From e1a12cf2228b039361604470dff94256b875a9c5 Mon Sep 17 00:00:00 2001 From: zhangdong <493738387@qq.com> Date: Fri, 12 Jan 2024 16:37:08 +0800 Subject: [PATCH] [improvement](auth)Not allowed to operate internal_schema database (#29790) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Only root user can operate __internal_schema database The scope of impact includes: create database drop database alter database create table drop table alter table truncate table insert overwrite insert delete update load(root also not allowed) delete support check auth --- .../analysis/AlterDatabasePropertyStmt.java | 3 +- .../analysis/AlterDatabaseQuotaStmt.java | 3 +- .../doris/analysis/AlterDatabaseRename.java | 3 +- .../apache/doris/analysis/AlterTableStmt.java | 2 + .../apache/doris/analysis/CreateDbStmt.java | 3 +- .../doris/analysis/CreateTableStmt.java | 3 +- .../org/apache/doris/analysis/DropDbStmt.java | 3 +- .../apache/doris/analysis/DropTableStmt.java | 3 +- .../analysis/InsertOverwriteTableStmt.java | 3 + .../doris/analysis/TruncateTableStmt.java | 3 +- .../common/util/InternalDatabaseUtil.java | 37 +++++ .../plans/commands/DeleteFromCommand.java | 10 ++ .../commands/InsertOverwriteTableCommand.java | 3 + .../plans/commands/info/CreateTableInfo.java | 7 +- .../transaction/DatabaseTransactionMgr.java | 3 + .../operate_internal_schema.groovy | 126 ++++++++++++++++++ 16 files changed, 206 insertions(+), 9 deletions(-) create mode 100644 fe/fe-core/src/main/java/org/apache/doris/common/util/InternalDatabaseUtil.java create mode 100644 regression-test/suites/internal_schema_p0/operate_internal_schema.groovy diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabasePropertyStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabasePropertyStmt.java index b3d73dcf8e..c36651855a 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabasePropertyStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabasePropertyStmt.java @@ -21,6 +21,7 @@ import org.apache.doris.catalog.Env; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.common.util.PrintableMap; import org.apache.doris.common.util.PropertyAnalyzer; import org.apache.doris.mysql.privilege.PrivPredicate; @@ -51,7 +52,7 @@ public class AlterDatabasePropertyStmt extends DdlStmt { @Override public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); - + InternalDatabaseUtil.checkDatabase(dbName, ConnectContext.get()); if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, analyzer.getQualifiedUser(), dbName); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseQuotaStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseQuotaStmt.java index 28aeb9b8fa..88c964c734 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseQuotaStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseQuotaStmt.java @@ -21,6 +21,7 @@ import org.apache.doris.catalog.Env; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.common.util.ParseUtil; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -61,7 +62,7 @@ public class AlterDatabaseQuotaStmt extends DdlStmt { @Override public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); - + InternalDatabaseUtil.checkDatabase(dbName, ConnectContext.get()); if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, analyzer.getQualifiedUser(), dbName); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseRename.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseRename.java index a40b58e11d..c8e29bc9b1 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseRename.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterDatabaseRename.java @@ -24,6 +24,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.FeNameFormat; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.mysql.privilege.PrivBitSet; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.mysql.privilege.Privilege; @@ -54,7 +55,7 @@ public class AlterDatabaseRename extends DdlStmt { if (Strings.isNullOrEmpty(dbName)) { throw new AnalysisException("Database name is not set"); } - + InternalDatabaseUtil.checkDatabase(dbName, ConnectContext.get()); if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.of(PrivBitSet.of(Privilege.ADMIN_PRIV, Privilege.ALTER_PRIV), Operator.OR))) { ErrorReport.reportAnalysisException(ErrorCode.ERR_DBACCESS_DENIED_ERROR, diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStmt.java index f2831a628f..d702f09022 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterTableStmt.java @@ -27,6 +27,7 @@ import org.apache.doris.common.AnalysisException; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.common.util.PropertyAnalyzer; import org.apache.doris.common.util.Util; import org.apache.doris.mysql.privilege.PrivPredicate; @@ -67,6 +68,7 @@ public class AlterTableStmt extends DdlStmt { tbl.analyze(analyzer); // disallow external catalog Util.prohibitExternalCatalog(tbl.getCtl(), this.getClass().getSimpleName()); + InternalDatabaseUtil.checkDatabase(tbl.getDb(), ConnectContext.get()); if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tbl.getDb(), tbl.getTbl(), PrivPredicate.ALTER)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "ALTER TABLE", diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateDbStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateDbStmt.java index 43c23368e1..6828e46fa6 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateDbStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateDbStmt.java @@ -22,6 +22,7 @@ import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.FeNameFormat; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.common.util.PrintableMap; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -56,7 +57,7 @@ public class CreateDbStmt extends DdlStmt { public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); FeNameFormat.checkDbName(dbName); - + InternalDatabaseUtil.checkDatabase(dbName, ConnectContext.get()); if (!Env.getCurrentEnv().getAccessManager().checkDbPriv(ConnectContext.get(), dbName, PrivPredicate.CREATE)) { ErrorReport.reportAnalysisException( ErrorCode.ERR_DBACCESS_DENIED_ERROR, analyzer.getQualifiedUser(), dbName); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableStmt.java index 210fa60857..17dd5f396c 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateTableStmt.java @@ -35,6 +35,7 @@ import org.apache.doris.common.FeNameFormat; import org.apache.doris.common.Pair; import org.apache.doris.common.UserException; import org.apache.doris.common.util.AutoBucketUtils; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.common.util.ParseUtil; import org.apache.doris.common.util.PrintableMap; import org.apache.doris.common.util.PropertyAnalyzer; @@ -285,7 +286,7 @@ public class CreateTableStmt extends DdlStmt { FeNameFormat.checkTableName(tableName.getTbl()); // disallow external catalog Util.prohibitExternalCatalog(tableName.getCtl(), this.getClass().getSimpleName()); - + InternalDatabaseUtil.checkDatabase(tableName.getDb(), ConnectContext.get()); if (!Env.getCurrentEnv().getAccessManager() .checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.CREATE)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "CREATE"); diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropDbStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropDbStmt.java index 7ce403f856..9b4f58efbf 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropDbStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropDbStmt.java @@ -23,6 +23,7 @@ import org.apache.doris.catalog.Env; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -58,7 +59,7 @@ public class DropDbStmt extends DdlStmt { if (Strings.isNullOrEmpty(dbName)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_WRONG_DB_NAME, dbName); } - + InternalDatabaseUtil.checkDatabase(dbName, ConnectContext.get()); // Don't allow to drop mysql compatible databases DatabaseIf db = Env.getCurrentInternalCatalog().getDbNullable(dbName); if (db != null && (db instanceof Database) && ((Database) db).isMysqlCompatibleDatabase()) { diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropTableStmt.java index a8b091705e..d2ff04186f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropTableStmt.java @@ -21,6 +21,7 @@ import org.apache.doris.catalog.Env; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.common.util.Util; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -85,7 +86,7 @@ public class DropTableStmt extends DdlStmt { tableName.analyze(analyzer); // disallow external catalog Util.prohibitExternalCatalog(tableName.getCtl(), this.getClass().getSimpleName()); - + InternalDatabaseUtil.checkDatabase(tableName.getDb(), ConnectContext.get()); // check access if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), tableName.getDb(), tableName.getTbl(), PrivPredicate.DROP)) { diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/InsertOverwriteTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/InsertOverwriteTableStmt.java index 04e28c7fa6..17cca1cecc 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/InsertOverwriteTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/InsertOverwriteTableStmt.java @@ -21,6 +21,7 @@ import org.apache.doris.catalog.Env; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -74,6 +75,8 @@ public class InsertOverwriteTableStmt extends DdlStmt { @Override public void analyze(Analyzer analyzer) throws UserException { + target.getTblName().analyze(analyzer); + InternalDatabaseUtil.checkDatabase(getDb(), ConnectContext.get()); if (!Env.getCurrentEnv().getAccessManager() .checkTblPriv(ConnectContext.get(), getDb(), getTbl(), PrivPredicate.LOAD)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "LOAD", diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/TruncateTableStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/TruncateTableStmt.java index ea70a4893c..b6f41ad409 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/TruncateTableStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/TruncateTableStmt.java @@ -22,6 +22,7 @@ import org.apache.doris.common.AnalysisException; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.common.util.Util; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.qe.ConnectContext; @@ -49,7 +50,7 @@ public class TruncateTableStmt extends DdlStmt { if (tblRef.hasExplicitAlias()) { throw new AnalysisException("Not support truncate table with alias"); } - + InternalDatabaseUtil.checkDatabase(tblRef.getName().getDb(), ConnectContext.get()); // check access // it requires LOAD privilege, because we consider this operation as 'delete data', which is also a // 'load' operation. diff --git a/fe/fe-core/src/main/java/org/apache/doris/common/util/InternalDatabaseUtil.java b/fe/fe-core/src/main/java/org/apache/doris/common/util/InternalDatabaseUtil.java new file mode 100644 index 0000000000..f255b794cb --- /dev/null +++ b/fe/fe-core/src/main/java/org/apache/doris/common/util/InternalDatabaseUtil.java @@ -0,0 +1,37 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.common.util; + +import org.apache.doris.common.AnalysisException; +import org.apache.doris.common.FeConstants; +import org.apache.doris.qe.ConnectContext; + +import com.google.common.base.Preconditions; + +public class InternalDatabaseUtil { + + public static void checkDatabase(String dbName, ConnectContext ctx) throws AnalysisException { + Preconditions.checkNotNull(dbName, "require dbName object"); + if (!FeConstants.INTERNAL_DB_NAME.equals(dbName)) { + return; + } + if (ctx == null || ctx.getCurrentUserIdentity() == null || !ctx.getCurrentUserIdentity().isRootUser()) { + throw new AnalysisException("Not allowed to operate database: " + dbName); + } + } +} diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java index 976200e9fe..ecca68fa67 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DeleteFromCommand.java @@ -26,6 +26,8 @@ import org.apache.doris.catalog.Env; import org.apache.doris.catalog.KeysType; import org.apache.doris.catalog.OlapTable; import org.apache.doris.common.Config; +import org.apache.doris.common.ErrorCode; +import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.nereids.NereidsPlanner; import org.apache.doris.nereids.analyzer.UnboundRelation; import org.apache.doris.nereids.exceptions.AnalysisException; @@ -115,6 +117,14 @@ public class DeleteFromCommand extends Command implements ForwardWithSync { UnboundRelation relation = optRelation.get(); PhysicalFilter filter = optFilter.get(); + if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), scan.getDatabase().getFullName(), + scan.getTable().getName(), PrivPredicate.LOAD)) { + String message = ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("LOAD", + ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), + scan.getDatabase().getFullName() + ": " + scan.getTable().getName()); + throw new AnalysisException(message); + } + // predicate check OlapTable olapTable = scan.getTable(); Set columns = olapTable.getFullSchema().stream().map(Column::getName).collect(Collectors.toSet()); diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/InsertOverwriteTableCommand.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/InsertOverwriteTableCommand.java index 501f75b78d..c7a4ed4f9c 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/InsertOverwriteTableCommand.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/InsertOverwriteTableCommand.java @@ -23,6 +23,7 @@ import org.apache.doris.catalog.TableIf; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.insertoverwrite.InsertOverwriteUtil; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.nereids.NereidsPlanner; @@ -111,6 +112,8 @@ public class InsertOverwriteTableCommand extends Command implements ForwardWithS Preconditions.checkArgument(plan.isPresent(), "insert into command must contain OlapTableSinkNode"); PhysicalOlapTableSink physicalOlapTableSink = ((PhysicalOlapTableSink) plan.get()); OlapTable targetTable = physicalOlapTableSink.getTargetTable(); + InternalDatabaseUtil + .checkDatabase(targetTable.getQualifiedDbName(), ConnectContext.get()); // check auth if (!Env.getCurrentEnv().getAccessManager() .checkTblPriv(ConnectContext.get(), targetTable.getQualifiedDbName(), targetTable.getName(), diff --git a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateTableInfo.java b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateTableInfo.java index f8a1428731..f47a693d25 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateTableInfo.java +++ b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/info/CreateTableInfo.java @@ -46,6 +46,7 @@ import org.apache.doris.common.FeConstants; import org.apache.doris.common.FeNameFormat; import org.apache.doris.common.Pair; import org.apache.doris.common.util.AutoBucketUtils; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.common.util.ParseUtil; import org.apache.doris.common.util.PropertyAnalyzer; import org.apache.doris.common.util.Util; @@ -254,7 +255,11 @@ public class CreateTableInfo { if (Strings.isNullOrEmpty(dbName)) { dbName = ctx.getDatabase(); } - + try { + InternalDatabaseUtil.checkDatabase(dbName, ConnectContext.get()); + } catch (org.apache.doris.common.AnalysisException e) { + throw new AnalysisException(e.getMessage(), e.getCause()); + } if (!Env.getCurrentEnv().getAccessManager().checkTblPriv(ConnectContext.get(), dbName, tableName, PrivPredicate.CREATE)) { try { diff --git a/fe/fe-core/src/main/java/org/apache/doris/transaction/DatabaseTransactionMgr.java b/fe/fe-core/src/main/java/org/apache/doris/transaction/DatabaseTransactionMgr.java index f0217e71d2..9b611425cc 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/transaction/DatabaseTransactionMgr.java +++ b/fe/fe-core/src/main/java/org/apache/doris/transaction/DatabaseTransactionMgr.java @@ -45,6 +45,7 @@ import org.apache.doris.common.Pair; import org.apache.doris.common.QuotaExceedException; import org.apache.doris.common.UserException; import org.apache.doris.common.util.DebugUtil; +import org.apache.doris.common.util.InternalDatabaseUtil; import org.apache.doris.common.util.MetaLockUtils; import org.apache.doris.common.util.TimeUtils; import org.apache.doris.metric.MetricRepo; @@ -314,6 +315,8 @@ public class DatabaseTransactionMgr { long listenerId, long timeoutSecond) throws DuplicatedRequestException, LabelAlreadyUsedException, BeginTransactionException, AnalysisException, QuotaExceedException, MetaNotFoundException { + Database db = env.getInternalCatalog().getDbOrMetaException(dbId); + InternalDatabaseUtil.checkDatabase(db.getFullName(), ConnectContext.get()); checkDatabaseDataQuota(); Preconditions.checkNotNull(coordinator); Preconditions.checkNotNull(label); diff --git a/regression-test/suites/internal_schema_p0/operate_internal_schema.groovy b/regression-test/suites/internal_schema_p0/operate_internal_schema.groovy new file mode 100644 index 0000000000..658dec30b9 --- /dev/null +++ b/regression-test/suites/internal_schema_p0/operate_internal_schema.groovy @@ -0,0 +1,126 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +import org.junit.Assert; + +suite("operate_internal_schema") { + def testTable = "operate_internal_schema_tbl" + sql "use __internal_schema" + sql "DROP TABLE IF EXISTS ${testTable}" + //alter db + sql "ALTER DATABASE __internal_schema SET PROPERTIES('replication_allocation' = '');" + //create table + sql """ + CREATE TABLE IF NOT EXISTS ${testTable} + ( + `user_id` LARGEINT NOT NULL, + `age` SMALLINT + ) + UNIQUE KEY(`user_id`) + DISTRIBUTED BY HASH(`user_id`) BUCKETS 1 + PROPERTIES ( + "replication_allocation" = "tag.location.default: 1" + ); + """ + //alter table + sql "ALTER TABLE ${testTable} MODIFY COMMENT 'new_comment';" + //insert + sql "insert into ${testTable} values(1,2);" + //update + sql "update ${testTable} set age=2 where user_id=1;" + //delete + sql "delete from ${testTable} where user_id=1;" + // truncate + sql "truncate table ${testTable};" + // insert overwrite + sql "insert overwrite table ${testTable} values(1,3)" + + def user = 'operate_internal_schema_user' + def pwd = 'C123_567p' + try_sql("DROP USER ${user}") + sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'""" + sql """GRANT ADMIN_PRIV ON *.*.* TO ${user}""" + def tokens = context.config.jdbcUrl.split('/') + def url=tokens[0] + "//" + tokens[2] + "/" + "__internal_schema" + "?" + connect(user=user, password="${pwd}", url=url) { + sql "use __internal_schema;" + try { + //alter db + sql "ALTER DATABASE __internal_schema SET PROPERTIES('replication_allocation' = '');" + Assert.fail(); + } catch (Exception e) { + log.info(e.getMessage()) + } + + try { + //alter table + sql "ALTER TABLE ${testTable} MODIFY COMMENT 'new_comment';" + Assert.fail(); + } catch (Exception e) { + log.info(e.getMessage()) + } + + try { + //insert + sql "insert into ${testTable} values(1,2);" + Assert.fail(); + } catch (Exception e) { + log.info(e.getMessage()) + } + + try { + //update + sql "update ${testTable} set age=2 where user_id=1;" + Assert.fail(); + } catch (Exception e) { + log.info(e.getMessage()) + } + + try { + //delete + sql "delete from ${testTable} where user_id=1;" + Assert.fail(); + } catch (Exception e) { + log.info(e.getMessage()) + } + + try { + // truncate + sql "truncate table ${testTable};" + Assert.fail(); + } catch (Exception e) { + log.info(e.getMessage()) + } + + try { + // insert overwrite + sql "insert overwrite table ${testTable} values(1,3)" + Assert.fail(); + } catch (Exception e) { + log.info(e.getMessage()) + } + + try { + // drop table + sql "drop table ${testTable}" + Assert.fail(); + } catch (Exception e) { + log.info(e.getMessage()) + } + } + sql "drop table ${testTable}" +}