This is an automated email from the ASF dual-hosted git repository.
starocean999 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 578a94012a2 [Enhancement] (nereids)implement DropRoleCommand in
nereids (#43231)
578a94012a2 is described below
commit 578a94012a211df3f678ea99836b15fd2d24f7e4
Author: Vallish Pai <[email protected]>
AuthorDate: Fri Nov 15 11:51:42 2024 +0530
[Enhancement] (nereids)implement DropRoleCommand in nereids (#43231)
Issue Number: close #42618
---
.../antlr4/org/apache/doris/nereids/DorisParser.g4 | 6 +-
.../org/apache/doris/mysql/privilege/Auth.java | 4 ++
.../doris/nereids/parser/LogicalPlanBuilder.java | 6 ++
.../apache/doris/nereids/trees/plans/PlanType.java | 1 +
.../nereids/trees/plans/commands/DropCommand.java | 45 ++++++++++++++
.../trees/plans/commands/DropRoleCommand.java | 69 ++++++++++++++++++++++
.../trees/plans/visitor/CommandVisitor.java | 5 ++
.../nereids_p0/ddl/alter/test_nereids_role.groovy | 11 ++--
8 files changed, 139 insertions(+), 8 deletions(-)
diff --git a/fe/fe-core/src/main/antlr4/org/apache/doris/nereids/DorisParser.g4
b/fe/fe-core/src/main/antlr4/org/apache/doris/nereids/DorisParser.g4
index 68ca15cca7b..e16af4330aa 100644
--- a/fe/fe-core/src/main/antlr4/org/apache/doris/nereids/DorisParser.g4
+++ b/fe/fe-core/src/main/antlr4/org/apache/doris/nereids/DorisParser.g4
@@ -60,6 +60,8 @@ statementBase
| supportedRecoverStatement #supportedRecoverStatementAlias
;
+
+
unsupportedStatement
: unsupportedUseStatement
| unsupportedDmlStatement
@@ -189,7 +191,8 @@ supportedAlterStatement
;
supportedDropStatement
- : DROP CATALOG RECYCLE BIN WHERE idType=STRING_LITERAL EQ id=INTEGER_VALUE
#dropCatalogRecycleBin
+ : DROP CATALOG RECYCLE BIN WHERE idType=STRING_LITERAL EQ id=INTEGER_VALUE
#dropCatalogRecycleBin
+ | DROP ROLE (IF EXISTS)? name=identifier
#dropRole
;
supportedShowStatement
@@ -661,7 +664,6 @@ unsupportedDropStatement
| DROP USER (IF EXISTS)? userIdentify
#dropUser
| DROP VIEW (IF EXISTS)? name=multipartIdentifier
#dropView
| DROP REPOSITORY name=identifier
#dropRepository
- | DROP ROLE (IF EXISTS)? name=identifier
#dropRole
| DROP FILE name=STRING_LITERAL
((FROM | IN) database=identifier)? properties=propertyClause
#dropFile
| DROP INDEX (IF EXISTS)? name=identifier ON tableName=multipartIdentifier
#dropIndex
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
index 3c7ea1376f6..77a2d791bb1 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
@@ -1078,6 +1078,10 @@ public class Auth implements Writable {
dropRoleInternal(stmt.getRole(), stmt.isSetIfExists(), false);
}
+ public void dropRole(String role, boolean ignoreIfNonExists) throws
DdlException {
+ dropRoleInternal(role, ignoreIfNonExists, false);
+ }
+
public void replayDropRole(PrivInfo info) {
try {
dropRoleInternal(info.getRole(), false, true);
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/nereids/parser/LogicalPlanBuilder.java
b/fe/fe-core/src/main/java/org/apache/doris/nereids/parser/LogicalPlanBuilder.java
index 5060dc3f915..e4cd01ceee0 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/nereids/parser/LogicalPlanBuilder.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/nereids/parser/LogicalPlanBuilder.java
@@ -100,6 +100,7 @@ import
org.apache.doris.nereids.DorisParser.DropCatalogRecycleBinContext;
import org.apache.doris.nereids.DorisParser.DropConstraintContext;
import org.apache.doris.nereids.DorisParser.DropMTMVContext;
import org.apache.doris.nereids.DorisParser.DropProcedureContext;
+import org.apache.doris.nereids.DorisParser.DropRoleContext;
import org.apache.doris.nereids.DorisParser.ElementAtContext;
import org.apache.doris.nereids.DorisParser.ExceptContext;
import org.apache.doris.nereids.DorisParser.ExceptOrReplaceContext;
@@ -418,6 +419,7 @@ import
org.apache.doris.nereids.trees.plans.commands.DropCatalogRecycleBinComman
import org.apache.doris.nereids.trees.plans.commands.DropConstraintCommand;
import org.apache.doris.nereids.trees.plans.commands.DropMTMVCommand;
import org.apache.doris.nereids.trees.plans.commands.DropProcedureCommand;
+import org.apache.doris.nereids.trees.plans.commands.DropRoleCommand;
import org.apache.doris.nereids.trees.plans.commands.ExplainCommand;
import
org.apache.doris.nereids.trees.plans.commands.ExplainCommand.ExplainLevel;
import org.apache.doris.nereids.trees.plans.commands.ExportCommand;
@@ -4107,4 +4109,8 @@ public class LogicalPlanBuilder extends
DorisParserBaseVisitor<Object> {
String newDbName = (ctx.alias != null) ? ctx.alias.getText() : null;
return new RecoverDatabaseCommand(dbName, dbId, newDbName);
}
+
+ public LogicalPlan visitDropRole(DropRoleContext ctx) {
+ return new DropRoleCommand(ctx.name.getText(), ctx.EXISTS() != null);
+ }
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/PlanType.java
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/PlanType.java
index cb1eff3eb62..d3b3c222107 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/PlanType.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/PlanType.java
@@ -158,6 +158,7 @@ public enum PlanType {
CALL_COMMAND,
CREATE_PROCEDURE_COMMAND,
DROP_PROCEDURE_COMMAND,
+ DROP_ROLE_COMMAND,
SHOW_PROCEDURE_COMMAND,
SHOW_CREATE_PROCEDURE_COMMAND,
CREATE_VIEW_COMMAND,
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropCommand.java
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropCommand.java
new file mode 100644
index 00000000000..d08564a8d32
--- /dev/null
+++
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropCommand.java
@@ -0,0 +1,45 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.nereids.trees.plans.commands;
+
+import org.apache.doris.analysis.StmtType;
+import org.apache.doris.nereids.trees.plans.PlanType;
+import org.apache.doris.qe.ConnectContext;
+import org.apache.doris.qe.StmtExecutor;
+
+/**
+ * base class for all drop commands
+ */
+public abstract class DropCommand extends Command implements ForwardWithSync {
+ public DropCommand(PlanType type) {
+ super(type);
+ }
+
+ @Override
+ public StmtType stmtType() {
+ return StmtType.DROP;
+ }
+
+ @Override
+ public void run(ConnectContext ctx, StmtExecutor executor) throws
Exception {
+ doRun(ctx, executor);
+ }
+
+ public abstract void doRun(ConnectContext ctx, StmtExecutor executor)
throws Exception;
+
+}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropRoleCommand.java
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropRoleCommand.java
new file mode 100644
index 00000000000..2f7858aa6ae
--- /dev/null
+++
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropRoleCommand.java
@@ -0,0 +1,69 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.nereids.trees.plans.commands;
+
+import org.apache.doris.catalog.Env;
+import org.apache.doris.common.AnalysisException;
+import org.apache.doris.common.Config;
+import org.apache.doris.common.ErrorCode;
+import org.apache.doris.common.ErrorReport;
+import org.apache.doris.common.FeNameFormat;
+import org.apache.doris.mysql.privilege.PrivPredicate;
+import org.apache.doris.nereids.trees.plans.PlanType;
+import org.apache.doris.nereids.trees.plans.visitor.PlanVisitor;
+import org.apache.doris.qe.ConnectContext;
+import org.apache.doris.qe.StmtExecutor;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+/**
+ * drop roles command
+ */
+public class DropRoleCommand extends DropCommand {
+ public static final Logger LOG =
LogManager.getLogger(DropRoleCommand.class);
+ private final boolean ifExists;
+ private final String role;
+
+ /**
+ * constructor
+ */
+ public DropRoleCommand(String role, boolean ifExists) {
+ super(PlanType.DROP_ROLE_COMMAND);
+ this.role = role;
+ this.ifExists = ifExists;
+ }
+
+ @Override
+ public void doRun(ConnectContext ctx, StmtExecutor executor) throws
Exception {
+ if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
+ throw new AnalysisException("Drop role is prohibited when Ranger
is enabled.");
+ }
+ FeNameFormat.checkRoleName(role, false /* can not be superuser */,
"Can not drop role");
+ // check if current user has GRANT priv on GLOBAL level.
+ if
(!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(),
PrivPredicate.GRANT)) {
+
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
"DROP ROLE");
+ }
+ Env.getCurrentEnv().getAuth().dropRole(role, ifExists);
+ }
+
+ @Override
+ public <R, C> R accept(PlanVisitor<R, C> visitor, C context) {
+ return visitor.visitDropRoleCommand(this, context);
+ }
+}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/visitor/CommandVisitor.java
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/visitor/CommandVisitor.java
index 5b4cff7dade..e77c9f61380 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/visitor/CommandVisitor.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/visitor/CommandVisitor.java
@@ -37,6 +37,7 @@ import
org.apache.doris.nereids.trees.plans.commands.DropCatalogRecycleBinComman
import org.apache.doris.nereids.trees.plans.commands.DropConstraintCommand;
import org.apache.doris.nereids.trees.plans.commands.DropMTMVCommand;
import org.apache.doris.nereids.trees.plans.commands.DropProcedureCommand;
+import org.apache.doris.nereids.trees.plans.commands.DropRoleCommand;
import org.apache.doris.nereids.trees.plans.commands.ExplainCommand;
import org.apache.doris.nereids.trees.plans.commands.ExportCommand;
import org.apache.doris.nereids.trees.plans.commands.LoadCommand;
@@ -278,4 +279,8 @@ public interface CommandVisitor<R, C> {
default R visitRecoverDatabaseCommand(RecoverDatabaseCommand
recoverDatabaseCommand, C context) {
return visitCommand(recoverDatabaseCommand, context);
}
+
+ default R visitDropRoleCommand(DropRoleCommand dropRoleCommand, C context)
{
+ return visitCommand(dropRoleCommand, context);
+ }
}
diff --git
a/regression-test/suites/nereids_p0/ddl/alter/test_nereids_role.groovy
b/regression-test/suites/nereids_p0/ddl/alter/test_nereids_role.groovy
index cb3d2f62ecd..e7ffedd3b4f 100644
--- a/regression-test/suites/nereids_p0/ddl/alter/test_nereids_role.groovy
+++ b/regression-test/suites/nereids_p0/ddl/alter/test_nereids_role.groovy
@@ -18,16 +18,15 @@
import org.junit.Assert;
suite("test_nereids_role", "account") {
- def role= 'account_role_test'
- def user = 'acount_role_user_test'
- def dbName = 'account_role_test_db'
+ def role= 'nereids_account_role_test'
+ def user = 'nereids_acount_role_user_test'
+ def dbName = 'nereids_account_role_test_db'
def pwd = 'C123_567p'
try_sql("DROP ROLE ${role}")
try_sql("DROP USER ${user}")
sql """DROP DATABASE IF EXISTS ${dbName}"""
- sql """CREATE DATABASE ${dbName}"""
-
+ sql """CREATE DATABASE IF NOT EXISTS ${dbName}"""
sql """CREATE ROLE ${role}"""
sql """GRANT SELECT_PRIV ON ${context.config.defaultDb} TO ROLE
'${role}'"""
sql """GRANT SELECT_PRIV ON ${dbName} TO ROLE '${role}'"""
@@ -59,7 +58,7 @@ suite("test_nereids_role", "account") {
logger.info("roles_alter: " + roles_alter.toString())
assertTrue(roles_alter.toString().contains("account_p0_account_role_test_comment_alter"))
// drop role
- sql """DROP ROLE ${role}"""
+ checkNereidsExecute("""DROP ROLE ${role}""")
def roles_drop = sql """show roles"""
logger.info("roles_drop: " + roles_drop.toString())
assertFalse(roles_drop.toString().contains("account_p0_account_role_test_comment_alter"))
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
