This is an automated email from the ASF dual-hosted git repository.
shuwenwei pushed a commit to branch addSomeCommonInterfacesForCompatibility
in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 1c102627953d0b78f5a30509db41a9fcd78a8164
Author: shuwenwei <s13979062...@gmail.com>
AuthorDate: Thu Sep 25 14:51:51 2025 +0800
Added some common interfaces for compatibility
---
.../iotdb/db/it/auth/IoTDBClusterAuthorityIT.java | 71 ++++++++++++++--------
.../it/auth/IoTDBClusterAuthorityRelationalIT.java | 35 ++++++++---
.../consensus/request/ConfigPhysicalPlan.java | 4 ++
.../consensus/request/ConfigPhysicalPlanType.java | 8 +++
.../request/ConfigPhysicalPlanVisitor.java | 4 ++
.../consensus/request/write/auth/AuthorPlan.java | 11 ++++
.../request/write/auth/AuthorRelationalPlan.java | 23 +++++++
.../request/write/auth/AuthorTreePlan.java | 45 ++++++++++++--
.../manager/load/service/HeartbeatService.java | 2 +-
.../receiver/protocol/IoTDBConfigNodeReceiver.java | 9 +++
.../pipe/source/ConfigRegionListeningFilter.java | 11 +++-
.../confignode/persistence/auth/AuthorInfo.java | 4 +-
.../persistence/auth/AuthorPlanExecutor.java | 18 ++++++
.../persistence/executor/ConfigPlanExecutor.java | 4 ++
.../iotdb/confignode/service/ConfigNode.java | 6 ++
.../thrift/ConfigNodeRPCServiceProcessor.java | 6 +-
.../request/ConfigPhysicalPlanSerDeTest.java | 4 +-
.../confignode/persistence/AuthorInfoTest.java | 2 +-
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 5 ++
.../iotdb/db/auth/ClusterAuthorityFetcher.java | 6 +-
.../db/queryengine/plan/parser/ASTVisitor.java | 4 +-
.../security/TreeAccessCheckVisitor.java | 1 +
.../sql/ast/RelationalAuthorStatement.java | 9 +++
.../db/queryengine/plan/statement/AuthorType.java | 15 ++++-
.../plan/statement/sys/AuthorStatement.java | 18 +++++-
.../java/org/apache/iotdb/db/service/DataNode.java | 2 +-
.../iotdb/commons/conf/ConfigurationFileUtils.java | 3 +
.../src/main/thrift/confignode.thrift | 2 +
28 files changed, 276 insertions(+), 56 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityIT.java
index 7175e6b953c..c8519017ae8 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityIT.java
@@ -84,7 +84,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
TAuthorizerResp authorizerResp = client.queryPermission(authorizerReq);
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -94,14 +95,15 @@ public class IoTDBClusterAuthorityIT {
if (!user.equals("root")) {
authorizerReq =
new TAuthorizerReq(
- AuthorType.DROP_USER.ordinal(),
+ AuthorType.DROP_USER_V2.ordinal(),
user,
"",
"",
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
}
@@ -150,7 +152,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
authorizerReq.setUserName("tempuser1");
@@ -179,7 +182,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// in confignode: tempuser0
@@ -194,7 +198,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
authorizerResp = client.queryPermission(authorizerReq);
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -211,7 +216,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
authorizerReq.setRoleName("temprole1");
@@ -229,7 +235,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// in confignode: tempuser0,temprole0
@@ -244,7 +251,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
authorizerResp = client.queryPermission(authorizerReq);
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -261,7 +269,8 @@ public class IoTDBClusterAuthorityIT {
"newpwd123456",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -277,7 +286,8 @@ public class IoTDBClusterAuthorityIT {
"",
pathPrivilegeList,
false,
- AuthUtils.serializePartialPathList(nodeNameList));
+ AuthUtils.serializePartialPathList(nodeNameList),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// in confignode: tempuser0: root.ln.** ,read_data
@@ -304,7 +314,8 @@ public class IoTDBClusterAuthorityIT {
"",
pathPrivilegeList,
false,
- AuthUtils.serializePartialPathList(nodeNameList));
+ AuthUtils.serializePartialPathList(nodeNameList),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// in confignode: tempuser0: root.ln.** ,read_data
@@ -320,7 +331,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(nodeNameList));
+ AuthUtils.serializePartialPathList(nodeNameList),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// in confignode: tempuser0: root.ln.** ,read_data; [temprole0]
@@ -336,7 +348,8 @@ public class IoTDBClusterAuthorityIT {
"",
revokePathPrivilege,
false,
- AuthUtils.serializePartialPathList(nodeNameList));
+ AuthUtils.serializePartialPathList(nodeNameList),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// in confignode: tempuser0: ; [temprole0]
@@ -352,7 +365,8 @@ public class IoTDBClusterAuthorityIT {
"",
revokePathPrivilege,
false,
- AuthUtils.serializePartialPathList(nodeNameList));
+ AuthUtils.serializePartialPathList(nodeNameList),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// in confignode: tempuser0: ; [temprole0]
@@ -368,7 +382,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
authorizerResp = client.queryPermission(authorizerReq);
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -391,7 +406,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
authorizerResp = client.queryPermission(authorizerReq);
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -411,7 +427,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
authorizerResp = client.queryPermission(authorizerReq);
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -428,7 +445,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
authorizerResp = client.queryPermission(authorizerReq);
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -446,7 +464,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
authorizerResp = client.queryPermission(authorizerReq);
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -488,7 +507,8 @@ public class IoTDBClusterAuthorityIT {
"",
Collections.singleton(PrivilegeType.MANAGE_USER.ordinal()),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// in confignode: tempuser0: MANAGE_USER
@@ -512,7 +532,8 @@ public class IoTDBClusterAuthorityIT {
"",
Collections.singleton(PrivilegeType.MANAGE_DATABASE.ordinal()),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
// in confignode: tempuser0: MANAGE_USER
@@ -537,7 +558,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
status = client.operatePermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -551,7 +573,8 @@ public class IoTDBClusterAuthorityIT {
"",
new HashSet<>(),
false,
- AuthUtils.serializePartialPathList(new ArrayList<>()));
+ AuthUtils.serializePartialPathList(new ArrayList<>()),
+ 0);
authorizerResp = client.queryPermission(authorizerReq);
status = authorizerResp.getStatus();
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityRelationalIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityRelationalIT.java
index 2b03fd20036..b4b1be210fc 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityRelationalIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityRelationalIT.java
@@ -83,7 +83,7 @@ public class IoTDBClusterAuthorityRelationalIT {
// clean user
TAuthorizerRelationalReq authorizerReq =
new TAuthorizerRelationalReq(
- AuthorRType.LIST_USER.ordinal(), "", "", "", "", "",
Collections.emptySet(), false);
+ AuthorRType.LIST_USER.ordinal(), "", "", "", "", "",
Collections.emptySet(), false, 0);
TAuthorizerResp authorizerResp = client.queryRPermission(authorizerReq);
status = authorizerResp.getStatus();
@@ -101,7 +101,8 @@ public class IoTDBClusterAuthorityRelationalIT {
"",
"",
Collections.emptySet(),
- false);
+ false,
+ 0);
status = client.operateRPermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
}
@@ -110,7 +111,7 @@ public class IoTDBClusterAuthorityRelationalIT {
// clean role
authorizerReq =
new TAuthorizerRelationalReq(
- AuthorRType.LIST_ROLE.ordinal(), "", "", "", "", "",
Collections.emptySet(), false);
+ AuthorRType.LIST_ROLE.ordinal(), "", "", "", "", "",
Collections.emptySet(), false, 0);
authorizerResp = client.queryRPermission(authorizerReq);
status = authorizerResp.getStatus();
@@ -120,7 +121,15 @@ public class IoTDBClusterAuthorityRelationalIT {
for (String role : allRoles) {
authorizerReq =
new TAuthorizerRelationalReq(
- AuthorRType.DROP_ROLE.ordinal(), role, "", "", "", "",
Collections.emptySet(), false);
+ AuthorRType.DROP_ROLE.ordinal(),
+ role,
+ "",
+ "",
+ "",
+ "",
+ Collections.emptySet(),
+ false,
+ 0);
status = client.operateRPermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
}
@@ -139,7 +148,8 @@ public class IoTDBClusterAuthorityRelationalIT {
"",
"",
Collections.emptySet(),
- false);
+ false,
+ 0);
status = client.operateRPermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
authorizerReq =
@@ -151,7 +161,8 @@ public class IoTDBClusterAuthorityRelationalIT {
"",
"",
Collections.emptySet(),
- false);
+ false,
+ 0);
TAuthorizerResp resp = client.queryRPermission(authorizerReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
resp.getStatus().getCode());
assertTrue(resp.getMemberInfo().contains(name));
@@ -175,7 +186,8 @@ public class IoTDBClusterAuthorityRelationalIT {
"",
"",
Collections.singleton(sysPriv.ordinal()),
- grantOpt);
+ grantOpt,
+ 0);
status = client.operateRPermission(authorizerRelationalReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
@@ -229,7 +241,8 @@ public class IoTDBClusterAuthorityRelationalIT {
union.getDBName() == null ? "" : union.getDBName(),
union.getTbName() == null ? "" : union.getTbName(),
Collections.singleton(union.getPrivilegeType().ordinal()),
- union.isGrantOption());
+ union.isGrantOption(),
+ 0);
status = client.operateRPermission(authorizerRelationalReq);
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
int reqtype = -1;
@@ -346,7 +359,8 @@ public class IoTDBClusterAuthorityRelationalIT {
"",
"",
Collections.emptySet(),
- false));
+ false,
+ 0));
grantSysPrivilegeAndCheck(client, "user1", "role1", true,
PrivilegeType.MANAGE_USER, false);
grantSysPrivilegeAndCheck(client, "user1", "role1", true,
PrivilegeType.MANAGE_ROLE, true);
grantPrivilegeAndCheck(
@@ -392,7 +406,8 @@ public class IoTDBClusterAuthorityRelationalIT {
"",
Collections.emptySet(),
false,
- AuthUtils.serializePartialPathList(Collections.emptyList()));
+ AuthUtils.serializePartialPathList(Collections.emptyList()),
+ 0);
expectSuccess(client.checkRoleOfUser(user_role_req));
// check db is visible
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlan.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlan.java
index a3c6dc3b97b..8f1a488ac9a 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlan.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlan.java
@@ -290,6 +290,7 @@ public abstract class ConfigPhysicalPlan implements
IConsensusRequest {
case CreateUser:
case CreateRole:
case DropUser:
+ case DropUserV2:
case DropRole:
case GrantRole:
case GrantUser:
@@ -298,14 +299,17 @@ public abstract class ConfigPhysicalPlan implements
IConsensusRequest {
case RevokeRole:
case RevokeRoleFromUser:
case UpdateUser:
+ case UpdateUserV2:
case CreateUserWithRawPassword:
plan = new AuthorTreePlan(configPhysicalPlanType);
break;
case RCreateUser:
case RCreateRole:
case RUpdateUser:
+ case RUpdateUserV2:
case RDropRole:
case RDropUser:
+ case RDropUserV2:
case RGrantUserRole:
case RRevokeUserRole:
case RGrantRoleAny:
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanType.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanType.java
index 2997fc06936..15b46ceddec 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanType.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanType.java
@@ -113,6 +113,7 @@ public enum ConfigPhysicalPlanType {
// For version after and equal 1.2
CreateUser((short) 621),
CreateRole((short) 622),
+ @Deprecated
DropUser((short) 623),
DropRole((short) 624),
GrantRole((short) 625),
@@ -121,6 +122,7 @@ public enum ConfigPhysicalPlanType {
RevokeUser((short) 628),
RevokeRole((short) 629),
RevokeRoleFromUser((short) 630),
+ @Deprecated
UpdateUser((short) 631),
ListUser((short) 632),
ListRole((short) 633),
@@ -133,11 +135,15 @@ public enum ConfigPhysicalPlanType {
CreateUserWithRawPassword((short) 638),
UpdateUserMaxSession((short) 639),
UpdateUserMinSession((short) 640),
+ DropUserV2((short) 641),
+ UpdateUserV2((short) 642),
/** Table Author */
RCreateUser((short) 641),
RCreateRole((short) 642),
+ @Deprecated
RUpdateUser((short) 643),
+ @Deprecated
RDropUser((short) 644),
RDropRole((short) 645),
RGrantUserRole((short) 646),
@@ -168,6 +174,8 @@ public enum ConfigPhysicalPlanType {
RListRolePrivilege((short) 672),
RUpdateUserMaxSession((short) 673),
RUpdateUserMinSession((short) 674),
+ RUpdateUserV2((short) 675),
+ RDropUserV2((short) 676),
/** Function. */
CreateFunction((short) 700),
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanVisitor.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanVisitor.java
index 774da4917fe..03aaf86123a 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanVisitor.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanVisitor.java
@@ -88,8 +88,10 @@ public abstract class ConfigPhysicalPlanVisitor<R, C> {
case CreateUserWithRawPassword:
return visitCreateRawUser((AuthorTreePlan) plan, context);
case UpdateUser:
+ case UpdateUserV2:
return visitUpdateUser((AuthorTreePlan) plan, context);
case DropUser:
+ case DropUserV2:
return visitDropUser((AuthorTreePlan) plan, context);
case GrantUser:
return visitGrantUser((AuthorTreePlan) plan, context);
@@ -104,8 +106,10 @@ public abstract class ConfigPhysicalPlanVisitor<R, C> {
case RCreateRole:
return visitRCreateRole((AuthorRelationalPlan) plan, context);
case RUpdateUser:
+ case RUpdateUserV2:
return visitRUpdateUser((AuthorRelationalPlan) plan, context);
case RDropUser:
+ case RDropUserV2:
return visitRDropUserPlan((AuthorRelationalPlan) plan, context);
case RDropRole:
return visitRDropRolePlan((AuthorRelationalPlan) plan, context);
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorPlan.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorPlan.java
index 03c2366e566..a0090e19af6 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorPlan.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorPlan.java
@@ -34,6 +34,9 @@ public abstract class AuthorPlan extends
ConfigPhysicalReadPlan {
protected int maxSessionPerUser;
protected int minSessionPerUser;
+ // Used for read plans or some write plans whose type name ends with 'V2'
+ protected long executedByUserId;
+
public AuthorPlan(final ConfigPhysicalPlanType type) {
super(type);
}
@@ -119,6 +122,14 @@ public abstract class AuthorPlan extends
ConfigPhysicalReadPlan {
this.userName = userName;
}
+ public long getExecutedByUserId() {
+ return executedByUserId;
+ }
+
+ public void setExecutedByUserId(long executedByUserId) {
+ this.executedByUserId = executedByUserId;
+ }
+
@Override
public boolean equals(Object o) {
if (this == o) {
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorRelationalPlan.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorRelationalPlan.java
index 4af3724d9f9..f9e3d80575e 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorRelationalPlan.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorRelationalPlan.java
@@ -76,11 +76,34 @@ public class AuthorRelationalPlan extends AuthorPlan {
final Set<Integer> permissions,
final boolean grantOpt,
final String password) {
+ this(
+ authorType,
+ userName,
+ roleName,
+ databaseName,
+ tableName,
+ permissions,
+ grantOpt,
+ password,
+ 0);
+ }
+
+ public AuthorRelationalPlan(
+ final ConfigPhysicalPlanType authorType,
+ final String userName,
+ final String roleName,
+ final String databaseName,
+ final String tableName,
+ final Set<Integer> permissions,
+ final boolean grantOpt,
+ final String password,
+ final long executedByUserId) {
super(authorType, userName, roleName, password, "", grantOpt, -1, -1);
this.databaseName = databaseName;
this.tableName = tableName;
this.permissions = permissions;
+ this.executedByUserId = executedByUserId;
}
public AuthorRelationalPlan(
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorTreePlan.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorTreePlan.java
index 18e32f91742..916604dbf0a 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorTreePlan.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/consensus/request/write/auth/AuthorTreePlan.java
@@ -99,9 +99,32 @@ public class AuthorTreePlan extends AuthorPlan {
final Set<Integer> permissions,
final boolean grantOpt,
final List<PartialPath> nodeNameList) {
+ this(
+ authorType,
+ userName,
+ roleName,
+ password,
+ newPassword,
+ permissions,
+ grantOpt,
+ nodeNameList,
+ 0);
+ }
+
+ public AuthorTreePlan(
+ final ConfigPhysicalPlanType authorType,
+ final String userName,
+ final String roleName,
+ final String password,
+ final String newPassword,
+ final Set<Integer> permissions,
+ final boolean grantOpt,
+ final List<PartialPath> nodeNameList,
+ final long executedByUserId) {
super(authorType, userName, roleName, password, newPassword, grantOpt, -1,
-1);
this.permissions = permissions;
this.nodeNameList = nodeNameList;
+ this.executedByUserId = executedByUserId;
}
public Set<Integer> getPermissions() {
@@ -164,11 +187,18 @@ public class AuthorTreePlan extends AuthorPlan {
BasicStructureSerDeUtil.write(roleName, stream);
BasicStructureSerDeUtil.write(password, stream);
BasicStructureSerDeUtil.write(newPassword, stream);
- if (getAuthorType() == ConfigPhysicalPlanType.UpdateUserMaxSession
- || getAuthorType() == ConfigPhysicalPlanType.UpdateUserMinSession) {
+ ConfigPhysicalPlanType authorType = getAuthorType();
+ if (authorType == ConfigPhysicalPlanType.UpdateUserMaxSession
+ || authorType == ConfigPhysicalPlanType.UpdateUserMinSession) {
BasicStructureSerDeUtil.write(maxSessionPerUser, stream);
BasicStructureSerDeUtil.write(minSessionPerUser, stream);
}
+ if (authorType == ConfigPhysicalPlanType.DropUserV2
+ || authorType == ConfigPhysicalPlanType.RDropUserV2
+ || authorType == ConfigPhysicalPlanType.UpdateUserV2
+ || authorType == ConfigPhysicalPlanType.RUpdateUserV2) {
+ BasicStructureSerDeUtil.write(executedByUserId, stream);
+ }
if (permissions == null) {
stream.write((byte) 0);
} else {
@@ -191,11 +221,18 @@ public class AuthorTreePlan extends AuthorPlan {
roleName = BasicStructureSerDeUtil.readString(buffer);
password = BasicStructureSerDeUtil.readString(buffer);
newPassword = BasicStructureSerDeUtil.readString(buffer);
- if (getAuthorType() == ConfigPhysicalPlanType.UpdateUserMaxSession
- || getAuthorType() == ConfigPhysicalPlanType.UpdateUserMinSession) {
+ ConfigPhysicalPlanType authorType = getAuthorType();
+ if (authorType == ConfigPhysicalPlanType.UpdateUserMaxSession
+ || authorType == ConfigPhysicalPlanType.UpdateUserMinSession) {
maxSessionPerUser = buffer.getInt();
minSessionPerUser = buffer.getInt();
}
+ if (authorType == ConfigPhysicalPlanType.DropUserV2
+ || authorType == ConfigPhysicalPlanType.RDropUserV2
+ || authorType == ConfigPhysicalPlanType.UpdateUserV2
+ || authorType == ConfigPhysicalPlanType.RUpdateUserV2) {
+ executedByUserId = buffer.getLong();
+ }
if (buffer.get() == (byte) 0) {
this.permissions = null;
} else {
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/load/service/HeartbeatService.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/load/service/HeartbeatService.java
index 360935d85fc..561d49aa443 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/load/service/HeartbeatService.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/load/service/HeartbeatService.java
@@ -207,7 +207,7 @@ public class HeartbeatService {
}
}
- private TConfigNodeHeartbeatReq genConfigNodeHeartbeatReq() {
+ protected TConfigNodeHeartbeatReq genConfigNodeHeartbeatReq() {
TConfigNodeHeartbeatReq req = new TConfigNodeHeartbeatReq();
req.setTimestamp(System.nanoTime());
return req;
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/receiver/protocol/IoTDBConfigNodeReceiver.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/receiver/protocol/IoTDBConfigNodeReceiver.java
index d52ad5cd7e8..537983124b6 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/receiver/protocol/IoTDBConfigNodeReceiver.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/receiver/protocol/IoTDBConfigNodeReceiver.java
@@ -540,7 +540,9 @@ public class IoTDBConfigNodeReceiver extends
IoTDBFileReceiver {
}
return StatusUtils.OK;
case UpdateUser:
+ case UpdateUserV2:
case RUpdateUser:
+ case RUpdateUserV2:
return ((AuthorPlan) plan).getUserName().equals(username)
? StatusUtils.OK
: configManager
@@ -550,7 +552,9 @@ public class IoTDBConfigNodeReceiver extends
IoTDBFileReceiver {
case RCreateUser:
case CreateUserWithRawPassword:
case DropUser:
+ case DropUserV2:
case RDropUser:
+ case RDropUserV2:
return configManager
.checkUserPrivileges(username, new
PrivilegeUnion(PrivilegeType.MANAGE_USER))
.getStatus();
@@ -874,6 +878,7 @@ public class IoTDBConfigNodeReceiver extends
IoTDBFileReceiver {
case CreateUserWithRawPassword:
case CreateRole:
case DropUser:
+ case DropUserV2:
case DropRole:
case GrantRole:
case GrantUser:
@@ -882,9 +887,13 @@ public class IoTDBConfigNodeReceiver extends
IoTDBFileReceiver {
case RevokeRole:
case RevokeRoleFromUser:
case UpdateUser:
+ case UpdateUserV2:
case RCreateUser:
case RCreateRole:
case RDropUser:
+ case RDropUserV2:
+ case RUpdateUser:
+ case RUpdateUserV2:
case RDropRole:
case RGrantRoleAll:
case RGrantUserAll:
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/ConfigRegionListeningFilter.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/ConfigRegionListeningFilter.java
index d251705aca9..b21afa42a42 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/ConfigRegionListeningFilter.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/ConfigRegionListeningFilter.java
@@ -186,11 +186,18 @@ public class ConfigRegionListeningFilter {
new PartialPath("auth.user.alter"),
Collections.unmodifiableList(
Arrays.asList(
- ConfigPhysicalPlanType.UpdateUser,
ConfigPhysicalPlanType.RUpdateUser)));
+ ConfigPhysicalPlanType.UpdateUser,
+ ConfigPhysicalPlanType.UpdateUserV2,
+ ConfigPhysicalPlanType.RUpdateUser,
+ ConfigPhysicalPlanType.RUpdateUserV2)));
OPTION_PLAN_MAP.put(
new PartialPath("auth.user.drop"),
Collections.unmodifiableList(
- Arrays.asList(ConfigPhysicalPlanType.DropUser,
ConfigPhysicalPlanType.RDropUser)));
+ Arrays.asList(
+ ConfigPhysicalPlanType.DropUser,
+ ConfigPhysicalPlanType.DropUserV2,
+ ConfigPhysicalPlanType.RDropUser,
+ ConfigPhysicalPlanType.RDropUserV2)));
// Both
OPTION_PLAN_MAP.put(
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorInfo.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorInfo.java
index e499887f195..ecc04271481 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorInfo.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorInfo.java
@@ -52,7 +52,7 @@ public class AuthorInfo implements SnapshotProcessor {
public static final String NO_USER_MSG = "No such user : ";
private IAuthorizer authorizer;
- private volatile AuthorPlanExecutor authorPlanExecutor;
+ private volatile IAuthorPlanExecutor authorPlanExecutor;
public AuthorInfo() {
try {
@@ -63,7 +63,7 @@ public class AuthorInfo implements SnapshotProcessor {
}
}
- public void setAuthorQueryPlanExecutor(AuthorPlanExecutor
authorPlanExecutor) {
+ public void setAuthorQueryPlanExecutor(IAuthorPlanExecutor
authorPlanExecutor) {
this.authorPlanExecutor = authorPlanExecutor;
}
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorPlanExecutor.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorPlanExecutor.java
index 77ef93c437d..69bb5779abc 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorPlanExecutor.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorPlanExecutor.java
@@ -73,6 +73,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
this.authorizer = authorizer;
}
+ @Override
public TPermissionInfoResp login(String username, String password) {
boolean status;
String loginMessage = null;
@@ -107,10 +108,12 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return result;
}
+ @Override
public String login4Pipe(final String username, final String password) {
return authorizer.login4Pipe(username, password);
}
+ @Override
public TSStatus executeAuthorNonQuery(AuthorTreePlan authorPlan) {
ConfigPhysicalPlanType authorType = authorPlan.getAuthorType();
String userName = authorPlan.getUserName();
@@ -123,6 +126,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
try {
switch (authorType) {
case UpdateUser:
+ case UpdateUserV2:
authorizer.updateUserPassword(userName, newPassword);
break;
case CreateUser:
@@ -135,6 +139,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
authorizer.createRole(roleName);
break;
case DropUser:
+ case DropUserV2:
authorizer.deleteUser(userName);
break;
case DropRole:
@@ -207,6 +212,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}
+ @Override
public TSStatus executeRelationalAuthorNonQuery(AuthorRelationalPlan
authorPlan) {
ConfigPhysicalPlanType authorType = authorPlan.getAuthorType();
String userName = authorPlan.getUserName();
@@ -232,12 +238,14 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
authorizer.createRole(roleName);
break;
case RUpdateUser:
+ case RUpdateUserV2:
authorizer.updateUserPassword(userName, authorPlan.getPassword());
break;
case RDropRole:
authorizer.deleteRole(roleName);
break;
case RDropUser:
+ case RDropUserV2:
authorizer.deleteUser(userName);
break;
case RGrantUserRole:
@@ -439,6 +447,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}
+ @Override
public PermissionInfoResp executeListUsers(final AuthorPlan plan) throws
AuthException {
final PermissionInfoResp result = new PermissionInfoResp();
final List<String> userList;
@@ -482,6 +491,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return result;
}
+ @Override
public PermissionInfoResp executeListRoles(final AuthorPlan plan) throws
AuthException {
final PermissionInfoResp result = new PermissionInfoResp();
final List<String> permissionInfo = new ArrayList<>();
@@ -504,6 +514,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return result;
}
+ @Override
public PermissionInfoResp executeListRolePrivileges(final AuthorPlan plan)
throws AuthException {
boolean isTreePlan = plan instanceof AuthorTreePlan;
final PermissionInfoResp result = new PermissionInfoResp();
@@ -528,6 +539,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return result;
}
+ @Override
public PermissionInfoResp executeListUserPrivileges(final AuthorPlan plan)
throws AuthException {
final PermissionInfoResp result = new PermissionInfoResp();
boolean isTreePlan = plan instanceof AuthorTreePlan;
@@ -552,6 +564,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
*
* @param username The username of the user that needs to be cached
*/
+ @Override
public TPermissionInfoResp getUserPermissionInfo(String username, ModelType
type)
throws AuthException {
TPermissionInfoResp result = new TPermissionInfoResp();
@@ -575,6 +588,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return result;
}
+ @Override
public TPermissionInfoResp checkUserPrivileges(String username,
PrivilegeUnion union) {
boolean status;
TPermissionInfoResp result = new TPermissionInfoResp();
@@ -618,6 +632,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return result;
}
+ @Override
public TAuthizedPatternTreeResp generateAuthorizedPTree(String username, int
permission)
throws AuthException {
TAuthizedPatternTreeResp resp = new TAuthizedPatternTreeResp();
@@ -658,6 +673,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return resp;
}
+ @Override
public TPermissionInfoResp checkRoleOfUser(String username, String roleName)
throws AuthException {
TPermissionInfoResp result;
@@ -675,6 +691,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return result;
}
+ @Override
public TPermissionInfoResp getUser(String username) throws AuthException {
TPermissionInfoResp result;
User user = authorizer.getUser(username);
@@ -687,6 +704,7 @@ public class AuthorPlanExecutor implements
IAuthorPlanExecutor {
return result;
}
+ @Override
public String getUserName(long userId) throws AuthException {
return authorizer.getUser(userId).getName();
}
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/executor/ConfigPlanExecutor.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/executor/ConfigPlanExecutor.java
index 42353b98114..41d459a9c3b 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/executor/ConfigPlanExecutor.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/executor/ConfigPlanExecutor.java
@@ -459,6 +459,7 @@ public class ConfigPlanExecutor {
case CreateUser:
case CreateRole:
case DropUser:
+ case DropUserV2:
case DropRole:
case GrantRole:
case GrantUser:
@@ -467,6 +468,7 @@ public class ConfigPlanExecutor {
case RevokeRole:
case RevokeRoleFromUser:
case UpdateUser:
+ case UpdateUserV2:
case UpdateUserMaxSession:
case UpdateUserMinSession:
case CreateUserWithRawPassword:
@@ -484,8 +486,10 @@ public class ConfigPlanExecutor {
case RCreateRole:
case RCreateUser:
case RDropUser:
+ case RDropUserV2:
case RDropRole:
case RUpdateUser:
+ case RUpdateUserV2:
case RUpdateUserMaxSession:
case RUpdateUserMinSession:
case RGrantUserRole:
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/service/ConfigNode.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/service/ConfigNode.java
index 819f655c23f..f20f77095d9 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/service/ConfigNode.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/service/ConfigNode.java
@@ -218,6 +218,8 @@ public class ConfigNode extends ServerCommandLine
implements ConfigNodeMBean {
/* Always set ConfigNodeId before initConsensusManager */
CONF.setConfigNodeId(SEED_CONFIG_NODE_ID);
configManager.initConsensusManager();
+ // Generate the builtin admin users after initConsensusManager
+ initBuiltinUsers();
// Persistence system parameters after the consensusGroup is built,
// or the consensusGroup will not be initialized successfully
otherwise.
@@ -285,6 +287,10 @@ public class ConfigNode extends ServerCommandLine
implements ConfigNodeMBean {
}
}
+ protected void initBuiltinUsers() {
+ // nothing to do
+ }
+
void processPid() {
String pidFile = System.getProperty(IoTDBConstant.IOTDB_PIDFILE);
if (pidFile != null) {
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessor.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessor.java
index fbb9d69fea6..131e467b83b 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessor.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/service/thrift/ConfigNodeRPCServiceProcessor.java
@@ -645,7 +645,8 @@ public class ConfigNodeRPCServiceProcessor implements
IConfigNodeRPCService.Ifac
req.getNewPassword(),
req.getPermissions(),
req.isGrantOpt(),
-
AuthUtils.deserializePartialPathList(ByteBuffer.wrap(req.getNodeNameList()))));
+
AuthUtils.deserializePartialPathList(ByteBuffer.wrap(req.getNodeNameList())),
+ req.getExecutedByUserID()));
}
@Override
@@ -665,7 +666,8 @@ public class ConfigNodeRPCServiceProcessor implements
IConfigNodeRPCService.Ifac
req.getNewPassword(),
req.getPermissions(),
req.isGrantOpt(),
-
AuthUtils.deserializePartialPathList(ByteBuffer.wrap(req.getNodeNameList()))));
+
AuthUtils.deserializePartialPathList(ByteBuffer.wrap(req.getNodeNameList())),
+ req.getExecutedByUserID()));
final TAuthorizerResp resp = new TAuthorizerResp(dataSet.getStatus());
resp.setMemberInfo(dataSet.getMemberList());
resp.setPermissionInfo(dataSet.getPermissionInfoResp());
diff --git
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanSerDeTest.java
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanSerDeTest.java
index b2d6b9c0c84..6925fef09dc 100644
---
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanSerDeTest.java
+++
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/consensus/request/ConfigPhysicalPlanSerDeTest.java
@@ -519,7 +519,7 @@ public class ConfigPhysicalPlanSerDeTest {
// alter user
req0 =
new AuthorTreePlan(
- ConfigPhysicalPlanType.UpdateUser,
+ ConfigPhysicalPlanType.UpdateUserV2,
"tempuser",
"",
"",
@@ -620,7 +620,7 @@ public class ConfigPhysicalPlanSerDeTest {
// drop user
req0 =
new AuthorTreePlan(
- ConfigPhysicalPlanType.DropUser,
+ ConfigPhysicalPlanType.DropUserV2,
"xiaoming",
"",
"",
diff --git
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
index fcb25d2f45f..19a224fc80c 100644
---
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
+++
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
@@ -702,7 +702,7 @@ public class AuthorInfoTest {
plan =
new AuthorRelationalPlan(
- ConfigPhysicalPlanType.RDropUser,
+ ConfigPhysicalPlanType.RDropUserV2,
"user",
"",
"",
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 61c79979ad9..63070ac0990 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -23,6 +23,7 @@ import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.audit.UserEntity;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
+import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.commons.path.PartialPath;
@@ -127,6 +128,10 @@ public class AuthorityChecker {
return authorityFetcher.get().getAuthorCache().invalidateCache(username,
roleName);
}
+ public static User getUser(String username) {
+ return authorityFetcher.get().getUser(username);
+ }
+
public static TSStatus checkUser(String userName, String password) {
return authorityFetcher.get().checkUser(userName, password);
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java
index aab440f3ac1..955558eeec9 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/ClusterAuthorityFetcher.java
@@ -710,7 +710,8 @@ public class ClusterAuthorityFetcher implements
IAuthorityFetcher {
authorStatement.getNewPassword() == null ? "" :
authorStatement.getNewPassword(),
AuthUtils.strToPermissions(authorStatement.getPrivilegeList()),
authorStatement.getGrantOpt(),
- AuthUtils.serializePartialPathList(authorStatement.getNodeNameList()));
+ AuthUtils.serializePartialPathList(authorStatement.getNodeNameList()),
+ authorStatement.getExecutedByUserId());
}
private TAuthorizerRelationalReq statementToAuthorizerReq(
@@ -725,6 +726,7 @@ public class ClusterAuthorityFetcher implements
IAuthorityFetcher {
authorStatement.getPrivilegeTypes() == null
? Collections.emptySet()
: authorStatement.getPrivilegeIds(),
- authorStatement.isGrantOption());
+ authorStatement.isGrantOption(),
+ authorStatement.getExecutedByUserId());
}
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
index 5879159c16e..bd7e923e022 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
@@ -2510,7 +2510,7 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
// Alter Password
@Override
public Statement visitAlterUser(IoTDBSqlParser.AlterUserContext ctx) {
- AuthorStatement authorStatement = new
AuthorStatement(AuthorType.UPDATE_USER);
+ AuthorStatement authorStatement = new
AuthorStatement(AuthorType.UPDATE_USER_V2);
authorStatement.setUserName(parseIdentifier(ctx.userName.getText()));
authorStatement.setNewPassword(parseStringLiteral(ctx.password.getText()));
return authorStatement;
@@ -2693,7 +2693,7 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
@Override
public Statement visitDropUser(IoTDBSqlParser.DropUserContext ctx) {
- AuthorStatement authorStatement = new
AuthorStatement(AuthorType.DROP_USER);
+ AuthorStatement authorStatement = new
AuthorStatement(AuthorType.DROP_USER_V2);
authorStatement.setUserName(parseIdentifier(ctx.userName.getText()));
return authorStatement;
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
index 4dbd54b457a..3f6d4742305 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
@@ -426,6 +426,7 @@ public class TreeAccessCheckVisitor extends
StatementVisitor<TSStatus, TreeAcces
switch (authorType) {
case CREATE_USER:
case DROP_USER:
+ case DROP_USER_V2:
return checkGlobalAuth(context.getUsername(),
PrivilegeType.MANAGE_USER);
case UPDATE_USER:
// users can change passwords of themselves
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/ast/RelationalAuthorStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/ast/RelationalAuthorStatement.java
index 04c1089dc2f..ed970393538 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/ast/RelationalAuthorStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/ast/RelationalAuthorStatement.java
@@ -53,6 +53,7 @@ public class RelationalAuthorStatement extends Statement {
private Set<PrivilegeType> privilegeType;
private boolean grantOption;
+ private long executedByUserId;
public RelationalAuthorStatement(
AuthorRType authorType,
@@ -149,6 +150,10 @@ public class RelationalAuthorStatement extends Statement {
return privilegeIds;
}
+ public long getExecutedByUserId() {
+ return executedByUserId;
+ }
+
public void setDatabase(String database) {
this.database = database;
}
@@ -165,6 +170,10 @@ public class RelationalAuthorStatement extends Statement {
this.password = password;
}
+ public void setExecutedByUserId(long executedByUserId) {
+ this.executedByUserId = executedByUserId;
+ }
+
@Override
public boolean equals(Object o) {
if (this == o) return true;
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorType.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorType.java
index 9a00cd0878a..ba0386752a6 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorType.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorType.java
@@ -22,6 +22,7 @@ package org.apache.iotdb.db.queryengine.plan.statement;
public enum AuthorType {
CREATE_USER,
CREATE_ROLE,
+ @Deprecated
DROP_USER,
DROP_ROLE,
GRANT_ROLE,
@@ -30,11 +31,15 @@ public enum AuthorType {
REVOKE_USER,
REVOKE_ROLE,
REVOKE_USER_ROLE,
+ @Deprecated
UPDATE_USER,
LIST_USER,
LIST_ROLE,
LIST_USER_PRIVILEGE,
- LIST_ROLE_PRIVILEGE;
+ LIST_ROLE_PRIVILEGE,
+ DROP_USER_V2,
+ UPDATE_USER_V2,
+ ;
/**
* deserialize short number.
@@ -74,6 +79,10 @@ public enum AuthorType {
return LIST_USER_PRIVILEGE;
case 14:
return LIST_ROLE_PRIVILEGE;
+ case 15:
+ return DROP_USER_V2;
+ case 16:
+ return UPDATE_USER_V2;
default:
return null;
}
@@ -116,6 +125,10 @@ public enum AuthorType {
return 13;
case LIST_ROLE_PRIVILEGE:
return 14;
+ case DROP_USER_V2:
+ return 15;
+ case UPDATE_USER_V2:
+ return 16;
default:
return -1;
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java
index 7cf0950e45d..fbbb7f59c29 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java
@@ -47,6 +47,7 @@ public class AuthorStatement extends Statement implements
IConfigStatement {
private String[] privilegeList;
private List<PartialPath> nodeNameList;
private boolean grantOpt;
+ private long executedByUserId;
/**
* Constructor with AuthorType.
@@ -61,6 +62,7 @@ public class AuthorStatement extends Statement implements
IConfigStatement {
this.setType(StatementType.DELETE_ROLE);
break;
case DROP_USER:
+ case DROP_USER_V2:
this.setType(StatementType.DELETE_USER);
break;
case GRANT_ROLE:
@@ -82,6 +84,7 @@ public class AuthorStatement extends Statement implements
IConfigStatement {
this.setType(StatementType.REVOKE_USER_PRIVILEGE);
break;
case UPDATE_USER:
+ case UPDATE_USER_V2:
this.setType(StatementType.MODIFY_PASSWORD);
break;
case GRANT_USER_ROLE:
@@ -178,6 +181,14 @@ public class AuthorStatement extends Statement implements
IConfigStatement {
this.grantOpt = grantOpt;
}
+ public long getExecutedByUserId() {
+ return executedByUserId;
+ }
+
+ public void setExecutedByUserId(long executedByUserId) {
+ this.executedByUserId = executedByUserId;
+ }
+
@Override
public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
return visitor.visitAuthor(this, context);
@@ -190,6 +201,7 @@ public class AuthorStatement extends Statement implements
IConfigStatement {
case CREATE_USER:
case CREATE_ROLE:
case DROP_USER:
+ case DROP_USER_V2:
case DROP_ROLE:
case GRANT_ROLE:
case GRANT_USER:
@@ -198,6 +210,7 @@ public class AuthorStatement extends Statement implements
IConfigStatement {
case REVOKE_ROLE:
case REVOKE_USER_ROLE:
case UPDATE_USER:
+ case UPDATE_USER_V2:
queryType = QueryType.WRITE;
break;
case LIST_USER:
@@ -225,9 +238,9 @@ public class AuthorStatement extends Statement implements
IConfigStatement {
public TSStatus onSuccess() {
if (authorType == AuthorType.CREATE_USER) {
return onCreateUserSuccess();
- } else if (authorType == AuthorType.UPDATE_USER) {
+ } else if (authorType == AuthorType.UPDATE_USER || authorType ==
AuthorType.UPDATE_USER_V2) {
return onUpdateUserSuccess();
- } else if (authorType == AuthorType.DROP_USER) {
+ } else if (authorType == AuthorType.DROP_USER || authorType ==
AuthorType.DROP_USER_V2) {
return onDropUserSuccess();
}
return null;
@@ -281,6 +294,7 @@ public class AuthorStatement extends Statement implements
IConfigStatement {
}
break;
case DROP_USER:
+ case DROP_USER_V2:
if (AuthorityChecker.SUPER_USER.equals(userName) ||
userName.equals(currentUser)) {
return AuthorityChecker.getTSStatus(false, "Cannot drop admin user
or yourself");
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/service/DataNode.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/service/DataNode.java
index 89ec5e43222..0c30078ce17 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/service/DataNode.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/service/DataNode.java
@@ -451,7 +451,7 @@ public class DataNode extends ServerCommandLine implements
DataNodeMBean {
*
* <p>6. All TTL information
*/
- private void storeRuntimeConfigurations(
+ protected void storeRuntimeConfigurations(
List<TConfigNodeLocation> configNodeLocations, TRuntimeConfiguration
runtimeConfiguration)
throws StartupException {
/* Store ConfigNodeList */
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/ConfigurationFileUtils.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/ConfigurationFileUtils.java
index 74a6cffb328..2b884d17a37 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/ConfigurationFileUtils.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/ConfigurationFileUtils.java
@@ -470,6 +470,7 @@ public class ConfigurationFileUtils {
public enum EffectiveModeType {
HOT_RELOAD,
FIRST_START,
+ FIRST_START_OR_SET_CONFIGURATION,
RESTART,
UNKNOWN;
@@ -478,6 +479,8 @@ public class ConfigurationFileUtils {
return HOT_RELOAD;
} else if (FIRST_START.name().equalsIgnoreCase(effectiveMode)) {
return FIRST_START;
+ } else if
(FIRST_START_OR_SET_CONFIGURATION.name().equalsIgnoreCase(effectiveMode)) {
+ return FIRST_START_OR_SET_CONFIGURATION;
} else if (RESTART.name().equalsIgnoreCase(effectiveMode)) {
return RESTART;
} else {
diff --git a/iotdb-protocol/thrift-confignode/src/main/thrift/confignode.thrift
b/iotdb-protocol/thrift-confignode/src/main/thrift/confignode.thrift
index 98ca620d871..9fb48a0970b 100644
--- a/iotdb-protocol/thrift-confignode/src/main/thrift/confignode.thrift
+++ b/iotdb-protocol/thrift-confignode/src/main/thrift/confignode.thrift
@@ -344,6 +344,7 @@ struct TAuthorizerReq {
6: required set<i32> permissions
7: required bool grantOpt
8: required binary nodeNameList
+ 9: required i64 executedByUserID
}
struct TAuthorizerRelationalReq {
@@ -355,6 +356,7 @@ struct TAuthorizerRelationalReq {
6: required string table
7: required set<i32> permissions
8: required bool grantOpt
+ 9: required i64 executedByUserID
}
struct TAuthorizerResp {
