @Test + public void permissionTest() throws TException, AuthException { + TSStatus status; + + List userList = new ArrayList<>(); + userList.add("root"); + userList.add("tempuser0"); + userList.add("tempuser1"); + + List roleList = new ArrayList<>(); + roleList.add("temprole0"); + roleList.add("temprole1"); + + AuthorReq authorReq; + TCheckUserPrivilegesReq checkUserPrivilegesReq; + + Set privilegeList = new HashSet<>(); + privilegeList.add(PrivilegeType.DELETE_USER.ordinal()); + privilegeList.add(PrivilegeType.CREATE_USER.ordinal()); + + Set revokePrivilege = new HashSet<>(); + revokePrivilege.add(PrivilegeType.DELETE_USER.ordinal()); + + Map> permissionInfo; + List privilege = new ArrayList<>(); + privilege.add("root : CREATE_USER"); + privilege.add("root : CREATE_USER"); + + List paths = new ArrayList<>(); + paths.add("root.ln"); + + cleanUserAndRole(); + + // create user + authorReq = + new AuthorReq( + ConfigRequestType.CreateUser, "tempuser0", "", "passwd", "", new HashSet<>(), ""); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + authorReq.setUserName("tempuser1"); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // check user privileges + status = + authorInfo.checkUserPrivileges("tempuser0", paths, PrivilegeType.DELETE_USER.ordinal()); + Assert.assertEquals(TSStatusCode.NO_PERMISSION_ERROR.getStatusCode(), status.getCode()); + + // drop user + authorReq = + new AuthorReq(ConfigRequestType.DropUser, "tempuser1", "", "", "", new HashSet<>(), ""); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // list user + PermissionInfoResp permissionInfoResp = authorInfo.executeListUser(); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + userList.remove("tempuser1"); + Assert.assertEquals( + userList, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_USER)); + + // create role + authorReq = + new AuthorReq(ConfigRequestType.CreateRole, "", "temprole0", "", "", new HashSet<>(), ""); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + authorReq.setRoleName("temprole1"); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // drop role + authorReq = + new AuthorReq(ConfigRequestType.DropRole, "", "temprole1", "", "", new HashSet<>(), ""); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // list role + permissionInfoResp = authorInfo.executeListRole(); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + roleList.remove("temprole1"); + Assert.assertEquals( + roleList, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_ROLE)); + + // alter user + authorReq = + new AuthorReq( + ConfigRequestType.UpdateUser, "tempuser0", "", "", "newpwd", new HashSet<>(), ""); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // grant user + authorReq = + new AuthorReq( + ConfigRequestType.GrantUser, "tempuser0", "", "", "", privilegeList, "root.ln"); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // check user privileges + status = + authorInfo.checkUserPrivileges("tempuser0", paths, PrivilegeType.DELETE_USER.ordinal()); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // grant role + authorReq = + new AuthorReq( + ConfigRequestType.GrantRole, "", "temprole0", "", "", privilegeList, "root.ln"); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // grant role to user + authorReq = + new AuthorReq( + ConfigRequestType.GrantRoleToUser, + "tempuser0", + "temprole0", + "", + "", + new HashSet<>(), + ""); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // revoke user + authorReq = + new AuthorReq( + ConfigRequestType.RevokeUser, "tempuser0", "", "", "", revokePrivilege, "root.ln"); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // revoke role + authorReq = + new AuthorReq( + ConfigRequestType.RevokeRole, "", "temprole0", "", "", revokePrivilege, "root.ln"); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // list privileges user + authorReq = + new AuthorReq( + ConfigRequestType.ListUserPrivilege, + "tempuser0", + "", + "", + "", + new HashSet<>(), + "root.ln"); + permissionInfoResp = authorInfo.executeListUserPrivileges(authorReq); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + Assert.assertEquals( + privilege, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE)); + + // list user privileges + authorReq = + new AuthorReq( + ConfigRequestType.ListUserPrivilege, "tempuser0", "", "", "", new HashSet<>(), ""); + permissionInfoResp = authorInfo.executeListUserPrivileges(authorReq); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + Assert.assertEquals( + privilege, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE)); + + // list privileges role + authorReq = + new AuthorReq( + ConfigRequestType.ListRolePrivilege, + "", + "temprole0", + "", + "", + new HashSet<>(), + "root.ln"); + permissionInfoResp = authorInfo.executeListRolePrivileges(authorReq); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + privilege.remove(0); + Assert.assertEquals( + privilege, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE)); + + // list role privileges + authorReq = + new AuthorReq( + ConfigRequestType.ListRolePrivilege, "", "temprole0", "", "", new HashSet<>(), ""); + permissionInfoResp = authorInfo.executeListRolePrivileges(authorReq); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + Assert.assertEquals( + privilege, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE)); + + // list all role of user + authorReq = + new AuthorReq( + ConfigRequestType.ListUserRoles, "tempuser0", "", "", "", new HashSet<>(), ""); + permissionInfoResp = authorInfo.executeListUserRoles(authorReq); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + roleList.remove("temprole1"); + Assert.assertEquals( + roleList, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_ROLE)); + + // list all user of role + authorReq = + new AuthorReq( + ConfigRequestType.ListRoleUsers, "", "temprole0", "", "", new HashSet<>(), ""); + permissionInfoResp = authorInfo.executeListRoleUsers(authorReq); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + userList.remove("tempuser1"); + userList.remove("root"); + Assert.assertEquals( + userList, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_USER)); + + // revoke role from user + authorReq = + new AuthorReq( + ConfigRequestType.RevokeRoleFromUser, + "tempuser0", + "temprole0", + "", + "", + new HashSet<>(), + ""); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + // list root privileges + authorReq = + new AuthorReq(ConfigRequestType.ListUserPrivilege, "root", "", "", "", new HashSet<>(), ""); + permissionInfoResp = authorInfo.executeListUserPrivileges(authorReq); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + for (int i = 0; i < PrivilegeType.values().length; i++) { + Assert.assertEquals( + PrivilegeType.values()[i].toString(), + permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE).get(i)); + } + } + + private void cleanUserAndRole() throws TException, AuthException { + TSStatus status; + + // clean user + AuthorReq authorReq = + new AuthorReq(ConfigRequestType.ListUser, "", "", "", "", new HashSet<>(), ""); + PermissionInfoResp permissionInfoResp = authorInfo.executeListUser(); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + List allUsers = permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_USER); + for (String user : allUsers) { + if (!user.equals("root")) { + authorReq = + new AuthorReq(ConfigRequestType.DropUser, user, "", "", "", new HashSet<>(), ""); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + } + } + + // clean role + authorReq = new AuthorReq(ConfigRequestType.ListUser, "", "", "", "", new HashSet<>(), ""); + permissionInfoResp = authorInfo.executeListRole(); + status = permissionInfoResp.getStatus(); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + + List roleList = permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_ROLE); + for (String roleN : roleList) { + authorReq = new AuthorReq(ConfigRequestType.DropRole, "", roleN, "", "", new HashSet<>(), ""); + status = authorInfo.authorNonQuery(authorReq); + Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); + } + } +} diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java index 6a42fd8f543f7..7c01714e284e4 100644 --- a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java +++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java @@ -20,7 +20,6 @@ import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.AuthorizerManager; import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.conf.CommonConfig; import org.apache.iotdb.commons.conf.IoTDBConstant; diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/AuthorizerManager.java b/server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java similarity index 95% rename from node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/AuthorizerManager.java rename to server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java index 700cc536b5ead..84c79e42e9469 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/AuthorizerManager.java +++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java @@ -17,9 +17,11 @@ * under the License. */ -package org.apache.iotdb.commons.auth.authorizer; +package org.apache.iotdb.db.auth; import org.apache.iotdb.commons.auth.AuthException; +import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; +import org.apache.iotdb.commons.auth.authorizer.IAuthorizer; import org.apache.iotdb.commons.auth.entity.Role; import org.apache.iotdb.commons.auth.entity.User; @@ -40,7 +42,7 @@ public AuthorizerManager() { try { iAuthorizer = BasicAuthorizer.getInstance(); } catch (AuthException e) { - logger.error("Authorizer uninitialized"); + logger.error(e.getMessage()); } } @@ -131,7 +133,9 @@ public boolean checkUserPrivileges(String username, String path, int privilegeId } @Override - public void reset() throws AuthException {} + public void reset() throws AuthException { + iAuthorizer.reset(); + } @Override public List listAllUsers() { diff --git a/server/src/main/java/org/apache/iotdb/db/protocol/mqtt/BrokerAuthenticator.java b/server/src/main/java/org/apache/iotdb/db/protocol/mqtt/BrokerAuthenticator.java index 78695df0fdbdc..58c2ce7ba069c 100644 --- a/server/src/main/java/org/apache/iotdb/db/protocol/mqtt/BrokerAuthenticator.java +++ b/server/src/main/java/org/apache/iotdb/db/protocol/mqtt/BrokerAuthenticator.java @@ -18,8 +18,8 @@ package org.apache.iotdb.db.protocol.mqtt; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; import org.apache.iotdb.commons.auth.authorizer.IAuthorizer; +import org.apache.iotdb.db.auth.AuthorizerManager; import io.moquette.broker.security.IAuthenticator; import org.apache.commons.lang3.StringUtils; @@ -37,7 +37,7 @@ public boolean checkValid(String clientId, String username, byte[] password) { } try { - IAuthorizer authorizer = BasicAuthorizer.getInstance(); + IAuthorizer authorizer = AuthorizerManager.getInstance(); return authorizer.login(username, new String(password)); } catch (AuthException e) { LOG.info("meet error while logging in.", e); diff --git a/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java b/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java index f774c5e060dd8..1ddeca7287181 100644 --- a/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java +++ b/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java @@ -17,8 +17,8 @@ package org.apache.iotdb.db.protocol.rest.filter; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; import org.apache.iotdb.commons.auth.authorizer.IAuthorizer; +import org.apache.iotdb.db.auth.AuthorizerManager; import org.apache.iotdb.db.conf.rest.IoTDBRestServiceDescriptor; import org.apache.iotdb.db.protocol.rest.model.ExecutionStatus; import org.apache.iotdb.rpc.TSStatusCode; @@ -43,7 +43,7 @@ public class AuthorizationFilter implements ContainerRequestFilter { private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationFilter.class); - private final IAuthorizer authorizer = BasicAuthorizer.getInstance(); + private final IAuthorizer authorizer = AuthorizerManager.getInstance(); private final UserCache userCache = UserCache.getInstance(); public AuthorizationFilter() throws AuthException {} diff --git a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java index cedfdaf6457db..3882755fbd611 100644 --- a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java +++ b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java @@ -20,7 +20,6 @@ import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.AuthorizerManager; import org.apache.iotdb.commons.auth.entity.PathPrivilege; import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.auth.entity.Role; @@ -34,6 +33,7 @@ import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.commons.utils.AuthUtils; import org.apache.iotdb.db.auth.AuthorityChecker; +import org.apache.iotdb.db.auth.AuthorizerManager; import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.apache.iotdb.db.engine.StorageEngine; import org.apache.iotdb.db.engine.cache.BloomFilterCache; diff --git a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java index 770b6a2407439..68018310d8c79 100644 --- a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java +++ b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java @@ -20,9 +20,9 @@ import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.AuthorizerManager; import org.apache.iotdb.commons.conf.IoTDBConstant; import org.apache.iotdb.db.auth.AuthorityChecker; +import org.apache.iotdb.db.auth.AuthorizerManager; import org.apache.iotdb.db.conf.OperationType; import org.apache.iotdb.db.exception.StorageEngineException; import org.apache.iotdb.db.mpp.common.SessionInfo; diff --git a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java index 7c1ccdc134494..a1b53171469d7 100644 --- a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java +++ b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java @@ -21,13 +21,13 @@ import org.apache.iotdb.common.rpc.thrift.TEndPoint; import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; import org.apache.iotdb.commons.auth.authorizer.IAuthorizer; import org.apache.iotdb.commons.conf.IoTDBConstant; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.exception.IoTDBException; import org.apache.iotdb.commons.exception.MetadataException; import org.apache.iotdb.commons.path.PartialPath; +import org.apache.iotdb.db.auth.AuthorizerManager; import org.apache.iotdb.db.conf.IoTDBConfig; import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.apache.iotdb.db.conf.OperationType; @@ -1034,12 +1034,7 @@ private TSTracingInfo fillRpcReturnTracingInfo(long queryId) { } private WatermarkEncoder getWatermarkEncoder(String userName) throws TException, AuthException { - IAuthorizer authorizer; - try { - authorizer = BasicAuthorizer.getInstance(); - } catch (AuthException e) { - throw new TException(e); - } + IAuthorizer authorizer = AuthorizerManager.getInstance(); WatermarkEncoder encoder = null; if (CONFIG.isEnableWatermark() && authorizer.isUserUseWaterMark(userName)) { diff --git a/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java index 28a8c1b566468..c27d2f514684e 100644 --- a/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java @@ -19,7 +19,6 @@ package org.apache.iotdb.db.auth; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; import org.apache.iotdb.commons.auth.authorizer.IAuthorizer; import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.auth.entity.User; @@ -45,7 +44,7 @@ public class AuthorityCheckerTest { @Before public void setUp() throws Exception { EnvironmentUtils.envSetUp(); - authorizer = BasicAuthorizer.getInstance(); + authorizer = AuthorizerManager.getInstance(); user = new User("user", "password"); } diff --git a/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java index 660835cc4f430..4de62a83fb088 100644 --- a/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java +++ b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java @@ -19,11 +19,11 @@ package org.apache.iotdb.db.auth.authorizer; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; import org.apache.iotdb.commons.auth.authorizer.IAuthorizer; import org.apache.iotdb.commons.auth.entity.Role; import org.apache.iotdb.commons.auth.entity.User; import org.apache.iotdb.commons.conf.CommonConfig; +import org.apache.iotdb.db.auth.AuthorizerManager; import org.apache.iotdb.db.utils.EnvironmentUtils; import org.junit.After; @@ -49,7 +49,7 @@ public class LocalFileAuthorizerTest { @Before public void setUp() throws Exception { EnvironmentUtils.envSetUp(); - authorizer = BasicAuthorizer.getInstance(); + authorizer = AuthorizerManager.getInstance(); user = new User("user", "password"); } @@ -253,7 +253,7 @@ public void testGetAllUsersAndRoles() throws AuthException { @Test public void testListUser() throws AuthException { - IAuthorizer authorizer = BasicAuthorizer.getInstance(); + IAuthorizer authorizer = AuthorizerManager.getInstance(); List userList = authorizer.listAllUsers(); assertEquals(1, userList.size()); assertEquals(CommonConfig.getInstance().getAdminName(), userList.get(0)); @@ -284,7 +284,7 @@ public void testListUser() throws AuthException { @Test public void testListRole() throws AuthException { - IAuthorizer authorizer = BasicAuthorizer.getInstance(); + IAuthorizer authorizer = AuthorizerManager.getInstance(); List roleList = authorizer.listAllRoles(); assertEquals(0, roleList.size()); @@ -314,7 +314,7 @@ public void testListRole() throws AuthException { @Test public void testReplaceAllUsers() throws AuthException { - IAuthorizer authorizer = BasicAuthorizer.getInstance(); + IAuthorizer authorizer = AuthorizerManager.getInstance(); Assert.assertEquals("root", authorizer.listAllUsers().get(0)); User user = new User("user", "user"); HashMap users = new HashMap<>(); @@ -325,7 +325,7 @@ public void testReplaceAllUsers() throws AuthException { @Test public void testReplaceAllRole() throws AuthException { - IAuthorizer authorizer = BasicAuthorizer.getInstance(); + IAuthorizer authorizer = AuthorizerManager.getInstance(); Role role = new Role("role"); HashMap roles = new HashMap<>(); roles.put("role", role); diff --git a/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java b/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java index fc21f0792e744..d012c9c65ee6f 100644 --- a/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java +++ b/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java @@ -19,7 +19,7 @@ package org.apache.iotdb.db.utils; import org.apache.iotdb.commons.auth.AuthException; -import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer; +import org.apache.iotdb.db.auth.AuthorizerManager; import org.apache.iotdb.db.conf.IoTDBConfig; import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.apache.iotdb.db.conf.directories.DirectoryManager; @@ -366,7 +366,7 @@ private static void createAllDir() { } // create user and roles folder try { - BasicAuthorizer.getInstance().reset(); + AuthorizerManager.getInstance().reset(); } catch (AuthException e) { logger.error("create user and role folders failed", e); fail(e.getMessage()); From 1ba38f3cf38bf11076d9f8f3ae76748582dbb0ed Mon Sep 17 00:00:00 2001 From: renyuhua Date: Tue, 10 May 2022 16:16:20 +0800 Subject: [PATCH 02/17] fix bug --- .../apache/iotdb/confignode/persistence/AuthorInfoTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java index 0a5ec1c006d80..78626f0f26bbc 100644 --- a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java +++ b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java @@ -74,8 +74,8 @@ public void permissionTest() throws TException, AuthException { Map> permissionInfo; List privilege = new ArrayList<>(); - privilege.add("root : CREATE_USER"); - privilege.add("root : CREATE_USER"); + privilege.add("root.** : CREATE_USER"); + privilege.add("root.** : CREATE_USER"); List paths = new ArrayList<>(); paths.add("root.ln"); From 9b5a3101193a19c9c99589d3ea3572d37d8b5193 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 10:24:52 +0800 Subject: [PATCH 03/17] test --- .../org/apache/iotdb/confignode/persistence/AuthorInfo.java | 1 + .../apache/iotdb/confignode/persistence/AuthorInfoTest.java | 1 + .../org/apache/iotdb/commons/auth/user/BasicUserManager.java | 1 + .../apache/iotdb/commons/auth/user/LocalFileUserAccessor.java | 3 +++ 4 files changed, 6 insertions(+) diff --git a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java index c3941b942b19b..d8691daa8c5ff 100644 --- a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java +++ b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java @@ -116,6 +116,7 @@ public TSStatus authorNonQuery(AuthorReq authorReq) { String newPassword = authorReq.getNewPassword(); Set permissions = authorReq.getPermissions(); String nodeName = authorReq.getNodeName(); + logger.info(userName); try { switch (authorType) { case UpdateUser: diff --git a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java index 78626f0f26bbc..68fdf5dd79ae5 100644 --- a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java +++ b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java @@ -87,6 +87,7 @@ public void permissionTest() throws TException, AuthException { new AuthorReq( ConfigRequestType.CreateUser, "tempuser0", "", "passwd", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); + Assert.assertNull(status.getMessage()); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); authorReq.setUserName("tempuser1"); status = authorInfo.authorNonQuery(authorReq); diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java index d2dbb6587b061..28a6d96cf0865 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java @@ -86,6 +86,7 @@ public User getUser(String username) throws AuthException { User user = userMap.get(username); try { if (user == null) { + logger.debug("null"); user = accessor.loadUser(username); if (user != null) { userMap.put(username, user); diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index 696074e3d34c4..6f51d59a91400 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -84,6 +84,7 @@ public User loadUser(String username) throws IOException { File userProfile = SystemFileFactory.INSTANCE.getFile( userDirPath + File.separator + username + IoTDBConstant.PROFILE_SUFFIX); + logger.debug(userProfile + ": file path"); if (!userProfile.exists() || !userProfile.isFile()) { // System may crush before a newer file is renamed. File newProfile = @@ -94,7 +95,9 @@ public User loadUser(String username) throws IOException { logger.error("New profile renaming not succeed."); } userProfile = newProfile; + logger.debug(userProfile + ": temp path exist"); } else { + logger.debug(userProfile + ": temp path not exist"); return null; } } From 88f06168937f14cfd89b5ffebea3d7f09872a21b Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 10:43:40 +0800 Subject: [PATCH 04/17] test --- .../iotdb/commons/auth/role/LocalFileRoleAccessor.java | 7 +++---- .../iotdb/commons/auth/user/LocalFileUserAccessor.java | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java index abe5cec513439..a2c040e3bb926 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java @@ -84,10 +84,9 @@ public Role loadRole(String rolename) throws IOException { return null; } } - - try (FileInputStream inputStream = new FileInputStream(roleProfile); - DataInputStream dataInputStream = - new DataInputStream(new BufferedInputStream(inputStream))) { + FileInputStream inputStream = new FileInputStream(roleProfile); + try (DataInputStream dataInputStream = + new DataInputStream(new BufferedInputStream(inputStream))) { Role role = new Role(); role.setName(IOUtils.readString(dataInputStream, STRING_ENCODING, strBufferLocal)); diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index 6f51d59a91400..cc9750001e807 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -101,9 +101,9 @@ public User loadUser(String username) throws IOException { return null; } } - try (FileInputStream inputStream = new FileInputStream(userProfile); - DataInputStream dataInputStream = - new DataInputStream(new BufferedInputStream(inputStream))) { + FileInputStream inputStream = new FileInputStream(userProfile); + try (DataInputStream dataInputStream = + new DataInputStream(new BufferedInputStream(inputStream))) { User user = new User(); user.setName(IOUtils.readString(dataInputStream, STRING_ENCODING, strBufferLocal)); user.setPassword(IOUtils.readString(dataInputStream, STRING_ENCODING, strBufferLocal)); From de46f72e40923afe49a1b732fcee87fd4e970e2f Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 11:09:46 +0800 Subject: [PATCH 05/17] test --- .../persistence/AuthorInfoTest.java | 62 +++++++++---------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java index 68fdf5dd79ae5..3d6b59a42e33b 100644 --- a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java +++ b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java @@ -55,12 +55,12 @@ public void permissionTest() throws TException, AuthException { List userList = new ArrayList<>(); userList.add("root"); - userList.add("tempuser0"); - userList.add("tempuser1"); + userList.add("user0"); + userList.add("user1"); List roleList = new ArrayList<>(); - roleList.add("temprole0"); - roleList.add("temprole1"); + roleList.add("role0"); + roleList.add("role1"); AuthorReq authorReq; TCheckUserPrivilegesReq checkUserPrivilegesReq; @@ -85,22 +85,22 @@ public void permissionTest() throws TException, AuthException { // create user authorReq = new AuthorReq( - ConfigRequestType.CreateUser, "tempuser0", "", "passwd", "", new HashSet<>(), ""); + ConfigRequestType.CreateUser, "user0", "", "passwd", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertNull(status.getMessage()); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); - authorReq.setUserName("tempuser1"); + authorReq.setUserName("user1"); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // check user privileges status = - authorInfo.checkUserPrivileges("tempuser0", paths, PrivilegeType.DELETE_USER.ordinal()); + authorInfo.checkUserPrivileges("user0", paths, PrivilegeType.DELETE_USER.ordinal()); Assert.assertEquals(TSStatusCode.NO_PERMISSION_ERROR.getStatusCode(), status.getCode()); // drop user authorReq = - new AuthorReq(ConfigRequestType.DropUser, "tempuser1", "", "", "", new HashSet<>(), ""); + new AuthorReq(ConfigRequestType.DropUser, "user1", "", "", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -108,22 +108,22 @@ public void permissionTest() throws TException, AuthException { PermissionInfoResp permissionInfoResp = authorInfo.executeListUser(); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); - userList.remove("tempuser1"); + userList.remove("user1"); Assert.assertEquals( userList, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_USER)); // create role authorReq = - new AuthorReq(ConfigRequestType.CreateRole, "", "temprole0", "", "", new HashSet<>(), ""); + new AuthorReq(ConfigRequestType.CreateRole, "", "role0", "", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); - authorReq.setRoleName("temprole1"); + authorReq.setRoleName("role1"); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // drop role authorReq = - new AuthorReq(ConfigRequestType.DropRole, "", "temprole1", "", "", new HashSet<>(), ""); + new AuthorReq(ConfigRequestType.DropRole, "", "role1", "", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -131,33 +131,33 @@ public void permissionTest() throws TException, AuthException { permissionInfoResp = authorInfo.executeListRole(); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); - roleList.remove("temprole1"); + roleList.remove("role1"); Assert.assertEquals( roleList, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_ROLE)); // alter user authorReq = new AuthorReq( - ConfigRequestType.UpdateUser, "tempuser0", "", "", "newpwd", new HashSet<>(), ""); + ConfigRequestType.UpdateUser, "user0", "", "", "newpwd", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // grant user authorReq = new AuthorReq( - ConfigRequestType.GrantUser, "tempuser0", "", "", "", privilegeList, "root.ln"); + ConfigRequestType.GrantUser, "user0", "", "", "", privilegeList, "root.ln"); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // check user privileges status = - authorInfo.checkUserPrivileges("tempuser0", paths, PrivilegeType.DELETE_USER.ordinal()); + authorInfo.checkUserPrivileges("user0", paths, PrivilegeType.DELETE_USER.ordinal()); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // grant role authorReq = new AuthorReq( - ConfigRequestType.GrantRole, "", "temprole0", "", "", privilegeList, "root.ln"); + ConfigRequestType.GrantRole, "", "role0", "", "", privilegeList, "root.ln"); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -165,8 +165,8 @@ public void permissionTest() throws TException, AuthException { authorReq = new AuthorReq( ConfigRequestType.GrantRoleToUser, - "tempuser0", - "temprole0", + "user0", + "role0", "", "", new HashSet<>(), @@ -177,14 +177,14 @@ public void permissionTest() throws TException, AuthException { // revoke user authorReq = new AuthorReq( - ConfigRequestType.RevokeUser, "tempuser0", "", "", "", revokePrivilege, "root.ln"); + ConfigRequestType.RevokeUser, "user0", "", "", "", revokePrivilege, "root.ln"); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // revoke role authorReq = new AuthorReq( - ConfigRequestType.RevokeRole, "", "temprole0", "", "", revokePrivilege, "root.ln"); + ConfigRequestType.RevokeRole, "", "role0", "", "", revokePrivilege, "root.ln"); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -192,7 +192,7 @@ public void permissionTest() throws TException, AuthException { authorReq = new AuthorReq( ConfigRequestType.ListUserPrivilege, - "tempuser0", + "user0", "", "", "", @@ -207,7 +207,7 @@ public void permissionTest() throws TException, AuthException { // list user privileges authorReq = new AuthorReq( - ConfigRequestType.ListUserPrivilege, "tempuser0", "", "", "", new HashSet<>(), ""); + ConfigRequestType.ListUserPrivilege, "user0", "", "", "", new HashSet<>(), ""); permissionInfoResp = authorInfo.executeListUserPrivileges(authorReq); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -219,7 +219,7 @@ public void permissionTest() throws TException, AuthException { new AuthorReq( ConfigRequestType.ListRolePrivilege, "", - "temprole0", + "role0", "", "", new HashSet<>(), @@ -234,7 +234,7 @@ public void permissionTest() throws TException, AuthException { // list role privileges authorReq = new AuthorReq( - ConfigRequestType.ListRolePrivilege, "", "temprole0", "", "", new HashSet<>(), ""); + ConfigRequestType.ListRolePrivilege, "", "role0", "", "", new HashSet<>(), ""); permissionInfoResp = authorInfo.executeListRolePrivileges(authorReq); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -244,22 +244,22 @@ public void permissionTest() throws TException, AuthException { // list all role of user authorReq = new AuthorReq( - ConfigRequestType.ListUserRoles, "tempuser0", "", "", "", new HashSet<>(), ""); + ConfigRequestType.ListUserRoles, "user0", "", "", "", new HashSet<>(), ""); permissionInfoResp = authorInfo.executeListUserRoles(authorReq); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); - roleList.remove("temprole1"); + roleList.remove("role1"); Assert.assertEquals( roleList, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_ROLE)); // list all user of role authorReq = new AuthorReq( - ConfigRequestType.ListRoleUsers, "", "temprole0", "", "", new HashSet<>(), ""); + ConfigRequestType.ListRoleUsers, "", "role0", "", "", new HashSet<>(), ""); permissionInfoResp = authorInfo.executeListRoleUsers(authorReq); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); - userList.remove("tempuser1"); + userList.remove("user1"); userList.remove("root"); Assert.assertEquals( userList, permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_USER)); @@ -268,8 +268,8 @@ public void permissionTest() throws TException, AuthException { authorReq = new AuthorReq( ConfigRequestType.RevokeRoleFromUser, - "tempuser0", - "temprole0", + "user0", + "role0", "", "", new HashSet<>(), From 85eb3630843769cecfc83f421773470620d75fe6 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 11:17:41 +0800 Subject: [PATCH 06/17] test --- .../persistence/AuthorInfoTest.java | 62 +++++-------------- 1 file changed, 14 insertions(+), 48 deletions(-) diff --git a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java index 3d6b59a42e33b..231922a10ebcc 100644 --- a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java +++ b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java @@ -84,8 +84,7 @@ public void permissionTest() throws TException, AuthException { // create user authorReq = - new AuthorReq( - ConfigRequestType.CreateUser, "user0", "", "passwd", "", new HashSet<>(), ""); + new AuthorReq(ConfigRequestType.CreateUser, "user0", "", "passwd", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertNull(status.getMessage()); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -94,13 +93,11 @@ public void permissionTest() throws TException, AuthException { Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // check user privileges - status = - authorInfo.checkUserPrivileges("user0", paths, PrivilegeType.DELETE_USER.ordinal()); + status = authorInfo.checkUserPrivileges("user0", paths, PrivilegeType.DELETE_USER.ordinal()); Assert.assertEquals(TSStatusCode.NO_PERMISSION_ERROR.getStatusCode(), status.getCode()); // drop user - authorReq = - new AuthorReq(ConfigRequestType.DropUser, "user1", "", "", "", new HashSet<>(), ""); + authorReq = new AuthorReq(ConfigRequestType.DropUser, "user1", "", "", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -122,8 +119,7 @@ public void permissionTest() throws TException, AuthException { Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // drop role - authorReq = - new AuthorReq(ConfigRequestType.DropRole, "", "role1", "", "", new HashSet<>(), ""); + authorReq = new AuthorReq(ConfigRequestType.DropRole, "", "role1", "", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -137,40 +133,30 @@ public void permissionTest() throws TException, AuthException { // alter user authorReq = - new AuthorReq( - ConfigRequestType.UpdateUser, "user0", "", "", "newpwd", new HashSet<>(), ""); + new AuthorReq(ConfigRequestType.UpdateUser, "user0", "", "", "newpwd", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // grant user authorReq = - new AuthorReq( - ConfigRequestType.GrantUser, "user0", "", "", "", privilegeList, "root.ln"); + new AuthorReq(ConfigRequestType.GrantUser, "user0", "", "", "", privilegeList, "root.ln"); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // check user privileges - status = - authorInfo.checkUserPrivileges("user0", paths, PrivilegeType.DELETE_USER.ordinal()); + status = authorInfo.checkUserPrivileges("user0", paths, PrivilegeType.DELETE_USER.ordinal()); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // grant role authorReq = - new AuthorReq( - ConfigRequestType.GrantRole, "", "role0", "", "", privilegeList, "root.ln"); + new AuthorReq(ConfigRequestType.GrantRole, "", "role0", "", "", privilegeList, "root.ln"); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); // grant role to user authorReq = new AuthorReq( - ConfigRequestType.GrantRoleToUser, - "user0", - "role0", - "", - "", - new HashSet<>(), - ""); + ConfigRequestType.GrantRoleToUser, "user0", "role0", "", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -191,13 +177,7 @@ public void permissionTest() throws TException, AuthException { // list privileges user authorReq = new AuthorReq( - ConfigRequestType.ListUserPrivilege, - "user0", - "", - "", - "", - new HashSet<>(), - "root.ln"); + ConfigRequestType.ListUserPrivilege, "user0", "", "", "", new HashSet<>(), "root.ln"); permissionInfoResp = authorInfo.executeListUserPrivileges(authorReq); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -217,13 +197,7 @@ public void permissionTest() throws TException, AuthException { // list privileges role authorReq = new AuthorReq( - ConfigRequestType.ListRolePrivilege, - "", - "role0", - "", - "", - new HashSet<>(), - "root.ln"); + ConfigRequestType.ListRolePrivilege, "", "role0", "", "", new HashSet<>(), "root.ln"); permissionInfoResp = authorInfo.executeListRolePrivileges(authorReq); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -243,8 +217,7 @@ public void permissionTest() throws TException, AuthException { // list all role of user authorReq = - new AuthorReq( - ConfigRequestType.ListUserRoles, "user0", "", "", "", new HashSet<>(), ""); + new AuthorReq(ConfigRequestType.ListUserRoles, "user0", "", "", "", new HashSet<>(), ""); permissionInfoResp = authorInfo.executeListUserRoles(authorReq); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -254,8 +227,7 @@ public void permissionTest() throws TException, AuthException { // list all user of role authorReq = - new AuthorReq( - ConfigRequestType.ListRoleUsers, "", "role0", "", "", new HashSet<>(), ""); + new AuthorReq(ConfigRequestType.ListRoleUsers, "", "role0", "", "", new HashSet<>(), ""); permissionInfoResp = authorInfo.executeListRoleUsers(authorReq); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); @@ -267,13 +239,7 @@ public void permissionTest() throws TException, AuthException { // revoke role from user authorReq = new AuthorReq( - ConfigRequestType.RevokeRoleFromUser, - "user0", - "role0", - "", - "", - new HashSet<>(), - ""); + ConfigRequestType.RevokeRoleFromUser, "user0", "role0", "", "", new HashSet<>(), ""); status = authorInfo.authorNonQuery(authorReq); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); From 2fed7c7dc82665b359bafc25e59dec4d49e66c98 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 11:53:10 +0800 Subject: [PATCH 07/17] test --- .../iotdb/confignode/persistence/AuthorInfoTest.java | 1 - .../iotdb/commons/auth/authorizer/BasicAuthorizer.java | 1 + .../apache/iotdb/commons/auth/user/BasicUserManager.java | 5 ++++- .../iotdb/commons/auth/user/LocalFileUserAccessor.java | 8 ++++---- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java index 231922a10ebcc..6a9c58353b697 100644 --- a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java +++ b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java @@ -277,7 +277,6 @@ private void cleanUserAndRole() throws TException, AuthException { } // clean role - authorReq = new AuthorReq(ConfigRequestType.ListUser, "", "", "", "", new HashSet<>(), ""); permissionInfoResp = authorInfo.executeListRole(); status = permissionInfoResp.getStatus(); Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode()); diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java index d608fcc1feb38..1308ec593688e 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java @@ -110,6 +110,7 @@ public boolean login(String username, String password) throws AuthException { @Override public void createUser(String username, String password) throws AuthException { + logger.info(username + ":" + password); if (!userManager.createUser(username, password)) { throw new AuthException(String.format("User %s already exists", username)); } diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java index 28a6d96cf0865..065fad0b7f804 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java @@ -84,9 +84,11 @@ private void initAdmin() throws AuthException { public User getUser(String username) throws AuthException { lock.readLock(username); User user = userMap.get(username); + logger.info(userMap.get("root").toString()); + logger.info("getUser: " + user.getName()); try { if (user == null) { - logger.debug("null"); + logger.info("null"); user = accessor.loadUser(username); if (user != null) { userMap.put(username, user); @@ -108,6 +110,7 @@ public boolean createUser(String username, String password) throws AuthException AuthUtils.validateUsername(username); AuthUtils.validatePassword(password); + logger.info("BUM: " + username); User user = getUser(username); if (user != null) { return false; diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index cc9750001e807..38ed3b5e2cd72 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -84,7 +84,7 @@ public User loadUser(String username) throws IOException { File userProfile = SystemFileFactory.INSTANCE.getFile( userDirPath + File.separator + username + IoTDBConstant.PROFILE_SUFFIX); - logger.debug(userProfile + ": file path"); + logger.info(userProfile + ": file path"); if (!userProfile.exists() || !userProfile.isFile()) { // System may crush before a newer file is renamed. File newProfile = @@ -92,12 +92,12 @@ public User loadUser(String username) throws IOException { userDirPath + File.separator + username + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); if (newProfile.exists() && newProfile.isFile()) { if (!newProfile.renameTo(userProfile)) { - logger.error("New profile renaming not succeed."); + logger.info("New profile renaming not succeed."); } userProfile = newProfile; - logger.debug(userProfile + ": temp path exist"); + logger.info(userProfile + ": temp path exist"); } else { - logger.debug(userProfile + ": temp path not exist"); + logger.info(userProfile + ": temp path not exist"); return null; } } From 163ae09963c41db0c1826fb59115e651a46a4a93 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 12:10:52 +0800 Subject: [PATCH 08/17] test --- .../org/apache/iotdb/commons/auth/user/BasicUserManager.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java index 065fad0b7f804..0ec807d370699 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java @@ -84,8 +84,7 @@ private void initAdmin() throws AuthException { public User getUser(String username) throws AuthException { lock.readLock(username); User user = userMap.get(username); - logger.info(userMap.get("root").toString()); - logger.info("getUser: " + user.getName()); + logger.info("getUser"); try { if (user == null) { logger.info("null"); From 920bb6384e117374f32b685a710575d4a3329343 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 12:51:43 +0800 Subject: [PATCH 09/17] test --- .../org/apache/iotdb/commons/auth/user/BasicUserManager.java | 3 +++ .../apache/iotdb/commons/auth/user/LocalFileUserAccessor.java | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java index 0ec807d370699..562bc06de59e3 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java @@ -101,6 +101,7 @@ public User getUser(String username) throws AuthException { if (user != null) { user.setLastActiveTime(System.currentTimeMillis()); } + logger.info("getUser result: " + user); return user; } @@ -114,9 +115,11 @@ public boolean createUser(String username, String password) throws AuthException if (user != null) { return false; } + logger.info("after getUser user" + user); lock.writeLock(username); try { user = new User(username, AuthUtils.encryptPassword(password)); + logger.info("start save user" + username); accessor.saveUser(user); userMap.put(username, user); return true; diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index 38ed3b5e2cd72..5971b2ade6ee8 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -155,9 +155,12 @@ public void saveUser(User user) throws IOException { + user.getName() + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); + logger.info("saveUser : " + userProfile); try (BufferedOutputStream outputStream = new BufferedOutputStream(new FileOutputStream(userProfile))) { + logger.info("1"); try { + logger.info("2"); IOUtils.writeString(outputStream, user.getName(), STRING_ENCODING, encodingBufferLocal); IOUtils.writeString(outputStream, user.getPassword(), STRING_ENCODING, encodingBufferLocal); @@ -189,6 +192,7 @@ public void saveUser(User user) throws IOException { File oldFile = SystemFileFactory.INSTANCE.getFile( userDirPath + File.separator + user.getName() + IoTDBConstant.PROFILE_SUFFIX); + logger.info("saveUser oldFile" + oldFile); IOUtils.replaceFile(userProfile, oldFile); } From 2954976fdd0dbb287cbf2c9d5d195bd6eaa52a5a Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 13:20:16 +0800 Subject: [PATCH 10/17] test --- .../org/apache/iotdb/confignode/persistence/AuthorInfo.java | 1 - .../iotdb/commons/auth/authorizer/BasicAuthorizer.java | 1 - .../apache/iotdb/commons/auth/user/BasicUserManager.java | 6 ------ .../iotdb/commons/auth/user/LocalFileUserAccessor.java | 5 ++--- 4 files changed, 2 insertions(+), 11 deletions(-) diff --git a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java index d8691daa8c5ff..c3941b942b19b 100644 --- a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java +++ b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java @@ -116,7 +116,6 @@ public TSStatus authorNonQuery(AuthorReq authorReq) { String newPassword = authorReq.getNewPassword(); Set permissions = authorReq.getPermissions(); String nodeName = authorReq.getNodeName(); - logger.info(userName); try { switch (authorType) { case UpdateUser: diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java index 1308ec593688e..d608fcc1feb38 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java @@ -110,7 +110,6 @@ public boolean login(String username, String password) throws AuthException { @Override public void createUser(String username, String password) throws AuthException { - logger.info(username + ":" + password); if (!userManager.createUser(username, password)) { throw new AuthException(String.format("User %s already exists", username)); } diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java index 562bc06de59e3..d2dbb6587b061 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java @@ -84,10 +84,8 @@ private void initAdmin() throws AuthException { public User getUser(String username) throws AuthException { lock.readLock(username); User user = userMap.get(username); - logger.info("getUser"); try { if (user == null) { - logger.info("null"); user = accessor.loadUser(username); if (user != null) { userMap.put(username, user); @@ -101,7 +99,6 @@ public User getUser(String username) throws AuthException { if (user != null) { user.setLastActiveTime(System.currentTimeMillis()); } - logger.info("getUser result: " + user); return user; } @@ -110,16 +107,13 @@ public boolean createUser(String username, String password) throws AuthException AuthUtils.validateUsername(username); AuthUtils.validatePassword(password); - logger.info("BUM: " + username); User user = getUser(username); if (user != null) { return false; } - logger.info("after getUser user" + user); lock.writeLock(username); try { user = new User(username, AuthUtils.encryptPassword(password)); - logger.info("start save user" + username); accessor.saveUser(user); userMap.put(username, user); return true; diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index 5971b2ade6ee8..75ec0a084fe0e 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -84,7 +84,6 @@ public User loadUser(String username) throws IOException { File userProfile = SystemFileFactory.INSTANCE.getFile( userDirPath + File.separator + username + IoTDBConstant.PROFILE_SUFFIX); - logger.info(userProfile + ": file path"); if (!userProfile.exists() || !userProfile.isFile()) { // System may crush before a newer file is renamed. File newProfile = @@ -95,9 +94,7 @@ public User loadUser(String username) throws IOException { logger.info("New profile renaming not succeed."); } userProfile = newProfile; - logger.info(userProfile + ": temp path exist"); } else { - logger.info(userProfile + ": temp path not exist"); return null; } } @@ -156,6 +153,8 @@ public void saveUser(User user) throws IOException { + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); logger.info("saveUser : " + userProfile); + logger.info(String.valueOf(userProfile.isFile())); + logger.info(String.valueOf(userProfile.exists())); try (BufferedOutputStream outputStream = new BufferedOutputStream(new FileOutputStream(userProfile))) { logger.info("1"); From 600ec36b018b4f07a09c2cd4d417f06709d82ab5 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 13:23:06 +0800 Subject: [PATCH 11/17] test --- .../iotdb/commons/auth/user/LocalFileUserAccessor.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index 75ec0a084fe0e..a6d5e1db589af 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -155,8 +155,9 @@ public void saveUser(User user) throws IOException { logger.info("saveUser : " + userProfile); logger.info(String.valueOf(userProfile.isFile())); logger.info(String.valueOf(userProfile.exists())); - try (BufferedOutputStream outputStream = - new BufferedOutputStream(new FileOutputStream(userProfile))) { + FileOutputStream fileOutputStream = new FileOutputStream(userProfile); + logger.info(String.valueOf(fileOutputStream)); + try (BufferedOutputStream outputStream = new BufferedOutputStream(fileOutputStream)) { logger.info("1"); try { logger.info("2"); From 8f4cd1ea3ac70a91b1c8d71f8610eed8f508ec56 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 13:45:24 +0800 Subject: [PATCH 12/17] test --- .../commons/auth/role/LocalFileRoleAccessor.java | 3 +++ .../commons/auth/user/LocalFileUserAccessor.java | 16 ++++++---------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java index a2c040e3bb926..60a830bdb67dd 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java @@ -114,6 +114,9 @@ public void saveRole(Role role) throws IOException { + role.getName() + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); + if (!roleProfile.exists()) { + roleProfile.createNewFile(); + } try (BufferedOutputStream outputStream = new BufferedOutputStream(new FileOutputStream(roleProfile))) { try { diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index a6d5e1db589af..83b5966fddf47 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -91,7 +91,7 @@ public User loadUser(String username) throws IOException { userDirPath + File.separator + username + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); if (newProfile.exists() && newProfile.isFile()) { if (!newProfile.renameTo(userProfile)) { - logger.info("New profile renaming not succeed."); + logger.error("New profile renaming not succeed."); } userProfile = newProfile; } else { @@ -152,15 +152,12 @@ public void saveUser(User user) throws IOException { + user.getName() + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); - logger.info("saveUser : " + userProfile); - logger.info(String.valueOf(userProfile.isFile())); - logger.info(String.valueOf(userProfile.exists())); - FileOutputStream fileOutputStream = new FileOutputStream(userProfile); - logger.info(String.valueOf(fileOutputStream)); - try (BufferedOutputStream outputStream = new BufferedOutputStream(fileOutputStream)) { - logger.info("1"); + if (!userProfile.exists()) { + userProfile.createNewFile(); + } + try (BufferedOutputStream outputStream = + new BufferedOutputStream(new FileOutputStream(userProfile))) { try { - logger.info("2"); IOUtils.writeString(outputStream, user.getName(), STRING_ENCODING, encodingBufferLocal); IOUtils.writeString(outputStream, user.getPassword(), STRING_ENCODING, encodingBufferLocal); @@ -192,7 +189,6 @@ public void saveUser(User user) throws IOException { File oldFile = SystemFileFactory.INSTANCE.getFile( userDirPath + File.separator + user.getName() + IoTDBConstant.PROFILE_SUFFIX); - logger.info("saveUser oldFile" + oldFile); IOUtils.replaceFile(userProfile, oldFile); } From 85bc3e041fe086736b51c9ec3408d3db3a5bdd4d Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 14:13:18 +0800 Subject: [PATCH 13/17] test --- .../service/thrift/ConfigNodeRPCServiceProcessorTest.java | 1 - .../apache/iotdb/commons/auth/user/LocalFileUserAccessor.java | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/confignode/src/test/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessorTest.java b/confignode/src/test/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessorTest.java index fa35800609107..a6c74cd4b184b 100644 --- a/confignode/src/test/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessorTest.java +++ b/confignode/src/test/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessorTest.java @@ -550,7 +550,6 @@ public void getAndCreateDataPartitionTest() throws TException { dataPartitionResp.getDataPartitionMap()); } - @Test public void permissionTest() throws TException { TSStatus status; diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index 83b5966fddf47..671414a2e4c00 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -152,9 +152,11 @@ public void saveUser(User user) throws IOException { + user.getName() + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); + logger.info(String.valueOf(userProfile.exists())); if (!userProfile.exists()) { userProfile.createNewFile(); } + logger.info(String.valueOf(userProfile.exists())); try (BufferedOutputStream outputStream = new BufferedOutputStream(new FileOutputStream(userProfile))) { try { From 54e921e44d5ba24c11198a137576f9e28f113e79 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 14:36:04 +0800 Subject: [PATCH 14/17] test --- .../iotdb/commons/auth/user/LocalFileUserAccessor.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index 671414a2e4c00..0f39ccc6bbce5 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -153,6 +153,16 @@ public void saveUser(User user) throws IOException { + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); logger.info(String.valueOf(userProfile.exists())); + logger.info("userDirPath" + userDirPath); + logger.info( + String.valueOf( + SystemFileFactory.INSTANCE + .getFile(userDirPath + File.separator + "root" + IoTDBConstant.PROFILE_SUFFIX) + .exists())); + logger.info( + SystemFileFactory.INSTANCE + .getFile(userDirPath + File.separator + "root" + IoTDBConstant.PROFILE_SUFFIX) + .toString()); if (!userProfile.exists()) { userProfile.createNewFile(); } From cd7c9fbb0524eb15212db07c5b3cf95a3c3ac382 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 15:20:03 +0800 Subject: [PATCH 15/17] test --- .../thrift/ConfigNodeRPCServiceProcessorTest.java | 1 + .../iotdb/commons/auth/user/LocalFileUserAccessor.java | 9 ++------- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/confignode/src/test/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessorTest.java b/confignode/src/test/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessorTest.java index a6c74cd4b184b..fa35800609107 100644 --- a/confignode/src/test/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessorTest.java +++ b/confignode/src/test/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessorTest.java @@ -550,6 +550,7 @@ public void getAndCreateDataPartitionTest() throws TException { dataPartitionResp.getDataPartitionMap()); } + @Test public void permissionTest() throws TException { TSStatus status; diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index 0f39ccc6bbce5..0f2a724069aca 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -152,17 +152,12 @@ public void saveUser(User user) throws IOException { + user.getName() + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); - logger.info(String.valueOf(userProfile.exists())); - logger.info("userDirPath" + userDirPath); + logger.info("userDirPath: " + new File(userDirPath).exists()); logger.info( String.valueOf( SystemFileFactory.INSTANCE - .getFile(userDirPath + File.separator + "root" + IoTDBConstant.PROFILE_SUFFIX) + .getFile(userDirPath + File.separator + "tempuser0" + IoTDBConstant.PROFILE_SUFFIX) .exists())); - logger.info( - SystemFileFactory.INSTANCE - .getFile(userDirPath + File.separator + "root" + IoTDBConstant.PROFILE_SUFFIX) - .toString()); if (!userProfile.exists()) { userProfile.createNewFile(); } From 8f2a3ea775e448b88da79bfbb9fab9faa577b6de Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 15:57:53 +0800 Subject: [PATCH 16/17] test --- .../commons/auth/role/LocalFileRoleAccessor.java | 5 +++-- .../commons/auth/user/LocalFileUserAccessor.java | 12 +++--------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java index 60a830bdb67dd..1c7df8993ce88 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java @@ -114,8 +114,9 @@ public void saveRole(Role role) throws IOException { + role.getName() + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); - if (!roleProfile.exists()) { - roleProfile.createNewFile(); + File roleDir = new File(roleDirPath); + if (!roleDir.exists()) { + roleProfile.getParentFile().mkdirs(); } try (BufferedOutputStream outputStream = new BufferedOutputStream(new FileOutputStream(roleProfile))) { diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java index 0f2a724069aca..b853b4107ba92 100644 --- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java +++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java @@ -152,16 +152,10 @@ public void saveUser(User user) throws IOException { + user.getName() + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX); - logger.info("userDirPath: " + new File(userDirPath).exists()); - logger.info( - String.valueOf( - SystemFileFactory.INSTANCE - .getFile(userDirPath + File.separator + "tempuser0" + IoTDBConstant.PROFILE_SUFFIX) - .exists())); - if (!userProfile.exists()) { - userProfile.createNewFile(); + File userDir = new File(userDirPath); + if (!userDir.exists()) { + userProfile.getParentFile().mkdirs(); } - logger.info(String.valueOf(userProfile.exists())); try (BufferedOutputStream outputStream = new BufferedOutputStream(new FileOutputStream(userProfile))) { try { From 0a47a1dccba35566ebb95269adefc852ae21e587 Mon Sep 17 00:00:00 2001 From: renyuhua Date: Wed, 11 May 2022 16:54:14 +0800 Subject: [PATCH 17/17] fix file not exist --- .../org/apache/iotdb/confignode/persistence/AuthorInfoTest.java | 1 - 1 file changed, 1 deletion(-) diff --git a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java index 6a9c58353b697..d59bd3e00e237 100644 --- a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java +++ b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java @@ -54,7 +54,6 @@ public void permissionTest() throws TException, AuthException { TSStatus status; List userList = new ArrayList<>(); - userList.add("root"); userList.add("user0"); userList.add("user1");