This is an automated email from the ASF dual-hosted git repository. yongzao pushed a commit to branch fix-audit-logger in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 88178c4276c22f8a790ea1a42f2fd43e0459bb05 Author: Yongzao <[email protected]> AuthorDate: Tue Sep 23 19:53:08 2025 +0800 remove internal auditor --- .../org/apache/iotdb/db/audit/DNAuditLogger.java | 86 ++++++++++++++-------- .../org/apache/iotdb/db/auth/AuthorityChecker.java | 5 +- .../iotdb/commons/auth/user/BasicUserManager.java | 41 ----------- .../apache/iotdb/commons/conf/IoTDBConstant.java | 4 - 4 files changed, 59 insertions(+), 77 deletions(-) diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java index b21fe2057ef..51d1a7dbc51 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java @@ -73,6 +73,7 @@ import java.io.IOException; import java.time.ZoneId; import java.util.Arrays; import java.util.List; +import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicBoolean; import static org.apache.iotdb.db.pipe.receiver.protocol.legacy.loader.ILoader.SCHEMA_FETCHER; @@ -80,6 +81,10 @@ import static org.apache.iotdb.db.pipe.receiver.protocol.legacy.loader.ILoader.S public class DNAuditLogger extends AbstractAuditLogger { private static final Logger logger = LoggerFactory.getLogger(DNAuditLogger.class); + // TODO: @zhujt20 Optimize the following stupid retry + private static final int INSERT_RETRY_COUNT = 5; + private static final int INSERT_RETRY_INTERVAL_MS = 2000; + private static final IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig(); private static final String LOG = "log"; private static final String USERNAME = "username"; @@ -343,30 +348,42 @@ public class DNAuditLogger extends AbstractAuditLogger { logger.error("Failed to log audit events because ", e); return; } - coordinator.executeForTreeModel( - statement, - SESSION_MANAGER.requestQueryId(), - sessionInfo, - "", - ClusterPartitionFetcher.getInstance(), - SCHEMA_FETCHER); - AuditEventType type = auditLogFields.getAuditType(); - if (isLoginEvent(type)) { - try { - statement.setDevicePath( - DEVICE_PATH_CACHE.getPartialPath( - String.format(AUDIT_LOGIN_LOG_DEVICE, dataNodeId, user))); - } catch (IllegalPathException e) { - logger.error("Failed to log audit login events because ", e); + for (int retry = 0; retry < INSERT_RETRY_COUNT; retry++) { + ExecutionResult insertResult = + coordinator.executeForTreeModel( + statement, + SESSION_MANAGER.requestQueryId(), + sessionInfo, + "", + ClusterPartitionFetcher.getInstance(), + SCHEMA_FETCHER); + if (insertResult.status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { return; } - coordinator.executeForTreeModel( - statement, - SESSION_MANAGER.requestQueryId(), - sessionInfo, - "", - ClusterPartitionFetcher.getInstance(), - SCHEMA_FETCHER); + try { + TimeUnit.MILLISECONDS.sleep(INSERT_RETRY_INTERVAL_MS); + } catch (InterruptedException e) { + logger.error("Audit log insertion retry sleep was interrupted", e); + } + } + AuditEventType type = auditLogFields.getAuditType(); + if (isLoginEvent(type)) { + // TODO: @wenyanshi-123 Reactivate the following codes in the future + // try { + // statement.setDevicePath( + // DEVICE_PATH_CACHE.getPartialPath( + // String.format(AUDIT_LOGIN_LOG_DEVICE, dataNodeId, user))); + // } catch (IllegalPathException e) { + // logger.error("Failed to log audit login events because ", e); + // return; + // } + // coordinator.executeForTreeModel( + // statement, + // SESSION_MANAGER.requestQueryId(), + // sessionInfo, + // "", + // ClusterPartitionFetcher.getInstance(), + // SCHEMA_FETCHER); } } @@ -381,13 +398,24 @@ public class DNAuditLogger extends AbstractAuditLogger { auditLogFields, log, DEVICE_PATH_CACHE.getPartialPath(String.format(AUDIT_CN_LOG_DEVICE, nodeId))); - coordinator.executeForTreeModel( - statement, - SESSION_MANAGER.requestQueryId(), - sessionInfo, - "", - ClusterPartitionFetcher.getInstance(), - SCHEMA_FETCHER); + for (int retry = 0; retry < INSERT_RETRY_COUNT; retry++) { + ExecutionResult insertResult = + coordinator.executeForTreeModel( + statement, + SESSION_MANAGER.requestQueryId(), + sessionInfo, + "", + ClusterPartitionFetcher.getInstance(), + SCHEMA_FETCHER); + if (insertResult.status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { + return; + } + try { + TimeUnit.MILLISECONDS.sleep(INSERT_RETRY_INTERVAL_MS); + } catch (InterruptedException e) { + logger.error("Audit log insertion retry sleep was interrupted", e); + } + } } private static class DNAuditLoggerHolder { diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java index 61c79979ad9..8eec5b0f1e1 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java @@ -24,7 +24,6 @@ import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.auth.AuthException; import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.conf.CommonDescriptor; -import org.apache.iotdb.commons.conf.IoTDBConstant; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.commons.path.PathPatternTree; import org.apache.iotdb.commons.schema.column.ColumnHeader; @@ -79,8 +78,8 @@ public class AuthorityChecker { public static final TSStatus SUCCEED = new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode()); - public static final int INTERNAL_AUDIT_USER_ID = IoTDBConstant.INTERNAL_AUDIT_USER_ID; - public static final String INTERNAL_AUDIT_USER = IoTDBConstant.INTERNAL_AUDIT_USER; + public static final int INTERNAL_AUDIT_USER_ID = 4; + public static final String INTERNAL_AUDIT_USER = "__internal_auditor"; public static String ANY_SCOPE = "any"; diff --git a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java index 96d5ad7cc42..95707c816e9 100644 --- a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java +++ b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java @@ -29,7 +29,6 @@ import org.apache.iotdb.commons.conf.CommonDescriptor; import org.apache.iotdb.commons.conf.IoTDBConstant; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.commons.pipe.config.constant.SystemConstant; import org.apache.iotdb.commons.utils.AuthUtils; import org.apache.iotdb.commons.utils.TestOnly; import org.apache.iotdb.rpc.TSStatusCode; @@ -114,42 +113,6 @@ public abstract class BasicUserManager extends BasicRoleManager { "Internal user {} initialized", CommonDescriptor.getInstance().getConfig().getAdminName()); } - private void initInternalAuditorWhenNecessary() throws AuthException { - if (!CommonDescriptor.getInstance().getConfig().isEnableAuditLog()) { - return; - } - User internalAuditor = this.getEntity(IoTDBConstant.INTERNAL_AUDIT_USER); - if (internalAuditor == null) { - createUser( - IoTDBConstant.INTERNAL_AUDIT_USER, - CommonDescriptor.getInstance().getConfig().getAdminPassword(), - true, - true); - } - internalAuditor = this.getEntity(IoTDBConstant.INTERNAL_AUDIT_USER); - try { - PartialPath auditPath = new PartialPath(SystemConstant.AUDIT_DATABASE + ".**"); - PathPrivilege pathPri = new PathPrivilege(auditPath); - for (PrivilegeType item : PrivilegeType.values()) { - if (item.isDeprecated()) { - continue; - } - if (item.isSystemPrivilege()) { - internalAuditor.grantSysPrivilege(item, false); - } else if (item.isRelationalPrivilege()) { - internalAuditor.grantAnyScopePrivilege(item, false); - } else if (item.isPathPrivilege()) { - pathPri.grantPrivilege(item, false); - } - } - internalAuditor.getPathPrivilegeList().clear(); - internalAuditor.getPathPrivilegeList().add(pathPri); - } catch (IllegalPathException e) { - LOGGER.warn("Got a wrong path for {} to init", IoTDBConstant.INTERNAL_AUDIT_USER, e); - } - LOGGER.info("Internal user {} initialized", IoTDBConstant.INTERNAL_AUDIT_USER); - } - private void initUserId() { try { long maxUserId = this.accessor.loadUserId(); @@ -206,8 +169,6 @@ public abstract class BasicUserManager extends BasicRoleManager { long userid; if (username.equals(CommonDescriptor.getInstance().getConfig().getAdminName())) { userid = 0; - } else if (username.equals(IoTDBConstant.INTERNAL_AUDIT_USER)) { - userid = 4; } else { userid = ++nextUserId; } @@ -277,7 +238,6 @@ public abstract class BasicUserManager extends BasicRoleManager { private void init() throws AuthException { this.accessor.reset(); initAdmin(); - initInternalAuditorWhenNecessary(); } @Override @@ -295,7 +255,6 @@ public abstract class BasicUserManager extends BasicRoleManager { } initUserId(); initAdmin(); - initInternalAuditorWhenNecessary(); } @TestOnly diff --git a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/IoTDBConstant.java b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/IoTDBConstant.java index 30735d4960a..ba568eae896 100644 --- a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/IoTDBConstant.java +++ b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/IoTDBConstant.java @@ -368,8 +368,4 @@ public class IoTDBConstant { public static final String TTL_INFINITE = "INF"; public static final String INTEGRATION_TEST_KILL_POINTS = "integrationTestKillPoints"; - - // Authority - public static final String INTERNAL_AUDIT_USER = "_internal_auditor"; - public static final int INTERNAL_AUDIT_USER_ID = 4; }
