This is an automated email from the ASF dual-hosted git repository.
spricoder pushed a commit to branch refactor/new_auth
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/refactor/new_auth by this push:
new e7b949b7e65 Fix Test
e7b949b7e65 is described below
commit e7b949b7e657f640eab1d9e1196023cf906f6540
Author: spricoder <[email protected]>
AuthorDate: Mon Jun 26 01:45:23 2023 +0800
Fix Test
---
.../antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4 | 208 ++++-----------------
.../consensus/request/ConfigPhysicalPlanType.java | 2 +-
.../request/write/sync/ShowPipePlanV1.java | 2 +-
.../impl/pipe/AbstractOperatePipeProcedureV2.java | 2 +-
.../confignode/persistence/AuthorInfoTest.java | 12 +-
.../confignode/it/IoTDBClusterAuthorityIT.java | 14 +-
.../java/org/apache/iotdb/db/it/IoTDBAuthIT.java | 149 ++++++---------
.../java/org/apache/iotdb/db/it/cq/IoTDBCQIT.java | 4 +-
.../iotdb/db/it/selectinto/IoTDBSelectIntoIT.java | 4 +-
.../db/it/trigger/IoTDBTriggerManagementIT.java | 17 +-
.../iotdb/zeppelin/it/IoTDBInterpreterIT.java | 4 +-
.../commons/auth/authorizer/OpenIdAuthorizer.java | 2 +-
.../iotdb/commons/auth/entity/PrivilegeType.java | 11 +-
.../org/apache/iotdb/commons/utils/AuthUtils.java | 2 +-
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 10 +-
.../config/executor/ClusterConfigTaskExecutor.java | 14 +-
.../iotdb/db/mpp/plan/parser/ASTVisitor.java | 11 +-
.../trigger/service/TriggerClassLoaderManager.java | 5 +-
.../iotdb/db/auth/AuthorizerManagerTest.java | 10 +-
19 files changed, 165 insertions(+), 318 deletions(-)
diff --git a/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
b/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
index 9014377237c..79f8ecbab58 100644
--- a/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
+++ b/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
@@ -853,140 +853,65 @@ ELSE
// Privileges Keywords
PRIVILEGE_VALUE
- : SET_STORAGE_GROUP | DELETE_STORAGE_GROUP | CREATE_DATABASE |
DELETE_DATABASE
- | CREATE_TIMESERIES | INSERT_TIMESERIES | READ_TIMESERIES |
DELETE_TIMESERIES | ALTER_TIMESERIES
- | CREATE_USER | DELETE_USER | MODIFY_PASSWORD | LIST_USER
- | GRANT_USER_PRIVILEGE | REVOKE_USER_PRIVILEGE | GRANT_USER_ROLE |
REVOKE_USER_ROLE
- | CREATE_ROLE | DELETE_ROLE | LIST_ROLE | GRANT_ROLE_PRIVILEGE |
REVOKE_ROLE_PRIVILEGE
- | CREATE_FUNCTION | DROP_FUNCTION | CREATE_TRIGGER | DROP_TRIGGER |
START_TRIGGER | STOP_TRIGGER
- | CREATE_CONTINUOUS_QUERY | DROP_CONTINUOUS_QUERY | SHOW_CONTINUOUS_QUERIES
- | APPLY_TEMPLATE | UPDATE_TEMPLATE | READ_TEMPLATE |
READ_TEMPLATE_APPLICATION
- | CREATE_PIPEPLUGIN | DROP_PIPEPLUGIN | SHOW_PIPEPLUGINS | CREATE_PIPE |
START_PIPE | STOP_PIPE | DROP_PIPE | SHOW_PIPES
- | CREATE_VIEW | ALTER_VIEW | RENAME_VIEW | DELETE_VIEW
+ : READ_DATA
+ | WRITE_DATA
+ | READ_SCHEMA
+ | WRITE_SCHEMA
+ | USER_PRIVILEGE
+ | ROLE_PRIVILEGE
+ | GRANT_PRIVILEGE
+ | ALTER_PASSWORD
+ | TRIGGER_PRIVILEGE
+ | CONTINUOUS_QUERY_PRIVILEGE
+ | PIPE_PRIVILEGE
;
-SET_STORAGE_GROUP
- : S E T '_' S T O R A G E '_' G R O U P
- ;
-
-DELETE_STORAGE_GROUP
- : D E L E T E '_' S T O R A G E '_' G R O U P
- ;
-
-CREATE_DATABASE
- : C R E A T E '_' D A T A B A S E
- ;
-
-DELETE_DATABASE
- : D E L E T E '_' D A T A B A S E
- ;
-
-CREATE_TIMESERIES
- : C R E A T E '_' T I M E S E R I E S
+READ_DATA
+ : R E A D '_' D A T A
;
-INSERT_TIMESERIES
- : I N S E R T '_' T I M E S E R I E S
+WRITE_DATA
+ : W R I T E '_' D A T A
;
-READ_TIMESERIES
- : R E A D '_' T I M E S E R I E S
+READ_SCHEMA
+ : R E A D '_' S C H E M A
;
-DELETE_TIMESERIES
- : D E L E T E '_' T I M E S E R I E S
+WRITE_SCHEMA
+ : W R I T E '_' S C H E M A
;
-ALTER_TIMESERIES
- : A L T E R '_' T I M E S E R I E S
+USER_PRIVILEGE
+ : U S E R '_' P R I V I L E G E
;
-CREATE_USER
- : C R E A T E '_' U S E R
+ROLE_PRIVILEGE
+ : R O L E '_' P R I V I L E G E
;
-DELETE_USER
- : D E L E T E '_' U S E R
+GRANT_PRIVILEGE
+ : G R A N T '_' P R I V I L E G E
;
-MODIFY_PASSWORD
- : M O D I F Y '_' P A S S W O R D
+ALTER_PASSWORD
+ : A L T E R '_' P A S S W O R D
;
-LIST_USER
- : L I S T '_' U S E R
+TRIGGER_PRIVILEGE
+ : T R I G G E R '_' P R I V I L E G E
;
-GRANT_USER_PRIVILEGE
- : G R A N T '_' U S E R '_' P R I V I L E G E
+CONTINUOUS_QUERY_PRIVILEGE
+ : C O N T I N U O U S '_' Q U E R Y '_' P R I V I L E G E
;
-REVOKE_USER_PRIVILEGE
- : R E V O K E '_' U S E R '_' P R I V I L E G E
+PIPE_PRIVILEGE
+ : P I P E '_' P R I V I L E G E
;
-GRANT_USER_ROLE
- : G R A N T '_' U S E R '_' R O L E
- ;
-
-REVOKE_USER_ROLE
- : R E V O K E '_' U S E R '_' R O L E
- ;
-
-CREATE_ROLE
- : C R E A T E '_' R O L E
- ;
-
-DELETE_ROLE
- : D E L E T E '_' R O L E
- ;
-
-LIST_ROLE
- : L I S T '_' R O L E
- ;
-
-GRANT_ROLE_PRIVILEGE
- : G R A N T '_' R O L E '_' P R I V I L E G E
- ;
-
-REVOKE_ROLE_PRIVILEGE
- : R E V O K E '_' R O L E '_' P R I V I L E G E
- ;
-
-CREATE_FUNCTION
- : C R E A T E '_' F U N C T I O N
- ;
-
-DROP_FUNCTION
- : D R O P '_' F U N C T I O N
- ;
-
-CREATE_TRIGGER
- : C R E A T E '_' T R I G G E R
- ;
-
-DROP_TRIGGER
- : D R O P '_' T R I G G E R
- ;
-
-START_TRIGGER
- : S T A R T '_' T R I G G E R
- ;
-
-STOP_TRIGGER
- : S T O P '_' T R I G G E R
- ;
-
-CREATE_CONTINUOUS_QUERY
- : C R E A T E '_' C O N T I N U O U S '_' Q U E R Y
- ;
-
-DROP_CONTINUOUS_QUERY
- : D R O P '_' C O N T I N U O U S '_' Q U E R Y
- ;
-
-SHOW_CONTINUOUS_QUERIES
- : S H O W '_' C O N T I N U O U S '_' Q U E R I E S
+SET_STORAGE_GROUP
+ : S E T '_' S T O R A G E '_' G R O U P
;
SCHEMA_REPLICATION_FACTOR
@@ -1009,69 +934,6 @@ DATA_REGION_GROUP_NUM
: D A T A '_' R E G I O N '_' G R O U P '_' N U M
;
-APPLY_TEMPLATE
- : A P P L Y '_' T E M P L A T E
- ;
-
-UPDATE_TEMPLATE
- : U P D A T E '_' T E M P L A T E
- ;
-
-READ_TEMPLATE
- : R E A D '_' T E M P L A T E
- ;
-
-READ_TEMPLATE_APPLICATION
- : R E A D '_' T E M P L A T E '_' A P P L I C A T I O N
- ;
-
-CREATE_PIPEPLUGIN
- : C R E A T E '_' P I P E P L U G I N
- ;
-
-DROP_PIPEPLUGIN
- : D R O P '_' P I P E P L U G I N
- ;
-
-SHOW_PIPEPLUGINS
- : S H O W '_' P I P E P L U G I N S
- ;
-CREATE_PIPE
- : C R E A T E '_' P I P E
- ;
-
-START_PIPE
- : S T A R T '_' P I P E
- ;
-
-STOP_PIPE
- : S T O P '_' P I P E
- ;
-
-DROP_PIPE
- : D R O P '_' P I P E
- ;
-
-SHOW_PIPES
- : S H O W '_' P I P E S
- ;
-
-CREATE_VIEW
- : C R E A T E '_' V I E W
- ;
-
-ALTER_VIEW
- : A L T E R '_' V I E W
- ;
-
-RENAME_VIEW
- : R E N A M E '_' V I E W
- ;
-
-DELETE_VIEW
- : D E L E T E '_' V I E W
- ;
-
/**
* 3. Operators
*/
diff --git
a/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanType.java
b/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanType.java
index b4ab2ad4953..d0b249d9e75 100644
---
a/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanType.java
+++
b/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanType.java
@@ -175,7 +175,7 @@ public enum ConfigPhysicalPlanType {
/** Pipe Task */
CreatePipeV2((short) 1500),
- /** START PIPE & STOP PIPE */
+ /** START PIPE_PRIVILEGE & STOP PIPE_PRIVILEGE */
SetPipeStatusV2((short) 1501),
DropPipeV2((short) 1502),
ShowPipeV2((short) 1503),
diff --git
a/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/sync/ShowPipePlanV1.java
b/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/sync/ShowPipePlanV1.java
index 0acf6c277d5..2872d8adcd4 100644
---
a/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/sync/ShowPipePlanV1.java
+++
b/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/sync/ShowPipePlanV1.java
@@ -29,7 +29,7 @@ import java.nio.ByteBuffer;
// Deprecated, restored for upgrade
@Deprecated
public class ShowPipePlanV1 extends ConfigPhysicalPlan {
- /** empty pipeName means show all PIPE */
+ /** empty pipeName means show all PIPE_PRIVILEGE */
private String pipeName;
public ShowPipePlanV1() {
diff --git
a/confignode/src/main/java/org/apache/iotdb/confignode/procedure/impl/pipe/AbstractOperatePipeProcedureV2.java
b/confignode/src/main/java/org/apache/iotdb/confignode/procedure/impl/pipe/AbstractOperatePipeProcedureV2.java
index 27a9fd1de25..c0e577ccc33 100644
---
a/confignode/src/main/java/org/apache/iotdb/confignode/procedure/impl/pipe/AbstractOperatePipeProcedureV2.java
+++
b/confignode/src/main/java/org/apache/iotdb/confignode/procedure/impl/pipe/AbstractOperatePipeProcedureV2.java
@@ -40,7 +40,7 @@ import java.util.ArrayList;
import java.util.List;
/**
- * This procedure manage 4 kinds of PIPE operations: CREATE, START, STOP and
DROP.
+ * This procedure manage 4 kinds of PIPE_PRIVILEGE operations: CREATE, START,
STOP and DROP.
*
* <p>This class extends AbstractNodeProcedure to make sure that pipe task
procedures can be
* executed in sequence and node procedures can be locked when a pipe task
procedure is running.
diff --git
a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
index 63ff85d1669..6d11974d119 100644
---
a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
+++
b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
@@ -86,10 +86,10 @@ public class AuthorInfoTest {
AuthorPlan authorPlan;
Set<Integer> privilegeList = new HashSet<>();
- privilegeList.add(PrivilegeType.USER.ordinal());
+ privilegeList.add(PrivilegeType.USER_PRIVILEGE.ordinal());
Set<Integer> revokePrivilege = new HashSet<>();
- revokePrivilege.add(PrivilegeType.USER.ordinal());
+ revokePrivilege.add(PrivilegeType.USER_PRIVILEGE.ordinal());
List<String> privilege = new ArrayList<>();
@@ -117,7 +117,9 @@ public class AuthorInfoTest {
// check user privileges
status =
- authorInfo.checkUserPrivileges("user0", paths,
PrivilegeType.USER.ordinal()).getStatus();
+ authorInfo
+ .checkUserPrivileges("user0", paths,
PrivilegeType.USER_PRIVILEGE.ordinal())
+ .getStatus();
Assert.assertEquals(TSStatusCode.NO_PERMISSION.getStatusCode(),
status.getCode());
// drop user
@@ -208,7 +210,9 @@ public class AuthorInfoTest {
// check user privileges
status =
- authorInfo.checkUserPrivileges("user0", paths,
PrivilegeType.USER.ordinal()).getStatus();
+ authorInfo
+ .checkUserPrivileges("user0", paths,
PrivilegeType.USER_PRIVILEGE.ordinal())
+ .getStatus();
Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// grant role
diff --git
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/IoTDBClusterAuthorityIT.java
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/IoTDBClusterAuthorityIT.java
index 77ee9c046b0..39948ecf2c3 100644
---
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/IoTDBClusterAuthorityIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/IoTDBClusterAuthorityIT.java
@@ -120,13 +120,13 @@ public class IoTDBClusterAuthorityIT {
TCheckUserPrivilegesReq checkUserPrivilegesReq;
Set<Integer> privilegeList = new HashSet<>();
- privilegeList.add(PrivilegeType.USER.ordinal());
+ privilegeList.add(PrivilegeType.USER_PRIVILEGE.ordinal());
Set<Integer> revokePrivilege = new HashSet<>();
- revokePrivilege.add(PrivilegeType.USER.ordinal());
+ revokePrivilege.add(PrivilegeType.USER_PRIVILEGE.ordinal());
List<String> privilege = new ArrayList<>();
- privilege.add("root.** : USER");
+ privilege.add("root.** : USER_PRIVILEGE");
List<PartialPath> paths = new ArrayList<>();
paths.add(new PartialPath("root.ln.**"));
@@ -154,7 +154,9 @@ public class IoTDBClusterAuthorityIT {
// check user privileges
checkUserPrivilegesReq =
new TCheckUserPrivilegesReq(
- "tempuser0", AuthUtils.serializePartialPathList(paths),
PrivilegeType.USER.ordinal());
+ "tempuser0",
+ AuthUtils.serializePartialPathList(paths),
+ PrivilegeType.USER_PRIVILEGE.ordinal());
status = client.checkUserPrivileges(checkUserPrivilegesReq).getStatus();
assertEquals(TSStatusCode.NO_PERMISSION.getStatusCode(),
status.getCode());
@@ -263,7 +265,9 @@ public class IoTDBClusterAuthorityIT {
// check user privileges
checkUserPrivilegesReq =
new TCheckUserPrivilegesReq(
- "tempuser0", AuthUtils.serializePartialPathList(paths),
PrivilegeType.USER.ordinal());
+ "tempuser0",
+ AuthUtils.serializePartialPathList(paths),
+ PrivilegeType.USER_PRIVILEGE.ordinal());
status = client.checkUserPrivileges(checkUserPrivilegesReq).getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
index 389e7e39b86..dd324dc5238 100644
--- a/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
+++ b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
@@ -81,7 +81,7 @@ public class IoTDBAuthIT {
() -> userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES
(100, 100)"));
Assert.assertThrows(
SQLException.class,
- () -> userStmt.execute("GRANT USER tempuser PRIVILEGES
CREATE_TIMESERIES ON root.a"));
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES
WRITE_SCHEMA ON root.a"));
adminStmt.execute("GRANT USER tempuser PRIVILEGES ALL on root.**");
@@ -89,11 +89,11 @@ public class IoTDBAuthIT {
userStmt.execute("CREATE TIMESERIES root.a.b WITH
DATATYPE=INT32,ENCODING=PLAIN");
userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (100, 100)");
userStmt.execute("SELECT * from root.a");
- userStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON
root.a");
- userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON
root.b.b");
+ userStmt.execute("GRANT USER tempuser PRIVILEGES WRITE_SCHEMA ON
root.a");
+ userStmt.execute("GRANT USER tempuser PRIVILEGES WRITE_SCHEMA ON
root.b.b");
adminStmt.execute("REVOKE USER tempuser PRIVILEGES ALL on root.**");
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_TIMESERIES
ON root.b.b");
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES WRITE_SCHEMA ON
root.b.b");
Assert.assertThrows(SQLException.class, () -> userStmt.execute("CREATE
DATABASE root.b"));
Assert.assertThrows(
@@ -106,7 +106,7 @@ public class IoTDBAuthIT {
Assert.assertThrows(SQLException.class, () -> userStmt.execute("SELECT
* from root.a"));
Assert.assertThrows(
SQLException.class,
- () -> userStmt.execute("GRANT USER tempuser PRIVILEGES
CREATE_TIMESERIES ON root.a"));
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES
WRITE_SCHEMA ON root.a"));
}
}
}
@@ -123,20 +123,10 @@ public class IoTDBAuthIT {
Assert.assertThrows(
SQLException.class, () -> userStmt.execute("CREATE DATABASE
root.sgtest"));
- adminStmt.execute("GRANT USER sgtest PRIVILEGES CREATE_DATABASE ON
root.*");
+ adminStmt.execute("GRANT USER sgtest PRIVILEGES WRITE_SCHEMA ON
root.*");
try {
userStmt.execute("CREATE DATABASE root.sgtest");
- } catch (SQLException e) {
- fail(e.getMessage());
- }
-
- Assert.assertThrows(
- SQLException.class, () -> userStmt.execute("DELETE DATABASE
root.sgtest"));
-
- adminStmt.execute("GRANT USER sgtest PRIVILEGES DELETE_STORAGE_GROUP
ON root.*");
-
- try {
userStmt.execute("DELETE DATABASE root.sgtest");
} catch (SQLException e) {
fail(e.getMessage());
@@ -197,65 +187,56 @@ public class IoTDBAuthIT {
// grant a non-existing user
Assert.assertThrows(
SQLException.class,
- () -> adminStmt.execute("GRANT USER nulluser PRIVILEGES
CREATE_DATABASE on root.a"));
+ () -> adminStmt.execute("GRANT USER nulluser PRIVILEGES
WRITE_SCHEMA on root.a"));
// grant a non-existing privilege
Assert.assertThrows(
SQLException.class,
() -> adminStmt.execute("GRANT USER tempuser PRIVILEGES
NOT_A_PRIVILEGE on root.a"));
// duplicate grant
- adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_USER on
root.**");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES USER_PRIVILEGE on
root.**");
Assert.assertThrows(
SQLException.class,
- () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES
CREATE_USER on root.**"));
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES
USER_PRIVILEGE on root.**"));
// grant on a illegal seriesPath
Assert.assertThrows(
SQLException.class,
- () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES
DELETE_TIMESERIES on a.b"));
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES
WRITE_SCHEMA on a.b"));
// grant admin
Assert.assertThrows(
SQLException.class,
- () -> adminStmt.execute("GRANT USER root PRIVILEGES
DELETE_TIMESERIES on root.a.b"));
+ () -> adminStmt.execute("GRANT USER root PRIVILEGES WRITE_SCHEMA
on root.a.b"));
// no privilege to grant
Assert.assertThrows(
SQLException.class,
- () -> userStmt.execute("GRANT USER tempuser PRIVILEGES
DELETE_TIMESERIES on root.a.b"));
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES
WRITE_SCHEMA on root.a.b"));
// revoke a non-existing privilege
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER on
root.**");
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES USER_PRIVILEGE on
root.**");
Assert.assertThrows(
SQLException.class,
- () -> adminStmt.execute("REVOKE USER tempuser PRIVILEGES
CREATE_USER on root.**"));
+ () -> adminStmt.execute("REVOKE USER tempuser PRIVILEGES
USER_PRIVILEGE on root.**"));
// revoke a non-existing user
Assert.assertThrows(
SQLException.class,
- () -> adminStmt.execute("REVOKE USER tempuser1 PRIVILEGES
CREATE_USER on root.**"));
+ () -> adminStmt.execute("REVOKE USER tempuser1 PRIVILEGES
USER_PRIVILEGE on root.**"));
// revoke on a illegal seriesPath
Assert.assertThrows(
SQLException.class,
- () -> adminStmt.execute("REVOKE USER tempuser PRIVILEGES
DELETE_TIMESERIES on a.b"));
+ () -> adminStmt.execute("REVOKE USER tempuser PRIVILEGES
WRITE_SCHEMA on a.b"));
// revoke admin
Assert.assertThrows(
SQLException.class,
- () -> adminStmt.execute("REVOKE USER root PRIVILEGES
DELETE_TIMESERIES on root.a.b"));
+ () -> adminStmt.execute("REVOKE USER root PRIVILEGES WRITE_SCHEMA
on root.a.b"));
// no privilege to revoke
Assert.assertThrows(
SQLException.class,
- () ->
- userStmt.execute("REVOKE USER tempuser PRIVILEGES
DELETE_TIMESERIES on root.a.b"));
+ () -> userStmt.execute("REVOKE USER tempuser PRIVILEGES
WRITE_SCHEMA on root.a.b"));
// grant privilege to grant
Assert.assertThrows(
SQLException.class,
- () -> userStmt.execute("GRANT USER tempuser PRIVILEGES
DELETE_TIMESERIES on root.a.b"));
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES
WRITE_SCHEMA on root.a.b"));
- adminStmt.execute("GRANT USER tempuser PRIVILEGES GRANT_USER_PRIVILEGE
on root.**");
- userStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on
root.**");
-
- // grant privilege to revoke
- Assert.assertThrows(
- SQLException.class,
- () -> userStmt.execute("REVOKE USER tempuser PRIVILEGES
DELETE_TIMESERIES on root.**"));
-
- adminStmt.execute("GRANT USER tempuser PRIVILEGES
REVOKE_USER_PRIVILEGE on root.**");
- userStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on
root.**");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES GRANT_PRIVILEGE on
root.**");
+ userStmt.execute("GRANT USER tempuser PRIVILEGES WRITE_SCHEMA on
root.**");
}
}
}
@@ -273,22 +254,22 @@ public class IoTDBAuthIT {
// grant and revoke the user the privilege to create time series
Assert.assertThrows(SQLException.class, () -> userStmt.execute("CREATE
DATABASE root.a"));
- adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_DATABASE ON
root.a");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES WRITE_SCHEMA ON
root.a");
userStmt.execute("CREATE DATABASE root.a");
- adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON
root.a.b");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES WRITE_SCHEMA ON
root.a.b");
userStmt.execute("CREATE TIMESERIES root.a.b WITH
DATATYPE=INT32,ENCODING=PLAIN");
// no privilege to create this one
Assert.assertThrows(SQLException.class, () -> userStmt.execute("CREATE
DATABASE root.b"));
// privilege already exists
Assert.assertThrows(
SQLException.class,
- () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES
CREATE_DATABASE ON root.a"));
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES
WRITE_SCHEMA ON root.a"));
// no privilege to create this one any more
Assert.assertThrows(SQLException.class, () -> userStmt.execute("CREATE
DATABASE root.a"));
// no privilege to create timeseries
Assert.assertThrows(SQLException.class, () -> userStmt.execute("CREATE
DATABASE root.a"));
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_DATABASE ON
root.a");
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES WRITE_SCHEMA ON
root.a");
// no privilege to create this one any more
Assert.assertThrows(
SQLException.class,
@@ -297,10 +278,9 @@ public class IoTDBAuthIT {
// privilege already exists
Assert.assertThrows(
SQLException.class,
- () ->
- adminStmt.execute("GRANT USER tempuser PRIVILEGES
CREATE_TIMESERIES ON root.a.b"));
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES
WRITE_SCHEMA ON root.a.b"));
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_TIMESERIES
ON root.a.b");
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES WRITE_SCHEMA ON
root.a.b");
// no privilege to create this one any more
Assert.assertThrows(
SQLException.class,
@@ -319,9 +299,9 @@ public class IoTDBAuthIT {
try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser",
"temppw");
Statement userStmt = userCon.createStatement()) {
- adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_DATABASE ON
root.a");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES WRITE_SCHEMA ON
root.a");
userStmt.execute("CREATE DATABASE root.a");
- adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON
root.a.b");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES WRITE_SCHEMA ON
root.a.b");
userStmt.execute("CREATE TIMESERIES root.a.b WITH
DATATYPE=INT32,ENCODING=PLAIN");
// grant privilege to insert
@@ -329,25 +309,25 @@ public class IoTDBAuthIT {
SQLException.class,
() -> userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES
(1,100)"));
- adminStmt.execute("GRANT USER tempuser PRIVILEGES INSERT_TIMESERIES on
root.a.**");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES WRITE_DATA on
root.a.**");
userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (1,100)");
// revoke privilege to insert
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES INSERT_TIMESERIES
on root.a.**");
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES WRITE_DATA on
root.a.**");
Assert.assertThrows(
SQLException.class,
() -> userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES
(1,100)"));
// grant privilege to query
Assert.assertThrows(SQLException.class, () -> userStmt.execute("SELECT
* from root.a"));
- adminStmt.execute("GRANT USER tempuser PRIVILEGES READ_TIMESERIES on
root.**");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES READ_DATA on
root.**");
ResultSet resultSet = userStmt.executeQuery("SELECT * from root.a");
resultSet.close();
resultSet = userStmt.executeQuery("SELECT LAST b from root.a");
resultSet.close();
// revoke privilege to query
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES READ_TIMESERIES on
root.**");
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES READ_DATA on
root.**");
Assert.assertThrows(SQLException.class, () -> userStmt.execute("SELECT
* from root.a"));
}
}
@@ -366,7 +346,7 @@ public class IoTDBAuthIT {
adminStmt.execute("CREATE ROLE admin");
adminStmt.execute(
- "GRANT ROLE admin PRIVILEGES
CREATE_DATABASE,CREATE_TIMESERIES,DELETE_TIMESERIES,READ_TIMESERIES,INSERT_TIMESERIES
on root.**");
+ "GRANT ROLE admin PRIVILEGES WRITE_SCHEMA,READ_DATA,WRITE_DATA on
root.**");
adminStmt.execute("GRANT admin TO tempuser");
userStmt.execute("CREATE DATABASE root.a");
@@ -377,13 +357,8 @@ public class IoTDBAuthIT {
ResultSet resultSet = userStmt.executeQuery("SELECT * FROM root.**");
resultSet.close();
- adminStmt.execute("REVOKE ROLE admin PRIVILEGES DELETE_TIMESERIES on
root.**");
-
- Assert.assertThrows(
- SQLException.class,
- () -> userStmt.execute("DELETE FROM root.* WHERE TIME <=
1000000000"));
-
- adminStmt.execute("GRANT USER tempuser PRIVILEGES READ_TIMESERIES on
root.**");
+ adminStmt.execute("REVOKE ROLE admin PRIVILEGES WRITE_SCHEMA on
root.**");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES READ_DATA on
root.**");
adminStmt.execute("REVOKE admin FROM tempuser");
resultSet = userStmt.executeQuery("SELECT * FROM root.**");
resultSet.close();
@@ -494,37 +469,35 @@ public class IoTDBAuthIT {
try {
adminStmt.execute("CREATE USER user1 'password1'");
- adminStmt.execute("GRANT USER user1 PRIVILEGES READ_TIMESERIES ON
root.a.b");
+ adminStmt.execute("GRANT USER user1 PRIVILEGES READ_SCHEMA ON root.a.b");
adminStmt.execute("CREATE ROLE role1");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES
READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.a.b.c");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES
READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.d.b.c");
+ adminStmt.execute("GRANT ROLE role1 PRIVILEGES READ_SCHEMA,WRITE_DATA ON
root.a.b.c");
+ adminStmt.execute("GRANT ROLE role1 PRIVILEGES READ_SCHEMA,WRITE_DATA ON
root.d.b.c");
adminStmt.execute("GRANT role1 TO user1");
ResultSet resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER
user1");
String ans =
- ",root.a.b : READ_TIMESERIES"
+ ",root.a.b : READ_SCHEMA"
+ ",\n"
- + "role1,root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES
DELETE_TIMESERIES"
+ + "role1,root.a.b.c : WRITE_DATA READ_SCHEMA"
+ ",\n"
- + "role1,root.d.b.c : INSERT_TIMESERIES READ_TIMESERIES
DELETE_TIMESERIES"
+ + "role1,root.d.b.c : WRITE_DATA READ_SCHEMA"
+ ",\n";
try {
validateResultSet(resultSet, ans);
resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON
root.a.b.c");
- ans = "role1,root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES
DELETE_TIMESERIES,\n";
+ ans = "role1,root.a.b.c : WRITE_DATA READ_SCHEMA,\n";
validateResultSet(resultSet, ans);
adminStmt.execute("REVOKE role1 from user1");
resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1");
- ans = ",root.a.b : READ_TIMESERIES,\n";
+ ans = ",root.a.b : READ_SCHEMA,\n";
validateResultSet(resultSet, ans);
resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON
root.a.**");
- ans = ",root.a.b : READ_TIMESERIES,\n";
+ ans = ",root.a.b : READ_SCHEMA,\n";
validateResultSet(resultSet, ans);
} finally {
resultSet.close();
@@ -548,31 +521,24 @@ public class IoTDBAuthIT {
// not granted list role privilege, should return empty
validateResultSet(resultSet, ans);
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES
READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.a.b.c");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES
READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.d.b.c");
+ adminStmt.execute("GRANT ROLE role1 PRIVILEGES READ_SCHEMA,WRITE_DATA
ON root.a.b.c");
+ adminStmt.execute("GRANT ROLE role1 PRIVILEGES READ_SCHEMA,WRITE_DATA
ON root.d.b.c");
resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1");
- ans =
- "root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES
DELETE_TIMESERIES,\n"
- + "root.d.b.c : INSERT_TIMESERIES READ_TIMESERIES
DELETE_TIMESERIES,\n";
+ ans = "root.a.b.c : WRITE_DATA READ_SCHEMA,\n" + "root.d.b.c :
WRITE_DATA READ_SCHEMAS,\n";
validateResultSet(resultSet, ans);
resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1 ON
root.a.b.c");
- ans = "root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES
DELETE_TIMESERIES,\n";
+ ans = "root.a.b.c : WRITE_DATA READ_SCHEMA,\n";
validateResultSet(resultSet, ans);
- adminStmt.execute(
- "REVOKE ROLE role1 PRIVILEGES INSERT_TIMESERIES,DELETE_TIMESERIES
ON root.a.b.c");
+ adminStmt.execute("REVOKE ROLE role1 PRIVILEGES READ_SCHEMA,WRITE_DATA
ON root.a.b.c");
resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1");
- ans =
- "root.a.b.c : READ_TIMESERIES,\n"
- + "root.d.b.c : INSERT_TIMESERIES READ_TIMESERIES
DELETE_TIMESERIES,\n";
+ ans = "root.a.b.c : READ_SCHEMA,\n" + "root.d.b.c : WRITE_DATA
READ_SCHEMA,\n";
validateResultSet(resultSet, ans);
resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1 ON
root.a.b.c");
- ans = "root.a.b.c : READ_TIMESERIES,\n";
+ ans = "root.a.b.c : READ_SCHEMA,\n";
validateResultSet(resultSet, ans);
} finally {
resultSet.close();
@@ -734,7 +700,7 @@ public class IoTDBAuthIT {
try {
Assert.assertThrows(SQLException.class, () -> userStmt.execute("LIST
USER"));
// with list user privilege
- adminStmt.execute("GRANT USER tempuser PRIVILEGES LIST_USER on
root.**");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES USER_PRIVILEGE on
root.**");
ResultSet resultSet = userStmt.executeQuery("LIST USER");
String ans =
"root,\n"
@@ -777,7 +743,7 @@ public class IoTDBAuthIT {
try (Connection adminCon = EnvFactory.getEnv().getConnection();
Statement adminStmt = adminCon.createStatement()) {
adminStmt.execute("CREATE USER tempuser 'temppw'");
- adminStmt.execute("GRANT USER tempuser PRIVILEGES INSERT_TIMESERIES on
root.sg1.**");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES WRITE_SCHEMA on
root.sg1.**");
try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser",
"temppw");
Statement userStatement = userCon.createStatement()) {
@@ -814,8 +780,7 @@ public class IoTDBAuthIT {
Statement adminStatement = adminConnection.createStatement()) {
adminStatement.execute("CREATE USER a_application 'a_application'");
adminStatement.execute("CREATE ROLE application_role");
- adminStatement.execute(
- "GRANT ROLE application_role PRIVILEGES READ_TIMESERIES ON
root.test.**");
+ adminStatement.execute("GRANT ROLE application_role PRIVILEGES
READ_SCHEMA ON root.test.**");
adminStatement.execute("GRANT application_role TO a_application");
adminStatement.execute("INSERT INTO root.test(time, s1, s2, s3)
VALUES(1, 2, 3, 4)");
@@ -839,8 +804,8 @@ public class IoTDBAuthIT {
adminStatement.execute("CREATE USER user01 'pass1234'");
adminStatement.execute("CREATE USER user02 'pass1234'");
adminStatement.execute("CREATE ROLE manager");
- adminStatement.execute("GRANT USER user01 PRIVILEGES GRANT_USER_ROLE on
root.**");
- adminStatement.execute("GRANT USER user01 PRIVILEGES REVOKE_USER_ROLE on
root.**");
+ adminStatement.execute("GRANT USER user01 PRIVILEGES ROLE_PRIVILEGE on
root.**");
+ adminStatement.execute("GRANT USER user01 PRIVILEGES ROLE_PRIVILEGE on
root.**");
}
try (Connection userCon = EnvFactory.getEnv().getConnection("user01",
"pass1234");
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/cq/IoTDBCQIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/cq/IoTDBCQIT.java
index 1168efd62be..bad025be5b0 100644
--- a/integration-test/src/test/java/org/apache/iotdb/db/it/cq/IoTDBCQIT.java
+++ b/integration-test/src/test/java/org/apache/iotdb/db/it/cq/IoTDBCQIT.java
@@ -541,11 +541,11 @@ public class IoTDBCQIT {
} catch (Exception e) {
assertEquals(
TSStatusCode.NO_PERMISSION.getStatusCode()
- + ": No permissions for this operation, please add privilege
SHOW_CONTINUOUS_QUERIES",
+ + ": No permissions for this operation, please add privilege
CONTINUOUS_QUERY_PRIVILEGE",
e.getMessage());
}
- statement.execute("GRANT USER `zmty` PRIVILEGES
SHOW_CONTINUOUS_QUERIES");
+ statement.execute("GRANT USER `zmty` PRIVILEGES
CONTINUOUS_QUERY_PRIVILEGE");
try (ResultSet resultSet = statement2.executeQuery("show CQS")) {
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/selectinto/IoTDBSelectIntoIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/selectinto/IoTDBSelectIntoIT.java
index 4c0b47d1617..4532799eb62 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/selectinto/IoTDBSelectIntoIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/selectinto/IoTDBSelectIntoIT.java
@@ -550,7 +550,7 @@ public class IoTDBSelectIntoIT {
try (Connection adminCon = EnvFactory.getEnv().getConnection();
Statement adminStmt = adminCon.createStatement()) {
adminStmt.execute("CREATE USER tempuser1 'temppw1'");
- adminStmt.execute("GRANT USER tempuser1 PRIVILEGES INSERT_TIMESERIES on
root.sg_bk.**;");
+ adminStmt.execute("GRANT USER tempuser1 PRIVILEGES WRITE_DATA on
root.sg_bk.**;");
try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser1",
"temppw1");
Statement userStmt = userCon.createStatement()) {
@@ -572,7 +572,7 @@ public class IoTDBSelectIntoIT {
try (Connection adminCon = EnvFactory.getEnv().getConnection();
Statement adminStmt = adminCon.createStatement()) {
adminStmt.execute("CREATE USER tempuser2 'temppw2'");
- adminStmt.execute("GRANT USER tempuser2 PRIVILEGES READ_TIMESERIES on
root.sg.**;");
+ adminStmt.execute("GRANT USER tempuser2 PRIVILEGES READ_SCHEMA on
root.sg.**;");
try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser2",
"temppw2");
Statement userStmt = userCon.createStatement()) {
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/trigger/IoTDBTriggerManagementIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/trigger/IoTDBTriggerManagementIT.java
index 388089de219..b52e346c54a 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/trigger/IoTDBTriggerManagementIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/trigger/IoTDBTriggerManagementIT.java
@@ -546,11 +546,12 @@ public class IoTDBTriggerManagementIT {
} catch (Exception e) {
assertEquals(
TSStatusCode.NO_PERMISSION.getStatusCode()
- + ": No permissions for this operation, please add privilege
CREATE_TRIGGER",
+ + ": No permissions for this operation, please add privilege
TRIGGER_PRIVILEGE",
e.getMessage());
}
- statement.execute("GRANT USER `zmty` PRIVILEGES CREATE_TRIGGER on
root.test.stateless.a");
+ statement.execute(
+ "GRANT USER `zmty` PRIVILEGES TRIGGER_PRIVILEGE on
root.test.stateless.a");
try {
statement2.execute(
@@ -576,7 +577,7 @@ public class IoTDBTriggerManagementIT {
} catch (Exception e) {
assertEquals(
TSStatusCode.NO_PERMISSION.getStatusCode()
- + ": No permissions for this operation, please add privilege
CREATE_TRIGGER",
+ + ": No permissions for this operation, please add privilege
TRIGGER_PRIVILEGE",
e.getMessage());
}
}
@@ -608,11 +609,12 @@ public class IoTDBTriggerManagementIT {
} catch (Exception e) {
assertEquals(
TSStatusCode.NO_PERMISSION.getStatusCode()
- + ": No permissions for this operation, please add privilege
DROP_TRIGGER",
+ + ": No permissions for this operation, please add privilege
TRIGGER_PRIVILEGE",
e.getMessage());
}
- statement.execute("GRANT USER `zmty` PRIVILEGES CREATE_TRIGGER on
root.test.stateless.b");
+ statement.execute(
+ "GRANT USER `zmty` PRIVILEGES TRIGGER_PRIVILEGE on
root.test.stateless.b");
try {
statement2.execute("drop trigger " +
STATELESS_TRIGGER_BEFORE_INSERTION_PREFIX + "a");
@@ -620,11 +622,12 @@ public class IoTDBTriggerManagementIT {
} catch (Exception e) {
assertEquals(
TSStatusCode.NO_PERMISSION.getStatusCode()
- + ": No permissions for this operation, please add privilege
DROP_TRIGGER",
+ + ": No permissions for this operation, please add privilege
TRIGGER_PRIVILEGE",
e.getMessage());
}
- statement.execute("GRANT USER `zmty` PRIVILEGES DROP_TRIGGER on
root.test.stateless.a");
+ statement.execute(
+ "GRANT USER `zmty` PRIVILEGES TRIGGER_PRIVILEGE on
root.test.stateless.a");
try {
statement2.execute("drop trigger " +
STATELESS_TRIGGER_BEFORE_INSERTION_PREFIX + "a");
diff --git
a/integration-test/src/test/java/org/apache/iotdb/zeppelin/it/IoTDBInterpreterIT.java
b/integration-test/src/test/java/org/apache/iotdb/zeppelin/it/IoTDBInterpreterIT.java
index f88537b2b9b..b977be7ffa5 100644
---
a/integration-test/src/test/java/org/apache/iotdb/zeppelin/it/IoTDBInterpreterIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/zeppelin/it/IoTDBInterpreterIT.java
@@ -375,8 +375,8 @@ public class IoTDBInterpreterIT {
@Test
public void testListUser() {
- interpreter.internalInterpret("CREATE USER user1 'password1'", null);
- InterpreterResult actual = interpreter.internalInterpret("LIST USER",
null);
+ interpreter.internalInterpret("CREATE USER_PRIVILEGE user1 'password1'",
null);
+ InterpreterResult actual = interpreter.internalInterpret("LIST
USER_PRIVILEGE", null);
String gt = "user\n" + "root\n" + "user1";
Assert.assertNotNull(actual);
Assert.assertEquals(Code.SUCCESS, actual.code());
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
index c43a34acf6c..dc6ed5a5416 100644
---
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
+++
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
@@ -248,7 +248,7 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
((Map<String, List<String>>) claims.get("realm_access")).get("roles");
if (!availableRoles.contains(IOTDB_ADMIN_ROLE_NAME)) {
logger.warn(
- "Given Token has no admin rights, is there a ROLE with name {} in
'realm_access' role set?",
+ "Given Token has no admin rights, is there a ROLE_PRIVILEGE with
name {} in 'realm_access' role set?",
IOTDB_ADMIN_ROLE_NAME);
return false;
}
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java
index 6805f9e2e01..5a38f3f64c6 100644
---
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java
+++
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PrivilegeType.java
@@ -21,18 +21,17 @@ package org.apache.iotdb.commons.auth.entity;
/** This enum class contains all available privileges in IoTDB. */
public enum PrivilegeType {
- CREATE_DATABASE(true),
READ_DATA(true),
WRITE_DATA(true),
READ_SCHEMA(true),
WRITE_SCHEMA(true),
- USER,
- ROLE,
+ USER_PRIVILEGE,
+ ROLE_PRIVILEGE,
GRANT_PRIVILEGE,
ALTER_PASSWORD,
- TRIGGER(true),
- CONTINUOUS_QUERY,
- PIPE,
+ TRIGGER_PRIVILEGE(true),
+ CONTINUOUS_QUERY_PRIVILEGE,
+ PIPE_PRIVILEGE,
ALL,
;
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
b/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
index aa88beefcc4..d6d1f498203 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
@@ -200,7 +200,7 @@ public class AuthUtils {
case WRITE_SCHEMA:
case READ_DATA:
case WRITE_DATA:
- case TRIGGER:
+ case TRIGGER_PRIVILEGE:
return;
default:
throw new AuthException(
diff --git
a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 9f2c3801d52..7399087b8cc 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -200,13 +200,13 @@ public class AuthorityChecker {
case LIST_USER:
case LIST_USER_ROLES:
case LIST_USER_PRIVILEGE:
- return PrivilegeType.USER.ordinal();
+ return PrivilegeType.USER_PRIVILEGE.ordinal();
case CREATE_ROLE:
case DELETE_ROLE:
case LIST_ROLE:
case LIST_ROLE_USERS:
case LIST_ROLE_PRIVILEGE:
- return PrivilegeType.ROLE.ordinal();
+ return PrivilegeType.ROLE_PRIVILEGE.ordinal();
case MODIFY_PASSWORD:
return PrivilegeType.ALTER_PASSWORD.ordinal();
case GRANT_USER_PRIVILEGE:
@@ -218,11 +218,11 @@ public class AuthorityChecker {
return PrivilegeType.GRANT_PRIVILEGE.ordinal();
case CREATE_TRIGGER:
case DROP_TRIGGER:
- return PrivilegeType.TRIGGER.ordinal();
+ return PrivilegeType.TRIGGER_PRIVILEGE.ordinal();
case CREATE_CONTINUOUS_QUERY:
case DROP_CONTINUOUS_QUERY:
case SHOW_CONTINUOUS_QUERIES:
- return PrivilegeType.CONTINUOUS_QUERY.ordinal();
+ return PrivilegeType.CONTINUOUS_QUERY_PRIVILEGE.ordinal();
case CREATE_PIPEPLUGIN:
case DROP_PIPEPLUGIN:
case SHOW_PIPEPLUGINS:
@@ -231,7 +231,7 @@ public class AuthorityChecker {
case STOP_PIPE:
case DROP_PIPE:
case SHOW_PIPES:
- return PrivilegeType.PIPE.ordinal();
+ return PrivilegeType.PIPE_PRIVILEGE.ordinal();
default:
logger.error("Unrecognizable operator type ({}) for
AuthorityChecker.", type);
return -1;
diff --git
a/server/src/main/java/org/apache/iotdb/db/mpp/plan/execution/config/executor/ClusterConfigTaskExecutor.java
b/server/src/main/java/org/apache/iotdb/db/mpp/plan/execution/config/executor/ClusterConfigTaskExecutor.java
index 2cd03420959..4c03e8f3353 100644
---
a/server/src/main/java/org/apache/iotdb/db/mpp/plan/execution/config/executor/ClusterConfigTaskExecutor.java
+++
b/server/src/main/java/org/apache/iotdb/db/mpp/plan/execution/config/executor/ClusterConfigTaskExecutor.java
@@ -1523,7 +1523,7 @@ public class ClusterConfigTaskExecutor implements
IConfigTaskExecutor {
TSStatus tsStatus = configNodeClient.createPipe(req);
if (TSStatusCode.SUCCESS_STATUS.getStatusCode() != tsStatus.getCode()) {
LOGGER.warn(
- "Failed to create PIPE {} in config node, status is {}.",
+ "Failed to create PIPE_PRIVILEGE {} in config node, status is {}.",
createPipeStatement.getPipeName(),
tsStatus);
future.setException(new IoTDBException(tsStatus.message,
tsStatus.code));
@@ -1544,7 +1544,9 @@ public class ClusterConfigTaskExecutor implements
IConfigTaskExecutor {
TSStatus tsStatus =
configNodeClient.startPipe(startPipeStatement.getPipeName());
if (TSStatusCode.SUCCESS_STATUS.getStatusCode() != tsStatus.getCode()) {
LOGGER.warn(
- "Failed to start PIPE {}, status is {}.",
startPipeStatement.getPipeName(), tsStatus);
+ "Failed to start PIPE_PRIVILEGE {}, status is {}.",
+ startPipeStatement.getPipeName(),
+ tsStatus);
future.setException(new IoTDBException(tsStatus.message,
tsStatus.code));
} else {
future.set(new ConfigTaskResult(TSStatusCode.SUCCESS_STATUS));
@@ -1563,7 +1565,9 @@ public class ClusterConfigTaskExecutor implements
IConfigTaskExecutor {
TSStatus tsStatus =
configNodeClient.dropPipe(dropPipeStatement.getPipeName());
if (TSStatusCode.SUCCESS_STATUS.getStatusCode() != tsStatus.getCode()) {
LOGGER.warn(
- "Failed to drop PIPE {}, status is {}.",
dropPipeStatement.getPipeName(), tsStatus);
+ "Failed to drop PIPE_PRIVILEGE {}, status is {}.",
+ dropPipeStatement.getPipeName(),
+ tsStatus);
future.setException(new IoTDBException(tsStatus.message,
tsStatus.code));
} else {
future.set(new ConfigTaskResult(TSStatusCode.SUCCESS_STATUS));
@@ -1582,7 +1586,9 @@ public class ClusterConfigTaskExecutor implements
IConfigTaskExecutor {
TSStatus tsStatus =
configNodeClient.stopPipe(stopPipeStatement.getPipeName());
if (TSStatusCode.SUCCESS_STATUS.getStatusCode() != tsStatus.getCode()) {
LOGGER.warn(
- "Failed to stop PIPE {}, status is {}.",
stopPipeStatement.getPipeName(), tsStatus);
+ "Failed to stop PIPE_PRIVILEGE {}, status is {}.",
+ stopPipeStatement.getPipeName(),
+ tsStatus);
future.setException(new IoTDBException(tsStatus.message,
tsStatus.code));
} else {
future.set(new ConfigTaskResult(TSStatusCode.SUCCESS_STATUS));
diff --git
a/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
b/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
index 7e6aad4ab35..2280d408a55 100644
--- a/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
+++ b/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
@@ -3502,7 +3502,7 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
}
}
- // PIPE
+ // PIPE_PRIVILEGE
@Override
public Statement visitCreatePipe(IoTDBSqlParser.CreatePipeContext ctx) {
@@ -3575,7 +3575,8 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
if (ctx.pipeName != null) {
dropPipeStatement.setPipeName(parseIdentifier(ctx.pipeName.getText()));
} else {
- throw new SemanticException("Not support for this sql in DROP PIPE,
please enter pipename.");
+ throw new SemanticException(
+ "Not support for this sql in DROP PIPE_PRIVILEGE, please enter
pipename.");
}
return dropPipeStatement;
@@ -3588,7 +3589,8 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
if (ctx.pipeName != null) {
startPipeStatement.setPipeName(parseIdentifier(ctx.pipeName.getText()));
} else {
- throw new SemanticException("Not support for this sql in START PIPE,
please enter pipename.");
+ throw new SemanticException(
+ "Not support for this sql in START PIPE_PRIVILEGE, please enter
pipename.");
}
return startPipeStatement;
@@ -3601,7 +3603,8 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
if (ctx.pipeName != null) {
stopPipeStatement.setPipeName(parseIdentifier(ctx.pipeName.getText()));
} else {
- throw new SemanticException("Not support for this sql in STOP PIPE,
please enter pipename.");
+ throw new SemanticException(
+ "Not support for this sql in STOP PIPE_PRIVILEGE, please enter
pipename.");
}
return stopPipeStatement;
diff --git
a/server/src/main/java/org/apache/iotdb/db/trigger/service/TriggerClassLoaderManager.java
b/server/src/main/java/org/apache/iotdb/db/trigger/service/TriggerClassLoaderManager.java
index e82c82e5581..1826c512a57 100644
---
a/server/src/main/java/org/apache/iotdb/db/trigger/service/TriggerClassLoaderManager.java
+++
b/server/src/main/java/org/apache/iotdb/db/trigger/service/TriggerClassLoaderManager.java
@@ -38,8 +38,9 @@ public class TriggerClassLoaderManager {
/**
* activeClassLoader is used to load all classes under libRoot. libRoot may
be updated before the
- * user executes CREATE TRIGGER or after the user executes DROP TRIGGER.
Therefore, we need to
- * continuously maintain the activeClassLoader so that the classes it loads
are always up-to-date.
+ * user executes CREATE TRIGGER_PRIVILEGE or after the user executes DROP
TRIGGER_PRIVILEGE.
+ * Therefore, we need to continuously maintain the activeClassLoader so that
the classes it loads
+ * are always up-to-date.
*/
private volatile TriggerClassLoader activeClassLoader;
diff --git
a/server/src/test/java/org/apache/iotdb/db/auth/AuthorizerManagerTest.java
b/server/src/test/java/org/apache/iotdb/db/auth/AuthorizerManagerTest.java
index 26c66b4bc6a..e77feb08b22 100644
--- a/server/src/test/java/org/apache/iotdb/db/auth/AuthorizerManagerTest.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/AuthorizerManagerTest.java
@@ -54,7 +54,7 @@ public class AuthorizerManagerTest {
Set<Integer> privilegesIds = new HashSet<>();
PathPrivilege privilege = new PathPrivilege();
List<PathPrivilege> privilegeList = new ArrayList<>();
- privilegesIds.add(PrivilegeType.ROLE.ordinal());
+ privilegesIds.add(PrivilegeType.ROLE_PRIVILEGE.ordinal());
privilegesIds.add(PrivilegeType.GRANT_PRIVILEGE.ordinal());
privilege.setPath(new PartialPath("root.ln"));
privilege.setPrivileges(privilegesIds);
@@ -108,7 +108,7 @@ public class AuthorizerManagerTest {
.checkUserPrivileges(
"user",
Collections.singletonList(new PartialPath("root.ln")),
- PrivilegeType.ROLE.ordinal())
+ PrivilegeType.ROLE_PRIVILEGE.ordinal())
.getCode());
// User does not have permission
Assert.assertEquals(
@@ -117,7 +117,7 @@ public class AuthorizerManagerTest {
.checkUserPrivileges(
"user",
Collections.singletonList(new PartialPath("root.ln")),
- PrivilegeType.USER.ordinal())
+ PrivilegeType.USER_PRIVILEGE.ordinal())
.getCode());
// Authenticate users with roles
@@ -153,7 +153,7 @@ public class AuthorizerManagerTest {
.checkUserPrivileges(
"user",
Collections.singletonList(new PartialPath("root.ln")),
- PrivilegeType.ROLE.ordinal())
+ PrivilegeType.ROLE_PRIVILEGE.ordinal())
.getCode());
// role does not have permission
Assert.assertEquals(
@@ -162,7 +162,7 @@ public class AuthorizerManagerTest {
.checkUserPrivileges(
"user",
Collections.singletonList(new PartialPath("root.ln")),
- PrivilegeType.USER.ordinal())
+ PrivilegeType.USER_PRIVILEGE.ordinal())
.getCode());
authorityFetcher.getAuthorCache().invalidateCache(user.getName(), "");
