This is an automated email from the ASF dual-hosted git repository.
sunnianjun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new f67605e69e4 Support ALL PRIVILEGES ON `DB`.* in
MySQLDatabasePrivilegeChecker (#34037)
f67605e69e4 is described below
commit f67605e69e42eaed528ffb773c276d28e69e5105
Author: Raigor <[email protected]>
AuthorDate: Fri Dec 13 13:25:42 2024 +0800
Support ALL PRIVILEGES ON `DB`.* in MySQLDatabasePrivilegeChecker (#34037)
* Support ALL PRIVILEGES ON `DB`.* in MySQLDatabasePrivilegeChecker
* Update RELEASE-NOTES.md
---
RELEASE-NOTES.md | 1 +
.../checker/MySQLDatabasePrivilegeChecker.java | 3 +-
.../checker/MySQLDatabasePrivilegeCheckerTest.java | 56 ++++++++++++++++++++--
3 files changed, 54 insertions(+), 6 deletions(-)
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 6416bae3536..dcc167c9503 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -54,6 +54,7 @@
1. Sharding: Fixes avg, sum, min, max function return empty data when no query
result return - [#33449](https://github.com/apache/shardingsphere/pull/33449)
1. Encrypt: Fixes merge exception without encrypt rule in database -
[#33708](https://github.com/apache/shardingsphere/pull/33708)
1. SQL Binder: Fixes the expression segment cannot find the outer table when
binding - [#34015](https://github.com/apache/shardingsphere/pull/34015)
+1. Proxy: Fixes "ALL PRIVILEGES ON `DB`.*" is not recognized during SELECT
privilege verification for MySQL -
[#34037](https://github.com/apache/shardingsphere/pull/34037)
### Change Logs
diff --git
a/infra/database/type/mysql/src/main/java/org/apache/shardingsphere/infra/database/mysql/checker/MySQLDatabasePrivilegeChecker.java
b/infra/database/type/mysql/src/main/java/org/apache/shardingsphere/infra/database/mysql/checker/MySQLDatabasePrivilegeChecker.java
index 61a2614637a..2fdfe09656d 100644
---
a/infra/database/type/mysql/src/main/java/org/apache/shardingsphere/infra/database/mysql/checker/MySQLDatabasePrivilegeChecker.java
+++
b/infra/database/type/mysql/src/main/java/org/apache/shardingsphere/infra/database/mysql/checker/MySQLDatabasePrivilegeChecker.java
@@ -98,7 +98,8 @@ public final class MySQLDatabasePrivilegeChecker implements
DialectDatabasePrivi
}
private String[][] getSelectRequiredPrivilege(final Connection connection)
throws SQLException {
- return new String[][]{{"ALL PRIVILEGES", "ON *.*"}, {"SELECT", "ON
*.*"}, {"SELECT", String.format("ON `%s`.*",
connection.getCatalog()).toUpperCase()}};
+ String onCatalog = String.format("ON `%s`.*",
connection.getCatalog().toUpperCase());
+ return new String[][]{{"ALL PRIVILEGES", "ON *.*"}, {"SELECT", "ON
*.*"}, {"ALL PRIVILEGES", onCatalog}, {"SELECT", onCatalog}};
}
private boolean matchPrivileges(final String grantedPrivileges, final
String[][] requiredPrivileges) {
diff --git
a/infra/database/type/mysql/src/test/java/org/apache/shardingsphere/infra/database/mysql/checker/MySQLDatabasePrivilegeCheckerTest.java
b/infra/database/type/mysql/src/test/java/org/apache/shardingsphere/infra/database/mysql/checker/MySQLDatabasePrivilegeCheckerTest.java
index 160223f5e57..4da2b2dce5f 100644
---
a/infra/database/type/mysql/src/test/java/org/apache/shardingsphere/infra/database/mysql/checker/MySQLDatabasePrivilegeCheckerTest.java
+++
b/infra/database/type/mysql/src/test/java/org/apache/shardingsphere/infra/database/mysql/checker/MySQLDatabasePrivilegeCheckerTest.java
@@ -56,7 +56,7 @@ class MySQLDatabasePrivilegeCheckerTest {
}
@Test
- void assertCheckPrivilegeWithParticularSuccess() throws SQLException {
+ void assertCheckPipelinePrivilegeWithParticularSuccess() throws
SQLException {
when(preparedStatement.executeQuery()).thenReturn(resultSet);
when(resultSet.next()).thenReturn(true);
when(resultSet.getString(1)).thenReturn("GRANT REPLICATION SLAVE,
REPLICATION CLIENT ON *.* TO '%'@'%'");
@@ -65,22 +65,22 @@ class MySQLDatabasePrivilegeCheckerTest {
}
@Test
- void assertCheckPrivilegeWithAllSuccess() throws SQLException {
+ void assertCheckPipelinePrivilegeWithAllSuccess() throws SQLException {
when(preparedStatement.executeQuery()).thenReturn(resultSet);
when(resultSet.next()).thenReturn(true);
- when(resultSet.getString(1)).thenReturn("GRANT ALL PRIVILEGES CLIENT
ON *.* TO '%'@'%'");
+ when(resultSet.getString(1)).thenReturn("GRANT ALL PRIVILEGES ON *.*
TO '%'@'%'");
new MySQLDatabasePrivilegeChecker().check(dataSource,
PrivilegeCheckType.PIPELINE);
verify(preparedStatement).executeQuery();
}
@Test
- void assertCheckPrivilegeLackPrivileges() throws SQLException {
+ void assertCheckPipelinePrivilegeWithLackPrivileges() throws SQLException {
when(preparedStatement.executeQuery()).thenReturn(resultSet);
assertThrows(MissingRequiredPrivilegeException.class, () -> new
MySQLDatabasePrivilegeChecker().check(dataSource, PrivilegeCheckType.PIPELINE));
}
@Test
- void assertCheckPrivilegeFailure() throws SQLException {
+ void assertCheckPipelinePrivilegeFailure() throws SQLException {
when(preparedStatement.executeQuery()).thenReturn(resultSet);
when(resultSet.next()).thenThrow(new SQLException(""));
assertThrows(CheckDatabaseEnvironmentFailedException.class, () -> new
MySQLDatabasePrivilegeChecker().check(dataSource, PrivilegeCheckType.PIPELINE));
@@ -127,4 +127,50 @@ class MySQLDatabasePrivilegeCheckerTest {
when(resultSet.next()).thenThrow(new SQLException(""));
assertThrows(CheckDatabaseEnvironmentFailedException.class, () -> new
MySQLDatabasePrivilegeChecker().check(dataSource, PrivilegeCheckType.XA));
}
+
+ @Test
+ void assertCheckSelectWithSelectPrivileges() throws SQLException {
+ when(dataSource.getConnection().getCatalog()).thenReturn("foo_db");
+ when(preparedStatement.executeQuery()).thenReturn(resultSet);
+ when(resultSet.next()).thenReturn(true);
+ when(resultSet.getString(1)).thenReturn("GRANT SELECT ON *.* TO
'%'@'%'");
+ new MySQLDatabasePrivilegeChecker().check(dataSource,
PrivilegeCheckType.SELECT);
+ verify(preparedStatement).executeQuery();
+ }
+
+ @Test
+ void assertCheckSelectWithSelectOnDatabasePrivileges() throws SQLException
{
+ when(dataSource.getConnection().getCatalog()).thenReturn("foo_db");
+ when(preparedStatement.executeQuery()).thenReturn(resultSet);
+ when(resultSet.next()).thenReturn(true);
+ when(resultSet.getString(1)).thenReturn("GRANT SELECT ON `FOO_DB`.* TO
'%'@'%'");
+ new MySQLDatabasePrivilegeChecker().check(dataSource,
PrivilegeCheckType.SELECT);
+ verify(preparedStatement).executeQuery();
+ }
+
+ @Test
+ void assertCheckSelectWithAllPrivileges() throws SQLException {
+ when(dataSource.getConnection().getCatalog()).thenReturn("foo_db");
+ when(preparedStatement.executeQuery()).thenReturn(resultSet);
+ when(resultSet.next()).thenReturn(true);
+ when(resultSet.getString(1)).thenReturn("GRANT ALL PRIVILEGES ON *.*
TO '%'@'%'");
+ new MySQLDatabasePrivilegeChecker().check(dataSource,
PrivilegeCheckType.SELECT);
+ verify(preparedStatement).executeQuery();
+ }
+
+ @Test
+ void assertCheckSelectWithAllPrivilegesOnDatabase() throws SQLException {
+ when(dataSource.getConnection().getCatalog()).thenReturn("foo_db");
+ when(preparedStatement.executeQuery()).thenReturn(resultSet);
+ when(resultSet.next()).thenReturn(true);
+ when(resultSet.getString(1)).thenReturn("GRANT ALL PRIVILEGES ON
`FOO_DB`.* TO '%'@'%'");
+ new MySQLDatabasePrivilegeChecker().check(dataSource,
PrivilegeCheckType.SELECT);
+ verify(preparedStatement).executeQuery();
+ }
+
+ @Test
+ void assertCheckSelectWithLackPrivileges() throws SQLException {
+ when(preparedStatement.executeQuery()).thenReturn(resultSet);
+ assertThrows(MissingRequiredPrivilegeException.class, () -> new
MySQLDatabasePrivilegeChecker().check(dataSource, PrivilegeCheckType.SELECT));
+ }
}
