morningman commented on a change in pull request #6115: URL: https://github.com/apache/incubator-doris/pull/6115#discussion_r661097875
########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/CreateEncryptKeyStmt.java ########## @@ -0,0 +1,65 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import org.apache.doris.catalog.EncryptKey; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.common.UserException; + +/** + * create a encryptKey Review comment: The an example statement in comment ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/CreateEncryptKeyStmt.java ########## @@ -0,0 +1,65 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import org.apache.doris.catalog.EncryptKey; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.common.UserException; + +/** + * create a encryptKey + */ +public class CreateEncryptKeyStmt extends DdlStmt{ + private final EncryptKeyName encryptKeyName; + private final String keyString; + private EncryptKey encryptKey; + + public CreateEncryptKeyStmt(EncryptKeyName encryptKeyName, String keyString) { + this.encryptKeyName = encryptKeyName; + this.keyString = keyString; + } + + public EncryptKeyName getEncryptKeyName() { + return encryptKeyName; + } + + public String getKeyString() { + return keyString; + } + + public EncryptKey getEncryptKey() { + return encryptKey; + } + + @Override + public void analyze(Analyzer analyzer) throws AnalysisException, UserException { + super.analyze(analyzer); + + encryptKeyName.analyze(analyzer); + + encryptKey = new EncryptKey(encryptKeyName, keyString); Review comment: Do we need to check the validation of `keyString`? Do we accept empty string? ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/EncryptKeyName.java ########## @@ -0,0 +1,174 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import com.google.common.base.Strings; +import org.apache.doris.cluster.ClusterNamespace; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.common.ErrorCode; +import org.apache.doris.common.ErrorReport; +import org.apache.doris.common.io.Text; +import org.apache.doris.common.io.Writable; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.DataInput; +import java.io.DataOutput; +import java.io.IOException; +import java.util.Objects; + +public class EncryptKeyName implements Writable { + private static final Logger LOG = LogManager.getLogger(EncryptKeyName.class); + + private String db; + private String keyName; + + private EncryptKeyName() { + + } + + public EncryptKeyName(String db, String keyName) { + this.db = db; + this.keyName = keyName.toLowerCase(); + if (db != null) { + this.db = db.toLowerCase(); + } + } + + public EncryptKeyName(String keyName) { + this.db = null; + this.keyName = keyName.toLowerCase(); + } + + // used to analyze db element in function name, add cluster + public String analyzeDb(Analyzer analyzer) throws AnalysisException { + if (db == null) { + db = analyzer.getDefaultDb(); + } else { + if (Strings.isNullOrEmpty(analyzer.getClusterName())) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_CLUSTER_NAME_NULL); + } + db = ClusterNamespace.getFullName(analyzer.getClusterName(), db); + } + return db; + } + + public void analyze(Analyzer analyzer) throws AnalysisException { + if (keyName.length() == 0) { + throw new AnalysisException("EncryptKey name can not be empty."); + } + for (int i = 0; i < keyName.length(); ++i) { + if (!isValidCharacter(keyName.charAt(i))) { + throw new AnalysisException( + "EncryptKey names must be all alphanumeric or underscore. " + + "Invalid name: " + keyName); + } + } + if (Character.isDigit(keyName.charAt(0))) { + throw new AnalysisException("EncryptKey cannot start with a digit: " + keyName); + } + if (db == null) { + db = analyzer.getDefaultDb(); + if (Strings.isNullOrEmpty(db)) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_NO_DB_ERROR); + } + } else { + if (Strings.isNullOrEmpty(analyzer.getClusterName())) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_CLUSTER_NAME_NULL); + } + db = ClusterNamespace.getFullName(analyzer.getClusterName(), db); + } + } + + private boolean isValidCharacter(char c) { + return Character.isLetterOrDigit(c) || c == '_'; + } + + public String getDb() { + return db; + } + + public void setDb(String db) { + this.db = db; + } + + public String getKeyName() { + return keyName; + } + + public void setKeyName(String keyName) { + this.keyName = keyName; + } + + @Override + public String toString() { + if (db == null) { + return keyName; + } + return db + "." + keyName; + } + + @Override + public void write(DataOutput out) throws IOException { Review comment: Use GSON serde ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/Expr.java ########## @@ -366,6 +366,15 @@ public final void analyze(Analyzer analyzer) throws AnalysisException { throw new AnalysisException("analyzer is null."); } + // analyze encryptKey for children + // if has encryptKey, replace encryptKeyRef with LiteralExpr + for (int i = 0; i < children.size(); i++) { Review comment: Better to use ExprRewriteRule to do this. ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/EncryptKeyRef.java ########## @@ -0,0 +1,75 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import org.apache.doris.catalog.EncryptKey; +import org.apache.doris.catalog.Type; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.thrift.TExprNode; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.List; + +public class EncryptKeyRef extends Expr { + private static final Logger LOG = LogManager.getLogger(EncryptKeyRef.class); + private EncryptKeyName encryptKeyName; + + private EncryptKeyRef() { + super(); + } + + public EncryptKeyRef(EncryptKeyName encryptKeyName) { + super(); + this.encryptKeyName = encryptKeyName; + } + + public LiteralExpr analyzeEncryptKey(Analyzer analyzer) throws AnalysisException { + List<EncryptKey> encryptKeys = analyzer.getEncryptKeysFromDb(encryptKeyName.getDb()); + for (EncryptKey encryptKey : encryptKeys) { Review comment: Why not just get the encryptKey by dbname and keyname from `name2EncryptKey` of a database? ########## File path: docs/en/sql-reference/sql-statements/Data Definition/CREATE ENCRYPTKEY.md ########## @@ -0,0 +1,80 @@ +--- +{ + "title": "CREATE ENCRYPTKEY", + "language": "en" +} +--- + +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> + +# CREATE ENCRYPTKEY + +## Description + +### Syntax + +``` +CREATE ENCRYPTKEY key_name + AS "key_string" +``` + +### Parameters + +> `key_name`: The name of the key to be created, which can include the name of the database. For example: `db1.my_key`. +> +> `key_string`: The string to create the key + +This statement creates a custom key. Executing this command requires the user to have the `ADMIN` privileges. + +If the database name is included in `key_name`, then this custom key will be created in the corresponding database, otherwise this function will be created in the database where the current session is located. The name of the new key cannot be the same as the key that already exists in the corresponding database, otherwise the creation will fail. + +## Example + +1. Create a custom key + + ``` + CREATE ENCRYPTKEY my_key as "ABCD123456789"; + ``` Review comment: ```suggestion ``` ``` ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/EncryptKeyName.java ########## @@ -0,0 +1,174 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import com.google.common.base.Strings; +import org.apache.doris.cluster.ClusterNamespace; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.common.ErrorCode; +import org.apache.doris.common.ErrorReport; +import org.apache.doris.common.io.Text; +import org.apache.doris.common.io.Writable; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.DataInput; +import java.io.DataOutput; +import java.io.IOException; +import java.util.Objects; + +public class EncryptKeyName implements Writable { + private static final Logger LOG = LogManager.getLogger(EncryptKeyName.class); + + private String db; + private String keyName; + + private EncryptKeyName() { + + } + + public EncryptKeyName(String db, String keyName) { + this.db = db; + this.keyName = keyName.toLowerCase(); + if (db != null) { + this.db = db.toLowerCase(); + } + } + + public EncryptKeyName(String keyName) { + this.db = null; + this.keyName = keyName.toLowerCase(); + } + + // used to analyze db element in function name, add cluster + public String analyzeDb(Analyzer analyzer) throws AnalysisException { + if (db == null) { + db = analyzer.getDefaultDb(); + } else { + if (Strings.isNullOrEmpty(analyzer.getClusterName())) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_CLUSTER_NAME_NULL); + } + db = ClusterNamespace.getFullName(analyzer.getClusterName(), db); + } + return db; + } + + public void analyze(Analyzer analyzer) throws AnalysisException { + if (keyName.length() == 0) { + throw new AnalysisException("EncryptKey name can not be empty."); + } + for (int i = 0; i < keyName.length(); ++i) { + if (!isValidCharacter(keyName.charAt(i))) { + throw new AnalysisException( + "EncryptKey names must be all alphanumeric or underscore. " + + "Invalid name: " + keyName); + } + } + if (Character.isDigit(keyName.charAt(0))) { Review comment: You can use `FeNameFormat.checkCommonName()` to do this check. ########## File path: fe/fe-core/src/main/java/org/apache/doris/catalog/Catalog.java ########## @@ -6675,6 +6678,42 @@ public void replayDropFunction(FunctionSearchDesc functionSearchDesc) { db.replayDropFunction(functionSearchDesc); } + public void createEncryptKey(CreateEncryptKeyStmt stmt) throws UserException { Review comment: Create an EncryptKeyManager to handle all these method. The Catalog is too big. ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/Analyzer.java ########## @@ -1806,4 +1808,23 @@ public void markRefdSlots(Analyzer analyzer, PlanNode planRoot, } } } + + public List<EncryptKey> getEncryptKeysFromDb(String dbName) throws AnalysisException { + List<EncryptKey> retEncryptKeys = new ArrayList<>(); + if (Strings.isNullOrEmpty(dbName)) { + dbName = getDefaultDb(); + } + if ("".equals(dbName)) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_NO_DB_ERROR); + } else { + dbName = ClusterNamespace.getFullName(getClusterName(), dbName); + ConcurrentHashMap<String, Database> fullName2Db = getCatalog().getFullNameToDb(); + Database database = fullName2Db.get(dbName); Review comment: Why not just call `getCatalog().getDb()`? ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/EncryptKeyName.java ########## @@ -0,0 +1,174 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import com.google.common.base.Strings; +import org.apache.doris.cluster.ClusterNamespace; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.common.ErrorCode; +import org.apache.doris.common.ErrorReport; +import org.apache.doris.common.io.Text; +import org.apache.doris.common.io.Writable; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.DataInput; +import java.io.DataOutput; +import java.io.IOException; +import java.util.Objects; + +public class EncryptKeyName implements Writable { + private static final Logger LOG = LogManager.getLogger(EncryptKeyName.class); + + private String db; + private String keyName; + + private EncryptKeyName() { + + } + + public EncryptKeyName(String db, String keyName) { + this.db = db; + this.keyName = keyName.toLowerCase(); + if (db != null) { + this.db = db.toLowerCase(); + } + } + + public EncryptKeyName(String keyName) { + this.db = null; + this.keyName = keyName.toLowerCase(); + } + + // used to analyze db element in function name, add cluster + public String analyzeDb(Analyzer analyzer) throws AnalysisException { + if (db == null) { + db = analyzer.getDefaultDb(); + } else { + if (Strings.isNullOrEmpty(analyzer.getClusterName())) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_CLUSTER_NAME_NULL); + } + db = ClusterNamespace.getFullName(analyzer.getClusterName(), db); + } + return db; + } + + public void analyze(Analyzer analyzer) throws AnalysisException { + if (keyName.length() == 0) { + throw new AnalysisException("EncryptKey name can not be empty."); + } + for (int i = 0; i < keyName.length(); ++i) { + if (!isValidCharacter(keyName.charAt(i))) { + throw new AnalysisException( + "EncryptKey names must be all alphanumeric or underscore. " + + "Invalid name: " + keyName); + } + } + if (Character.isDigit(keyName.charAt(0))) { + throw new AnalysisException("EncryptKey cannot start with a digit: " + keyName); + } + if (db == null) { + db = analyzer.getDefaultDb(); + if (Strings.isNullOrEmpty(db)) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_NO_DB_ERROR); + } + } else { + if (Strings.isNullOrEmpty(analyzer.getClusterName())) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_CLUSTER_NAME_NULL); + } + db = ClusterNamespace.getFullName(analyzer.getClusterName(), db); + } + } + + private boolean isValidCharacter(char c) { + return Character.isLetterOrDigit(c) || c == '_'; + } + + public String getDb() { + return db; + } + + public void setDb(String db) { Review comment: Remove all unsed `setXXX` methods. ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/ShowEncryptKeysStmt.java ########## @@ -0,0 +1,102 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import com.google.common.base.Strings; +import org.apache.doris.catalog.Catalog; +import org.apache.doris.catalog.Column; +import org.apache.doris.catalog.ScalarType; +import org.apache.doris.cluster.ClusterNamespace; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.common.ErrorCode; +import org.apache.doris.common.ErrorReport; +import org.apache.doris.common.UserException; +import org.apache.doris.mysql.privilege.PrivPredicate; +import org.apache.doris.qe.ConnectContext; +import org.apache.doris.qe.ShowResultSetMetaData; + +public class ShowEncryptKeysStmt extends ShowStmt{ + private static final ShowResultSetMetaData META_DATA = + ShowResultSetMetaData.builder() + .addColumn(new Column("EncryptKey Name", ScalarType.createVarchar(20))) + .addColumn(new Column("EncryptKey String", ScalarType.createVarchar(1024))) + .build(); + + private String dbName; + private String wild; + + public ShowEncryptKeysStmt(String dbName, String wild) { + this.dbName = dbName; + this.wild = wild; + } + + public String getDbName() { + return dbName; + } + + public String getWild() { + return wild; + } + + @Override + public void analyze(Analyzer analyzer) throws AnalysisException, UserException { + super.analyze(analyzer); + + if (Strings.isNullOrEmpty(dbName)) { + dbName = analyzer.getDefaultDb(); + if (Strings.isNullOrEmpty(dbName)) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_NO_DB_ERROR); + } + } else { + dbName = ClusterNamespace.getFullName(getClusterName(), dbName); + } + + if (!Catalog.getCurrentCatalog().getAuth().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.ADMIN)) { + ErrorReport.reportAnalysisException( + ErrorCode.ERR_DB_ACCESS_DENIED, ConnectContext.get().getQualifiedUser(), dbName); + } + } + + public boolean like(String str) { Review comment: See `ShowLoadStmt` to find out how to handle `like` predicate. ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/StringLiteral.java ########## @@ -77,6 +82,22 @@ public void setIsSqlMode(boolean val) { this.isSqlMode = val; } + public boolean isEncryptKey() { Review comment: Not used? ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/EncryptKeyRef.java ########## @@ -0,0 +1,75 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import org.apache.doris.catalog.EncryptKey; +import org.apache.doris.catalog.Type; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.thrift.TExprNode; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.List; + +public class EncryptKeyRef extends Expr { + private static final Logger LOG = LogManager.getLogger(EncryptKeyRef.class); + private EncryptKeyName encryptKeyName; + + private EncryptKeyRef() { + super(); + } + + public EncryptKeyRef(EncryptKeyName encryptKeyName) { + super(); + this.encryptKeyName = encryptKeyName; + } + + public LiteralExpr analyzeEncryptKey(Analyzer analyzer) throws AnalysisException { Review comment: Why not implement and use `analyzeImpl()`? I guess what you want to do it to replace the `KEY xxx` to a `StringLiteral` of encrypt key. And I think this should be done by suing ExprRewriterRule. ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/ShowEncryptKeysStmt.java ########## @@ -0,0 +1,102 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import com.google.common.base.Strings; +import org.apache.doris.catalog.Catalog; +import org.apache.doris.catalog.Column; +import org.apache.doris.catalog.ScalarType; +import org.apache.doris.cluster.ClusterNamespace; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.common.ErrorCode; +import org.apache.doris.common.ErrorReport; +import org.apache.doris.common.UserException; +import org.apache.doris.mysql.privilege.PrivPredicate; +import org.apache.doris.qe.ConnectContext; +import org.apache.doris.qe.ShowResultSetMetaData; + +public class ShowEncryptKeysStmt extends ShowStmt{ + private static final ShowResultSetMetaData META_DATA = + ShowResultSetMetaData.builder() + .addColumn(new Column("EncryptKey Name", ScalarType.createVarchar(20))) + .addColumn(new Column("EncryptKey String", ScalarType.createVarchar(1024))) + .build(); + + private String dbName; + private String wild; + + public ShowEncryptKeysStmt(String dbName, String wild) { + this.dbName = dbName; + this.wild = wild; + } + + public String getDbName() { + return dbName; + } + + public String getWild() { + return wild; + } + + @Override + public void analyze(Analyzer analyzer) throws AnalysisException, UserException { + super.analyze(analyzer); + + if (Strings.isNullOrEmpty(dbName)) { + dbName = analyzer.getDefaultDb(); + if (Strings.isNullOrEmpty(dbName)) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_NO_DB_ERROR); + } + } else { + dbName = ClusterNamespace.getFullName(getClusterName(), dbName); + } + + if (!Catalog.getCurrentCatalog().getAuth().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.ADMIN)) { Review comment: Check priv before analyzing dbName ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/EncryptKeyName.java ########## @@ -0,0 +1,174 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.analysis; + +import com.google.common.base.Strings; +import org.apache.doris.cluster.ClusterNamespace; +import org.apache.doris.common.AnalysisException; +import org.apache.doris.common.ErrorCode; +import org.apache.doris.common.ErrorReport; +import org.apache.doris.common.io.Text; +import org.apache.doris.common.io.Writable; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.DataInput; +import java.io.DataOutput; +import java.io.IOException; +import java.util.Objects; + +public class EncryptKeyName implements Writable { + private static final Logger LOG = LogManager.getLogger(EncryptKeyName.class); + + private String db; + private String keyName; + + private EncryptKeyName() { + + } + + public EncryptKeyName(String db, String keyName) { + this.db = db; + this.keyName = keyName.toLowerCase(); + if (db != null) { + this.db = db.toLowerCase(); + } + } + + public EncryptKeyName(String keyName) { + this.db = null; + this.keyName = keyName.toLowerCase(); + } + + // used to analyze db element in function name, add cluster + public String analyzeDb(Analyzer analyzer) throws AnalysisException { Review comment: Not used? ########## File path: fe/fe-core/src/main/java/org/apache/doris/analysis/StringLiteral.java ########## @@ -137,6 +158,10 @@ public boolean isMinValue() { @Override public String toSqlImpl() { + // if it is a encryptKey, return encryptKey name instead of encryptKey string + if (isEncryptKey) { + return "key " + encryptKeyName.replaceAll("'", "''"); Review comment: ```suggestion return "KEY " + encryptKeyName.replaceAll("'", "''"); ``` ########## File path: fe/fe-core/src/main/java/org/apache/doris/catalog/EncryptKeySearchDesc.java ########## @@ -0,0 +1,69 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.catalog; + +import org.apache.doris.analysis.EncryptKeyName; +import org.apache.doris.common.io.Writable; + +import java.io.DataInput; +import java.io.DataOutput; +import java.io.IOException; + +// used to search a EncryptKey +public class EncryptKeySearchDesc implements Writable { + private EncryptKeyName encryptKeyName; + + private EncryptKeySearchDesc() {} + + public EncryptKeySearchDesc(EncryptKeyName encryptKeyName) { + this.encryptKeyName = encryptKeyName; + } + + public EncryptKeyName getKeyEncryptKeyName() { + return encryptKeyName; + } + + public boolean isIdentical(EncryptKey encryptKey) { + if (encryptKeyName.equals(encryptKey.getEncryptKeyName())) { + return true; + } + return false; + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder(); + stringBuilder.append(encryptKeyName.toString()); + return stringBuilder.toString(); + } + + @Override + public void write(DataOutput out) throws IOException { Review comment: Use GSON serde ########## File path: fe/fe-core/src/main/java/org/apache/doris/catalog/Database.java ########## @@ -512,6 +515,13 @@ public void write(DataOutput out) throws IOException { } } + // write encryptKeys + out.writeInt(name2EncryptKey.size()); Review comment: create a new class to contains this `name2EncryptKey` for better extension in future. And using GSON to serde this new class. ########## File path: fe/fe-core/src/main/java/org/apache/doris/catalog/EncryptKey.java ########## @@ -0,0 +1,80 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.catalog; + +import com.google.common.collect.Lists; +import org.apache.doris.analysis.EncryptKeyName; +import org.apache.doris.common.io.Text; +import org.apache.doris.common.io.Writable; + +import java.io.DataInput; +import java.io.DataOutput; +import java.io.IOException; +import java.util.List; + +public class EncryptKey implements Writable { + private EncryptKeyName encryptKeyName; + private String keyString; + + private EncryptKey() {} + + public EncryptKey(EncryptKeyName encryptKeyname, String keyString) { + this.encryptKeyName = encryptKeyname; + this.keyString = keyString; + } + + public EncryptKeyName getEncryptKeyName() { + return encryptKeyName; + } + + public String getKeyString() { + return keyString; + } + + @Override + public void write(DataOutput out) throws IOException { Review comment: Using GSON serde -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org For additional commands, e-mail: commits-h...@doris.apache.org
