This is an automated email from the ASF dual-hosted git repository.
jackietien pushed a commit to branch AuthEnhance
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/AuthEnhance by this push:
new 3b9a0d2af19 fix some ITs
new d7fdb8d0836 Merge branch 'AuthEnhance' of
https://github.com/apache/iotdb into AuthEnhance
3b9a0d2af19 is described below
commit 3b9a0d2af19e4610c79f376c8651b85244942c15
Author: JackieTien97 <[email protected]>
AuthorDate: Wed Sep 17 17:51:28 2025 +0800
fix some ITs
---
.../org/apache/iotdb/db/it/auth/IoTDBAuthIT.java | 98 ++++++----------------
.../db/it/auth/IoTDBTemplatePermissionIT.java | 4 +-
.../treemodel/auto/basic/IoTDBPipeLifeCycleIT.java | 18 ++--
.../treemodel/manual/IoTDBPipeInclusionIT.java | 11 +--
.../manual/IoTDBPipeMetaHistoricalIT.java | 11 +--
5 files changed, 44 insertions(+), 98 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
index c15d84651df..4fe7849e769 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
@@ -172,16 +172,9 @@ public class IoTDBAuthIT {
Set<String> ansSet =
new HashSet<>(
Arrays.asList(
- ",,MANAGE_USER,true,",
- ",,MANAGE_ROLE,true,",
- ",,USE_TRIGGER,true,",
- ",,USE_UDF,true,",
- ",,USE_CQ,true,",
- ",,USE_PIPE,true,",
- ",,USE_MODEL,true,",
- ",,EXTEND_TEMPLATE,true,",
- ",,MANAGE_DATABASE,true,",
- ",,MAINTAIN,true,",
+ ",,SYSTEM,true,",
+ ",,SECURITY,true,",
+ ",,AUDIT,true,",
",root.**,READ_DATA,true,",
",root.**,WRITE_DATA,true,",
",root.**,READ_SCHEMA,true,",
@@ -647,16 +640,9 @@ public class IoTDBAuthIT {
validateResultSet(resultSet, ans);
resultSet = adminStmt.executeQuery("LIST PRIVILEGES OF USER root");
ans =
- ",,MANAGE_USER,true,\n"
- + ",,MANAGE_ROLE,true,\n"
- + ",,USE_TRIGGER,true,\n"
- + ",,USE_UDF,true,\n"
- + ",,USE_CQ,true,\n"
- + ",,USE_PIPE,true,\n"
- + ",,USE_MODEL,true,\n"
- + ",,EXTEND_TEMPLATE,true,\n"
- + ",,MANAGE_DATABASE,true,\n"
- + ",,MAINTAIN,true,\n"
+ ",,SYSTEM,true,\n"
+ + ",,SECURITY,true,\n"
+ + ",,AUDIT,true,\n"
+ ",root.**,READ_DATA,true,\n"
+ ",root.**,WRITE_DATA,true,\n"
+ ",root.**,READ_SCHEMA,true,\n"
@@ -987,13 +973,13 @@ public class IoTDBAuthIT {
adminStmt.execute("CREATE USER user2 'password123456'");
adminStmt.execute("CREATE USER user3 'password123456'");
adminStmt.execute("CREATE ROLE testRole");
- adminStmt.execute("GRANT manage_database ON root.** TO ROLE testRole WITH
GRANT OPTION");
+ adminStmt.execute("GRANT system ON root.** TO ROLE testRole WITH GRANT
OPTION");
adminStmt.execute("GRANT READ_DATA ON root.t1.** TO ROLE testRole");
adminStmt.execute("GRANT READ_SCHEMA ON root.t3.t2.** TO ROLE testRole
WITH GRANT OPTION");
// 2. USER1 has all privileges on root.**
for (PrivilegeType item : PrivilegeType.values()) {
- if (item.isRelationalPrivilege() || item.isAdminPrivilege()) {
+ if (item.isRelationalPrivilege() || !item.isAdminPrivilege()) {
continue;
}
String sql = "GRANT %s on root.** to USER user1";
@@ -1002,16 +988,9 @@ public class IoTDBAuthIT {
// 3.admin lists privileges of user1
ResultSet resultSet = adminStmt.executeQuery("LIST PRIVILEGES OF USER
user1");
String ans =
- ",,MANAGE_USER,false,\n"
- + ",,MANAGE_ROLE,false,\n"
- + ",,USE_TRIGGER,false,\n"
- + ",,USE_UDF,false,\n"
- + ",,USE_CQ,false,\n"
- + ",,USE_PIPE,false,\n"
- + ",,USE_MODEL,false,\n"
- + ",,EXTEND_TEMPLATE,false,\n"
- + ",,MANAGE_DATABASE,false,\n"
- + ",,MAINTAIN,false,\n"
+ ",,SYSTEM,false,\n"
+ + ",,SECURITY,false,\n"
+ + ",,AUDIT,false,\n"
+ ",root.**,READ_DATA,false,\n"
+ ",root.**,WRITE_DATA,false,\n"
+ ",root.**,READ_SCHEMA,false,\n"
@@ -1020,7 +999,7 @@ public class IoTDBAuthIT {
// 4. USER2 has all privilegs on root.** with grant option;
for (PrivilegeType item : PrivilegeType.values()) {
- if (item.isRelationalPrivilege() || item.isAdminPrivilege()) {
+ if (item.isRelationalPrivilege() || !item.isAdminPrivilege()) {
continue;
}
String sql = "GRANT %s on root.** to USER user2 with grant option";
@@ -1028,16 +1007,9 @@ public class IoTDBAuthIT {
}
resultSet = adminStmt.executeQuery("LIST PRIVILEGES OF USER user2");
ans =
- ",,MANAGE_USER,true,\n"
- + ",,MANAGE_ROLE,true,\n"
- + ",,USE_TRIGGER,true,\n"
- + ",,USE_UDF,true,\n"
- + ",,USE_CQ,true,\n"
- + ",,USE_PIPE,true,\n"
- + ",,USE_MODEL,true,\n"
- + ",,EXTEND_TEMPLATE,true,\n"
- + ",,MANAGE_DATABASE,true,\n"
- + ",,MAINTAIN,true,\n"
+ ",,SYSTEM,true,\n"
+ + ",,SECURITY,true,\n"
+ + ",,AUDIT,true,\n"
+ ",root.**,READ_DATA,true,\n"
+ ",root.**,WRITE_DATA,true,\n"
+ ",root.**,READ_SCHEMA,true,\n"
@@ -1054,27 +1026,18 @@ public class IoTDBAuthIT {
try {
resultSet = userStmt.executeQuery("LIST PRIVILEGES OF USER user1");
ans =
- ",,MANAGE_USER,false,\n"
- + ",,MANAGE_ROLE,false,\n"
- + ",,USE_TRIGGER,false,\n"
- + ",,USE_UDF,false,\n"
- + ",,USE_CQ,false,\n"
- + ",,USE_PIPE,false,\n"
- + ",,USE_MODEL,false,\n"
- + ",,EXTEND_TEMPLATE,false,\n"
- + ",,MANAGE_DATABASE,false,\n"
- + ",,MAINTAIN,false,\n"
+ ",,SYSTEM,false,\n"
+ + ",,SECURITY,false,\n"
+ + ",,AUDIT,false,\n"
+ ",root.**,READ_DATA,false,\n"
+ ",root.**,WRITE_DATA,false,\n"
+ ",root.**,READ_SCHEMA,false,\n"
+ ",root.**,WRITE_SCHEMA,false,\n";
validateResultSet(resultSet, ans);
Assert.assertThrows(
- SQLException.class,
- () -> userStmt.execute("GRANT MANAGE_ROLE ON root.** TO USER
user3"));
+ SQLException.class, () -> userStmt.execute("GRANT SECURITY ON
root.** TO USER user3"));
Assert.assertThrows(
- SQLException.class,
- () -> userStmt.execute("REVOKE MANAGE_ROLE ON root.** FROM USER
user2"));
+ SQLException.class, () -> userStmt.execute("REVOKE SYSTEM ON
root.** FROM USER user2"));
} finally {
userStmt.close();
}
@@ -1085,23 +1048,16 @@ public class IoTDBAuthIT {
try {
resultSet = userStmt.executeQuery("LIST PRIVILEGES OF USER user1");
validateResultSet(resultSet, ans);
- userStmt.execute("GRANT MANAGE_ROLE ON root.** TO USER user3");
+ userStmt.execute("GRANT SECURITY ON root.** TO USER user3");
resultSet = userStmt.executeQuery("LIST PRIVILEGES OF USER user3");
- ans = ",,MANAGE_ROLE,false,\n";
+ ans = ",,SECURITY,false,\n";
validateResultSet(resultSet, ans);
- userStmt.execute("REVOKE MANAGE_ROLE ON root.** FROM USER user1");
+ userStmt.execute("REVOKE SECURITY ON root.** FROM USER user1");
resultSet = userStmt.executeQuery("LIST PRIVILEGES OF USER user1");
ans =
- ",,MANAGE_USER,false,\n"
- + ",,USE_TRIGGER,false,\n"
- + ",,USE_UDF,false,\n"
- + ",,USE_CQ,false,\n"
- + ",,USE_PIPE,false,\n"
- + ",,USE_MODEL,false,\n"
- + ",,EXTEND_TEMPLATE,false,\n"
- + ",,MANAGE_DATABASE,false,\n"
- + ",,MAINTAIN,false,\n"
+ ",,SYSTEM,false,\n"
+ + ",,AUDIT,false,\n"
+ ",root.**,READ_DATA,false,\n"
+ ",root.**,WRITE_DATA,false,\n"
+ ",root.**,READ_SCHEMA,false,\n"
@@ -1252,7 +1208,7 @@ public class IoTDBAuthIT {
adminStmt.execute("CREATE DATABASE root.a");
adminStmt.execute("create schema template t1 aligned (s_name TEXT)");
- adminStmt.execute("GRANT EXTEND_TEMPLATE ON root.** TO USER tempuser");
+ adminStmt.execute("GRANT SYSTEM ON root.** TO USER tempuser");
adminStmt.execute("GRANT WRITE_DATA ON root.a.** TO USER tempuser");
adminStmt.execute("set schema template t1 to root.a");
@@ -1265,7 +1221,7 @@ public class IoTDBAuthIT {
adminStmt.execute("GRANT WRITE_SCHEMA ON root.a.d1.** TO USER
tempuser");
userStmt.execute("INSERT INTO root.a.d1(timestamp, s_name, s_value)
VALUES (1,'IoTDB', 2)");
- adminStmt.execute("REVOKE EXTEND_TEMPLATE ON root.** FROM USER
tempuser");
+ adminStmt.execute("REVOKE SYSTEM ON root.** FROM USER tempuser");
Assert.assertThrows(
SQLException.class,
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplatePermissionIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplatePermissionIT.java
index 9f68b6ffae5..84555f9b0aa 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplatePermissionIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBTemplatePermissionIT.java
@@ -133,10 +133,10 @@ public class IoTDBTemplatePermissionIT {
"insert into root.sg1.d1(time, temperature) values(1,1)", "test",
"test123123456");
assertNonQueryTestFail(
"insert into root.sg1.d1(time, s1) values(1,1)",
- "803: No permissions for this operation, please add privilege
EXTEND_TEMPLATE",
+ "803: No permissions for this operation, please add privilege SYSTEM",
"test",
"test123123456");
- grantUserSeriesPrivilege("test", PrivilegeType.EXTEND_TEMPLATE, "root.**");
+ grantUserSeriesPrivilege("test", PrivilegeType.SYSTEM, "root.**");
executeNonQuery("insert into root.sg1.d1(time, s1) values(1,1)", "test",
"test123123456");
// show
diff --git
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeLifeCycleIT.java
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeLifeCycleIT.java
index dcf1226de85..222e3275686 100644
---
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeLifeCycleIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeLifeCycleIT.java
@@ -882,54 +882,54 @@ public class IoTDBPipeLifeCycleIT extends
AbstractPipeDualTreeModelAutoIT {
+ " 'connector.ip'='127.0.0.1',\n"
+ " 'connector.port'='6668'\n"
+ ")",
- "803: No permissions for this operation, please add privilege
USE_PIPE",
+ "803: No permissions for this operation, please add privilege SYSTEM",
"test",
"test123123456");
assertNonQueryTestFail(
senderEnv,
"drop pipe testPipe",
- "803: No permissions for this operation, please add privilege
USE_PIPE",
+ "803: No permissions for this operation, please add privilege SYSTEM",
"test",
"test123123456");
assertTestFail(
senderEnv,
"show pipes",
- "803: No permissions for this operation, please add privilege
USE_PIPE",
+ "803: No permissions for this operation, please add privilege SYSTEM",
"test",
"test123123456");
assertNonQueryTestFail(
senderEnv,
"start pipe testPipe",
- "803: No permissions for this operation, please add privilege
USE_PIPE",
+ "803: No permissions for this operation, please add privilege SYSTEM",
"test",
"test123123456");
assertNonQueryTestFail(
senderEnv,
"stop pipe testPipe",
- "803: No permissions for this operation, please add privilege
USE_PIPE",
+ "803: No permissions for this operation, please add privilege SYSTEM",
"test",
"test123123456");
assertNonQueryTestFail(
senderEnv,
"create pipePlugin TestProcessor as
'org.apache.iotdb.db.pipe.example.TestProcessor' USING URI 'xxx'",
- "803: No permissions for this operation, please add privilege
USE_PIPE",
+ "803: No permissions for this operation, please add privilege SYSTEM",
"test",
"test123123456");
assertNonQueryTestFail(
senderEnv,
"drop pipePlugin TestProcessor",
- "803: No permissions for this operation, please add privilege
USE_PIPE",
+ "803: No permissions for this operation, please add privilege SYSTEM",
"test",
"test123123456");
assertTestFail(
senderEnv,
"show pipe plugins",
- "803: No permissions for this operation, please add privilege
USE_PIPE",
+ "803: No permissions for this operation, please add privilege SYSTEM",
"test",
"test123123456");
- grantUserSystemPrivileges(senderEnv, "test", PrivilegeType.USE_PIPE);
+ grantUserSystemPrivileges(senderEnv, "test", PrivilegeType.SYSTEM);
executeNonQueryWithRetry(
senderEnv,
diff --git
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipeInclusionIT.java
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipeInclusionIT.java
index 42073c27bc0..38f5b86c49b 100644
---
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipeInclusionIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipeInclusionIT.java
@@ -182,7 +182,7 @@ public class IoTDBPipeInclusionIT extends
AbstractPipeDualTreeModelManualIT {
senderEnv,
Arrays.asList(
"create user `ln_write_user` 'write_pwd123456'",
- "grant
manage_database,manage_user,manage_role,use_trigger,use_udf,use_cq,use_pipe on
root.** to USER ln_write_user with grant option",
+ "grant system,security on root.** to USER ln_write_user with
grant option",
"GRANT READ_DATA, WRITE_DATA ON root.** TO USER ln_write_user;"),
null)) {
return;
@@ -194,13 +194,8 @@ public class IoTDBPipeInclusionIT extends
AbstractPipeDualTreeModelManualIT {
"ROLE,PATH,PRIVILEGES,GRANT OPTION,",
new HashSet<>(
Arrays.asList(
- ",root.**,MANAGE_USER,true,",
- ",root.**,MANAGE_ROLE,true,",
- ",root.**,USE_TRIGGER,true,",
- ",root.**,USE_UDF,true,",
- ",root.**,USE_CQ,true,",
- ",root.**,USE_PIPE,true,",
- ",root.**,MANAGE_DATABASE,true,",
+ ",root.**,SYSTEM,true,",
+ ",root.**,SECURITY,true,",
",root.ln.**,READ_DATA,false,",
",root.ln.**,WRITE_DATA,false,")));
}
diff --git
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipeMetaHistoricalIT.java
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipeMetaHistoricalIT.java
index 4e4120e1481..0ef16563bc1 100644
---
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipeMetaHistoricalIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipeMetaHistoricalIT.java
@@ -199,7 +199,7 @@ public class IoTDBPipeMetaHistoricalIT extends
AbstractPipeDualTreeModelManualIT
"create role `admin`",
"grant role `admin` to `thulab`",
"grant read on root.** to role `admin`",
- "grant
manage_database,manage_user,manage_role,use_trigger,use_udf,use_cq,use_pipe on
root.** to role `admin`;",
+ "grant system,security on root.** to role `admin`;",
"create schema template t1 (temperature FLOAT encoding=RLE,
status BOOLEAN encoding=PLAIN compression=SNAPPY)",
"set schema template t1 to root.ln.wf01",
"create timeseries using schema template on root.ln.wf01.wt01",
@@ -251,13 +251,8 @@ public class IoTDBPipeMetaHistoricalIT extends
AbstractPipeDualTreeModelManualIT
+ ",",
new HashSet<>(
Arrays.asList(
- "admin,,MANAGE_USER,false,",
- "admin,,MANAGE_ROLE,false,",
- "admin,,USE_TRIGGER,false,",
- "admin,,USE_UDF,false,",
- "admin,,USE_CQ,false,",
- "admin,,USE_PIPE,false,",
- "admin,,MANAGE_DATABASE,false,",
+ "admin,,SYSTEM,false,",
+ "admin,,SECURITY,false,",
"admin,root.**,READ_DATA,false,",
"admin,root.**,READ_SCHEMA,false,")));
