This is an automated email from the ASF dual-hosted git repository.
jackietien pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 9c751ad657a Fix metric of auth
9c751ad657a is described below
commit 9c751ad657a29ededc7a8cb17cbda1f528a45894
Author: Weihao Li <[email protected]>
AuthorDate: Fri Sep 22 09:27:34 2023 +0800
Fix metric of auth
---
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 38 +++++++---------
.../rest/handler/AuthorizationHandler.java | 3 +-
.../plan/analyze/LoadTsfileAnalyzer.java | 47 +++++++++++---------
.../analyze/cache/partition/PartitionCache.java | 23 ++++++----
.../analyze/schema/AutoCreateSchemaExecutor.java | 50 ++++++++++++++--------
5 files changed, 91 insertions(+), 70 deletions(-)
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index b0795661026..ea155343580 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -101,6 +101,15 @@ public class AuthorityChecker {
}
}
+ public static TSStatus checkAuthority(Statement statement, String userName) {
+ long startTime = System.nanoTime();
+ try {
+ return statement.checkPermissionBeforeProcess(userName);
+ } finally {
+ PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() -
startTime);
+ }
+ }
+
public static TSStatus getTSStatus(boolean hasPermission, String errMsg) {
return hasPermission
? new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode())
@@ -144,30 +153,19 @@ public class AuthorityChecker {
public static boolean checkFullPathPermission(
String userName, PartialPath fullPath, int permission) {
- long startTime = System.nanoTime();
- List<Integer> failIndex =
- authorityFetcher.checkUserPathPrivileges(
- userName, Collections.singletonList(fullPath), permission);
- PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - startTime);
- return failIndex.isEmpty();
+ return authorityFetcher
+ .checkUserPathPrivileges(userName,
Collections.singletonList(fullPath), permission)
+ .isEmpty();
}
public static List<Integer> checkFullPathListPermission(
String userName, List<PartialPath> fullPaths, int permission) {
- long startTime = System.nanoTime();
- List<Integer> failIndex =
- authorityFetcher.checkUserPathPrivileges(userName, fullPaths,
permission);
- PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - startTime);
- return failIndex;
+ return authorityFetcher.checkUserPathPrivileges(userName, fullPaths,
permission);
}
public static List<Integer> checkPatternPermission(
String userName, List<PartialPath> pathPatterns, int permission) {
- long startTime = System.nanoTime();
- List<Integer> failIndex =
- authorityFetcher.checkUserPathPrivileges(userName, pathPatterns,
permission);
- PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - startTime);
- return failIndex;
+ return authorityFetcher.checkUserPathPrivileges(userName, pathPatterns,
permission);
}
public static PathPatternTree getAuthorizedPathTree(String userName, int
permission)
@@ -176,22 +174,18 @@ public class AuthorityChecker {
}
public static boolean checkSystemPermission(String userName, int permission)
{
- long startTime = System.nanoTime();
- TSStatus status = authorityFetcher.checkUserSysPrivileges(userName,
permission);
- PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - startTime);
- return status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode();
+ return authorityFetcher.checkUserSysPrivileges(userName,
permission).getCode()
+ == TSStatusCode.SUCCESS_STATUS.getStatusCode();
}
public static boolean checkGrantOption(
String userName, String[] privilegeList, List<PartialPath> nodeNameList)
{
- long startTime = System.nanoTime();
for (String s : privilegeList) {
if (!authorityFetcher.checkUserPrivilegeGrantOpt(
userName, nodeNameList, PrivilegeType.valueOf(s).ordinal())) {
return false;
}
}
- PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - startTime);
return true;
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/rest/handler/AuthorizationHandler.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/rest/handler/AuthorizationHandler.java
index 44c313bcecd..eba8d8b365f 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/rest/handler/AuthorizationHandler.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/rest/handler/AuthorizationHandler.java
@@ -18,6 +18,7 @@
package org.apache.iotdb.db.protocol.rest.handler;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
+import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.protocol.rest.model.ExecutionStatus;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.rpc.TSStatusCode;
@@ -29,7 +30,7 @@ public class AuthorizationHandler {
public Response checkAuthority(SecurityContext securityContext, Statement
statement) {
String userName = securityContext.getUserPrincipal().getName();
- TSStatus status = statement.checkPermissionBeforeProcess(userName);
+ TSStatus status = AuthorityChecker.checkAuthority(statement, userName);
if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
return Response.ok()
.entity(new
ExecutionStatus().code(status.getCode()).message(status.getMessage()))
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/LoadTsfileAnalyzer.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/LoadTsfileAnalyzer.java
index 91370b7bfc6..e6e3bd419ac 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/LoadTsfileAnalyzer.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/LoadTsfileAnalyzer.java
@@ -25,6 +25,7 @@ import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.exception.IoTDBException;
import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.commons.service.metric.PerformanceOverviewMetrics;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.conf.IoTDBConfig;
import org.apache.iotdb.db.conf.IoTDBDescriptor;
@@ -276,26 +277,31 @@ public class LoadTsfileAnalyzer {
// not a timeseries, skip ++currentBatchTimeseriesCount
} else {
// check WRITE_DATA permission of timeseries
- String userName = context.getSession().getUserName();
- if (!AuthorityChecker.SUPER_USER.equals(userName)) {
- TSStatus status;
- try {
- List<PartialPath> paths =
- Collections.singletonList(
- new PartialPath(device,
timeseriesMetadata.getMeasurementId()));
- status =
- AuthorityChecker.getTSStatus(
- AuthorityChecker.checkFullPathListPermission(
- userName, paths, PrivilegeType.WRITE_DATA.ordinal()),
- paths,
- PrivilegeType.WRITE_DATA);
- } catch (IllegalPathException e) {
- throw new RuntimeException(e);
- }
- if (status.getCode() !=
TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- throw new AuthException(
- TSStatusCode.representOf(status.getCode()),
status.getMessage());
+ long startTime = System.nanoTime();
+ try {
+ String userName = context.getSession().getUserName();
+ if (!AuthorityChecker.SUPER_USER.equals(userName)) {
+ TSStatus status;
+ try {
+ List<PartialPath> paths =
+ Collections.singletonList(
+ new PartialPath(device,
timeseriesMetadata.getMeasurementId()));
+ status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkFullPathListPermission(
+ userName, paths,
PrivilegeType.WRITE_DATA.ordinal()),
+ paths,
+ PrivilegeType.WRITE_DATA);
+ } catch (IllegalPathException e) {
+ throw new RuntimeException(e);
+ }
+ if (status.getCode() !=
TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ throw new AuthException(
+ TSStatusCode.representOf(status.getCode()),
status.getMessage());
+ }
}
+ } finally {
+
PerformanceOverviewMetrics.getInstance().recordAuthCost(System.nanoTime() -
startTime);
}
final Pair<CompressionType, TSEncoding> compressionEncodingPair =
reader.readTimeseriesCompressionTypeAndEncoding(timeseriesMetadata);
@@ -421,7 +427,8 @@ public class LoadTsfileAnalyzer {
private void executeSetDatabaseStatement(Statement statement) throws
LoadFileException {
final long queryId = SessionManager.getInstance().requestQueryId();
- TSStatus status =
statement.checkPermissionBeforeProcess(context.getSession().getUserName());
+ TSStatus status =
+ AuthorityChecker.checkAuthority(statement,
context.getSession().getUserName());
if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
throw new RuntimeException(new IoTDBException(status.getMessage(),
status.getCode()));
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/cache/partition/PartitionCache.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/cache/partition/PartitionCache.java
index 972eaed541a..6946e88a2df 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/cache/partition/PartitionCache.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/cache/partition/PartitionCache.java
@@ -39,6 +39,7 @@ import
org.apache.iotdb.commons.partition.SeriesPartitionTable;
import org.apache.iotdb.commons.partition.executor.SeriesPartitionExecutor;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.schema.SchemaConstant;
+import org.apache.iotdb.commons.service.metric.PerformanceOverviewMetrics;
import org.apache.iotdb.commons.utils.PathUtils;
import org.apache.iotdb.confignode.rpc.thrift.TDatabaseSchema;
import org.apache.iotdb.confignode.rpc.thrift.TDatabaseSchemaResp;
@@ -241,15 +242,21 @@ public class PartitionCache {
// try to create databases one by one until done or one database fail
Set<String> successFullyCreatedStorageGroup = new HashSet<>();
for (String storageGroupName : storageGroupNamesNeedCreated) {
- if (!AuthorityChecker.SUPER_USER.equals(userName)) {
- TSStatus status =
- AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(
- userName, PrivilegeType.MANAGE_DATABASE.ordinal()),
- PrivilegeType.MANAGE_DATABASE);
- if (status.getCode() !=
TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- throw new RuntimeException(new
IoTDBException(status.getMessage(), status.getCode()));
+ long startTime = System.nanoTime();
+ try {
+ if (!AuthorityChecker.SUPER_USER.equals(userName)) {
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(
+ userName, PrivilegeType.MANAGE_DATABASE.ordinal()),
+ PrivilegeType.MANAGE_DATABASE);
+ if (status.getCode() !=
TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ throw new RuntimeException(
+ new IoTDBException(status.getMessage(), status.getCode()));
+ }
}
+ } finally {
+
PerformanceOverviewMetrics.getInstance().recordAuthCost(System.nanoTime() -
startTime);
}
TDatabaseSchema storageGroupSchema = new TDatabaseSchema();
storageGroupSchema.setName(storageGroupName);
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/AutoCreateSchemaExecutor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/AutoCreateSchemaExecutor.java
index fb42c213d03..5e9e9964314 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/AutoCreateSchemaExecutor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/AutoCreateSchemaExecutor.java
@@ -25,6 +25,7 @@ import org.apache.iotdb.commons.exception.IoTDBException;
import org.apache.iotdb.commons.exception.MetadataException;
import org.apache.iotdb.commons.path.MeasurementPath;
import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.commons.service.metric.PerformanceOverviewMetrics;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.conf.IoTDBConfig;
import org.apache.iotdb.db.conf.IoTDBDescriptor;
@@ -195,16 +196,21 @@ class AutoCreateSchemaExecutor {
List<String> measurementList,
List<TSDataType> dataTypeList,
MPPQueryContext context) {
- String userName = context.getSession().getUserName();
- if (!AuthorityChecker.SUPER_USER.equals(userName)) {
- TSStatus status =
- AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(
- userName, PrivilegeType.EXTEND_TEMPLATE.ordinal()),
- PrivilegeType.EXTEND_TEMPLATE);
- if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- throw new RuntimeException(new IoTDBException(status.getMessage(),
status.getCode()));
+ long startTime = System.nanoTime();
+ try {
+ String userName = context.getSession().getUserName();
+ if (!AuthorityChecker.SUPER_USER.equals(userName)) {
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(
+ userName, PrivilegeType.EXTEND_TEMPLATE.ordinal()),
+ PrivilegeType.EXTEND_TEMPLATE);
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ throw new RuntimeException(new IoTDBException(status.getMessage(),
status.getCode()));
+ }
}
+ } finally {
+
PerformanceOverviewMetrics.getInstance().recordAuthCost(System.nanoTime() -
startTime);
}
internalExtendTemplate(templateName, measurementList, dataTypeList, null,
null, context);
}
@@ -212,16 +218,21 @@ class AutoCreateSchemaExecutor {
// Used for insert records or tablets
void autoExtendTemplate(
Map<String, TemplateExtendInfo> templateExtendInfoMap, MPPQueryContext
context) {
- String userName = context.getSession().getUserName();
- if (!AuthorityChecker.SUPER_USER.equals(userName)) {
- TSStatus status =
- AuthorityChecker.getTSStatus(
- AuthorityChecker.checkSystemPermission(
- userName, PrivilegeType.EXTEND_TEMPLATE.ordinal()),
- PrivilegeType.EXTEND_TEMPLATE);
- if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- throw new RuntimeException(new IoTDBException(status.getMessage(),
status.getCode()));
+ long startTime = System.nanoTime();
+ try {
+ String userName = context.getSession().getUserName();
+ if (!AuthorityChecker.SUPER_USER.equals(userName)) {
+ TSStatus status =
+ AuthorityChecker.getTSStatus(
+ AuthorityChecker.checkSystemPermission(
+ userName, PrivilegeType.EXTEND_TEMPLATE.ordinal()),
+ PrivilegeType.EXTEND_TEMPLATE);
+ if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ throw new RuntimeException(new IoTDBException(status.getMessage(),
status.getCode()));
+ }
}
+ } finally {
+
PerformanceOverviewMetrics.getInstance().recordAuthCost(System.nanoTime() -
startTime);
}
TemplateExtendInfo templateExtendInfo;
for (Map.Entry<String, TemplateExtendInfo> entry :
templateExtendInfoMap.entrySet()) {
@@ -509,7 +520,8 @@ class AutoCreateSchemaExecutor {
// Auto create timeseries and return the existing timeseries info
private List<MeasurementPath> executeInternalCreateTimeseriesStatement(
Statement statement, MPPQueryContext context) {
- TSStatus status =
statement.checkPermissionBeforeProcess(context.getSession().getUserName());
+ TSStatus status =
+ AuthorityChecker.checkAuthority(statement,
context.getSession().getUserName());
if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
throw new RuntimeException(new IoTDBException(status.getMessage(),
status.getCode()));
}
