This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new 4baad8db6a0 [fix](auth)fix show load priv bug #41723 (#42174)
4baad8db6a0 is described below
commit 4baad8db6a0efaaeb8fa0783f43e9868655d2364
Author: Rayner Chen <[email protected]>
AuthorDate: Mon Oct 21 16:37:04 2024 +0800
[fix](auth)fix show load priv bug #41723 (#42174)
cherry pick from #41723
Co-authored-by: zhangdong <[email protected]>
---
.../apache/doris/cloud/load/CloudLoadManager.java | 7 ++--
.../org/apache/doris/load/loadv2/BulkLoadJob.java | 6 ++++
.../java/org/apache/doris/load/loadv2/LoadJob.java | 3 +-
.../org/apache/doris/load/loadv2/LoadManager.java | 30 ++---------------
.../apache/doris/load/loadv2/LoadManagerTest.java | 38 ----------------------
5 files changed, 13 insertions(+), 71 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/cloud/load/CloudLoadManager.java
b/fe/fe-core/src/main/java/org/apache/doris/cloud/load/CloudLoadManager.java
index 9a8ea0fa4d2..1ab541bcb29 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/cloud/load/CloudLoadManager.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/cloud/load/CloudLoadManager.java
@@ -219,14 +219,13 @@ public class CloudLoadManager extends LoadManager {
}
// check auth
try {
- checkJobAuth(loadJob.getDb().getCatalog().getName(),
loadJob.getDb().getName(),
- loadJob.getTableNames());
- } catch (AnalysisException e) {
+ loadJob.checkAuth("show load");
+ } catch (DdlException e) {
continue;
}
// add load job info
loadJobInfos.add(loadJob.getShowInfo());
- } catch (RuntimeException | DdlException |
MetaNotFoundException e) {
+ } catch (RuntimeException | DdlException e) {
// ignore this load job
LOG.warn("get load job info failed. job id: {}",
loadJob.getId(), e);
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
index 12aa673eabf..3e5742e2b05 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
@@ -147,6 +147,8 @@ public abstract class BulkLoadJob extends LoadJob
implements GsonPostProcessable
bulkLoadJob.setComment(stmt.getComment());
bulkLoadJob.setJobProperties(stmt.getProperties());
bulkLoadJob.checkAndSetDataSourceInfo((Database) db,
stmt.getDataDescriptions());
+ // In the construction method, there may not be table information
yet
+ bulkLoadJob.rebuildAuthorizationInfo();
return bulkLoadJob;
} catch (MetaNotFoundException e) {
throw new DdlException(e.getMessage());
@@ -179,6 +181,10 @@ public abstract class BulkLoadJob extends LoadJob
implements GsonPostProcessable
return new AuthorizationInfo(database.getFullName(), getTableNames());
}
+ public void rebuildAuthorizationInfo() throws MetaNotFoundException {
+ this.authorizationInfo = gatherAuthInfo();
+ }
+
@Override
public Set<String> getTableNamesForShow() {
Optional<Database> db = Env.getCurrentInternalCatalog().getDb(dbId);
diff --git a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
index f450a1dca7d..652819ae8e1 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
@@ -518,7 +518,7 @@ public abstract class LoadJob extends
AbstractTxnStateChangeCallback
}
}
- private void checkAuth(String command) throws DdlException {
+ public void checkAuth(String command) throws DdlException {
if (authorizationInfo == null) {
// use the old method to check priv
checkAuthWithoutAuthInfo(command);
@@ -747,7 +747,6 @@ public abstract class LoadJob extends
AbstractTxnStateChangeCallback
protected List<Comparable> getShowInfoUnderLock() throws DdlException {
// check auth
- checkAuth("SHOW LOAD");
List<Comparable> jobInfo = Lists.newArrayList();
// jobId
jobInfo.add(id);
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
index fa446db2144..7887d8c602b 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
@@ -31,8 +31,6 @@ import org.apache.doris.common.CaseSensibility;
import org.apache.doris.common.Config;
import org.apache.doris.common.DataQualityException;
import org.apache.doris.common.DdlException;
-import org.apache.doris.common.ErrorCode;
-import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.LabelAlreadyUsedException;
import org.apache.doris.common.MetaNotFoundException;
import org.apache.doris.common.Pair;
@@ -635,14 +633,13 @@ public class LoadManager implements Writable {
}
// check auth
try {
- checkJobAuth(loadJob.getDb().getCatalog().getName(),
loadJob.getDb().getName(),
- loadJob.getTableNames());
- } catch (AnalysisException e) {
+ loadJob.checkAuth("show load");
+ } catch (DdlException e) {
continue;
}
// add load job info
loadJobInfos.add(loadJob.getShowInfo());
- } catch (RuntimeException | DdlException |
MetaNotFoundException e) {
+ } catch (RuntimeException | DdlException e) {
// ignore this load job
LOG.warn("get load job info failed. job id: {}",
loadJob.getId(), e);
}
@@ -653,27 +650,6 @@ public class LoadManager implements Writable {
}
}
- public void checkJobAuth(String ctlName, String dbName, Set<String>
tableNames) throws AnalysisException {
- if (tableNames.isEmpty()) {
- if (!Env.getCurrentEnv().getAccessManager()
- .checkDbPriv(ConnectContext.get(), ctlName, dbName,
- PrivPredicate.LOAD)) {
-
ErrorReport.reportAnalysisException(ErrorCode.ERR_DB_ACCESS_DENIED_ERROR,
- PrivPredicate.LOAD.getPrivs().toString(), dbName);
- }
- } else {
- for (String tblName : tableNames) {
- if (!Env.getCurrentEnv().getAccessManager()
- .checkTblPriv(ConnectContext.get(), ctlName, dbName,
- tblName, PrivPredicate.LOAD)) {
-
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLE_ACCESS_DENIED_ERROR,
- PrivPredicate.LOAD.getPrivs().toString(), tblName);
- return;
- }
- }
- }
- }
-
public List<List<Comparable>> getAllLoadJobInfos() {
LinkedList<List<Comparable>> loadJobInfos = new
LinkedList<List<Comparable>>();
diff --git
a/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
b/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
index 9dab9663d32..a6f5d1040c8 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
@@ -21,16 +21,12 @@ import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Database;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Table;
-import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.Config;
import org.apache.doris.common.FeMetaVersion;
import org.apache.doris.common.jmockit.Deencapsulation;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.meta.MetaContext;
-import org.apache.doris.qe.ConnectContext;
-import org.apache.doris.utframe.TestWithFeService;
-import com.google.common.collect.Sets;
import mockit.Expectations;
import mockit.Injectable;
import mockit.Mocked;
@@ -44,8 +40,6 @@ import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
-import java.io.IOException;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
@@ -203,36 +197,4 @@ public class LoadManagerTest {
loadManager.readFields(dis);
return loadManager;
}
-
- @Test
- public void testJobAuth() throws IOException, AnalysisException {
- UserIdentity user1 = new UserIdentity("testJobAuthUser", "%");
- user1.analyze();
- new Expectations() {
- {
- ConnectContext.get();
- minTimes = 0;
- result = TestWithFeService.createCtx(user1, "%");
- }
- };
- LoadManager manager = new LoadManager(new LoadJobScheduler());
- HashSet<String> tableNames = Sets.newHashSet();
- try {
- // should check db auth
- manager.checkJobAuth("ctl1", "db1", tableNames);
- throw new RuntimeException("should exception");
- } catch (AnalysisException e) {
- Assert.assertTrue(e.getMessage().contains("Admin_priv,Load_priv"));
- Assert.assertTrue(e.getMessage().contains("db1"));
- }
- tableNames.add("table1");
- try {
- // should check db auth
- manager.checkJobAuth("ctl1", "db1", tableNames);
- throw new RuntimeException("should exception");
- } catch (AnalysisException e) {
- Assert.assertTrue(e.getMessage().contains("Admin_priv,Load_priv"));
- Assert.assertTrue(e.getMessage().contains("table1"));
- }
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
