Skip to content

Commit

Permalink
Merge branch 'master' into feature/memory_collect
Browse files Browse the repository at this point in the history
  • Loading branch information
@SpriCoder
SpriCoder committed Jan 25, 2025
2 parents 002c97d + 25128fc commit ca96958
Show file tree
Hide file tree
Showing 211 changed files with 15,239 additions and 4,757 deletions.
4 changes: 2 additions & 2 deletions ...st/src/test/java/org/apache/iotdb/confignode/it/database/IoTDBDatabaseSetAndDeleteIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ public class IoTDBDatabaseSetAndDeleteIT {

@Before
public void setUp() throws Exception {
// Init 1C0D environment
EnvFactory.getEnv().initClusterEnvironment(1, 0);
// Init 1C1D environment
EnvFactory.getEnv().initClusterEnvironment(1, 1);
}

@After
Expand Down
137 changes: 73 additions & 64 deletions integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,10 +114,11 @@ public void allPrivilegesTest() throws SQLException {
// tempuser revoke his write_schema privilege
userStmt.execute("REVOKE WRITE_SCHEMA ON root.** FROM USER tempuser");

// 6. REVOKE ALL will get an error.
Assert.assertThrows(
SQLException.class,
() -> adminStmt.execute("REVOKE ALL on root.** FROM USER tempuser"));
SQLException.class, () -> userStmt.execute("GRANT READ_DATA root.t1 to USER tempuser"));

// 6. REVOKE ALL will be ok.
adminStmt.execute("REVOKE ALL on root.** FROM USER tempuser");
adminStmt.execute("GRANT ALL ON root.** TO USER tempuser");
adminStmt.execute("REVOKE ALL ON root.** FROM USER tempuser");

Expand Down Expand Up @@ -254,9 +255,7 @@ public void illegalGrantRevokeUserTest() throws SQLException {
() -> userStmt.execute("GRANT WRITE_SCHEMA on root.a.b TO USER tempuser"));
// revoke a non-existing privilege
adminStmt.execute("REVOKE MANAGE_USER on root.** FROM USER tempuser");
Assert.assertThrows(
SQLException.class,
() -> adminStmt.execute("REVOKE MANAGE_USER on root.** FROM USER tempuser"));

// revoke a non-existing user
Assert.assertThrows(
SQLException.class,
Expand Down Expand Up @@ -312,9 +311,7 @@ public void createDeleteTimeSeriesTest() throws SQLException {
() ->
userStmt.execute("CREATE TIMESERIES root.b.a WITH DATATYPE=INT32,ENCODING=PLAIN"));

Assert.assertThrows(
SQLException.class,
() -> adminStmt.execute("REVOKE WRITE_SCHEMA ON root.a.b FROM USER tempuser"));
adminStmt.execute("REVOKE WRITE_SCHEMA ON root.a.b FROM USER tempuser");
// no privilege to create this one anymore
Assert.assertThrows(
SQLException.class,
Expand Down Expand Up @@ -450,7 +447,7 @@ public void testListUser() throws SQLException {

try {
ResultSet resultSet = adminStmt.executeQuery("LIST USER");
String ans = String.format("root,\n");
String ans = "root,\n";
try {
validateResultSet(resultSet, ans);

Expand Down Expand Up @@ -551,7 +548,7 @@ public void testListUserRole() throws SQLException {
// user1 : role1; MANAGE_ROLE,MANAGE_USER
// user2 : role1, role2;
ResultSet resultSet;
String ans = "";
String ans;
Connection userCon = EnvFactory.getEnv().getConnection("user1", "password");
Statement userStmt = userCon.createStatement();
try {
Expand Down Expand Up @@ -618,16 +615,16 @@ public void testListUserPrivileges() throws SQLException {
validateResultSet(resultSet, ans);
resultSet = adminStmt.executeQuery("LIST PRIVILEGES OF USER root");
ans =
",root.**,MANAGE_USER,true,\n"
+ ",root.**,MANAGE_ROLE,true,\n"
+ ",root.**,USE_TRIGGER,true,\n"
+ ",root.**,USE_UDF,true,\n"
+ ",root.**,USE_CQ,true,\n"
+ ",root.**,USE_PIPE,true,\n"
+ ",root.**,USE_MODEL,true,\n"
+ ",root.**,EXTEND_TEMPLATE,true,\n"
+ ",root.**,MANAGE_DATABASE,true,\n"
+ ",root.**,MAINTAIN,true,\n"
",,MANAGE_USER,true,\n"
+ ",,MANAGE_ROLE,true,\n"
+ ",,USE_TRIGGER,true,\n"
+ ",,USE_UDF,true,\n"
+ ",,USE_CQ,true,\n"
+ ",,USE_PIPE,true,\n"
+ ",,USE_MODEL,true,\n"
+ ",,EXTEND_TEMPLATE,true,\n"
+ ",,MANAGE_DATABASE,true,\n"
+ ",,MAINTAIN,true,\n"
+ ",root.**,READ_DATA,true,\n"
+ ",root.**,WRITE_DATA,true,\n"
+ ",root.**,READ_SCHEMA,true,\n"
Expand Down Expand Up @@ -964,22 +961,25 @@ public void testGrantAndGrantOpt() throws SQLException {

// 2. USER1 has all privileges on root.**
for (PrivilegeType item : PrivilegeType.values()) {
if (item.isRelationalPrivilege()) {
continue;
}
String sql = "GRANT %s on root.** to USER user1";
adminStmt.execute(String.format(sql, item.toString()));
adminStmt.execute(String.format(sql, item));
}
// 3.admin lists privileges of user1
ResultSet resultSet = adminStmt.executeQuery("LIST PRIVILEGES OF USER user1");
String ans =
",root.**,MANAGE_USER,false,\n"
+ ",root.**,MANAGE_ROLE,false,\n"
+ ",root.**,USE_TRIGGER,false,\n"
+ ",root.**,USE_UDF,false,\n"
+ ",root.**,USE_CQ,false,\n"
+ ",root.**,USE_PIPE,false,\n"
+ ",root.**,USE_MODEL,false,\n"
+ ",root.**,EXTEND_TEMPLATE,false,\n"
+ ",root.**,MANAGE_DATABASE,false,\n"
+ ",root.**,MAINTAIN,false,\n"
",,MANAGE_USER,false,\n"
+ ",,MANAGE_ROLE,false,\n"
+ ",,USE_TRIGGER,false,\n"
+ ",,USE_UDF,false,\n"
+ ",,USE_CQ,false,\n"
+ ",,USE_PIPE,false,\n"
+ ",,USE_MODEL,false,\n"
+ ",,EXTEND_TEMPLATE,false,\n"
+ ",,MANAGE_DATABASE,false,\n"
+ ",,MAINTAIN,false,\n"
+ ",root.**,READ_DATA,false,\n"
+ ",root.**,WRITE_DATA,false,\n"
+ ",root.**,READ_SCHEMA,false,\n"
Expand All @@ -988,21 +988,24 @@ public void testGrantAndGrantOpt() throws SQLException {

// 4. USER2 has all privilegs on root.** with grant option;
for (PrivilegeType item : PrivilegeType.values()) {
if (item.isRelationalPrivilege()) {
continue;
}
String sql = "GRANT %s on root.** to USER user2 with grant option";
adminStmt.execute(String.format(sql, item.toString()));
adminStmt.execute(String.format(sql, item));
}
resultSet = adminStmt.executeQuery("LIST PRIVILEGES OF USER user2");
ans =
",root.**,MANAGE_USER,true,\n"
+ ",root.**,MANAGE_ROLE,true,\n"
+ ",root.**,USE_TRIGGER,true,\n"
+ ",root.**,USE_UDF,true,\n"
+ ",root.**,USE_CQ,true,\n"
+ ",root.**,USE_PIPE,true,\n"
+ ",root.**,USE_MODEL,true,\n"
+ ",root.**,EXTEND_TEMPLATE,true,\n"
+ ",root.**,MANAGE_DATABASE,true,\n"
+ ",root.**,MAINTAIN,true,\n"
",,MANAGE_USER,true,\n"
+ ",,MANAGE_ROLE,true,\n"
+ ",,USE_TRIGGER,true,\n"
+ ",,USE_UDF,true,\n"
+ ",,USE_CQ,true,\n"
+ ",,USE_PIPE,true,\n"
+ ",,USE_MODEL,true,\n"
+ ",,EXTEND_TEMPLATE,true,\n"
+ ",,MANAGE_DATABASE,true,\n"
+ ",,MAINTAIN,true,\n"
+ ",root.**,READ_DATA,true,\n"
+ ",root.**,WRITE_DATA,true,\n"
+ ",root.**,READ_SCHEMA,true,\n"
Expand All @@ -1019,16 +1022,16 @@ public void testGrantAndGrantOpt() throws SQLException {
try {
resultSet = userStmt.executeQuery("LIST PRIVILEGES OF USER user1");
ans =
",root.**,MANAGE_USER,false,\n"
+ ",root.**,MANAGE_ROLE,false,\n"
+ ",root.**,USE_TRIGGER,false,\n"
+ ",root.**,USE_UDF,false,\n"
+ ",root.**,USE_CQ,false,\n"
+ ",root.**,USE_PIPE,false,\n"
+ ",root.**,USE_MODEL,false,\n"
+ ",root.**,EXTEND_TEMPLATE,false,\n"
+ ",root.**,MANAGE_DATABASE,false,\n"
+ ",root.**,MAINTAIN,false,\n"
",,MANAGE_USER,false,\n"
+ ",,MANAGE_ROLE,false,\n"
+ ",,USE_TRIGGER,false,\n"
+ ",,USE_UDF,false,\n"
+ ",,USE_CQ,false,\n"
+ ",,USE_PIPE,false,\n"
+ ",,USE_MODEL,false,\n"
+ ",,EXTEND_TEMPLATE,false,\n"
+ ",,MANAGE_DATABASE,false,\n"
+ ",,MAINTAIN,false,\n"
+ ",root.**,READ_DATA,false,\n"
+ ",root.**,WRITE_DATA,false,\n"
+ ",root.**,READ_SCHEMA,false,\n"
Expand All @@ -1052,21 +1055,21 @@ public void testGrantAndGrantOpt() throws SQLException {
validateResultSet(resultSet, ans);
userStmt.execute("GRANT MANAGE_ROLE ON root.** TO USER user3");
resultSet = userStmt.executeQuery("LIST PRIVILEGES OF USER user3");
ans = ",root.**,MANAGE_ROLE,false,\n";
ans = ",,MANAGE_ROLE,false,\n";
validateResultSet(resultSet, ans);

userStmt.execute("REVOKE MANAGE_ROLE ON root.** FROM USER user1");
resultSet = userStmt.executeQuery("LIST PRIVILEGES OF USER user1");
ans =
",root.**,MANAGE_USER,false,\n"
+ ",root.**,USE_TRIGGER,false,\n"
+ ",root.**,USE_UDF,false,\n"
+ ",root.**,USE_CQ,false,\n"
+ ",root.**,USE_PIPE,false,\n"
+ ",root.**,USE_MODEL,false,\n"
+ ",root.**,EXTEND_TEMPLATE,false,\n"
+ ",root.**,MANAGE_DATABASE,false,\n"
+ ",root.**,MAINTAIN,false,\n"
",,MANAGE_USER,false,\n"
+ ",,USE_TRIGGER,false,\n"
+ ",,USE_UDF,false,\n"
+ ",,USE_CQ,false,\n"
+ ",,USE_PIPE,false,\n"
+ ",,USE_MODEL,false,\n"
+ ",,EXTEND_TEMPLATE,false,\n"
+ ",,MANAGE_DATABASE,false,\n"
+ ",,MAINTAIN,false,\n"
+ ",root.**,READ_DATA,false,\n"
+ ",root.**,WRITE_DATA,false,\n"
+ ",root.**,READ_SCHEMA,false,\n"
Expand Down Expand Up @@ -1115,9 +1118,12 @@ public void testRevokeAndGrantOpt() throws SQLException {
// user2 has all privileges without grant option on root.**
// user2 has all privileges without grant option on root.t1.**
for (PrivilegeType item : PrivilegeType.values()) {
if (item.isRelationalPrivilege()) {
continue;
}
String sql = "GRANT %s on root.** to USER user1 WITH GRANT OPTION";
adminStmt.execute(String.format(sql, item));
if (item.isPathRelevant()) {
if (item.isPathPrivilege()) {
adminStmt.execute(String.format("GRANT %s on root.t1.** TO USER user2", item));
}
sql = "GRANT %s on root.** to USER user2";
Expand All @@ -1130,6 +1136,9 @@ public void testRevokeAndGrantOpt() throws SQLException {
try {
// revoke privileges on root.** and root.t1.**
for (PrivilegeType item : PrivilegeType.values()) {
if (item.isRelationalPrivilege()) {
continue;
}
user1Stmt.execute(String.format("REVOKE %s ON root.** FROM USER user2", item));
}

Expand Down
71 changes: 48 additions & 23 deletions integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
package org.apache.iotdb.db.it.auth;

import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.entity.PrivilegeModelType;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.client.sync.SyncConfigNodeIServiceClient;
import org.apache.iotdb.commons.exception.IllegalPathException;
Expand Down Expand Up @@ -60,8 +61,8 @@ public class IoTDBClusterAuthorityIT {

@Before
public void setUp() throws Exception {
// Init 1C0D environment
EnvFactory.getEnv().initClusterEnvironment(1, 0);
// Init 1C1D environment
EnvFactory.getEnv().initClusterEnvironment(1, 1);
}

@After
Expand Down Expand Up @@ -159,9 +160,11 @@ public void permissionTest() throws IllegalPathException {
// check user privileges
checkUserPrivilegesReq =
new TCheckUserPrivilegesReq(
"tempuser0",
AuthUtils.serializePartialPathList(paths),
PrivilegeType.MANAGE_USER.ordinal());
"tempuser0",
PrivilegeModelType.TREE.ordinal(),
PrivilegeType.MANAGE_USER.ordinal(),
false)
.setPaths(AuthUtils.serializePartialPathList(paths));
status = client.checkUserPrivileges(checkUserPrivilegesReq).getStatus();
assertEquals(TSStatusCode.NO_PERMISSION.getStatusCode(), status.getCode());

Expand Down Expand Up @@ -282,9 +285,11 @@ public void permissionTest() throws IllegalPathException {
// check user privileges
checkUserPrivilegesReq =
new TCheckUserPrivilegesReq(
"tempuser0",
AuthUtils.serializePartialPathList(paths),
PrivilegeType.READ_DATA.ordinal());
"tempuser0",
PrivilegeModelType.TREE.ordinal(),
PrivilegeType.READ_DATA.ordinal(),
false)
.setPaths(AuthUtils.serializePartialPathList(nodeNameList));
status = client.checkUserPrivileges(checkUserPrivilegesReq).getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());

Expand Down Expand Up @@ -367,10 +372,13 @@ public void permissionTest() throws IllegalPathException {
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
assertEquals(ColumnHeaderConstant.PRIVILEGES, authorizerResp.getTag());
assertEquals("tempuser0", authorizerResp.getPermissionInfo().getUserInfo().getUsername());
assertEquals(
new ArrayList<>(), authorizerResp.getPermissionInfo().getUserInfo().getPrivilegeList());
assertEquals(1, authorizerResp.getPermissionInfo().getUserInfo().getRoleListSize());
"tempuser0",
authorizerResp.getPermissionInfo().getUserInfo().getPermissionInfo().getName());
assertEquals(
new ArrayList<>(),
authorizerResp.getPermissionInfo().getUserInfo().getPermissionInfo().getPrivilegeList());
assertEquals(1, authorizerResp.getPermissionInfo().getUserInfo().getRoleSet().size());

// list privileges role
authorizerReq =
Expand Down Expand Up @@ -443,17 +451,32 @@ public void permissionTest() throws IllegalPathException {
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
assertNull(authorizerResp.getMemberInfo());
assertEquals(new HashMap<>(), authorizerResp.getPermissionInfo().getRoleInfo());
assertEquals(new HashSet<>(), authorizerResp.getPermissionInfo().getUserInfo().getRoleSet());
assertEquals(
new ArrayList<>(), authorizerResp.getPermissionInfo().getUserInfo().getRoleList());
assertEquals(
PrivilegeType.getPathPriCount(),
authorizerResp.getPermissionInfo().getUserInfo().getPrivilegeList().get(0).priSet.size());
PrivilegeType.getPrivilegeCount(PrivilegeModelType.TREE),
authorizerResp
.getPermissionInfo()
.getUserInfo()
.getPermissionInfo()
.getPrivilegeList()
.get(0)
.priSet
.size());
assertEquals(
PrivilegeType.getSysPriCount(),
authorizerResp.getPermissionInfo().getUserInfo().getSysPriSet().size());
PrivilegeType.getPrivilegeCount(PrivilegeModelType.SYSTEM),
authorizerResp
.getPermissionInfo()
.getUserInfo()
.getPermissionInfo()
.getSysPriSet()
.size());
assertEquals(
PrivilegeType.getSysPriCount(),
authorizerResp.getPermissionInfo().getUserInfo().getSysPriSetGrantOptSize());
PrivilegeType.getPrivilegeCount(PrivilegeModelType.SYSTEM),
authorizerResp
.getPermissionInfo()
.getUserInfo()
.getPermissionInfo()
.getSysPriSetGrantOptSize());

authorizerReq =
new TAuthorizerReq(
Expand All @@ -473,8 +496,9 @@ public void permissionTest() throws IllegalPathException {
checkUserPrivilegesReq =
new TCheckUserPrivilegesReq(
"tempuser0",
AuthUtils.serializePartialPathList(new ArrayList<>()),
PrivilegeType.MANAGE_USER.ordinal());
PrivilegeModelType.SYSTEM.ordinal(),
PrivilegeType.MANAGE_USER.ordinal(),
false);
status = client.checkUserPrivileges(checkUserPrivilegesReq).getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());

Expand All @@ -496,8 +520,9 @@ public void permissionTest() throws IllegalPathException {
checkUserPrivilegesReq =
new TCheckUserPrivilegesReq(
"tempuser0",
AuthUtils.serializePartialPathList(new ArrayList<>()),
PrivilegeType.MANAGE_DATABASE.ordinal());
PrivilegeModelType.SYSTEM.ordinal(),
PrivilegeType.MANAGE_DATABASE.ordinal(),
false);
status = client.checkUserPrivileges(checkUserPrivilegesReq).getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());

Expand Down
Loading

0 comments on commit ca96958

Please sign in to comment.