This is an automated email from the ASF dual-hosted git repository.
jiangtian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 263c23bd69d Pipe: Fixed the auth implementation error (#16847)
263c23bd69d is described below
commit 263c23bd69d412268d6e118a3c77cf7c0583abe6
Author: Caideyipi <[email protected]>
AuthorDate: Tue Dec 2 16:29:44 2025 +0800
Pipe: Fixed the auth implementation error (#16847)
* fix
* fix
* non-geneic
* fix
---
.../pipe/it/single/IoTDBPipePermissionIT.java | 27 +++++++++++-----------
.../relational/it/schema/IoTDBDatabaseIT.java | 8 ++-----
.../InformationSchemaContentSupplierFactory.java | 8 +++++--
.../execution/config/TableConfigTaskVisitor.java | 1 -
4 files changed, 21 insertions(+), 23 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/single/IoTDBPipePermissionIT.java
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/single/IoTDBPipePermissionIT.java
index 33ab3d7a6a6..71f3f69a86e 100644
---
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/single/IoTDBPipePermissionIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/single/IoTDBPipePermissionIT.java
@@ -19,8 +19,6 @@
package org.apache.iotdb.pipe.it.single;
-import org.apache.iotdb.commons.client.sync.SyncConfigNodeIServiceClient;
-import org.apache.iotdb.confignode.rpc.thrift.TShowPipeReq;
import org.apache.iotdb.db.it.utils.TestUtils;
import org.apache.iotdb.it.framework.IoTDBTestRunner;
import org.apache.iotdb.itbase.category.MultiClusterIT1;
@@ -33,6 +31,7 @@ import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import java.sql.Connection;
+import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Arrays;
@@ -44,7 +43,7 @@ import static org.junit.Assert.fail;
public class IoTDBPipePermissionIT extends AbstractPipeSingleIT {
@Test
public void testSinkPermission() {
- TestUtils.executeNonQuery(env, "create user `thulab` 'passwd'", null);
+ TestUtils.executeNonQuery(env, "create user `thulab` 'StrngPsWd@623451'",
null);
// Shall fail if username is specified without password
try (final Connection connection =
env.getConnection(BaseEnv.TABLE_SQL_DIALECT);
@@ -90,7 +89,8 @@ public class IoTDBPipePermissionIT extends
AbstractPipeSingleIT {
// Successfully alter
try (final Connection connection =
env.getConnection(BaseEnv.TABLE_SQL_DIALECT);
final Statement statement = connection.createStatement()) {
- statement.execute("alter pipe a2b modify sink ('username'='thulab',
'password'='passwd')");
+ statement.execute(
+ "alter pipe a2b modify sink ('username'='thulab',
'password'='StrngPsWd@623451')");
} catch (final SQLException e) {
e.printStackTrace();
fail("Alter pipe shall not fail if user and password are specified");
@@ -156,14 +156,12 @@ public class IoTDBPipePermissionIT extends
AbstractPipeSingleIT {
}
// A user shall only see its own pipe
- try (final SyncConfigNodeIServiceClient client =
- (SyncConfigNodeIServiceClient) env.getLeaderConfigNodeConnection()) {
- Assert.assertEquals(
- 1,
- client
- .showPipe(new
TShowPipeReq().setIsTableModel(true).setUserName("thulab"))
- .pipeInfoList
- .size());
+ try (final Connection connection =
+ env.getConnection("thulab", "StrngPsWd@623451",
BaseEnv.TABLE_SQL_DIALECT);
+ final Statement statement = connection.createStatement()) {
+ final ResultSet result = statement.executeQuery("show pipes");
+ Assert.assertTrue(result.next());
+ Assert.assertFalse(result.next());
} catch (Exception e) {
fail(e.getMessage());
}
@@ -181,7 +179,8 @@ public class IoTDBPipePermissionIT extends
AbstractPipeSingleIT {
BaseEnv.TABLE_SQL_DIALECT,
env,
Arrays.asList(
- "create user thulab 'passwD@123456'", "grant INSERT on test.test1
to user thulab"),
+ "create user thulab 'StrngPsWd@623451@123456'",
+ "grant INSERT on test.test1 to user thulab"),
null);
// Write some data
@@ -196,7 +195,7 @@ public class IoTDBPipePermissionIT extends
AbstractPipeSingleIT {
"create pipe a2b "
+ "with source ('database'='test1', 'table'='test1') "
+ "with processor('processor'='rename-database-processor',
'processor.new-db-name'='test') "
- + "with sink ('sink'='write-back-sink', 'username'='thulab',
'password'='passwD@123456')");
+ + "with sink ('sink'='write-back-sink', 'username'='thulab',
'password'='StrngPsWd@623451@123456')");
} catch (final SQLException e) {
e.printStackTrace();
fail("Create pipe without user shall succeed if use the current
session");
diff --git
a/integration-test/src/test/java/org/apache/iotdb/relational/it/schema/IoTDBDatabaseIT.java
b/integration-test/src/test/java/org/apache/iotdb/relational/it/schema/IoTDBDatabaseIT.java
index 463a9f7e8b6..4987b6d4b0c 100644
---
a/integration-test/src/test/java/org/apache/iotdb/relational/it/schema/IoTDBDatabaseIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/relational/it/schema/IoTDBDatabaseIT.java
@@ -575,6 +575,8 @@ public class IoTDBDatabaseIT {
Assert.assertThrows(
SQLException.class, () -> statement.execute("select * from
config_nodes"));
Assert.assertThrows(SQLException.class, () -> statement.execute("select
* from data_nodes"));
+ Assert.assertThrows(
+ SQLException.class, () -> statement.executeQuery("select * from
pipe_plugins"));
// Filter out not self-created pipes
TestUtils.assertResultSetEqual(
@@ -583,12 +585,6 @@ public class IoTDBDatabaseIT {
Collections.emptySet());
// No auth needed
- TestUtils.assertResultSetEqual(
- statement.executeQuery(
- "select * from pipe_plugins where plugin_name =
'IOTDB-THRIFT-SINK'"),
- "plugin_name,plugin_type,class_name,plugin_jar,",
- Collections.singleton(
-
"IOTDB-THRIFT-SINK,Builtin,org.apache.iotdb.commons.pipe.agent.plugin.builtin.sink.iotdb.thrift.IoTDBThriftSink,null,"));
TestUtils.assertResultSetEqual(
statement.executeQuery(
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/execution/operator/source/relational/InformationSchemaContentSupplierFactory.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/execution/operator/source/relational/InformationSchemaContentSupplierFactory.java
index 51c8c72e894..1449b565c0e 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/execution/operator/source/relational/InformationSchemaContentSupplierFactory.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/execution/operator/source/relational/InformationSchemaContentSupplierFactory.java
@@ -28,6 +28,7 @@ import org.apache.iotdb.common.rpc.thrift.TConsensusGroupType;
import org.apache.iotdb.common.rpc.thrift.TDataNodeLocation;
import org.apache.iotdb.common.rpc.thrift.TEndPoint;
import org.apache.iotdb.commons.audit.UserEntity;
+import org.apache.iotdb.commons.client.exception.ClientManagerException;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.commons.exception.IoTDBRuntimeException;
import org.apache.iotdb.commons.exception.auth.AccessDeniedException;
@@ -82,6 +83,7 @@ import org.apache.iotdb.db.utils.MathUtils;
import org.apache.iotdb.db.utils.TimestampPrecisionUtils;
import org.apache.iotdb.rpc.TSStatusCode;
+import org.apache.thrift.TException;
import org.apache.tsfile.block.column.ColumnBuilder;
import org.apache.tsfile.common.conf.TSFileConfig;
import org.apache.tsfile.enums.TSDataType;
@@ -143,7 +145,7 @@ public class InformationSchemaContentSupplierFactory {
case InformationSchema.PIPES:
return new PipeSupplier(dataTypes, userEntity.getUsername());
case InformationSchema.PIPE_PLUGINS:
- return new PipePluginSupplier(dataTypes);
+ return new PipePluginSupplier(dataTypes, userEntity);
case InformationSchema.TOPICS:
return new TopicSupplier(dataTypes, userEntity);
case InformationSchema.SUBSCRIPTIONS:
@@ -603,8 +605,10 @@ public class InformationSchemaContentSupplierFactory {
private static class PipePluginSupplier extends TsBlockSupplier {
private final Iterator<PipePluginMeta> iterator;
- private PipePluginSupplier(final List<TSDataType> dataTypes) throws
Exception {
+ private PipePluginSupplier(final List<TSDataType> dataTypes, final
UserEntity entity)
+ throws ClientManagerException, TException {
super(dataTypes);
+ accessControl.checkUserGlobalSysPrivilege(entity);
try (final ConfigNodeClient client =
ConfigNodeClientManager.getInstance().borrowClient(ConfigNodeInfo.CONFIG_REGION_ID))
{
iterator =
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
index 417e65d4fe4..b7fe3f7eb68 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
@@ -1270,7 +1270,6 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
@Override
protected IConfigTask visitShowPipes(ShowPipes node, MPPQueryContext
context) {
context.setQueryType(QueryType.READ);
- accessControl.checkUserGlobalSysPrivilege(context);
return new ShowPipeTask(node, context.getSession().getUserName());
}
