Skip to content

Commit

Permalink
fix sql formater.
Browse files Browse the repository at this point in the history
  • Loading branch information
@ColinLeeo
ColinLeeo committed Jan 21, 2025
1 parent 62a7657 commit 680b4a0
Show file tree
Hide file tree
Showing 14 changed files with 413 additions and 171 deletions.
158 changes: 101 additions & 57 deletions integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBRelationalAuthIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@

package org.apache.iotdb.db.it.auth;

import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.db.it.utils.TestUtils;
import org.apache.iotdb.it.env.EnvFactory;
import org.apache.iotdb.it.framework.IoTDBTestRunner;
import org.apache.iotdb.itbase.category.TableClusterIT;
Expand All @@ -34,14 +36,12 @@

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Arrays;
import java.util.List;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

@RunWith(IoTDBTestRunner.class)
@Category({TableLocalStandaloneIT.class, TableClusterIT.class})
Expand All @@ -56,30 +56,6 @@ public void tearDown() throws Exception {
EnvFactory.getEnv().cleanClusterEnvironment();
}

private void validateResultSet(ResultSet set, String ans) throws SQLException {
try {
StringBuilder builder = new StringBuilder();
ResultSetMetaData metaData = set.getMetaData();
int colNum = metaData.getColumnCount();
while (set.next()) {
for (int i = 1; i <= colNum; i++) {
builder.append(set.getString(i)).append(",");
}
builder.append("\n");
}
String result = builder.toString();
assertEquals(ans.length(), result.length());
List<String> ansLines = Arrays.asList(ans.split("\n"));
List<String> resultLines = Arrays.asList(result.split("\n"));
assertEquals(ansLines.size(), resultLines.size());
for (String resultLine : resultLines) {
assertTrue(ansLines.contains(resultLine));
}
} finally {
set.close();
}
}

@Test
public void listUserPrivileges() throws SQLException {
try (Connection adminCon = EnvFactory.getEnv().getConnection(BaseEnv.TABLE_SQL_DIALECT);
Expand Down Expand Up @@ -117,17 +93,19 @@ public void listUserPrivileges() throws SQLException {
adminStmt.execute("GRANT DROP ON testdb.tb to user testuser with grant option");

ResultSet rs = adminStmt.executeQuery("LIST PRIVILEGES OF USER testuser");
String ans =
",,MANAGE_USER,false,\n"
+ ",,MANAGE_ROLE,false,\n"
+ ",*.*,SELECT,false,\n"
+ ",*.*,INSERT,false,\n"
+ ",*.*,DELETE,false,\n"
+ ",testdb.*,SELECT,true,\n"
+ ",testdb.tb,SELECT,false,\n"
+ ",testdb.tb,INSERT,true,\n"
+ ",testdb.tb,DROP,true,\n";
validateResultSet(rs, ans);
Set<String> ans =
new HashSet<>(
Arrays.asList(
",,MANAGE_USER,false,",
",,MANAGE_ROLE,false,",
",*.*,SELECT,false,",
",*.*,INSERT,false,",
",*.*,DELETE,false,",
",testdb.*,SELECT,true,",
",testdb.tb,SELECT,false,",
",testdb.tb,INSERT,true,",
",testdb.tb,DROP,true,"));
TestUtils.assertResultSetEqual(rs, "Role,Scope,Privileges,GrantOption,", ans);
}
}

Expand Down Expand Up @@ -230,21 +208,23 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {

// can list itself privileges and the all roles privileges
ResultSet rs = userStmt.executeQuery("List privileges of user testuser");
String ans =
",,MANAGE_ROLE,false,\n"
+ ",*.*,ALTER,false,\n"
+ ",testdb.*,INSERT,false,\n"
+ ",testdb.tb,SELECT,false,\n"
+ ",testdb.tb,INSERT,false,\n"
+ "testrole2,,MAINTAIN,false,\n"
+ "testrole,,MAINTAIN,true,\n";
validateResultSet(rs, ans);
Set<String> ans =
new HashSet<>(
Arrays.asList(
",,MANAGE_ROLE,false,",
",*.*,ALTER,false,",
",testdb.*,INSERT,false,",
",testdb.tb,SELECT,false,",
",testdb.tb,INSERT,false,",
"testrole2,,MAINTAIN,false,",
"testrole,,MAINTAIN,true,"));
TestUtils.assertResultSetEqual(rs, "Role,Scope,Privileges,GrantOption,", ans);
rs = userStmt.executeQuery("List privileges of role testrole");
ans = "testrole,,MAINTAIN,true,\n";
validateResultSet(rs, ans);
ans = new HashSet<>(Collections.singletonList("testrole,,MAINTAIN,true,"));
TestUtils.assertResultSetEqual(rs, "Role,Scope,Privileges,GrantOption,", ans);
rs = userStmt.executeQuery("List privileges of role testrole2");
ans = "testrole2,,MAINTAIN,false,\n";
validateResultSet(rs, ans);
ans = new HashSet<>(Collections.singletonList("testrole2,,MAINTAIN,false,"));
TestUtils.assertResultSetEqual(rs, "Role,Scope,Privileges,GrantOption,", ans);
// testdb.TB's privilege is not grant option.
Assert.assertThrows(
SQLException.class,
Expand Down Expand Up @@ -289,8 +269,9 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {
userStmt.execute("GRANT drop on database testdb to user testuser3");
userStmt.execute("GRANT SELECT ON database testdb to user testuser3");
ResultSet rs = userStmt.executeQuery("List privileges of user testuser3");
String ans = ",testdb.*,SELECT,false,\n" + ",testdb.*,DROP,false,\n";
validateResultSet(rs, ans);
Set<String> ans =
new HashSet<>(Arrays.asList(",testdb.*,SELECT,false,", ",testdb.*,DROP,false,"));
TestUtils.assertResultSetEqual(rs, "Role,Scope,Privileges,GrantOption,", ans);
userStmt.execute("REVOKE SELECT ON DATABASE testdb from user testuser3");
Assert.assertThrows(
SQLException.class,
Expand All @@ -299,8 +280,71 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {
});

rs = userStmt.executeQuery("List privileges of user testuser3");
ans = ",testdb.*,DROP,false,\n";
validateResultSet(rs, ans);
TestUtils.assertResultSetEqual(
rs, "Role,Scope,Privileges,GrantOption,", Collections.singleton(",testdb.*,DROP,false,"));
}
}

@Test
public void checkGrantRevokeAllPrivileges() throws SQLException {
try (Connection adminCon = EnvFactory.getEnv().getConnection(BaseEnv.TABLE_SQL_DIALECT);
Statement adminStmt = adminCon.createStatement()) {
adminStmt.execute("create user test 'password'");
adminStmt.execute("grant all to user test");
adminStmt.execute("revoke SELECT ON ANY from user test");
adminStmt.execute("create role role1");
adminStmt.execute("grant all to role role1 with grant option");
}

Set<String> listUserPrivilegeResult = new HashSet<>();
for (PrivilegeType privilegeType : PrivilegeType.values()) {
if (privilegeType == PrivilegeType.SELECT) {
continue;
}
if (privilegeType.isRelationalPrivilege()) {
listUserPrivilegeResult.add(",*.*," + privilegeType + ",false,");
}
if (privilegeType.forRelationalSys()) {
listUserPrivilegeResult.add(",," + privilegeType + ",false,");
}
}

Set<String> listRolePrivilegeResult = new HashSet<>();
for (PrivilegeType privilegeType : PrivilegeType.values()) {
if (privilegeType.isRelationalPrivilege()) {
listRolePrivilegeResult.add("role1,*.*," + privilegeType + ",true,");
}
if (privilegeType.forRelationalSys()) {
listRolePrivilegeResult.add("role1,," + privilegeType + ",true,");
}
}

try (Connection userCon =
EnvFactory.getEnv().getConnection("test", "password", BaseEnv.TABLE_SQL_DIALECT);
Statement userConStatement = userCon.createStatement()) {
ResultSet resultSet = userConStatement.executeQuery("List privileges of user test");
TestUtils.assertResultSetEqual(
resultSet, "Role,Scope,Privileges,GrantOption,", listUserPrivilegeResult);

// Have manage_role privilege
resultSet = userConStatement.executeQuery("List privileges of role role1");
TestUtils.assertResultSetEqual(
resultSet, "Role,Scope,Privileges,GrantOption,", listRolePrivilegeResult);

// Do not have grant option
Assert.assertThrows(
SQLException.class,
() -> {
userConStatement.execute("GRANT SELECT ON DATABASE TEST to role role1");
});
}

try (Connection adminCon = EnvFactory.getEnv().getConnection(BaseEnv.TABLE_SQL_DIALECT);
Statement adminStmt = adminCon.createStatement()) {
adminStmt.execute("REVOKE ALL FROM USER test");
ResultSet resultSet = adminStmt.executeQuery("List privileges of user test");
TestUtils.assertResultSetEqual(
resultSet, "Role,Scope,Privileges,GrantOption,", Collections.emptySet());
}
}
}
4 changes: 4 additions & 0 deletions ...de/src/main/java/org/apache/iotdb/confignode/persistence/executor/ConfigPlanExecutor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,8 @@ public TSStatus executeNonQueryPlan(ConfigPhysicalPlan physicalPlan)
case RGrantUserRole:
case RGrantRoleAny:
case RGrantUserAny:
case RGrantUserAll:
case RGrantRoleAll:
case RGrantUserDBPriv:
case RGrantUserSysPri:
case RGrantUserTBPriv:
Expand All @@ -488,6 +490,8 @@ public TSStatus executeNonQueryPlan(ConfigPhysicalPlan physicalPlan)
case RGrantRoleTBPriv:
case RRevokeRoleAny:
case RRevokeUserAny:
case RRevokeUserAll:
case RRevokeRoleAll:
case RRevokeUserDBPriv:
case RRevokeUserSysPri:
case RRevokeUserTBPriv:
Expand Down
64 changes: 32 additions & 32 deletions ...core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,11 +256,11 @@ public void permissionTest() throws AuthException, IllegalPathException {
status = authorInfo.authorNonQuery(authorPlan);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges("user0", new PrivilegeUnion(nodeNameList, PrivilegeType.READ_DATA))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());

// grant user system privilege
authorPlan =
Expand All @@ -269,11 +269,11 @@ public void permissionTest() throws AuthException, IllegalPathException {
status = authorInfo.authorNonQuery(authorPlan);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges("user0", new PrivilegeUnion(PrivilegeType.MANAGE_ROLE))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());
// check user privileges
status =
authorInfo
Expand Down Expand Up @@ -868,94 +868,94 @@ public void relationalPermissionTest() throws AuthException {
// TB: database.table ALTER

assertEquals(
authorInfo.checkRoleOfUser("user", "role").getStatus().getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo.checkRoleOfUser("user", "role").getStatus().getCode());
assertEquals(
authorInfo.checkRoleOfUser("user", "role2").getStatus().getCode(),
TSStatusCode.USER_NOT_HAS_ROLE.getStatusCode());
TSStatusCode.USER_NOT_HAS_ROLE.getStatusCode(),
authorInfo.checkRoleOfUser("user", "role2").getStatus().getCode());
// check visible
assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges("user", new PrivilegeUnion("testdb", null))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());
assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges("user", new PrivilegeUnion("database", null))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());
assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges("user", new PrivilegeUnion("database", "table", null))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());
assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges("user", new PrivilegeUnion("database", "table2", null))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());
assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges("user", new PrivilegeUnion("database2", "table2", null))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());
assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges("user", new PrivilegeUnion("testdb", PrivilegeType.SELECT))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());

assertEquals(
TSStatusCode.NO_PERMISSION.getStatusCode(),
authorInfo
.checkUserPrivileges(
"user", new PrivilegeUnion("testdb", "testtb", PrivilegeType.INSERT))
.getStatus()
.getCode(),
TSStatusCode.NO_PERMISSION.getStatusCode());
.getCode());

assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges(
"user", new PrivilegeUnion("testdb", "table", PrivilegeType.CREATE))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());

assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges("user", new PrivilegeUnion(PrivilegeType.MANAGE_ROLE))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());

assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges(
"user", new PrivilegeUnion("database", "table", PrivilegeType.ALTER))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());

assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
authorInfo
.checkUserPrivileges(
"user", new PrivilegeUnion("testdb", "table2", PrivilegeType.DELETE, true))
.getStatus()
.getCode(),
TSStatusCode.SUCCESS_STATUS.getStatusCode());
.getCode());

assertEquals(
TSStatusCode.NO_PERMISSION.getStatusCode(),
authorInfo
.checkUserPrivileges(
"user", new PrivilegeUnion("database", "table", PrivilegeType.ALTER, true))
.getStatus()
.getCode(),
TSStatusCode.NO_PERMISSION.getStatusCode());
.getCode());
}
}
2 changes: 1 addition & 1 deletion iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -663,7 +663,7 @@ private TAuthorizerRelationalReq statementToAuthorizerReq(
authorStatement.getPassword() == null ? "" : authorStatement.getPassword(),
authorStatement.getDatabase() == null ? "" : authorStatement.getDatabase(),
authorStatement.getTableName() == null ? "" : authorStatement.getTableName(),
authorStatement.getPrivilegeType() == null
authorStatement.getPrivilegeTypes() == null
? Collections.emptySet()
: authorStatement.getPrivilegeIds(),
authorStatement.isGrantOption());
Expand Down
Loading

0 comments on commit 680b4a0

Please sign in to comment.