Skip to content

[To rel/1.0] Add SHOW_CQ privilege #8653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JackieTien97 merged 2 commits into from
Dec 29, 2022
Merged

[To rel/1.0] Add SHOW_CQ privilege #8653

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2a63e74
[To rel/1.0] Add SHOW_CQ privilege
JackieTien97 Dec 29, 2022
236b236
Add IT and docs
JackieTien97 Dec 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -716,7 +716,7 @@ PRIVILEGE_VALUE
| GRANT_USER_PRIVILEGE | REVOKE_USER_PRIVILEGE | GRANT_USER_ROLE | REVOKE_USER_ROLE
| CREATE_ROLE | DELETE_ROLE | LIST_ROLE | GRANT_ROLE_PRIVILEGE | REVOKE_ROLE_PRIVILEGE
| CREATE_FUNCTION | DROP_FUNCTION | CREATE_TRIGGER | DROP_TRIGGER | START_TRIGGER | STOP_TRIGGER
| CREATE_CONTINUOUS_QUERY | DROP_CONTINUOUS_QUERY
| CREATE_CONTINUOUS_QUERY | DROP_CONTINUOUS_QUERY | SHOW_CONTINUOUS_QUERIES
| APPLY_TEMPLATE | UPDATE_TEMPLATE | READ_TEMPLATE | READ_TEMPLATE_APPLICATION
;

Expand Down Expand Up @@ -840,6 +840,10 @@ DROP_CONTINUOUS_QUERY
: D R O P '_' C O N T I N U O U S '_' Q U E R Y
;

SHOW_CONTINUOUS_QUERIES
: S H O W '_' C O N T I N U O U S '_' Q U E R I E S
;

SCHEMA_REPLICATION_FACTOR
: S C H E M A '_' R E P L I C A T I O N '_' F A C T O R
;
Expand Down
65 changes: 33 additions & 32 deletions docs/UserGuide/Administration-Management/Administration.md
View file
Open in desktop

Large diffs are not rendered by default.

65 changes: 33 additions & 32 deletions docs/zh/UserGuide/Administration-Management/Administration.md
View file
Open in desktop

Large diffs are not rendered by default.

88 changes: 88 additions & 0 deletions integration-test/src/test/java/org/apache/iotdb/db/it/cq/IoTDBCQIT.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -481,6 +481,94 @@ public void testShowCQ() {
}
}

@Test
public void testShowAuth() {
try (Connection connection = EnvFactory.getEnv().getConnection();
Statement statement = connection.createStatement()) {

String[] cqIds = {"show_cq_1", "show_cq_2", "show_cq_3", "show_cq_4"};
String[] cqSQLs = {
"CREATE CQ show_cq_1 \n"
+ "RESAMPLE \n"
+ " EVERY 30m\n"
+ " BOUNDARY 0\n"
+ " RANGE 30m, 10m\n"
+ "TIMEOUT POLICY BLOCKED\n"
+ "BEGIN \n"
+ " SELECT count(s1) \n"
+ " INTO root.sg_count.d(count_s1)\n"
+ " FROM root.sg.d\n"
+ " GROUP BY(30m)\n"
+ "END",
"CREATE CQ show_cq_2\n"
+ "BEGIN \n"
+ " SELECT count(s1) \n"
+ " INTO root.sg_count.d(count_s1)\n"
+ " FROM root.sg.d\n"
+ " GROUP BY(30m)\n"
+ "END",
"CREATE CQ show_cq_3\n"
+ "RESAMPLE RANGE 30m, 0m\n"
+ "TIMEOUT POLICY DISCARD\n"
+ "BEGIN \n"
+ " SELECT count(s1) \n"
+ " INTO root.sg_count.d(count_s1)\n"
+ " FROM root.sg.d\n"
+ " GROUP BY(10m)\n"
+ "END",
"CREATE CQ show_cq_4\n"
+ "RESAMPLE EVERY 30m \n"
+ "TIMEOUT POLICY DISCARD\n"
+ "BEGIN \n"
+ " SELECT count(s1) \n"
+ " INTO root.sg_count.d(count_s1)\n"
+ " FROM root.sg.d\n"
+ " GROUP BY(10m)\n"
+ "END"
};

for (String sql : cqSQLs) {
statement.execute(sql);
}

statement.execute("CREATE USER `zmty` 'zmty'");

try (Connection connection2 = EnvFactory.getEnv().getConnection("zmty", "zmty");
Statement statement2 = connection2.createStatement()) {
try {
statement2.executeQuery("show CQS");
fail();
} catch (Exception e) {
assertEquals(
TSStatusCode.NO_PERMISSION.getStatusCode()
+ ": No permissions for this operation, please add privilege SHOW_CONTINUOUS_QUERIES",
e.getMessage());
}

statement.execute("GRANT USER `zmty` PRIVILEGES SHOW_CONTINUOUS_QUERIES");

try (ResultSet resultSet = statement2.executeQuery("show CQS")) {

int cnt = 0;
while (resultSet.next()) {
// No need to add time column for aggregation query
assertEquals(cqIds[cnt], resultSet.getString(1));
assertEquals(cqSQLs[cnt], resultSet.getString(2));
assertEquals("ACTIVE", resultSet.getString(3));
cnt++;
}
assertEquals(cqIds.length, cnt);
}
}

for (String cqId : cqIds) {
statement.execute(String.format("DROP CQ %s;", cqId));
}
} catch (Exception e) {
fail(e.getMessage());
}
}

// =======================================drop cq======================================
@Test
public void testDropCQ() {
Expand Down
3 changes: 2 additions & 1 deletion node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,8 @@ public enum PrivilegeType {
UPDATE_TEMPLATE,
READ_TEMPLATE,
APPLY_TEMPLATE(true),
READ_TEMPLATE_APPLICATION;
READ_TEMPLATE_APPLICATION,
SHOW_CONTINUOUS_QUERIES;

private static final int PRIVILEGE_COUNT = values().length;

Expand Down
2 changes: 2 additions & 0 deletions server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,8 @@ private static int translateToPermissionId(StatementType type) {
case SHOW_PATH_SET_SCHEMA_TEMPLATE:
case SHOW_PATH_USING_SCHEMA_TEMPLATE:
return PrivilegeType.READ_TEMPLATE_APPLICATION.ordinal();
case SHOW_CONTINUOUS_QUERIES:
return PrivilegeType.SHOW_CONTINUOUS_QUERIES.ordinal();
default:
logger.error("Unrecognizable operator type ({}) for AuthorityChecker.", type);
return -1;
Expand Down
22 changes: 0 additions & 22 deletions server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@

import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.commons.service.JMXService;
import org.apache.iotdb.db.auth.AuthorityChecker;
Expand Down Expand Up @@ -53,7 +52,6 @@
import java.util.stream.Collectors;

import static org.apache.iotdb.db.utils.ErrorHandlingUtils.onNPEOrUnexpectedException;
import static org.apache.iotdb.db.utils.ErrorHandlingUtils.onQueryException;

public class SessionManager implements SessionManagerMBean {
private static final Logger LOGGER = LoggerFactory.getLogger(SessionManager.class);
Expand Down Expand Up @@ -266,26 +264,6 @@ public boolean checkAuthorization(PhysicalPlan plan, String username) throws Aut
username, plan.getAuthPaths(), plan.getOperatorType(), targetUser);
}

/** Check whether specific Session has the authorization to given plan. */
public TSStatus checkAuthority(PhysicalPlan plan, IClientSession session) {
try {
if (!checkAuthorization(plan, session.getUsername())) {
return RpcUtils.getStatus(
TSStatusCode.NO_PERMISSION,
"No permissions for this operation, please add privilege "
+ PrivilegeType.values()[
AuthorityChecker.translateToPermissionId(plan.getOperatorType())]);
}
} catch (AuthException e) {
LOGGER.warn("meet error while checking authorization.", e);
return RpcUtils.getStatus(TSStatusCode.UNINITIALIZED_AUTH_ERROR, e.getMessage());
} catch (Exception e) {
return onQueryException(
e, OperationType.CHECK_AUTHORITY.getName(), TSStatusCode.EXECUTE_STATEMENT_ERROR);
}
return null;
}

/**
* this method can be only used in client-thread model.
*
Expand Down
Loading