This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.0 by this push:
new ceb4fd56c55 [branch-2.0](polixy)support drop policy for user or role
(#29488) (#29645)
ceb4fd56c55 is described below
commit ceb4fd56c55510c29bf268724b537ff3719eb7eb
Author: zhangdong <[email protected]>
AuthorDate: Thu Jan 11 14:48:55 2024 +0800
[branch-2.0](polixy)support drop policy for user or role (#29488) (#29645)
bp #29488
---
.../Data-Definition-Statements/Drop/DROP-POLICY.md | 10 +++-
.../sql-reference/Show-Statements/SHOW-POLICY.md | 16 +++++-
.../Data-Definition-Statements/Drop/DROP-POLICY.md | 10 +++-
.../sql-reference/Show-Statements/SHOW-POLICY.md | 16 +++++-
fe/fe-core/src/main/cup/sql_parser.cup | 16 ++++--
.../org/apache/doris/analysis/DropPolicyStmt.java | 35 ++++++++++++-
.../org/apache/doris/policy/DropPolicyLog.java | 33 +++++++++++-
.../java/org/apache/doris/policy/RowPolicy.java | 7 +++
.../nereids/rules/analysis/CheckRowPolicyTest.java | 17 +++++--
.../java/org/apache/doris/policy/PolicyTest.java | 58 +++++++++++-----------
.../account_p0/test_nereids_row_policy.groovy | 2 +-
11 files changed, 171 insertions(+), 49 deletions(-)
diff --git
a/docs/en/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md
b/docs/en/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md
index 50d655d65a4..2de113d2e00 100644
---
a/docs/en/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md
+++
b/docs/en/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md
@@ -40,7 +40,7 @@ Grammar:
1. Drop row policy
```sql
-DROP ROW POLICY test_row_policy_1 on table1 [FOR user];
+DROP ROW POLICY test_row_policy_1 on table1 [FOR user| ROLE role];
```
2. Drop storage policy
@@ -61,8 +61,14 @@ DROP STORAGE POLICY policy_name1
```sql
DROP ROW POLICY test_row_policy_1 on table1 for test
```
+
+3. Drop the row policy for table1 using by role1
-3. Drop the storage policy named policy_name1
+ ```sql
+ DROP ROW POLICY test_row_policy_1 on table1 for role role1
+ ```
+
+4. Drop the storage policy named policy_name1
```sql
DROP STORAGE POLICY policy_name1
```
diff --git
a/docs/en/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md
b/docs/en/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md
index 2d5cd9b04c5..9c55953be2c 100644
--- a/docs/en/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md
+++ b/docs/en/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md
@@ -35,7 +35,7 @@ SHOW ROW POLICY
View the row security policy under the current DB
```sql
-SHOW ROW POLICY [FOR user]
+SHOW ROW POLICY [FOR user| ROLE role]
```
### Example
@@ -68,7 +68,19 @@ SHOW ROW POLICY [FOR user]
1 row in set (0.01 sec)
```
-3. demonstrate data migration strategies
+3. specify role name query
+
+ ```sql
+ mysql> SHOW ROW POLICY for role role1;
+
+------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+
+ | PolicyName | DbName | TableName | Type | FilterType | WherePredicate |
User | Role | OriginStmt
|
+
+------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+
+ | zdtest1 | zd | user | ROW | RESTRICTIVE | `user_id` = 1 |
NULL | role1 | create row policy zdtest1 on user as restrictive to role role1
using (user_id=1) |
+
+------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+
+ 1 row in set (0.01 sec)
+ ```
+
+4. demonstrate data migration strategies
```sql
mysql> SHOW STORAGE POLICY;
+---------------------+---------+-----------------------+---------------------+-------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
diff --git
a/docs/zh-CN/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md
b/docs/zh-CN/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md
index f860a189ee7..e75b7424bae 100644
---
a/docs/zh-CN/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md
+++
b/docs/zh-CN/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md
@@ -40,7 +40,7 @@ DROP POLICY
1. 删除行安全策略
```sql
-DROP ROW POLICY test_row_policy_1 on table1 [FOR user];
+DROP ROW POLICY test_row_policy_1 on table1 [FOR user| ROLE role];
```
2. 删除存储策略
@@ -62,7 +62,13 @@ DROP STORAGE POLICY policy_name1
DROP ROW POLICY test_row_policy_1 on table1 for test
```
-3. 删除名字为policy_name1的存储策略
+3. 删除 table1 作用于 role1 的 test_row_policy_1 行安全策略
+
+ ```sql
+ DROP ROW POLICY test_row_policy_1 on table1 for role role1
+ ```
+
+4. 删除名字为policy_name1的存储策略
```sql
DROP STORAGE POLICY policy_name1
```
diff --git
a/docs/zh-CN/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md
b/docs/zh-CN/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md
index af45d6f98a5..44b77d97b5c 100644
--- a/docs/zh-CN/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md
+++ b/docs/zh-CN/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md
@@ -37,7 +37,7 @@ SHOW ROW POLICY
语法:
```sql
-SHOW ROW POLICY [FOR user]
+SHOW ROW POLICY [FOR user| ROLE role]
```
### Example
@@ -70,7 +70,19 @@ SHOW ROW POLICY [FOR user]
1 row in set (0.01 sec)
```
-3. 展示数据迁移策略
+3. 指定角色名查询
+
+ ```sql
+ mysql> SHOW ROW POLICY for role role1;
+
+------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+
+ | PolicyName | DbName | TableName | Type | FilterType | WherePredicate |
User | Role | OriginStmt
|
+
+------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+
+ | zdtest1 | zd | user | ROW | RESTRICTIVE | `user_id` = 1 |
NULL | role1 | create row policy zdtest1 on user as restrictive to role role1
using (user_id=1) |
+
+------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+
+ 1 row in set (0.01 sec)
+ ```
+
+4. 展示数据迁移策略
```sql
mysql> SHOW STORAGE POLICY;
+---------------------+---------+-----------------------+---------------------+-------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
diff --git a/fe/fe-core/src/main/cup/sql_parser.cup
b/fe/fe-core/src/main/cup/sql_parser.cup
index 70370a2cf55..18ca4f4a1a1 100644
--- a/fe/fe-core/src/main/cup/sql_parser.cup
+++ b/fe/fe-core/src/main/cup/sql_parser.cup
@@ -3068,13 +3068,21 @@ drop_stmt ::=
{:
RESULT = new DropSqlBlockRuleStmt(ifExists, ruleNames);
:}
- | KW_DROP KW_ROW KW_POLICY opt_if_exists:ifExists ident:policyName
+ | KW_DROP KW_ROW KW_POLICY opt_if_exists:ifExists ident:policyName KW_ON
table_name:tbl
{:
- RESULT = new DropPolicyStmt(PolicyTypeEnum.ROW, ifExists, policyName);
+ RESULT = new DropPolicyStmt(PolicyTypeEnum.ROW, ifExists, policyName,
tbl, null, null);
+ :}
+ | KW_DROP KW_ROW KW_POLICY opt_if_exists:ifExists ident:policyName KW_ON
table_name:tbl KW_FOR user_identity:user
+ {:
+ RESULT = new DropPolicyStmt(PolicyTypeEnum.ROW, ifExists, policyName,
tbl, user, null);
+ :}
+ | KW_DROP KW_ROW KW_POLICY opt_if_exists:ifExists ident:policyName KW_ON
table_name:tbl KW_FOR KW_ROLE ident:role
+ {:
+ RESULT = new DropPolicyStmt(PolicyTypeEnum.ROW, ifExists, policyName,
tbl, null, role);
:}
| KW_DROP KW_STORAGE KW_POLICY opt_if_exists:ifExists ident:policyName
{:
- RESULT = new DropPolicyStmt(PolicyTypeEnum.STORAGE, ifExists,
policyName);
+ RESULT = new DropPolicyStmt(PolicyTypeEnum.STORAGE, ifExists,
policyName, null, null, null);
:}
/* statistics */
| KW_DROP KW_STATS table_name:tbl opt_col_list:cols
@@ -3726,7 +3734,7 @@ show_stmt ::=
{:
RESULT = new ShowPolicyStmt(PolicyTypeEnum.ROW, user, null);
:}
- | KW_SHOW KW_ROW KW_POLICY KW_FOR KW_ROLE STRING_LITERAL:role
+ | KW_SHOW KW_ROW KW_POLICY KW_FOR KW_ROLE ident:role
{:
RESULT = new ShowPolicyStmt(PolicyTypeEnum.ROW, null, role);
:}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropPolicyStmt.java
b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropPolicyStmt.java
index 541206bef0d..a21f0f2e704 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropPolicyStmt.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropPolicyStmt.java
@@ -27,11 +27,12 @@ import org.apache.doris.qe.ConnectContext;
import lombok.AllArgsConstructor;
import lombok.Getter;
+import org.apache.commons.lang3.StringUtils;
/**
* Drop policy statement.
* syntax:
- * DROP [ROW] POLICY [IF EXISTS] test_row_policy
+ * DROP [ROW] POLICY [IF EXISTS] test_row_policy ON test_table [FOR user|ROLE
role]
**/
@AllArgsConstructor
public class DropPolicyStmt extends DdlStmt {
@@ -45,9 +46,28 @@ public class DropPolicyStmt extends DdlStmt {
@Getter
private final String policyName;
+ @Getter
+ private final TableName tableName;
+
+ @Getter
+ private final UserIdentity user;
+
+ @Getter
+ private final String roleName;
+
@Override
public void analyze(Analyzer analyzer) throws UserException {
super.analyze(analyzer);
+ switch (type) {
+ case STORAGE:
+ break;
+ case ROW:
+ default:
+ tableName.analyze(analyzer);
+ if (user != null) {
+ user.analyze(analyzer.getClusterName());
+ }
+ }
// check auth
if
(!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(),
PrivPredicate.ADMIN)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
"ADMIN");
@@ -62,6 +82,19 @@ public class DropPolicyStmt extends DdlStmt {
sb.append("IF EXISTS ");
}
sb.append(policyName);
+ switch (type) {
+ case STORAGE:
+ break;
+ case ROW:
+ default:
+ sb.append(" ON ").append(tableName.toSql());
+ if (user != null) {
+ sb.append(" FOR ").append(user.getQualifiedUser());
+ }
+ if (StringUtils.isEmpty(roleName)) {
+ sb.append(" FOR ROLE ").append(roleName);
+ }
+ }
return sb.toString();
}
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java
b/fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java
index 7ff18ed4135..9b58e5b4d99 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java
@@ -18,10 +18,15 @@
package org.apache.doris.policy;
import org.apache.doris.analysis.DropPolicyStmt;
+import org.apache.doris.analysis.UserIdentity;
+import org.apache.doris.catalog.Database;
+import org.apache.doris.catalog.Env;
+import org.apache.doris.catalog.Table;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.io.Text;
import org.apache.doris.common.io.Writable;
import org.apache.doris.persist.gson.GsonUtils;
+import org.apache.doris.qe.ConnectContext;
import com.google.gson.annotations.SerializedName;
import lombok.AllArgsConstructor;
@@ -37,18 +42,44 @@ import java.io.IOException;
@AllArgsConstructor
@Getter
public class DropPolicyLog implements Writable {
+
+ @SerializedName(value = "dbId")
+ private long dbId;
+
+ @SerializedName(value = "tableId")
+ private long tableId;
+
@SerializedName(value = "type")
private PolicyTypeEnum type;
@SerializedName(value = "policyName")
private String policyName;
+ @SerializedName(value = "user")
+ private UserIdentity user;
+
+ @SerializedName(value = "roleName")
+ private String roleName;
/**
* Generate delete logs through stmt.
**/
public static DropPolicyLog fromDropStmt(DropPolicyStmt stmt) throws
AnalysisException {
- return new DropPolicyLog(stmt.getType(), stmt.getPolicyName());
+ switch (stmt.getType()) {
+ case STORAGE:
+ return new DropPolicyLog(-1, -1, stmt.getType(),
stmt.getPolicyName(), null, null);
+ case ROW:
+ String curDb = stmt.getTableName().getDb();
+ if (curDb == null) {
+ curDb = ConnectContext.get().getDatabase();
+ }
+ Database db =
Env.getCurrentInternalCatalog().getDbOrAnalysisException(curDb);
+ Table table =
db.getTableOrAnalysisException(stmt.getTableName().getTbl());
+ return new DropPolicyLog(db.getId(), table.getId(),
stmt.getType(),
+ stmt.getPolicyName(), stmt.getUser(),
stmt.getRoleName());
+ default:
+ throw new AnalysisException("Invalid policy type: " +
stmt.getType().name());
+ }
}
@Override
diff --git a/fe/fe-core/src/main/java/org/apache/doris/policy/RowPolicy.java
b/fe/fe-core/src/main/java/org/apache/doris/policy/RowPolicy.java
index d1d2cc6636c..d69468d9d43 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/policy/RowPolicy.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/policy/RowPolicy.java
@@ -175,6 +175,13 @@ public class RowPolicy extends Policy {
rowPolicy.getPolicyName(), rowPolicy.getUser(),
rowPolicy.getRoleName());
}
+ @Override
+ public boolean matchPolicy(DropPolicyLog checkedDropPolicyLogCondition) {
+ return checkMatched(checkedDropPolicyLogCondition.getDbId(),
checkedDropPolicyLogCondition.getTableId(),
+ checkedDropPolicyLogCondition.getType(),
checkedDropPolicyLogCondition.getPolicyName(),
+ checkedDropPolicyLogCondition.getUser(),
checkedDropPolicyLogCondition.getRoleName());
+ }
+
@Override
public boolean isInvalid() {
return (wherePredicate == null);
diff --git
a/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java
b/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java
index 1e81db8bf96..c8361a4ce4c 100644
---
a/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java
+++
b/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java
@@ -91,7 +91,8 @@ public class CheckRowPolicyTest extends TestWithFeService {
user.analyze(SystemInfoService.DEFAULT_CLUSTER);
CreateUserStmt createUserStmt = new CreateUserStmt(new UserDesc(user));
Env.getCurrentEnv().getAuth().createUser(createUserStmt);
- List<AccessPrivilegeWithCols> privileges = Lists.newArrayList(new
AccessPrivilegeWithCols(AccessPrivilege.ADMIN_PRIV));
+ List<AccessPrivilegeWithCols> privileges = Lists
+ .newArrayList(new
AccessPrivilegeWithCols(AccessPrivilege.ADMIN_PRIV));
TablePattern tablePattern = new TablePattern("*", "*", "*");
tablePattern.analyze(SystemInfoService.DEFAULT_CLUSTER);
GrantStmt grantStmt = new GrantStmt(user, null, tablePattern,
privileges);
@@ -102,7 +103,8 @@ public class CheckRowPolicyTest extends TestWithFeService {
@Test
public void checkUser() throws AnalysisException,
org.apache.doris.common.AnalysisException {
- LogicalRelation relation = new
LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable,
Arrays.asList(fullDbName));
+ LogicalRelation relation = new
LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable,
+ Arrays.asList(fullDbName));
LogicalCheckPolicy<LogicalRelation> checkPolicy = new
LogicalCheckPolicy<>(relation);
useUser("root");
@@ -117,7 +119,8 @@ public class CheckRowPolicyTest extends TestWithFeService {
@Test
public void checkNoPolicy() throws
org.apache.doris.common.AnalysisException {
useUser(userName);
- LogicalRelation relation = new
LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable,
Arrays.asList(fullDbName));
+ LogicalRelation relation = new
LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable,
+ Arrays.asList(fullDbName));
LogicalCheckPolicy<LogicalRelation> checkPolicy = new
LogicalCheckPolicy<>(relation);
Plan plan = PlanRewriter.bottomUpRewrite(checkPolicy, connectContext,
new CheckPolicy());
Assertions.assertEquals(plan, relation);
@@ -126,7 +129,8 @@ public class CheckRowPolicyTest extends TestWithFeService {
@Test
public void checkOnePolicy() throws Exception {
useUser(userName);
- LogicalRelation relation = new
LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable,
Arrays.asList(fullDbName));
+ LogicalRelation relation = new
LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable,
+ Arrays.asList(fullDbName));
LogicalCheckPolicy<LogicalRelation> checkPolicy = new
LogicalCheckPolicy<>(relation);
connectContext.getSessionVariable().setEnableNereidsPlanner(true);
createPolicy("CREATE ROW POLICY "
@@ -144,6 +148,9 @@ public class CheckRowPolicyTest extends TestWithFeService {
Assertions.assertTrue(ImmutableList.copyOf(filter.getConjuncts()).get(0)
instanceof EqualTo);
Assertions.assertTrue(filter.getConjuncts().toString().contains("'k1 =
1"));
- dropPolicy("DROP ROW POLICY " + policyName);
+ dropPolicy("DROP ROW POLICY "
+ + policyName
+ + " ON "
+ + tableName);
}
}
diff --git a/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java
b/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java
index d7d286e60f3..85c432f0114 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java
@@ -110,13 +110,13 @@ public class PolicyTest extends TestWithFeService {
String queryStr = "EXPLAIN select /*+
SET_VAR(enable_nereids_planner=false) */ * from test.table1";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("`k1` = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1");
// test role
createPolicy("CREATE ROW POLICY test_row_policy ON test.table1 AS
PERMISSIVE TO ROLE role1 USING (k1 = 2)");
queryStr = "EXPLAIN select /*+ SET_VAR(enable_nereids_planner=false)
*/ * from test.table1";
explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("`k1` = 2"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1 for role
role1");
}
@Test
@@ -126,13 +126,13 @@ public class PolicyTest extends TestWithFeService {
String queryStr = "EXPLAIN select * from test.table1";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("k1[#0] = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1");
//test role
createPolicy("CREATE ROW POLICY test_row_policy ON test.table1 AS
PERMISSIVE TO ROLE role1 USING (k1 = 2)");
queryStr = "EXPLAIN select * from test.table1";
explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("k1[#0] = 2"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1");
}
@Test
@@ -142,7 +142,7 @@ public class PolicyTest extends TestWithFeService {
String queryStr = "EXPLAIN select /*+
SET_VAR(enable_nereids_planner=false) */ * from test.table3";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("`k1` = 1"));
- dropPolicy("DROP ROW POLICY test_unique_policy");
+ dropPolicy("DROP ROW POLICY test_unique_policy ON test.table3");
}
@Test
@@ -152,7 +152,7 @@ public class PolicyTest extends TestWithFeService {
String queryStr = "EXPLAIN select * from test.table3";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("k1[#0] = 1"));
- dropPolicy("DROP ROW POLICY test_unique_policy");
+ dropPolicy("DROP ROW POLICY test_unique_policy ON test.table3");
}
@Test
@@ -164,7 +164,7 @@ public class PolicyTest extends TestWithFeService {
queryStr = "EXPLAIN select /*+ SET_VAR(enable_nereids_planner=false)
*/ * from test.table1 b";
explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("`b`.`k1` = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1");
}
@Test
@@ -178,7 +178,7 @@ public class PolicyTest extends TestWithFeService {
queryStr = "EXPLAIN select * from test.table1 b";
explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("k1[#0] = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1");
connectContext.getSessionVariable().setEnableNereidsPlanner(beforeConfig);
}
@@ -189,7 +189,7 @@ public class PolicyTest extends TestWithFeService {
= "EXPLAIN select /*+ SET_VAR(enable_nereids_planner=false) */
* from test.table1 union all select * from test.table1";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("`k1` = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1");
}
@Test
@@ -198,7 +198,7 @@ public class PolicyTest extends TestWithFeService {
String queryStr = "EXPLAIN select * from test.table1 union all select
* from test.table1";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("k1[#0] = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1");
}
@Test
@@ -208,7 +208,7 @@ public class PolicyTest extends TestWithFeService {
= "EXPLAIN insert into test.table1 select /*+
SET_VAR(enable_nereids_planner=false) */ * from test.table1";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("`k1` = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1");
}
@Test
@@ -217,7 +217,7 @@ public class PolicyTest extends TestWithFeService {
String queryStr = "EXPLAIN insert into test.table1 select * from
test.table1";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("k1[#0] = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy");
+ dropPolicy("DROP ROW POLICY test_row_policy ON test.table1");
}
@Test
@@ -228,7 +228,7 @@ public class PolicyTest extends TestWithFeService {
ExceptionChecker.expectThrowsWithMsg(DdlException.class, "the policy
test_row_policy1 already create",
() -> createPolicy("CREATE ROW POLICY test_row_policy1 ON
test.table1 AS PERMISSIVE"
+ " TO test_policy USING (k1 = 1)"));
- dropPolicy("DROP ROW POLICY test_row_policy1");
+ dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1");
}
@Test
@@ -247,8 +247,8 @@ public class PolicyTest extends TestWithFeService {
(ShowPolicyStmt) parseAndAnalyzeStmt("SHOW ROW POLICY");
int firstSize =
Env.getCurrentEnv().getPolicyMgr().showPolicy(showPolicyStmt).getResultRows().size();
Assertions.assertTrue(firstSize > 0);
- dropPolicy("DROP ROW POLICY test_row_policy1");
- dropPolicy("DROP ROW POLICY test_row_policy2");
+ dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1");
+ dropPolicy("DROP ROW POLICY test_row_policy2 ON test.table1");
int secondSize =
Env.getCurrentEnv().getPolicyMgr().showPolicy(showPolicyStmt).getResultRows().size();
Assertions.assertEquals(2, firstSize - secondSize);
}
@@ -256,10 +256,10 @@ public class PolicyTest extends TestWithFeService {
@Test
public void testDropPolicy() throws Exception {
createPolicy("CREATE ROW POLICY test_row_policy1 ON test.table1 AS
PERMISSIVE TO test_policy USING (k2 = 1)");
- dropPolicy("DROP ROW POLICY test_row_policy1");
- dropPolicy("DROP ROW POLICY IF EXISTS test_row_policy5");
+ dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1");
+ dropPolicy("DROP ROW POLICY IF EXISTS test_row_policy5 ON
test.table1");
ExceptionChecker.expectThrowsWithMsg(DdlException.class, "the policy
test_row_policy1 not exist",
- () -> dropPolicy("DROP ROW POLICY test_row_policy1"));
+ () -> dropPolicy("DROP ROW POLICY test_row_policy1 ON
test.table1"));
}
@Test
@@ -271,10 +271,10 @@ public class PolicyTest extends TestWithFeService {
String queryStr = "EXPLAIN select /*+
SET_VAR(enable_nereids_planner=false) */ * from test.table1";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("`k1` = 1 AND `k2` = 1
AND `k2` = 2 OR `k2` = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy1");
- dropPolicy("DROP ROW POLICY test_row_policy2");
- dropPolicy("DROP ROW POLICY test_row_policy3");
- dropPolicy("DROP ROW POLICY test_row_policy4");
+ dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1");
+ dropPolicy("DROP ROW POLICY test_row_policy2 ON test.table1");
+ dropPolicy("DROP ROW POLICY test_row_policy3 ON test.table1");
+ dropPolicy("DROP ROW POLICY test_row_policy4 ON test.table1");
}
@Test
@@ -285,9 +285,9 @@ public class PolicyTest extends TestWithFeService {
String queryStr = "EXPLAIN select * from test.table1";
String explainString = getSQLPlanOrErrorMsg(queryStr);
Assertions.assertTrue(explainString.contains("k2[#1] IN (1, 2) AND
k1[#0] = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy1");
- dropPolicy("DROP ROW POLICY test_row_policy3");
- dropPolicy("DROP ROW POLICY test_row_policy4");
+ dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1");
+ dropPolicy("DROP ROW POLICY test_row_policy3 ON test.table1");
+ dropPolicy("DROP ROW POLICY test_row_policy4 ON test.table1");
}
@Test
@@ -306,8 +306,8 @@ public class PolicyTest extends TestWithFeService {
String aliasSql
= "select /*+ SET_VAR(enable_nereids_planner=false) */ * from
table1 t1 join table2 t2 on t1.k1=t2.k1";
Assertions.assertTrue(getSQLPlanOrErrorMsg(aliasSql).contains("PREDICATES:
`t1`.`k1` = 1 AND `t1`.`k2` = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy1");
- dropPolicy("DROP ROW POLICY test_row_policy2");
+ dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1");
+ dropPolicy("DROP ROW POLICY test_row_policy2 ON test.table1");
}
@Test
@@ -322,8 +322,8 @@ public class PolicyTest extends TestWithFeService {
Assertions.assertTrue(getSQLPlanOrErrorMsg(subQuerySql).contains("PREDICATES:
k1 = 1 AND k2 = 1"));
String aliasSql = "select * from table1 t1 join table2 t2 on
t1.k1=t2.k1";
Assertions.assertTrue(getSQLPlanOrErrorMsg(aliasSql).contains("PREDICATES: k1 =
1 AND k2 = 1"));
- dropPolicy("DROP ROW POLICY test_row_policy1");
- dropPolicy("DROP ROW POLICY test_row_policy2");
+ dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1");
+ dropPolicy("DROP ROW POLICY test_row_policy2 ON test.table1");
}
@Test
diff --git a/regression-test/suites/account_p0/test_nereids_row_policy.groovy
b/regression-test/suites/account_p0/test_nereids_row_policy.groovy
index bcc1a7b8177..d12b11261d8 100644
--- a/regression-test/suites/account_p0/test_nereids_row_policy.groovy
+++ b/regression-test/suites/account_p0/test_nereids_row_policy.groovy
@@ -51,7 +51,7 @@ suite("test_nereids_row_policy") {
def dropPolciy = { name ->
sql """
- DROP ROW POLICY IF EXISTS ${name}
+ DROP ROW POLICY IF EXISTS ${name} ON ${dbName}.${tableName} FOR
${user}
"""
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
