This is an automated email from the ASF dual-hosted git repository.
duanzhengqiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 3b88a1d2c3d support skipEncryptRewrite hint to force skip encrypt
rewrite (#15965)
3b88a1d2c3d is described below
commit 3b88a1d2c3d2064da54bc200c3c63d61edd57bec
Author: cheese8 <[email protected]>
AuthorDate: Sun Apr 17 07:40:23 2022 +0800
support skipEncryptRewrite hint to force skip encrypt rewrite (#15965)
* support set blank to clear plain after encrypt
* add compared testcases
* Update update.xml
* Update update.xml
* Update update.xml
* Update update.xml
* Update update.xml
* align to review
* Update update.xml
---
.../rewrite/token/EncryptTokenGenerateBuilder.java | 4 +-
.../infra/hint/SQLHintExtractor.java | 9 ++++
.../infra/hint/SQLHintPropertiesKey.java | 7 ++-
.../case/query-with-cipher/dml/update/update.xml | 50 +++++++++++++++-------
4 files changed, 53 insertions(+), 17 deletions(-)
diff --git
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/EncryptTokenGenerateBuilder.java
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/EncryptTokenGenerateBuilder.java
index 9216100e39b..f67cd9a0c88 100644
---
a/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/EncryptTokenGenerateBuilder.java
+++
b/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/EncryptTokenGenerateBuilder.java
@@ -35,6 +35,7 @@ import
org.apache.shardingsphere.encrypt.rewrite.token.generator.EncryptProjecti
import
org.apache.shardingsphere.encrypt.rewrite.token.generator.InsertCipherNameTokenGenerator;
import org.apache.shardingsphere.encrypt.rule.EncryptRule;
import org.apache.shardingsphere.encrypt.rule.aware.EncryptRuleAware;
+import
org.apache.shardingsphere.infra.binder.statement.CommonSQLStatementContext;
import org.apache.shardingsphere.infra.binder.statement.SQLStatementContext;
import
org.apache.shardingsphere.infra.rewrite.sql.token.generator.SQLTokenGenerator;
import
org.apache.shardingsphere.infra.rewrite.sql.token.generator.builder.SQLTokenGeneratorBuilder;
@@ -75,7 +76,8 @@ public final class EncryptTokenGenerateBuilder implements
SQLTokenGeneratorBuild
}
private void addSQLTokenGenerator(final Collection<SQLTokenGenerator>
sqlTokenGenerators, final SQLTokenGenerator toBeAddedSQLTokenGenerator) {
- if
(toBeAddedSQLTokenGenerator.isGenerateSQLToken(sqlStatementContext)) {
+ if (!((CommonSQLStatementContext)
sqlStatementContext).getSqlHintExtractor().isHintEncryptRewriteNeeded()
+ &&
toBeAddedSQLTokenGenerator.isGenerateSQLToken(sqlStatementContext)) {
setUpSQLTokenGenerator(toBeAddedSQLTokenGenerator);
sqlTokenGenerators.add(toBeAddedSQLTokenGenerator);
}
diff --git
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/hint/SQLHintExtractor.java
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/hint/SQLHintExtractor.java
index d8d67f6c864..6118e935e47 100644
---
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/hint/SQLHintExtractor.java
+++
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/hint/SQLHintExtractor.java
@@ -66,4 +66,13 @@ public final class SQLHintExtractor {
public boolean isHintWriteRouteOnly() {
return
sqlHintProperties.getValue(SQLHintPropertiesKey.WRITE_ROUTE_ONLY_KEY);
}
+
+ /**
+ * Judge whether is hint indicated encrypt rewrite needed or skip.
+ *
+ * @return whether is hint indicated encrypt rewrite needed or skip
+ */
+ public boolean isHintEncryptRewriteNeeded() {
+ return
sqlHintProperties.getValue(SQLHintPropertiesKey.SKIP_ENCRYPT_REWRITE_KEY);
+ }
}
diff --git
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/hint/SQLHintPropertiesKey.java
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/hint/SQLHintPropertiesKey.java
index 390ba785e3a..cc16097bd71 100644
---
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/hint/SQLHintPropertiesKey.java
+++
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/hint/SQLHintPropertiesKey.java
@@ -41,7 +41,12 @@ public enum SQLHintPropertiesKey implements TypedPropertyKey
{
/**
* Whether to use traffic or not.
*/
- USE_TRAFFIC("useTraffic", String.valueOf(Boolean.FALSE), boolean.class);
+ USE_TRAFFIC("useTraffic", String.valueOf(Boolean.FALSE), boolean.class),
+
+ /**
+ * Whether hint indicate encrypt rewrite needed or skip.
+ */
+ SKIP_ENCRYPT_REWRITE_KEY("skipEncryptRewrite",
String.valueOf(Boolean.FALSE), boolean.class);
private final String key;
diff --git
a/shardingsphere-test/shardingsphere-rewrite-test/src/test/resources/scenario/encrypt/case/query-with-cipher/dml/update/update.xml
b/shardingsphere-test/shardingsphere-rewrite-test/src/test/resources/scenario/encrypt/case/query-with-cipher/dml/update/update.xml
index 1d8349d1aed..32b824474fc 100644
---
a/shardingsphere-test/shardingsphere-rewrite-test/src/test/resources/scenario/encrypt/case/query-with-cipher/dml/update/update.xml
+++
b/shardingsphere-test/shardingsphere-rewrite-test/src/test/resources/scenario/encrypt/case/query-with-cipher/dml/update/update.xml
@@ -21,31 +21,51 @@
<input sql="UPDATE t_account SET account_id = ?, certificate_number =
?, password = ?, amount = ?, status = ? WHERE account_id = ? AND
certificate_number = ? AND password = ? AND amount = ? AND status = ?"
parameters="1, 111X, aaa, 1000, OK, 1, 111X, aaa, 1000, OK" />
<output sql="UPDATE t_account SET account_id = ?,
cipher_certificate_number = ?, assisted_query_certificate_number = ?,
cipher_password = ?, assisted_query_password = ?, cipher_amount = ?, status = ?
WHERE account_id = ? AND assisted_query_certificate_number = ? AND
assisted_query_password = ? AND cipher_amount = ? AND status = ?"
parameters="1, encrypt_111X, assisted_query_111X, encrypt_aaa,
assisted_query_aaa, encrypt_1000, OK, 1, assisted_query_111X,
assisted_query_aaa, encryp [...]
</rewrite-assertion>
-
+
<rewrite-assertion id="update_for_literals" db-types="MySQL">
<input sql="UPDATE t_account SET account_id = 1, certificate_number =
'111X', password = 'aaa', amount = 1000, status = 'OK' WHERE account_id = 1 AND
certificate_number = '111X' AND password = 'aaa' AND amount = 1000 AND status =
'OK'" />
<output sql="UPDATE t_account SET account_id = 1,
cipher_certificate_number = 'encrypt_111X', assisted_query_certificate_number =
'assisted_query_111X', cipher_password = 'encrypt_aaa', assisted_query_password
= 'assisted_query_aaa', cipher_amount = 'encrypt_1000', status = 'OK' WHERE
account_id = 1 AND assisted_query_certificate_number = 'assisted_query_111X'
AND assisted_query_password = 'assisted_query_aaa' AND cipher_amount =
'encrypt_1000' AND status = 'OK'" />
</rewrite-assertion>
-
-<!-- TODO FIX ME!-->
-<!-- <rewrite-assertion id="update_plain_for_parameters"
db-types="MySQL">-->
-<!-- <input sql="UPDATE t_account_bak SET account_id = ?,
certificate_number = ?, password = ?, amount = ?, status = ? WHERE account_id =
? AND certificate_number = ? AND password = ? AND amount = ? AND status = ?"
parameters="1, 111X, aaa, 1000, OK, 1, 111X, aaa, 1000, OK" />-->
-<!-- <output sql="UPDATE t_account_bak SET account_id = ?,
cipher_certificate_number = ?, assisted_query_certificate_number = ?,
plain_certificate_number = ?, cipher_password = ?, assisted_query_password = ?,
plain_password = ?, cipher_amount = ?, plain_amount = ?, status = ? WHERE
account_id = ? AND assisted_query_certificate_number = ? AND
assisted_query_password = ? AND cipher_amount = ? AND status = ?"
parameters="1, encrypt_111X, assisted_query_111X, 111X, encrypt_aaa, assist
[...]
-<!-- </rewrite-assertion>-->
-
+
+ <!-- TODO FIX ME!-->
+ <!-- <rewrite-assertion id="update_plain_for_parameters"
db-types="MySQL">-->
+ <!-- <input sql="UPDATE t_account_bak SET account_id = ?,
certificate_number = ?, password = ?, amount = ?, status = ? WHERE account_id =
? AND certificate_number = ? AND password = ? AND amount = ? AND status = ?"
parameters="1, 111X, aaa, 1000, OK, 1, 111X, aaa, 1000, OK" />-->
+ <!-- <output sql="UPDATE t_account_bak SET account_id = ?,
cipher_certificate_number = ?, assisted_query_certificate_number = ?,
plain_certificate_number = ?, cipher_password = ?, assisted_query_password = ?,
plain_password = ?, cipher_amount = ?, plain_amount = ?, status = ? WHERE
account_id = ? AND assisted_query_certificate_number = ? AND
assisted_query_password = ? AND cipher_amount = ? AND status = ?"
parameters="1, encrypt_111X, assisted_query_111X, 111X, encrypt_aaa, as [...]
+ <!-- </rewrite-assertion>-->
+
<rewrite-assertion id="update_plain_for_literals" db-types="MySQL">
<input sql="UPDATE t_account_bak SET account_id = 1,
certificate_number = '111X', password = 'aaa', amount = 1000, status = 'OK'
WHERE account_id = 1 AND certificate_number = '111X' AND password = 'aaa' AND
amount = 1000 AND status = 'OK'" />
<output sql="UPDATE t_account_bak SET account_id = 1,
cipher_certificate_number = 'encrypt_111X', assisted_query_certificate_number =
'assisted_query_111X', plain_certificate_number = '111X', cipher_password =
'encrypt_aaa', assisted_query_password = 'assisted_query_aaa', plain_password =
'aaa', cipher_amount = 'encrypt_1000', plain_amount = 1000, status = 'OK' WHERE
account_id = 1 AND assisted_query_certificate_number = 'assisted_query_111X'
AND assisted_query_password = 'assist [...]
</rewrite-assertion>
-
-<!-- TODO FIX ME!-->
-<!-- <rewrite-assertion id="update_multi_for_parameters"
db-types="MySQL">-->
-<!-- <input sql="UPDATE t_account_bak SET account_id = ?, password = ?,
amount = ?, status = ? WHERE account_id = ? AND password = ? AND amount = ? AND
status = ?" parameters="1, aaa, 1000, OK, 1, aaa, 1000, OK" />-->
-<!-- <output sql="UPDATE t_account_bak SET account_id = ?,
cipher_password = ?, assisted_query_password = ?, plain_password = ?,
cipher_amount = ?, plain_amount = ?, status = ? WHERE account_id = ? AND
assisted_query_password = ? AND cipher_amount = ? AND status = ?"
parameters="1, encrypt_aaa, assisted_query_aaa, aaa, encrypt_1000, 1000, OK, 1,
assisted_query_aaa, 1000, OK" />-->
-<!-- </rewrite-assertion>-->
-
+
+ <!-- TODO FIX ME!-->
+ <!-- <rewrite-assertion id="update_multi_for_parameters"
db-types="MySQL">-->
+ <!-- <input sql="UPDATE t_account_bak SET account_id = ?, password
= ?, amount = ?, status = ? WHERE account_id = ? AND password = ? AND amount =
? AND status = ?" parameters="1, aaa, 1000, OK, 1, aaa, 1000, OK" />-->
+ <!-- <output sql="UPDATE t_account_bak SET account_id = ?,
cipher_password = ?, assisted_query_password = ?, plain_password = ?,
cipher_amount = ?, plain_amount = ?, status = ? WHERE account_id = ? AND
assisted_query_password = ? AND cipher_amount = ? AND status = ?"
parameters="1, encrypt_aaa, assisted_query_aaa, aaa, encrypt_1000, 1000, OK, 1,
assisted_query_aaa, 1000, OK" />-->
+ <!-- </rewrite-assertion>-->
+
<rewrite-assertion id="update_plain_for_literals" db-types="MySQL">
<input sql="UPDATE t_account_bak SET account_id = 1, password = 'aaa',
amount = 1000, status = 'OK' WHERE account_id = 1 AND password = 'aaa' AND
amount = 1000 AND status = 'OK'" />
<output sql="UPDATE t_account_bak SET account_id = 1, cipher_password
= 'encrypt_aaa', assisted_query_password = 'assisted_query_aaa', plain_password
= 'aaa', cipher_amount = 'encrypt_1000', plain_amount = 1000, status = 'OK'
WHERE account_id = 1 AND assisted_query_password = 'assisted_query_aaa' AND
cipher_amount = 'encrypt_1000' AND status = 'OK'" />
</rewrite-assertion>
+
+ <rewrite-assertion
id="update_blank_to_clear_plain_with_skip_encrypt_rewrite_true"
db-types="MySQL">
+ <input sql="/*shardingsphere hint: skipEncryptRewrite=true*/UPDATE
t_account_bak SET certificate_number = '', status = 'OK'" />
+ <output sql="/*shardingsphere hint: skipEncryptRewrite=true*/UPDATE
t_account_bak SET certificate_number = '', status = 'OK'" />
+ </rewrite-assertion>
+
+ <rewrite-assertion
id="update_blank_to_clear_plain_with_skip_encrypt_rewrite_false"
db-types="MySQL">
+ <input sql="/*shardingsphere hint: skipEncryptRewrite=false*/UPDATE
t_account_bak SET certificate_number = '', status = 'OK'" />
+ <output sql="/*shardingsphere hint: skipEncryptRewrite=false*/UPDATE
t_account_bak SET cipher_certificate_number = 'encrypt_',
assisted_query_certificate_number = 'assisted_query_', plain_certificate_number
= '', status = 'OK'" />
+ </rewrite-assertion>
+
+ <rewrite-assertion
id="update_blank_to_clear_plain_with_normal_skip_encrypt_rewrite_hint"
db-types="MySQL">
+ <input sql="UPDATE t_account_bak SET certificate_number = '', status =
'OK'" />
+ <output sql="UPDATE t_account_bak SET cipher_certificate_number =
'encrypt_', assisted_query_certificate_number = 'assisted_query_',
plain_certificate_number = '', status = 'OK'" />
+ </rewrite-assertion>
+
+ <rewrite-assertion id="update_null_to_clear_plain" db-types="MySQL">
+ <input sql="UPDATE t_account_bak SET certificate_number = null" />
+ <output sql="UPDATE t_account_bak SET certificate_number = null" />
+ </rewrite-assertion>
</rewrite-assertions>
