From 7f13dcc726df94c82d3a8626b6d8179635c64294 Mon Sep 17 00:00:00 2001 From: Mingyu Chen Date: Thu, 30 Nov 2023 12:46:08 +0800 Subject: [PATCH] [refactor](cluster)(step-3) remove cluster related to Auth (#27718) Remove `default_cluster` prefix related to: 1. User 2. Role 3. UserManager 4. RoleManager 5. UserRoleManager 6. UserProperty 7. Create/Drop user Stmt 8. Create/Drop role Stmt 9. Grant/Revoke --- .../apache/doris/analysis/AlterUserStmt.java | 4 +- .../doris/analysis/CreatePolicyStmt.java | 2 +- .../apache/doris/analysis/CreateRoleStmt.java | 4 +- .../apache/doris/analysis/CreateUserStmt.java | 4 +- .../apache/doris/analysis/DropRoleStmt.java | 4 +- .../apache/doris/analysis/DropUserStmt.java | 2 +- .../org/apache/doris/analysis/GrantStmt.java | 6 +- .../org/apache/doris/analysis/RevokeStmt.java | 5 +- .../org/apache/doris/analysis/SetPassVar.java | 2 +- .../apache/doris/analysis/ShowGrantsStmt.java | 2 +- .../apache/doris/analysis/ShowPolicyStmt.java | 2 +- .../apache/doris/analysis/UserIdentity.java | 12 ++- .../httpv2/controller/BaseController.java | 5 +- .../org/apache/doris/mysql/MysqlProto.java | 5 +- .../apache/doris/mysql/privilege/Auth.java | 46 +------- .../apache/doris/mysql/privilege/Role.java | 9 +- .../doris/mysql/privilege/RoleManager.java | 21 +++- .../doris/mysql/privilege/UserManager.java | 21 +++- .../doris/mysql/privilege/UserProperty.java | 3 + .../mysql/privilege/UserRoleManager.java | 13 +++ .../java/org/apache/doris/policy/Policy.java | 3 +- .../doris/service/FrontendServiceImpl.java | 8 +- .../doris/analysis/CreateUserStmtTest.java | 8 +- .../doris/analysis/DropUserStmtTest.java | 4 +- .../apache/doris/analysis/GrantStmtTest.java | 4 +- .../apache/doris/analysis/SetPassVarTest.java | 6 +- .../apache/doris/catalog/RefreshDbTest.java | 5 +- .../doris/catalog/RefreshTableTest.java | 3 +- .../cooldown/CooldownConfHandlerTest.java | 2 +- .../doris/datasource/CatalogMgrTest.java | 11 +- .../doris/mysql/privilege/AuthTest.java | 102 +++++++++--------- .../rules/analysis/CheckRowPolicyTest.java | 2 +- .../org/apache/doris/policy/PolicyTest.java | 8 +- .../doris/utframe/TestWithFeService.java | 2 +- .../suites/account_p0/test_alter_user.groovy | 16 +-- 35 files changed, 174 insertions(+), 182 deletions(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterUserStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterUserStmt.java index 8c87834ec6..137699e67d 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterUserStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterUserStmt.java @@ -18,7 +18,6 @@ package org.apache.doris.analysis; import org.apache.doris.catalog.Env; -import org.apache.doris.cluster.ClusterNamespace; import org.apache.doris.common.AnalysisException; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; @@ -95,7 +94,7 @@ public class AlterUserStmt extends DdlStmt { @Override public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); - userDesc.getUserIdent().analyze(analyzer.getClusterName()); + userDesc.getUserIdent().analyze(); userDesc.getPassVar().analyze(); if (userDesc.hasPassword()) { @@ -103,7 +102,6 @@ public class AlterUserStmt extends DdlStmt { } if (!Strings.isNullOrEmpty(role)) { - role = ClusterNamespace.getFullName(analyzer.getClusterName(), role); ops.add(OpType.SET_ROLE); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreatePolicyStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreatePolicyStmt.java index 06430a8bd9..4d8527c0f7 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreatePolicyStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreatePolicyStmt.java @@ -106,7 +106,7 @@ public class CreatePolicyStmt extends DdlStmt { default: tableName.analyze(analyzer); if (user != null) { - user.analyze(analyzer.getClusterName()); + user.analyze(); if (user.isRootUser() || user.isAdminUser()) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "CreatePolicyStmt", user.getQualifiedUser(), user.getHost(), tableName.getTbl()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateRoleStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateRoleStmt.java index 561c5d411f..bd19325f1e 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateRoleStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateRoleStmt.java @@ -18,7 +18,6 @@ package org.apache.doris.analysis; import org.apache.doris.catalog.Env; -import org.apache.doris.cluster.ClusterNamespace; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.FeNameFormat; @@ -44,7 +43,7 @@ public class CreateRoleStmt extends DdlStmt { return ifNotExists; } - public String getQualifiedRole() { + public String getRole() { return role; } @@ -52,7 +51,6 @@ public class CreateRoleStmt extends DdlStmt { public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); FeNameFormat.checkRoleName(role, false /* can not be admin */, "Can not create role"); - role = ClusterNamespace.getFullName(analyzer.getClusterName(), role); // check if current user has GRANT priv on GLOBAL level. if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) { diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateUserStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateUserStmt.java index 0ea216c176..9b69a0efbb 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateUserStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateUserStmt.java @@ -18,7 +18,6 @@ package org.apache.doris.analysis; import org.apache.doris.catalog.Env; -import org.apache.doris.cluster.ClusterNamespace; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.FeNameFormat; @@ -109,7 +108,7 @@ public class CreateUserStmt extends DdlStmt { @Override public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); - userIdent.analyze(analyzer.getClusterName()); + userIdent.analyze(); if (userIdent.isRootUser()) { ErrorReport.reportAnalysisException(ErrorCode.ERR_COMMON_ERROR, "Can not create root user"); @@ -124,7 +123,6 @@ public class CreateUserStmt extends DdlStmt { role = Role.ADMIN_ROLE; } FeNameFormat.checkRoleName(role, true /* can be admin */, "Can not granted user to role"); - role = ClusterNamespace.getFullName(analyzer.getClusterName(), role); } passwordOptions.analyze(); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropRoleStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropRoleStmt.java index f1884c2802..df087432a0 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropRoleStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropRoleStmt.java @@ -18,7 +18,6 @@ package org.apache.doris.analysis; import org.apache.doris.catalog.Env; -import org.apache.doris.cluster.ClusterNamespace; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.FeNameFormat; @@ -44,7 +43,7 @@ public class DropRoleStmt extends DdlStmt { return ifExists; } - public String getQualifiedRole() { + public String getRole() { return role; } @@ -52,7 +51,6 @@ public class DropRoleStmt extends DdlStmt { public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); FeNameFormat.checkRoleName(role, false /* can not be superuser */, "Can not drop role"); - role = ClusterNamespace.getFullName(analyzer.getClusterName(), role); // check if current user has GRANT priv on GLOBAL level. if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) { diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java index 3aa3a58bc1..61b9fdc7ab 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropUserStmt.java @@ -53,7 +53,7 @@ public class DropUserStmt extends DdlStmt { @Override public void analyze(Analyzer analyzer) throws AnalysisException, UserException { super.analyze(analyzer); - userIdent.analyze(analyzer.getClusterName()); + userIdent.analyze(); if (userIdent.isRootUser()) { ErrorReport.reportAnalysisException(ErrorCode.ERR_COMMON_ERROR, "Can not drop root user"); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/GrantStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/GrantStmt.java index 53c19add7e..eb8ce67fd6 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/GrantStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/GrantStmt.java @@ -19,7 +19,6 @@ package org.apache.doris.analysis; import org.apache.doris.catalog.AccessPrivilegeWithCols; import org.apache.doris.catalog.Env; -import org.apache.doris.cluster.ClusterNamespace; import org.apache.doris.common.AnalysisException; import org.apache.doris.common.Config; import org.apache.doris.common.ErrorCode; @@ -135,10 +134,9 @@ public class GrantStmt extends DdlStmt { public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); if (userIdent != null) { - userIdent.analyze(analyzer.getClusterName()); + userIdent.analyze(); } else { FeNameFormat.checkRoleName(role, false /* can not be admin */, "Can not grant to role"); - role = ClusterNamespace.getFullName(analyzer.getClusterName(), role); } if (tblPattern != null) { @@ -151,11 +149,9 @@ public class GrantStmt extends DdlStmt { for (int i = 0; i < roles.size(); i++) { String originalRoleName = roles.get(i); FeNameFormat.checkRoleName(originalRoleName, true /* can be admin */, "Can not grant role"); - roles.set(i, ClusterNamespace.getFullName(analyzer.getClusterName(), originalRoleName)); } } - if (!CollectionUtils.isEmpty(accessPrivileges)) { checkAccessPrivileges(accessPrivileges); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/RevokeStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/RevokeStmt.java index 8e11c3a7d1..18066b925d 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/RevokeStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/RevokeStmt.java @@ -18,7 +18,6 @@ package org.apache.doris.analysis; import org.apache.doris.catalog.AccessPrivilegeWithCols; -import org.apache.doris.cluster.ClusterNamespace; import org.apache.doris.common.AnalysisException; import org.apache.doris.common.FeNameFormat; import org.apache.doris.mysql.privilege.ColPrivilegeKey; @@ -118,10 +117,9 @@ public class RevokeStmt extends DdlStmt { @Override public void analyze(Analyzer analyzer) throws AnalysisException { if (userIdent != null) { - userIdent.analyze(analyzer.getClusterName()); + userIdent.analyze(); } else { FeNameFormat.checkRoleName(role, false /* can not be superuser */, "Can not revoke from role"); - role = ClusterNamespace.getFullName(analyzer.getClusterName(), role); } if (tblPattern != null) { @@ -134,7 +132,6 @@ public class RevokeStmt extends DdlStmt { for (int i = 0; i < roles.size(); i++) { String originalRoleName = roles.get(i); FeNameFormat.checkRoleName(originalRoleName, true /* can be admin */, "Can not revoke role"); - roles.set(i, ClusterNamespace.getFullName(analyzer.getClusterName(), originalRoleName)); } } if (!CollectionUtils.isEmpty(accessPrivileges)) { diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/SetPassVar.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/SetPassVar.java index 911990e618..649b814971 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/SetPassVar.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/SetPassVar.java @@ -60,7 +60,7 @@ public class SetPassVar extends SetVar { userIdent = ctx.getCurrentUserIdentity(); isSelf = true; } else { - userIdent.analyze(analyzer.getClusterName()); + userIdent.analyze(); if (userIdent.equals(ctx.getCurrentUserIdentity())) { isSelf = true; } diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java index e2c41eed0c..f78d4ca59f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowGrantsStmt.java @@ -73,7 +73,7 @@ public class ShowGrantsStmt extends ShowStmt { if (isAll) { throw new AnalysisException("Can not specified keyword ALL when specified user"); } - userIdent.analyze(analyzer.getClusterName()); + userIdent.analyze(); } else { if (!isAll) { // self diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPolicyStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPolicyStmt.java index 8da1ea4b43..df413ee61e 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPolicyStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowPolicyStmt.java @@ -57,7 +57,7 @@ public class ShowPolicyStmt extends ShowStmt { public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); if (user != null) { - user.analyze(analyzer.getClusterName()); + user.analyze(); } // check auth if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) { diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java index dbaa1427d8..76444b9f27 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java @@ -124,7 +124,7 @@ public class UserIdentity implements Writable, GsonPostProcessable { this.isAnalyzed = true; } - public void analyze(String clusterName) throws AnalysisException { + public void analyze() throws AnalysisException { if (isAnalyzed) { return; } @@ -133,10 +133,6 @@ public class UserIdentity implements Writable, GsonPostProcessable { } FeNameFormat.checkUserName(user); - if (!user.equals(Auth.ROOT_USER) && !user.equals(Auth.ADMIN_USER)) { - user = ClusterNamespace.getFullName(clusterName, user); - } - if (Strings.isNullOrEmpty(host)) { if (!isDomain) { host = "%"; @@ -212,6 +208,11 @@ public class UserIdentity implements Writable, GsonPostProcessable { return sb.toString(); } + // should be remove after version 3.0 + public void removeClusterPrefix() { + user = ClusterNamespace.getNameFromFullName(user); + } + public static UserIdentity read(DataInput in) throws IOException { // Use Gson in the VERSION_109 if (Env.getCurrentEnvJournalVersion() < FeMetaVersion.VERSION_109) { @@ -281,5 +282,6 @@ public class UserIdentity implements Writable, GsonPostProcessable { @Override public void gsonPostProcess() throws IOException { isAnalyzed = true; + removeClusterPrefix(); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java b/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java index 3f7911e523..c2cdbf2ade 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java +++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java @@ -266,11 +266,10 @@ public class BaseController { authInfo.fullUserName = authString.substring(0, index); final String[] elements = authInfo.fullUserName.split("@"); if (elements != null && elements.length < 2) { - authInfo.fullUserName = ClusterNamespace.getFullName(SystemInfoService.DEFAULT_CLUSTER, - authInfo.fullUserName); + authInfo.fullUserName = ClusterNamespace.getNameFromFullName(authInfo.fullUserName); authInfo.cluster = SystemInfoService.DEFAULT_CLUSTER; } else if (elements != null && elements.length == 2) { - authInfo.fullUserName = ClusterNamespace.getFullName(elements[1], elements[0]); + authInfo.fullUserName = ClusterNamespace.getNameFromFullName(elements[0]); authInfo.cluster = elements[1]; } authInfo.password = authString.substring(index + 1); diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java index ad2fb515d6..5e505c2eb5 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java @@ -87,9 +87,8 @@ public class MysqlProto { tmpUser = strList[0]; } - String qualifiedUser = ClusterNamespace.getFullName(SystemInfoService.DEFAULT_CLUSTER, tmpUser); - context.setQualifiedUser(qualifiedUser); - return qualifiedUser; + context.setQualifiedUser(tmpUser); + return tmpUser; } // send response packet(OK/EOF/ERR). diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java index 3696245d37..4a5400629e 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java @@ -54,7 +54,6 @@ import org.apache.doris.common.io.Writable; import org.apache.doris.datasource.InternalCatalog; import org.apache.doris.ldap.LdapManager; import org.apache.doris.ldap.LdapUserInfo; -import org.apache.doris.load.DppConfig; import org.apache.doris.mysql.MysqlPassword; import org.apache.doris.persist.AlterUserOperationLog; import org.apache.doris.persist.LdapInfo; @@ -867,7 +866,7 @@ public class Auth implements Writable { // create role public void createRole(CreateRoleStmt stmt) throws DdlException { - createRoleInternal(stmt.getQualifiedRole(), stmt.isSetIfNotExists(), false); + createRoleInternal(stmt.getRole(), stmt.isSetIfNotExists(), false); } public void replayCreateRole(PrivInfo info) { @@ -901,7 +900,7 @@ public class Auth implements Writable { // drop role public void dropRole(DropRoleStmt stmt) throws DdlException { - dropRoleInternal(stmt.getQualifiedRole(), stmt.isSetIfExists(), false); + dropRoleInternal(stmt.getRole(), stmt.isSetIfExists(), false); } public void replayDropRole(PrivInfo info) { @@ -1295,47 +1294,6 @@ public class Auth implements Writable { } } - public void dropUserOfCluster(String clusterName, boolean isReplay) throws DdlException { - writeLock(); - try { - Map> nameToUsers = userManager.getNameToUsers(); - for (List users : nameToUsers.values()) { - for (User user : users) { - if (user.getUserIdentity().getQualifiedUser().startsWith(clusterName)) { - dropUserInternal(user.getUserIdentity(), false, isReplay); - } - } - } - } finally { - writeUnlock(); - } - } - - public Pair getLoadClusterInfo(String qualifiedUser, String cluster) throws DdlException { - readLock(); - try { - return propertyMgr.getLoadClusterInfo(qualifiedUser, cluster); - } finally { - readUnlock(); - } - } - - // user can enter a cluster, if it has any privs of database or table in this cluster. - public boolean checkCanEnterCluster(ConnectContext ctx, String clusterName) { - readLock(); - try { - Set roles = userRoleManager.getRolesByUser(ctx.getCurrentUserIdentity()); - for (String roleName : roles) { - if (roleManager.getRole(roleName).checkCanEnterCluster(clusterName)) { - return true; - } - } - return false; - } finally { - readUnlock(); - } - } - private void initUser() { try { UserIdentity rootUser = new UserIdentity(ROOT_USER, "%"); diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java index 7f1f8bb8ef..9449d7441f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java @@ -835,10 +835,16 @@ public class Role implements Writable, GsonPostProcessable { return role; } else { String json = Text.readString(in); - return GsonUtils.GSON.fromJson(json, Role.class); + Role r = GsonUtils.GSON.fromJson(json, Role.class); + return r; } } + // should be removed after version 3.0 + private void removeClusterPrefix() { + roleName = ClusterNamespace.getNameFromFullName(roleName); + } + @Deprecated private void readFields(DataInput in) throws IOException, DdlException { roleName = Text.readString(in); @@ -866,6 +872,7 @@ public class Role implements Writable, GsonPostProcessable { @Override public void gsonPostProcess() { + removeClusterPrefix(); rebuildPrivTables(); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/RoleManager.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/RoleManager.java index 7df0baf495..7f54bf28bb 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/RoleManager.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/RoleManager.java @@ -32,6 +32,7 @@ import org.apache.doris.common.FeMetaVersion; import org.apache.doris.common.io.Text; import org.apache.doris.common.io.Writable; import org.apache.doris.mysql.privilege.Auth.PrivLevel; +import org.apache.doris.persist.gson.GsonPostProcessable; import org.apache.doris.persist.gson.GsonUtils; import org.apache.doris.qe.ConnectContext; import org.apache.doris.resource.workloadgroup.WorkloadGroupMgr; @@ -55,7 +56,7 @@ import java.util.Set; import java.util.stream.Collectors; import java.util.stream.Stream; -public class RoleManager implements Writable { +public class RoleManager implements Writable, GsonPostProcessable { private static final Logger LOG = LogManager.getLogger(RoleManager.class); //prefix of each user default role public static String DEFAULT_ROLE_PREFIX = "default_role_rbac_"; @@ -262,10 +263,21 @@ public class RoleManager implements Writable { return roleManager; } else { String json = Text.readString(in); - return GsonUtils.GSON.fromJson(json, RoleManager.class); + RoleManager rm = GsonUtils.GSON.fromJson(json, RoleManager.class); + return rm; } } + // should be removed after version 3.0 + private void removeClusterPrefix() { + Map newRoles = Maps.newHashMap(); + for (Map.Entry entry : roles.entrySet()) { + String roleName = ClusterNamespace.getNameFromFullName(entry.getKey()); + newRoles.put(roleName, entry.getValue()); + } + roles = newRoles; + } + @Deprecated private void readFields(DataInput in) throws IOException { int size = in.readInt(); @@ -274,4 +286,9 @@ public class RoleManager implements Writable { roles.put(role.getRoleName(), role); } } + + @Override + public void gsonPostProcess() throws IOException { + removeClusterPrefix(); + } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserManager.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserManager.java index dc7d6a6872..6d6570a4ab 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserManager.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserManager.java @@ -19,6 +19,7 @@ package org.apache.doris.mysql.privilege; import org.apache.doris.analysis.UserIdentity; import org.apache.doris.catalog.Env; +import org.apache.doris.cluster.ClusterNamespace; import org.apache.doris.common.AuthenticationException; import org.apache.doris.common.CaseSensibility; import org.apache.doris.common.DdlException; @@ -28,6 +29,7 @@ import org.apache.doris.common.PatternMatcherException; import org.apache.doris.common.io.Text; import org.apache.doris.common.io.Writable; import org.apache.doris.mysql.MysqlPassword; +import org.apache.doris.persist.gson.GsonPostProcessable; import org.apache.doris.persist.gson.GsonUtils; import com.google.common.base.Preconditions; @@ -48,7 +50,7 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Set; -public class UserManager implements Writable { +public class UserManager implements Writable, GsonPostProcessable { public static final String ANY_HOST = "%"; private static final Logger LOG = LogManager.getLogger(UserManager.class); // Concurrency control is delegated by Auth, so not concurrentMap @@ -314,6 +316,21 @@ public class UserManager implements Writable { public static UserManager read(DataInput in) throws IOException { String json = Text.readString(in); - return GsonUtils.GSON.fromJson(json, UserManager.class); + UserManager um = GsonUtils.GSON.fromJson(json, UserManager.class); + return um; + } + + // should be removed after version 3.0 + private void removeClusterPrefix() { + Map> newNameToUsers = Maps.newHashMap(); + for (Entry> entry : nameToUsers.entrySet()) { + String user = entry.getKey(); + newNameToUsers.put(ClusterNamespace.getNameFromFullName(user), entry.getValue()); + } + } + + @Override + public void gsonPostProcess() throws IOException { + removeClusterPrefix(); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java index b717d7c6fb..021bdeb326 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java @@ -19,6 +19,7 @@ package org.apache.doris.mysql.privilege; import org.apache.doris.analysis.SetUserPropertyVar; import org.apache.doris.catalog.Env; +import org.apache.doris.cluster.ClusterNamespace; import org.apache.doris.common.AnalysisException; import org.apache.doris.common.DdlException; import org.apache.doris.common.FeMetaVersion; @@ -537,6 +538,8 @@ public class UserProperty implements Writable { public void readFields(DataInput in) throws IOException { qualifiedUser = Text.readString(in); + // should be removed after version 3.0 + qualifiedUser = ClusterNamespace.getNameFromFullName(qualifiedUser); if (Env.getCurrentEnvJournalVersion() < FeMetaVersion.VERSION_100) { long maxConn = in.readLong(); diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserRoleManager.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserRoleManager.java index f4c8fb90a9..b9783982e3 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserRoleManager.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserRoleManager.java @@ -160,8 +160,21 @@ public class UserRoleManager implements Writable, GsonPostProcessable { return GsonUtils.GSON.fromJson(json, UserRoleManager.class); } + private void removeClusterPrefix() { + Map> newUserToRoles = Maps.newHashMap(); + for (Entry> entry : userToRoles.entrySet()) { + Set newRoles = Sets.newHashSet(); + for (String role : entry.getValue()) { + newRoles.add(ClusterNamespace.getNameFromFullName(role)); + } + newUserToRoles.put(entry.getKey(), newRoles); + } + userToRoles = newUserToRoles; + } + @Override public void gsonPostProcess() throws IOException { + removeClusterPrefix(); roleToUsers = Maps.newHashMap(); for (Entry> entry : userToRoles.entrySet()) { for (String roleName : entry.getValue()) { diff --git a/fe/fe-core/src/main/java/org/apache/doris/policy/Policy.java b/fe/fe-core/src/main/java/org/apache/doris/policy/Policy.java index b06cd19d0c..81603e5c43 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/policy/Policy.java +++ b/fe/fe-core/src/main/java/org/apache/doris/policy/Policy.java @@ -28,7 +28,6 @@ import org.apache.doris.common.io.Text; import org.apache.doris.common.io.Writable; import org.apache.doris.persist.gson.GsonPostProcessable; import org.apache.doris.persist.gson.GsonUtils; -import org.apache.doris.qe.ConnectContext; import com.google.gson.annotations.SerializedName; import lombok.Data; @@ -119,7 +118,7 @@ public abstract class Policy implements Writable, GsonPostProcessable { .getDbOrAnalysisException(stmt.getTableName().getDb()); UserIdentity userIdent = stmt.getUser(); if (userIdent != null) { - userIdent.analyze(ConnectContext.get().getClusterName()); + userIdent.analyze(); } TableIf table = db.getTableOrAnalysisException(stmt.getTableName().getTbl()); return new RowPolicy(policyId, stmt.getPolicyName(), db.getId(), userIdent, stmt.getRoleName(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java index 46a5726113..6ff03f6acb 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java +++ b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java @@ -1010,7 +1010,7 @@ public class FrontendServiceImpl implements FrontendService.Iface { private void checkPasswordAndPrivs(String cluster, String user, String passwd, String db, List tables, String clientIp, PrivPredicate predicate) throws AuthenticationException { - final String fullUserName = ClusterNamespace.getFullName(cluster, user); + final String fullUserName = ClusterNamespace.getNameFromFullName(user); final String fullDbName = ClusterNamespace.getFullName(cluster, db); List currentUser = Lists.newArrayList(); Env.getCurrentEnv().getAuth().checkPlainPassword(fullUserName, clientIp, passwd, currentUser); @@ -1045,7 +1045,7 @@ public class FrontendServiceImpl implements FrontendService.Iface { if (Strings.isNullOrEmpty(cluster)) { cluster = SystemInfoService.DEFAULT_CLUSTER; } - final String fullUserName = ClusterNamespace.getFullName(cluster, user); + final String fullUserName = ClusterNamespace.getNameFromFullName(user); List currentUser = Lists.newArrayList(); Env.getCurrentEnv().getAuth().checkPlainPassword(fullUserName, clientIp, passwd, currentUser); Preconditions.checkState(currentUser.size() == 1); @@ -2347,7 +2347,7 @@ public class FrontendServiceImpl implements FrontendService.Iface { } // check account and password - final String fullUserName = ClusterNamespace.getFullName(cluster, request.getUser()); + final String fullUserName = ClusterNamespace.getNameFromFullName(request.getUser()); List currentUser = Lists.newArrayList(); try { Env.getCurrentEnv().getAuth().checkPlainPassword(fullUserName, request.getUserIp(), request.getPasswd(), @@ -2938,7 +2938,7 @@ public class FrontendServiceImpl implements FrontendService.Iface { } ctx.setCluster(cluster); ctx.setQualifiedUser(request.getUser()); - String fullUserName = ClusterNamespace.getFullName(cluster, request.getUser()); + String fullUserName = ClusterNamespace.getNameFromFullName(request.getUser()); UserIdentity currentUserIdentity = new UserIdentity(fullUserName, "%"); ctx.setCurrentUserIdentity(currentUserIdentity); diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/CreateUserStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/CreateUserStmtTest.java index 391590d713..ed92444809 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/CreateUserStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/CreateUserStmtTest.java @@ -61,22 +61,22 @@ public class CreateUserStmtTest { CreateUserStmt stmt = new CreateUserStmt(new UserDesc(new UserIdentity("user", "%"), "passwd", true)); stmt.analyze(analyzer); - Assert.assertEquals("CREATE USER 'testCluster:user'@'%' IDENTIFIED BY '*XXX'", stmt.toString()); + Assert.assertEquals("CREATE USER 'user'@'%' IDENTIFIED BY '*XXX'", stmt.toString()); Assert.assertEquals(new String(stmt.getPassword()), "*59C70DA2F3E3A5BDF46B68F5C8B8F25762BCCEF0"); stmt = new CreateUserStmt( new UserDesc(new UserIdentity("user", "%"), "*59c70da2f3e3a5bdf46b68f5c8b8f25762bccef0", false)); stmt.analyze(analyzer); - Assert.assertEquals("testCluster:user", stmt.getUserIdent().getQualifiedUser()); + Assert.assertEquals("user", stmt.getUserIdent().getQualifiedUser()); - Assert.assertEquals("CREATE USER 'testCluster:user'@'%' IDENTIFIED BY PASSWORD '*59c70da2f3e3a5bdf46b68f5c8b8f25762bccef0'", + Assert.assertEquals("CREATE USER 'user'@'%' IDENTIFIED BY PASSWORD '*59c70da2f3e3a5bdf46b68f5c8b8f25762bccef0'", stmt.toString()); Assert.assertEquals(new String(stmt.getPassword()), "*59C70DA2F3E3A5BDF46B68F5C8B8F25762BCCEF0"); stmt = new CreateUserStmt(new UserDesc(new UserIdentity("user", "%"), "", false)); stmt.analyze(analyzer); - Assert.assertEquals("CREATE USER 'testCluster:user'@'%'", stmt.toString()); + Assert.assertEquals("CREATE USER 'user'@'%'", stmt.toString()); Assert.assertEquals(new String(stmt.getPassword()), ""); } diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/DropUserStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/DropUserStmtTest.java index 5414222218..170d9e60e6 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/DropUserStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/DropUserStmtTest.java @@ -47,8 +47,8 @@ public class DropUserStmtTest { public void testNormal() throws UserException, AnalysisException { DropUserStmt stmt = new DropUserStmt(new UserIdentity("user", "%")); stmt.analyze(analyzer); - Assert.assertEquals("DROP USER 'testCluster:user'@'%'", stmt.toString()); - Assert.assertEquals("testCluster:user", stmt.getUserIdentity().getQualifiedUser()); + Assert.assertEquals("DROP USER 'user'@'%'", stmt.toString()); + Assert.assertEquals("user", stmt.getUserIdentity().getQualifiedUser()); } @Test(expected = AnalysisException.class) diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/GrantStmtTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/GrantStmtTest.java index 37bf2c8bfb..650ec0f013 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/GrantStmtTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/GrantStmtTest.java @@ -87,7 +87,7 @@ public class GrantStmtTest { List privileges = Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.ALL)); stmt = new GrantStmt(new UserIdentity("testUser", "%"), null, new TablePattern("testDb", "*"), privileges); stmt.analyze(analyzer); - Assert.assertEquals("testCluster:testUser", stmt.getUserIdent().getQualifiedUser()); + Assert.assertEquals("testUser", stmt.getUserIdent().getQualifiedUser()); Assert.assertEquals("testCluster:testDb", stmt.getTblPattern().getQualifiedDb()); privileges = Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.READ_ONLY), new AccessPrivilegeWithCols(AccessPrivilege.ALL)); @@ -107,7 +107,7 @@ public class GrantStmtTest { stmt = new GrantStmt(new UserIdentity("testUser", "%"), null, new ResourcePattern("*"), privileges); stmt.analyze(analyzer); Assert.assertEquals(Auth.PrivLevel.GLOBAL, stmt.getResourcePattern().getPrivLevel()); - Assert.assertEquals("GRANT Usage_priv ON RESOURCE '*' TO 'testCluster:testUser'@'%'", stmt.toSql()); + Assert.assertEquals("GRANT Usage_priv ON RESOURCE '*' TO 'testUser'@'%'", stmt.toSql()); } @Test(expected = AnalysisException.class) diff --git a/fe/fe-core/src/test/java/org/apache/doris/analysis/SetPassVarTest.java b/fe/fe-core/src/test/java/org/apache/doris/analysis/SetPassVarTest.java index 5157da1645..6bd686e3a1 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/analysis/SetPassVarTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/SetPassVarTest.java @@ -54,15 +54,15 @@ public class SetPassVarTest { stmt = new SetPassVar(new UserIdentity("testUser", "%"), new PassVar("*88EEBA7D913688E7278E2AD071FDB5E76D76D34B", false)); stmt.analyze(analyzer); - Assert.assertEquals("testCluster:testUser", stmt.getUserIdent().getQualifiedUser()); + Assert.assertEquals("testUser", stmt.getUserIdent().getQualifiedUser()); Assert.assertEquals("*88EEBA7D913688E7278E2AD071FDB5E76D76D34B", new String(stmt.getPassword())); - Assert.assertEquals("SET PASSWORD FOR 'testCluster:testUser'@'%' = '*XXX'", + Assert.assertEquals("SET PASSWORD FOR 'testUser'@'%' = '*XXX'", stmt.toString()); // empty password stmt = new SetPassVar(new UserIdentity("testUser", "%"), new PassVar("", true)); stmt.analyze(analyzer); - Assert.assertEquals("SET PASSWORD FOR 'testCluster:testUser'@'%' = '*XXX'", stmt.toString()); + Assert.assertEquals("SET PASSWORD FOR 'testUser'@'%' = '*XXX'", stmt.toString()); // empty user // empty password diff --git a/fe/fe-core/src/test/java/org/apache/doris/catalog/RefreshDbTest.java b/fe/fe-core/src/test/java/org/apache/doris/catalog/RefreshDbTest.java index 6ddc5b206e..8c3b3d2482 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/catalog/RefreshDbTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/catalog/RefreshDbTest.java @@ -34,7 +34,6 @@ import org.apache.doris.datasource.test.TestExternalCatalog; import org.apache.doris.mysql.privilege.Auth; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.DdlExecutor; -import org.apache.doris.system.SystemInfoService; import org.apache.doris.utframe.TestWithFeService; import com.google.common.collect.Lists; @@ -125,10 +124,10 @@ public class RefreshDbTest extends TestWithFeService { // mock login user1 UserIdentity user1 = new UserIdentity("user1", "%"); - user1.analyze(SystemInfoService.DEFAULT_CLUSTER); + user1.analyze(); ConnectContext user1Ctx = createCtx(user1, "127.0.0.1"); ExceptionChecker.expectThrowsWithMsg(AnalysisException.class, - "Access denied for user 'default_cluster:user1' to database 'default_cluster:db1'", + "Access denied for user 'user1' to database 'default_cluster:db1'", () -> parseAndAnalyzeStmt("refresh database test1.db1", user1Ctx)); ConnectContext.remove(); diff --git a/fe/fe-core/src/test/java/org/apache/doris/catalog/RefreshTableTest.java b/fe/fe-core/src/test/java/org/apache/doris/catalog/RefreshTableTest.java index feeec75a7b..1c61d6b5ad 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/catalog/RefreshTableTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/catalog/RefreshTableTest.java @@ -33,7 +33,6 @@ import org.apache.doris.datasource.test.TestExternalCatalog; import org.apache.doris.mysql.privilege.Auth; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.DdlExecutor; -import org.apache.doris.system.SystemInfoService; import org.apache.doris.utframe.TestWithFeService; import com.google.common.collect.Lists; @@ -113,7 +112,7 @@ public class RefreshTableTest extends TestWithFeService { // mock login user1 UserIdentity user1 = new UserIdentity("user1", "%"); - user1.analyze(SystemInfoService.DEFAULT_CLUSTER); + user1.analyze(); ConnectContext user1Ctx = createCtx(user1, "127.0.0.1"); ExceptionChecker.expectThrowsWithMsg(AnalysisException.class, "Access denied; you need (at least one of) the DROP privilege(s) for this operation", diff --git a/fe/fe-core/src/test/java/org/apache/doris/cooldown/CooldownConfHandlerTest.java b/fe/fe-core/src/test/java/org/apache/doris/cooldown/CooldownConfHandlerTest.java index 5b35321d91..273255dd50 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/cooldown/CooldownConfHandlerTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/cooldown/CooldownConfHandlerTest.java @@ -67,7 +67,7 @@ public class CooldownConfHandlerTest extends TestWithFeService { + "properties(\"replication_num\" = \"1\");"); // create user UserIdentity user = new UserIdentity("test_cooldown", "%"); - user.analyze(SystemInfoService.DEFAULT_CLUSTER); + user.analyze(); CreateUserStmt createUserStmt = new CreateUserStmt(new UserDesc(user)); Env.getCurrentEnv().getAuth().createUser(createUserStmt); List privileges = Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.ADMIN_PRIV)); diff --git a/fe/fe-core/src/test/java/org/apache/doris/datasource/CatalogMgrTest.java b/fe/fe-core/src/test/java/org/apache/doris/datasource/CatalogMgrTest.java index 95d1826017..a105ee9920 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/datasource/CatalogMgrTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/datasource/CatalogMgrTest.java @@ -56,7 +56,6 @@ import org.apache.doris.planner.ListPartitionPrunerV2; import org.apache.doris.planner.PartitionPrunerV2Base.UniqueId; import org.apache.doris.qe.ConnectContext; import org.apache.doris.qe.ShowResultSet; -import org.apache.doris.system.SystemInfoService; import org.apache.doris.utframe.TestWithFeService; import com.google.common.base.Preconditions; @@ -111,7 +110,7 @@ public class CatalogMgrTest extends TestWithFeService { auth.createUser((CreateUserStmt) parseAndAnalyzeStmt( "create user 'user1'@'%' identified by 'pwd1' default role 'role1';", rootCtx)); user1 = new UserIdentity("user1", "%"); - user1.analyze(SystemInfoService.DEFAULT_CLUSTER); + user1.analyze(); // user1 has the privileges of testc which is granted by ctl.db.tbl format. // TODO: 2023/1/20 zdtodo // Assert.assertTrue(auth.getDbPrivTable().hasPrivsOfCatalog(user1, "testc")); @@ -158,7 +157,7 @@ public class CatalogMgrTest extends TestWithFeService { auth.createUser((CreateUserStmt) parseAndAnalyzeStmt( "create user 'user2'@'%' identified by 'pwd2' default role 'role2';", rootCtx)); user2 = new UserIdentity("user2", "%"); - user2.analyze(SystemInfoService.DEFAULT_CLUSTER); + user2.analyze(); } private void createDbAndTableForCatalog(CatalogIf catalog) { @@ -345,7 +344,7 @@ public class CatalogMgrTest extends TestWithFeService { Assert.fail("user1 switch to hive with no privilege."); } catch (AnalysisException e) { Assert.assertEquals(e.getMessage(), - "errCode = 2, detailMessage = Access denied for user 'default_cluster:user1' to catalog 'hive'"); + "errCode = 2, detailMessage = Access denied for user 'user1' to catalog 'hive'"); } Assert.assertEquals(InternalCatalog.INTERNAL_CATALOG_NAME, user1Ctx.getDefaultCatalog()); @@ -415,7 +414,7 @@ public class CatalogMgrTest extends TestWithFeService { Assert.fail(""); } catch (AnalysisException e) { Assert.assertEquals(e.getMessage(), - "errCode = 2, detailMessage = Access denied for user 'default_cluster:user2' to catalog 'iceberg'"); + "errCode = 2, detailMessage = Access denied for user 'user2' to catalog 'iceberg'"); } //test show create catalog: have permission to hive, have no permission to iceberg; @@ -432,7 +431,7 @@ public class CatalogMgrTest extends TestWithFeService { Assert.fail(""); } catch (AnalysisException e) { Assert.assertEquals(e.getMessage(), - "errCode = 2, detailMessage = Access denied for user 'default_cluster:user2' to catalog 'iceberg'"); + "errCode = 2, detailMessage = Access denied for user 'user2' to catalog 'iceberg'"); } } diff --git a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java index 8e7a0508db..4e2e0a2755 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/mysql/privilege/AuthTest.java @@ -220,7 +220,7 @@ public class AuthTest { // 2. check if cmy from specified ip can access to palo List currentUser = Lists.newArrayList(); Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":cmy", "192.168.0.1", "12345", + auth.checkPlainPasswordForTest("cmy", "192.168.0.1", "12345", currentUser)); Assert.assertFalse(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":cmy", "192.168.0.1", "123456", null)); @@ -244,13 +244,9 @@ public class AuthTest { Assert.fail(); } - // 4. check if zhangsan from specified ip can access to palo - Assert.assertTrue(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "192.168.0.1", - "12345", null)); - Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "172.168.0.1", - "12345", null)); - Assert.assertFalse(auth.checkPlainPasswordForTest("zhangsan", "192.168.0.1", "12345", null)); + // 4. check if zhangsan from specified ip can access to doris + Assert.assertTrue(auth.checkPlainPasswordForTest("zhangsan", "192.168.0.1", "12345", null)); + Assert.assertFalse(auth.checkPlainPasswordForTest("zhangsan", "172.168.0.1", "12345", null)); // 4.1 check if we can create same user userIdentity = new UserIdentity("zhangsan", "192.%"); @@ -288,7 +284,7 @@ public class AuthTest { } catch (DdlException e) { Assert.fail(); } - Assert.assertTrue(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "172.18.1.1", + Assert.assertTrue(auth.checkPlainPasswordForTest("zhangsan", "172.18.1.1", "12345", null)); // 5. create a user with domain [palo.domain] @@ -313,11 +309,11 @@ public class AuthTest { resolver.runAfterCatalogReady(); // 6. check if user from resolved ip can access to palo - Assert.assertTrue(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", + Assert.assertTrue(auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", null)); - Assert.assertFalse(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", + Assert.assertFalse(auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "123456", null)); - Assert.assertFalse(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "11.1.1.1", + Assert.assertFalse(auth.checkPlainPasswordForTest("zhangsan", "11.1.1.1", "12345", null)); // 7. add duplicated user@['palo.domain1'] @@ -361,11 +357,11 @@ public class AuthTest { // 8.1 resolve domain [palo.domain2] resolver.runAfterCatalogReady(); - Assert.assertTrue(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":lisi", "20.1.1.1", + Assert.assertTrue(auth.checkPlainPasswordForTest("lisi", "20.1.1.1", "123456", null)); - Assert.assertFalse(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":lisi", "10.1.1.1", + Assert.assertFalse(auth.checkPlainPasswordForTest("lisi", "10.1.1.1", "123456", null)); - Assert.assertFalse(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":lisi", "20.1.1.2", + Assert.assertFalse(auth.checkPlainPasswordForTest("lisi", "20.1.1.2", "123455", null)); /* @@ -391,7 +387,7 @@ public class AuthTest { } List currentUser2 = Lists.newArrayList(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":cmy", "172.1.1.1", "12345", currentUser2); + auth.checkPlainPasswordForTest("cmy", "172.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); // check auth before grant Assert.assertFalse( @@ -409,7 +405,7 @@ public class AuthTest { Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), SystemInfoService.DEFAULT_CLUSTER + ":db1", PrivPredicate.CREATE)); UserIdentity zhangsan1 = UserIdentity - .createAnalyzedUserIdentWithIp(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", + .createAnalyzedUserIdentWithIp("zhangsan", "172.1.1.1"); Assert.assertFalse(accessManager.checkDbPriv(zhangsan1, SystemInfoService.DEFAULT_CLUSTER + ":db1", PrivPredicate.CREATE)); @@ -479,7 +475,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "192.168.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "192.168.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); @@ -511,7 +507,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "192.168.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "192.168.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( @@ -542,7 +538,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "192.168.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "192.168.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue( @@ -575,7 +571,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), SystemInfoService.DEFAULT_CLUSTER + ":db3", @@ -600,20 +596,20 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), SystemInfoService.DEFAULT_CLUSTER + ":db3", PrivPredicate.SELECT)); currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.2", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.2", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), SystemInfoService.DEFAULT_CLUSTER + ":db3", PrivPredicate.ALTER)); currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.3", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.3", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), SystemInfoService.DEFAULT_CLUSTER + ":db3", @@ -708,7 +704,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":cmy", "172.1.1.1", "12345", currentUser2); + auth.checkPlainPasswordForTest("cmy", "172.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), SystemInfoService.DEFAULT_CLUSTER + ":db", PrivPredicate.CREATE)); @@ -736,7 +732,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "192.1.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "192.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue( @@ -750,7 +746,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "192.1.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "192.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( @@ -814,7 +810,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), SystemInfoService.DEFAULT_CLUSTER + ":db3", @@ -828,7 +824,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( @@ -985,7 +981,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":wangwu", "10.17.2.1", "12345", + auth.checkPlainPasswordForTest("wangwu", "10.17.2.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), SystemInfoService.DEFAULT_CLUSTER + ":db4", @@ -1010,12 +1006,12 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":chenliu", "20.1.1.1", "12345", + auth.checkPlainPasswordForTest("chenliu", "20.1.1.1", "12345", currentUser2); Assert.assertEquals(0, currentUser2.size()); resolver.runAfterCatalogReady(); currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":chenliu", "20.1.1.1", "12345", + auth.checkPlainPasswordForTest("chenliu", "20.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertTrue(accessManager.checkDbPriv(currentUser2.get(0), SystemInfoService.DEFAULT_CLUSTER + ":db4", @@ -1058,7 +1054,7 @@ public class AuthTest { } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":chenliu", "20.1.1.1", "12345", + auth.checkPlainPasswordForTest("chenliu", "20.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( @@ -1081,7 +1077,7 @@ public class AuthTest { Assert.fail(); } currentUser2.clear(); - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":chenliu", "20.1.1.1", "12345", + auth.checkPlainPasswordForTest("chenliu", "20.1.1.1", "12345", currentUser2); Assert.assertEquals(1, currentUser2.size()); Assert.assertFalse( @@ -1138,9 +1134,9 @@ public class AuthTest { } Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":cmy", "192.168.0.1", "12345", + auth.checkPlainPasswordForTest("cmy", "192.168.0.1", "12345", null)); - Assert.assertTrue(auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "192.168.0.1", + Assert.assertTrue(auth.checkPlainPasswordForTest("zhangsan", "192.168.0.1", "12345", null)); // 32.1 drop user cmy@"%" again with IF EXISTS @@ -1185,7 +1181,7 @@ public class AuthTest { Assert.fail(); } Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "192.168.0.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "192.168.0.1", "12345", null)); try { @@ -1194,10 +1190,10 @@ public class AuthTest { Assert.fail(); } Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "192.168.0.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "192.168.0.1", "12345", null)); Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", null)); // 34. create user zhangsan@'10.1.1.1' to overwrite one of zhangsan@['palo.domain1'] @@ -1212,7 +1208,7 @@ public class AuthTest { } Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", null)); try { @@ -1222,10 +1218,10 @@ public class AuthTest { Assert.fail(); } Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "12345", null)); Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "abcde", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "abcde", null)); // 35. drop user zhangsan@['palo.domain1'] @@ -1237,7 +1233,7 @@ public class AuthTest { Assert.fail(); } Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.2", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.2", "12345", null)); try { @@ -1246,15 +1242,15 @@ public class AuthTest { Assert.fail(); } Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.2", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.2", "12345", null)); resolver.runAfterCatalogReady(); Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.2", "12345", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.2", "12345", null)); Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "abcde", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "abcde", null)); // 36. drop user lisi@['palo.domain1'] @@ -1266,10 +1262,10 @@ public class AuthTest { Assert.fail(); } Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":lisi", "20.1.1.1", "123456", + auth.checkPlainPasswordForTest("lisi", "20.1.1.1", "123456", null)); Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":lisi", "10.1.1.1", "123456", + auth.checkPlainPasswordForTest("lisi", "10.1.1.1", "123456", null)); try { @@ -1278,18 +1274,18 @@ public class AuthTest { Assert.fail(); } Assert.assertTrue( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":lisi", "20.1.1.1", "123456", + auth.checkPlainPasswordForTest("lisi", "20.1.1.1", "123456", null)); Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":lisi", "10.1.1.1", "123456", + auth.checkPlainPasswordForTest("lisi", "10.1.1.1", "123456", null)); resolver.runAfterCatalogReady(); Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":lisi", "20.1.1.1", "123456", + auth.checkPlainPasswordForTest("lisi", "20.1.1.1", "123456", null)); Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":lisi", "10.1.1.1", "123456", + auth.checkPlainPasswordForTest("lisi", "10.1.1.1", "123456", null)); // 37. drop zhangsan@'172.18.1.1' and zhangsan@'10.1.1.1' @@ -1321,7 +1317,7 @@ public class AuthTest { Assert.fail(); } Assert.assertFalse( - auth.checkPlainPasswordForTest(SystemInfoService.DEFAULT_CLUSTER + ":zhangsan", "10.1.1.1", "abcde", + auth.checkPlainPasswordForTest("zhangsan", "10.1.1.1", "abcde", null)); // 38. drop root user(not allowed) diff --git a/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java b/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java index 1e81db8bf9..8a065635c4 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java @@ -88,7 +88,7 @@ public class CheckRowPolicyTest extends TestWithFeService { KeysType.PRIMARY_KEYS); // create user UserIdentity user = new UserIdentity(userName, "%"); - user.analyze(SystemInfoService.DEFAULT_CLUSTER); + user.analyze(); CreateUserStmt createUserStmt = new CreateUserStmt(new UserDesc(user)); Env.getCurrentEnv().getAuth().createUser(createUserStmt); List privileges = Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.ADMIN_PRIV)); diff --git a/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java b/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java index d7d286e60f..4ddff99934 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java @@ -70,7 +70,7 @@ public class PolicyTest extends TestWithFeService { + "properties(\"replication_num\" = \"1\");"); // create user UserIdentity user = new UserIdentity("test_policy", "%"); - user.analyze(SystemInfoService.DEFAULT_CLUSTER); + user.analyze(); CreateUserStmt createUserStmt = new CreateUserStmt(new UserDesc(user)); Env.getCurrentEnv().getAuth().createUser(createUserStmt); List privileges = Lists @@ -332,7 +332,7 @@ public class PolicyTest extends TestWithFeService { String policyName = "policy_name"; long dbId = 10; UserIdentity user = new UserIdentity("test_policy", "%"); - user.analyze(SystemInfoService.DEFAULT_CLUSTER); + user.analyze(); String originStmt = "CREATE ROW POLICY test_row_policy ON test.table1" + " AS PERMISSIVE TO test_policy USING (k1 = 1)"; long tableId = 100; @@ -355,8 +355,8 @@ public class PolicyTest extends TestWithFeService { Assertions.assertEquals(type, newRowPolicy.getType()); Assertions.assertEquals(policyName, newRowPolicy.getPolicyName()); Assertions.assertEquals(dbId, newRowPolicy.getDbId()); - user.analyze(SystemInfoService.DEFAULT_CLUSTER); - newRowPolicy.getUser().analyze(SystemInfoService.DEFAULT_CLUSTER); + user.analyze(); + newRowPolicy.getUser().analyze(); Assertions.assertEquals(user.getQualifiedUser(), newRowPolicy.getUser().getQualifiedUser()); Assertions.assertEquals(originStmt, newRowPolicy.getOriginStmt()); Assertions.assertEquals(tableId, newRowPolicy.getTableId()); diff --git a/fe/fe-core/src/test/java/org/apache/doris/utframe/TestWithFeService.java b/fe/fe-core/src/test/java/org/apache/doris/utframe/TestWithFeService.java index 1400332911..3f3177b0e7 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/utframe/TestWithFeService.java +++ b/fe/fe-core/src/test/java/org/apache/doris/utframe/TestWithFeService.java @@ -724,7 +724,7 @@ public abstract class TestWithFeService { protected void useUser(String userName) throws AnalysisException { UserIdentity user = new UserIdentity(userName, "%"); - user.analyze(SystemInfoService.DEFAULT_CLUSTER); + user.analyze(); connectContext.setCurrentUserIdentity(user); connectContext.setQualifiedUser(SystemInfoService.DEFAULT_CLUSTER + ":" + userName); } diff --git a/regression-test/suites/account_p0/test_alter_user.groovy b/regression-test/suites/account_p0/test_alter_user.groovy index 9414025ef0..069f82d4ef 100644 --- a/regression-test/suites/account_p0/test_alter_user.groovy +++ b/regression-test/suites/account_p0/test_alter_user.groovy @@ -31,7 +31,7 @@ suite("test_alter_user", "account") { sql """set global password_history=1""" // set to 1 test { sql """alter user test_auth_user2 identified by '12345'""" - exception "Cannot use these credentials for 'default_cluster:test_auth_user2'@'%' because they contradict the password history policy" + exception "Cannot use these credentials for 'test_auth_user2'@'%' because they contradict the password history policy" } sql """alter user test_auth_user2 password_history 0""" @@ -46,7 +46,7 @@ suite("test_alter_user", "account") { sql """alter user test_auth_user2 identified by 'abc123456'""" test { sql """alter user test_auth_user2 identified by 'abc12345'""" - exception "Cannot use these credentials for 'default_cluster:test_auth_user2'@'%' because they contradict the password history policy" + exception "Cannot use these credentials for 'test_auth_user2'@'%' because they contradict the password history policy" } result1 = connect(user = 'test_auth_user2', password = 'abc123456', url = context.config.jdbcUrl) { sql 'select 1' @@ -72,20 +72,20 @@ suite("test_alter_user", "account") { connect(user = 'test_auth_user3', password = 'wrong', url = context.config.jdbcUrl) {} assertTrue(false. "should not be able to login") } catch (Exception e) { - assertTrue(e.getMessage().contains("Access denied for user 'default_cluster:test_auth_user3"), e.getMessage()) + assertTrue(e.getMessage().contains("Access denied for user 'test_auth_user3"), e.getMessage()) } try { connect(user = 'test_auth_user3', password = 'wrong', url = context.config.jdbcUrl) {} assertTrue(false. "should not be able to login") } catch (Exception e) { - assertTrue(e.getMessage().contains("Access denied for user 'default_cluster:test_auth_user3"), e.getMessage()) + assertTrue(e.getMessage().contains("Access denied for user 'test_auth_user3"), e.getMessage()) } // login with correct password but also failed try { connect(user = 'test_auth_user3', password = '12345', url = context.config.jdbcUrl) {} assertTrue(false. "should not be able to login") } catch (Exception e) { - assertTrue(e.getMessage().contains("Access denied for user 'default_cluster:test_auth_user3'@'%'. Account is blocked for 86400 second(s) (86400 second(s) remaining) due to 2 consecutive failed logins."), e.getMessage()) + assertTrue(e.getMessage().contains("Access denied for user 'test_auth_user3'@'%'. Account is blocked for 86400 second(s) (86400 second(s) remaining) due to 2 consecutive failed logins."), e.getMessage()) } // unlock user and login again @@ -101,20 +101,20 @@ suite("test_alter_user", "account") { connect(user = 'test_auth_user3', password = 'wrong', url = context.config.jdbcUrl) {} assertTrue(false. "should not be able to login") } catch (Exception e) { - assertTrue(e.getMessage().contains("Access denied for user 'default_cluster:test_auth_user3"), e.getMessage()) + assertTrue(e.getMessage().contains("Access denied for user 'test_auth_user3"), e.getMessage()) } try { connect(user = 'test_auth_user3', password = 'wrong', url = context.config.jdbcUrl) {} assertTrue(false. "should not be able to login") } catch (Exception e) { - assertTrue(e.getMessage().contains("Access denied for user 'default_cluster:test_auth_user3"), e.getMessage()) + assertTrue(e.getMessage().contains("Access denied for user 'test_auth_user3"), e.getMessage()) } // login with correct password but also failed try { connect(user = 'test_auth_user3', password = '12345', url = context.config.jdbcUrl) {} assertTrue(false. "should not be able to login") } catch (Exception e) { - assertTrue(e.getMessage().contains("Access denied for user 'default_cluster:test_auth_user3'@'%'. Account is blocked for 5 second(s) (5 second(s) remaining) due to 2 consecutive failed logins."), e.getMessage()) + assertTrue(e.getMessage().contains("Access denied for user 'test_auth_user3'@'%'. Account is blocked for 5 second(s) (5 second(s) remaining) due to 2 consecutive failed logins."), e.getMessage()) } // sleep 5 second to unlock account sleep(5000)