database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[fix](auth)fix show load priv bug (#41723) (#42108)

Browse Source 
pick: https://github.com/apache/doris/pull/41723
This commit is contained in:
zhangdong
2024-10-18 22:21:50 +08:00
committed by GitHub
parent 4edfbb5c76
commit 4cab8c5178
4 changed files with 10 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BulkLoadJob.java
View File

@ -141,6 +141,8 @@ public abstract class BulkLoadJob extends LoadJob {
bulkLoadJob.setComment(stmt.getComment());
bulkLoadJob.setJobProperties(stmt.getProperties());
bulkLoadJob.checkAndSetDataSourceInfo((Database) db, stmt.getDataDescriptions());
// In the construction method, there may not be table information yet
bulkLoadJob.rebuildAuthorizationInfo();
return bulkLoadJob;
} catch (MetaNotFoundException e) {
throw new DdlException(e.getMessage());
@ -173,6 +175,10 @@ public abstract class BulkLoadJob extends LoadJob {
return new AuthorizationInfo(database.getFullName(), getTableNames());
}
public void rebuildAuthorizationInfo() throws MetaNotFoundException {
this.authorizationInfo = gatherAuthInfo();
}
@Override
public Set<String> getTableNamesForShow() {
Optional<Database> db = Env.getCurrentInternalCatalog().getDb(dbId);

4
fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadJob.java
View File

@ -494,7 +494,7 @@ public abstract class LoadJob extends AbstractTxnStateChangeCallback implements
}
}
private void checkAuth(String command) throws DdlException {
public void checkAuth(String command) throws DdlException {
if (authorizationInfo == null) {
// use the old method to check priv
checkAuthWithoutAuthInfo(command);
@ -650,8 +650,6 @@ public abstract class LoadJob extends AbstractTxnStateChangeCallback implements
public List<Comparable> getShowInfo() throws DdlException {
readLock();
try {
// check auth
checkAuth("SHOW LOAD");
List<Comparable> jobInfo = Lists.newArrayList();
// jobId
jobInfo.add(id);

30
fe/fe-core/src/main/java/org/apache/doris/load/loadv2/LoadManager.java
View File

@ -31,8 +31,6 @@ import org.apache.doris.common.CaseSensibility;
import org.apache.doris.common.Config;
import org.apache.doris.common.DataQualityException;
import org.apache.doris.common.DdlException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.LabelAlreadyUsedException;
import org.apache.doris.common.MetaNotFoundException;
import org.apache.doris.common.Pair;
@ -635,14 +633,13 @@ public class LoadManager implements Writable {
}
// check auth
try {
checkJobAuth(loadJob.getDb().getCatalog().getName(), loadJob.getDb().getFullName(),
loadJob.getTableNames());
} catch (AnalysisException e) {
loadJob.checkAuth("show load");
} catch (DdlException e) {
continue;
}
// add load job info
loadJobInfos.add(loadJob.getShowInfo());
} catch (RuntimeException | DdlException | MetaNotFoundException e) {
} catch (RuntimeException | DdlException e) {
// ignore this load job
LOG.warn("get load job info failed. job id: {}", loadJob.getId(), e);
}
@ -653,27 +650,6 @@ public class LoadManager implements Writable {
}
}
public void checkJobAuth(String ctlName, String dbName, Set<String> tableNames) throws AnalysisException {
if (tableNames.isEmpty()) {
if (!Env.getCurrentEnv().getAccessManager()
.checkDbPriv(ConnectContext.get(), ctlName, dbName,
PrivPredicate.LOAD)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_DB_ACCESS_DENIED_ERROR,
PrivPredicate.LOAD.getPrivs().toString(), dbName);
}
} else {
for (String tblName : tableNames) {
if (!Env.getCurrentEnv().getAccessManager()
.checkTblPriv(ConnectContext.get(), ctlName, dbName,
tblName, PrivPredicate.LOAD)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLE_ACCESS_DENIED_ERROR,
PrivPredicate.LOAD.getPrivs().toString(), tblName);
return;
}
}
}
}
public List<List<Comparable>> getAllLoadJobInfos() {
LinkedList<List<Comparable>> loadJobInfos = new LinkedList<List<Comparable>>();

38
fe/fe-core/src/test/java/org/apache/doris/load/loadv2/LoadManagerTest.java
View File

@ -21,16 +21,12 @@ import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Database;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Table;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.Config;
import org.apache.doris.common.FeMetaVersion;
import org.apache.doris.common.jmockit.Deencapsulation;
import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.meta.MetaContext;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.utframe.TestWithFeService;
import com.google.common.collect.Sets;
import mockit.Expectations;
import mockit.Injectable;
import mockit.Mocked;
@ -44,8 +40,6 @@ import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
@ -201,36 +195,4 @@ public class LoadManagerTest {
loadManager.readFields(dis);
return loadManager;
}
@Test
public void testJobAuth() throws IOException, AnalysisException {
UserIdentity user1 = new UserIdentity("testJobAuthUser", "%");
user1.analyze();
new Expectations() {
{
ConnectContext.get();
minTimes = 0;
result = TestWithFeService.createCtx(user1, "%");
}
};
LoadManager manager = new LoadManager(new LoadJobScheduler());
HashSet<String> tableNames = Sets.newHashSet();
try {
// should check db auth
manager.checkJobAuth("ctl1", "db1", tableNames);
throw new RuntimeException("should exception");
} catch (AnalysisException e) {
Assert.assertTrue(e.getMessage().contains("Admin_priv,Load_priv"));
Assert.assertTrue(e.getMessage().contains("db1"));
}
tableNames.add("table1");
try {
// should check db auth
manager.checkJobAuth("ctl1", "db1", tableNames);
throw new RuntimeException("should exception");
} catch (AnalysisException e) {
Assert.assertTrue(e.getMessage().contains("Admin_priv,Load_priv"));
Assert.assertTrue(e.getMessage().contains("table1"));
}
}
}