Re: [PR] Pipe: Fixed the auth implementation error [iotdb]

Mon, 01 Dec 2025 18:39:11 -0800 


jt2594838 commented on code in PR #16847:
URL: https://github.com/apache/iotdb/pull/16847#discussion_r2579383365


##########
integration-test/src/test/java/org/apache/iotdb/pipe/it/single/IoTDBPipePermissionIT.java:
##########
@@ -156,14 +155,12 @@ public void testSinkPermission() {
     }
 
     // A user shall only see its own pipe
-    try (final SyncConfigNodeIServiceClient client =
-        (SyncConfigNodeIServiceClient) env.getLeaderConfigNodeConnection()) {
-      Assert.assertEquals(
-          1,
-          client
-              .showPipe(new 
TShowPipeReq().setIsTableModel(true).setUserName("thulab"))
-              .pipeInfoList
-              .size());
+    try (final Connection connection =
+            env.getConnection("thulab", "passwd", BaseEnv.TABLE_SQL_DIALECT);
+        final Statement statement = connection.createStatement()) {
+      final ResultSet result = statement.executeQuery("show pipes");
+      Assert.assertTrue(result.next());
+      Assert.assertFalse(result.next());

Review Comment:
   Better to switch to a strong password.



##########
integration-test/src/test/java/org/apache/iotdb/relational/it/schema/IoTDBDatabaseIT.java:
##########
@@ -583,12 +585,6 @@ public void testInformationSchema() throws SQLException {
           Collections.emptySet());
 
       // No auth needed
-      TestUtils.assertResultSetEqual(
-          statement.executeQuery(
-              "select * from pipe_plugins where plugin_name = 
'IOTDB-THRIFT-SINK'"),
-          "plugin_name,plugin_type,class_name,plugin_jar,",
-          Collections.singleton(
-              
"IOTDB-THRIFT-SINK,Builtin,org.apache.iotdb.commons.pipe.agent.plugin.builtin.sink.iotdb.thrift.IoTDBThriftSink,null,"));

Review Comment:
   Is there a test that tests an authenticated user who can perform this query?



##########
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java:
##########
@@ -1270,7 +1270,6 @@ protected IConfigTask visitStopPipe(StopPipe node, 
MPPQueryContext context) {
   @Override
   protected IConfigTask visitShowPipes(ShowPipes node, MPPQueryContext 
context) {
     context.setQueryType(QueryType.READ);
-    accessControl.checkUserGlobalSysPrivilege(context);
     return new ShowPipeTask(node, context.getSession().getUserName());
   }

Review Comment:
   Where is the access control performed now?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to