This is an automated email from the ASF dual-hosted git repository. morningman pushed a commit to branch branch-2.0 in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.0 by this push: new ceb4fd56c55 [branch-2.0](polixy)support drop policy for user or role (#29488) (#29645) ceb4fd56c55 is described below commit ceb4fd56c55510c29bf268724b537ff3719eb7eb Author: zhangdong <493738...@qq.com> AuthorDate: Thu Jan 11 14:48:55 2024 +0800 [branch-2.0](polixy)support drop policy for user or role (#29488) (#29645) bp #29488 --- .../Data-Definition-Statements/Drop/DROP-POLICY.md | 10 +++- .../sql-reference/Show-Statements/SHOW-POLICY.md | 16 +++++- .../Data-Definition-Statements/Drop/DROP-POLICY.md | 10 +++- .../sql-reference/Show-Statements/SHOW-POLICY.md | 16 +++++- fe/fe-core/src/main/cup/sql_parser.cup | 16 ++++-- .../org/apache/doris/analysis/DropPolicyStmt.java | 35 ++++++++++++- .../org/apache/doris/policy/DropPolicyLog.java | 33 +++++++++++- .../java/org/apache/doris/policy/RowPolicy.java | 7 +++ .../nereids/rules/analysis/CheckRowPolicyTest.java | 17 +++++-- .../java/org/apache/doris/policy/PolicyTest.java | 58 +++++++++++----------- .../account_p0/test_nereids_row_policy.groovy | 2 +- 11 files changed, 171 insertions(+), 49 deletions(-) diff --git a/docs/en/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md b/docs/en/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md index 50d655d65a4..2de113d2e00 100644 --- a/docs/en/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md +++ b/docs/en/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md @@ -40,7 +40,7 @@ Grammar: 1. Drop row policy ```sql -DROP ROW POLICY test_row_policy_1 on table1 [FOR user]; +DROP ROW POLICY test_row_policy_1 on table1 [FOR user| ROLE role]; ``` 2. Drop storage policy @@ -61,8 +61,14 @@ DROP STORAGE POLICY policy_name1 ```sql DROP ROW POLICY test_row_policy_1 on table1 for test ``` + +3. Drop the row policy for table1 using by role1 -3. Drop the storage policy named policy_name1 + ```sql + DROP ROW POLICY test_row_policy_1 on table1 for role role1 + ``` + +4. Drop the storage policy named policy_name1 ```sql DROP STORAGE POLICY policy_name1 ``` diff --git a/docs/en/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md b/docs/en/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md index 2d5cd9b04c5..9c55953be2c 100644 --- a/docs/en/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md +++ b/docs/en/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md @@ -35,7 +35,7 @@ SHOW ROW POLICY View the row security policy under the current DB ```sql -SHOW ROW POLICY [FOR user] +SHOW ROW POLICY [FOR user| ROLE role] ``` ### Example @@ -68,7 +68,19 @@ SHOW ROW POLICY [FOR user] 1 row in set (0.01 sec) ``` -3. demonstrate data migration strategies +3. specify role name query + + ```sql + mysql> SHOW ROW POLICY for role role1; + +------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+ + | PolicyName | DbName | TableName | Type | FilterType | WherePredicate | User | Role | OriginStmt | + +------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+ + | zdtest1 | zd | user | ROW | RESTRICTIVE | `user_id` = 1 | NULL | role1 | create row policy zdtest1 on user as restrictive to role role1 using (user_id=1) | + +------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+ + 1 row in set (0.01 sec) + ``` + +4. demonstrate data migration strategies ```sql mysql> SHOW STORAGE POLICY; +---------------------+---------+-----------------------+---------------------+-------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/docs/zh-CN/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md b/docs/zh-CN/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md index f860a189ee7..e75b7424bae 100644 --- a/docs/zh-CN/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md +++ b/docs/zh-CN/docs/sql-manual/sql-reference/Data-Definition-Statements/Drop/DROP-POLICY.md @@ -40,7 +40,7 @@ DROP POLICY 1. 删除行安全策略 ```sql -DROP ROW POLICY test_row_policy_1 on table1 [FOR user]; +DROP ROW POLICY test_row_policy_1 on table1 [FOR user| ROLE role]; ``` 2. 删除存储策略 @@ -62,7 +62,13 @@ DROP STORAGE POLICY policy_name1 DROP ROW POLICY test_row_policy_1 on table1 for test ``` -3. 删除名字为policy_name1的存储策略 +3. 删除 table1 作用于 role1 的 test_row_policy_1 行安全策略 + + ```sql + DROP ROW POLICY test_row_policy_1 on table1 for role role1 + ``` + +4. 删除名字为policy_name1的存储策略 ```sql DROP STORAGE POLICY policy_name1 ``` diff --git a/docs/zh-CN/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md b/docs/zh-CN/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md index af45d6f98a5..44b77d97b5c 100644 --- a/docs/zh-CN/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md +++ b/docs/zh-CN/docs/sql-manual/sql-reference/Show-Statements/SHOW-POLICY.md @@ -37,7 +37,7 @@ SHOW ROW POLICY 语法: ```sql -SHOW ROW POLICY [FOR user] +SHOW ROW POLICY [FOR user| ROLE role] ``` ### Example @@ -70,7 +70,19 @@ SHOW ROW POLICY [FOR user] 1 row in set (0.01 sec) ``` -3. 展示数据迁移策略 +3. 指定角色名查询 + + ```sql + mysql> SHOW ROW POLICY for role role1; + +------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+ + | PolicyName | DbName | TableName | Type | FilterType | WherePredicate | User | Role | OriginStmt | + +------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+ + | zdtest1 | zd | user | ROW | RESTRICTIVE | `user_id` = 1 | NULL | role1 | create row policy zdtest1 on user as restrictive to role role1 using (user_id=1) | + +------------+--------+-----------+------+-------------+----------------+------+-------+----------------------------------------------------------------------------------+ + 1 row in set (0.01 sec) + ``` + +4. 展示数据迁移策略 ```sql mysql> SHOW STORAGE POLICY; +---------------------+---------+-----------------------+---------------------+-------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/fe/fe-core/src/main/cup/sql_parser.cup b/fe/fe-core/src/main/cup/sql_parser.cup index 70370a2cf55..18ca4f4a1a1 100644 --- a/fe/fe-core/src/main/cup/sql_parser.cup +++ b/fe/fe-core/src/main/cup/sql_parser.cup @@ -3068,13 +3068,21 @@ drop_stmt ::= {: RESULT = new DropSqlBlockRuleStmt(ifExists, ruleNames); :} - | KW_DROP KW_ROW KW_POLICY opt_if_exists:ifExists ident:policyName + | KW_DROP KW_ROW KW_POLICY opt_if_exists:ifExists ident:policyName KW_ON table_name:tbl {: - RESULT = new DropPolicyStmt(PolicyTypeEnum.ROW, ifExists, policyName); + RESULT = new DropPolicyStmt(PolicyTypeEnum.ROW, ifExists, policyName, tbl, null, null); + :} + | KW_DROP KW_ROW KW_POLICY opt_if_exists:ifExists ident:policyName KW_ON table_name:tbl KW_FOR user_identity:user + {: + RESULT = new DropPolicyStmt(PolicyTypeEnum.ROW, ifExists, policyName, tbl, user, null); + :} + | KW_DROP KW_ROW KW_POLICY opt_if_exists:ifExists ident:policyName KW_ON table_name:tbl KW_FOR KW_ROLE ident:role + {: + RESULT = new DropPolicyStmt(PolicyTypeEnum.ROW, ifExists, policyName, tbl, null, role); :} | KW_DROP KW_STORAGE KW_POLICY opt_if_exists:ifExists ident:policyName {: - RESULT = new DropPolicyStmt(PolicyTypeEnum.STORAGE, ifExists, policyName); + RESULT = new DropPolicyStmt(PolicyTypeEnum.STORAGE, ifExists, policyName, null, null, null); :} /* statistics */ | KW_DROP KW_STATS table_name:tbl opt_col_list:cols @@ -3726,7 +3734,7 @@ show_stmt ::= {: RESULT = new ShowPolicyStmt(PolicyTypeEnum.ROW, user, null); :} - | KW_SHOW KW_ROW KW_POLICY KW_FOR KW_ROLE STRING_LITERAL:role + | KW_SHOW KW_ROW KW_POLICY KW_FOR KW_ROLE ident:role {: RESULT = new ShowPolicyStmt(PolicyTypeEnum.ROW, null, role); :} diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropPolicyStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropPolicyStmt.java index 541206bef0d..a21f0f2e704 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/DropPolicyStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/DropPolicyStmt.java @@ -27,11 +27,12 @@ import org.apache.doris.qe.ConnectContext; import lombok.AllArgsConstructor; import lombok.Getter; +import org.apache.commons.lang3.StringUtils; /** * Drop policy statement. * syntax: - * DROP [ROW] POLICY [IF EXISTS] test_row_policy + * DROP [ROW] POLICY [IF EXISTS] test_row_policy ON test_table [FOR user|ROLE role] **/ @AllArgsConstructor public class DropPolicyStmt extends DdlStmt { @@ -45,9 +46,28 @@ public class DropPolicyStmt extends DdlStmt { @Getter private final String policyName; + @Getter + private final TableName tableName; + + @Getter + private final UserIdentity user; + + @Getter + private final String roleName; + @Override public void analyze(Analyzer analyzer) throws UserException { super.analyze(analyzer); + switch (type) { + case STORAGE: + break; + case ROW: + default: + tableName.analyze(analyzer); + if (user != null) { + user.analyze(analyzer.getClusterName()); + } + } // check auth if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.ADMIN)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "ADMIN"); @@ -62,6 +82,19 @@ public class DropPolicyStmt extends DdlStmt { sb.append("IF EXISTS "); } sb.append(policyName); + switch (type) { + case STORAGE: + break; + case ROW: + default: + sb.append(" ON ").append(tableName.toSql()); + if (user != null) { + sb.append(" FOR ").append(user.getQualifiedUser()); + } + if (StringUtils.isEmpty(roleName)) { + sb.append(" FOR ROLE ").append(roleName); + } + } return sb.toString(); } } diff --git a/fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java b/fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java index 7ff18ed4135..9b58e5b4d99 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java +++ b/fe/fe-core/src/main/java/org/apache/doris/policy/DropPolicyLog.java @@ -18,10 +18,15 @@ package org.apache.doris.policy; import org.apache.doris.analysis.DropPolicyStmt; +import org.apache.doris.analysis.UserIdentity; +import org.apache.doris.catalog.Database; +import org.apache.doris.catalog.Env; +import org.apache.doris.catalog.Table; import org.apache.doris.common.AnalysisException; import org.apache.doris.common.io.Text; import org.apache.doris.common.io.Writable; import org.apache.doris.persist.gson.GsonUtils; +import org.apache.doris.qe.ConnectContext; import com.google.gson.annotations.SerializedName; import lombok.AllArgsConstructor; @@ -37,18 +42,44 @@ import java.io.IOException; @AllArgsConstructor @Getter public class DropPolicyLog implements Writable { + + @SerializedName(value = "dbId") + private long dbId; + + @SerializedName(value = "tableId") + private long tableId; + @SerializedName(value = "type") private PolicyTypeEnum type; @SerializedName(value = "policyName") private String policyName; + @SerializedName(value = "user") + private UserIdentity user; + + @SerializedName(value = "roleName") + private String roleName; /** * Generate delete logs through stmt. **/ public static DropPolicyLog fromDropStmt(DropPolicyStmt stmt) throws AnalysisException { - return new DropPolicyLog(stmt.getType(), stmt.getPolicyName()); + switch (stmt.getType()) { + case STORAGE: + return new DropPolicyLog(-1, -1, stmt.getType(), stmt.getPolicyName(), null, null); + case ROW: + String curDb = stmt.getTableName().getDb(); + if (curDb == null) { + curDb = ConnectContext.get().getDatabase(); + } + Database db = Env.getCurrentInternalCatalog().getDbOrAnalysisException(curDb); + Table table = db.getTableOrAnalysisException(stmt.getTableName().getTbl()); + return new DropPolicyLog(db.getId(), table.getId(), stmt.getType(), + stmt.getPolicyName(), stmt.getUser(), stmt.getRoleName()); + default: + throw new AnalysisException("Invalid policy type: " + stmt.getType().name()); + } } @Override diff --git a/fe/fe-core/src/main/java/org/apache/doris/policy/RowPolicy.java b/fe/fe-core/src/main/java/org/apache/doris/policy/RowPolicy.java index d1d2cc6636c..d69468d9d43 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/policy/RowPolicy.java +++ b/fe/fe-core/src/main/java/org/apache/doris/policy/RowPolicy.java @@ -175,6 +175,13 @@ public class RowPolicy extends Policy { rowPolicy.getPolicyName(), rowPolicy.getUser(), rowPolicy.getRoleName()); } + @Override + public boolean matchPolicy(DropPolicyLog checkedDropPolicyLogCondition) { + return checkMatched(checkedDropPolicyLogCondition.getDbId(), checkedDropPolicyLogCondition.getTableId(), + checkedDropPolicyLogCondition.getType(), checkedDropPolicyLogCondition.getPolicyName(), + checkedDropPolicyLogCondition.getUser(), checkedDropPolicyLogCondition.getRoleName()); + } + @Override public boolean isInvalid() { return (wherePredicate == null); diff --git a/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java b/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java index 1e81db8bf96..c8361a4ce4c 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/nereids/rules/analysis/CheckRowPolicyTest.java @@ -91,7 +91,8 @@ public class CheckRowPolicyTest extends TestWithFeService { user.analyze(SystemInfoService.DEFAULT_CLUSTER); CreateUserStmt createUserStmt = new CreateUserStmt(new UserDesc(user)); Env.getCurrentEnv().getAuth().createUser(createUserStmt); - List<AccessPrivilegeWithCols> privileges = Lists.newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.ADMIN_PRIV)); + List<AccessPrivilegeWithCols> privileges = Lists + .newArrayList(new AccessPrivilegeWithCols(AccessPrivilege.ADMIN_PRIV)); TablePattern tablePattern = new TablePattern("*", "*", "*"); tablePattern.analyze(SystemInfoService.DEFAULT_CLUSTER); GrantStmt grantStmt = new GrantStmt(user, null, tablePattern, privileges); @@ -102,7 +103,8 @@ public class CheckRowPolicyTest extends TestWithFeService { @Test public void checkUser() throws AnalysisException, org.apache.doris.common.AnalysisException { - LogicalRelation relation = new LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable, Arrays.asList(fullDbName)); + LogicalRelation relation = new LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable, + Arrays.asList(fullDbName)); LogicalCheckPolicy<LogicalRelation> checkPolicy = new LogicalCheckPolicy<>(relation); useUser("root"); @@ -117,7 +119,8 @@ public class CheckRowPolicyTest extends TestWithFeService { @Test public void checkNoPolicy() throws org.apache.doris.common.AnalysisException { useUser(userName); - LogicalRelation relation = new LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable, Arrays.asList(fullDbName)); + LogicalRelation relation = new LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable, + Arrays.asList(fullDbName)); LogicalCheckPolicy<LogicalRelation> checkPolicy = new LogicalCheckPolicy<>(relation); Plan plan = PlanRewriter.bottomUpRewrite(checkPolicy, connectContext, new CheckPolicy()); Assertions.assertEquals(plan, relation); @@ -126,7 +129,8 @@ public class CheckRowPolicyTest extends TestWithFeService { @Test public void checkOnePolicy() throws Exception { useUser(userName); - LogicalRelation relation = new LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable, Arrays.asList(fullDbName)); + LogicalRelation relation = new LogicalOlapScan(StatementScopeIdGenerator.newRelationId(), olapTable, + Arrays.asList(fullDbName)); LogicalCheckPolicy<LogicalRelation> checkPolicy = new LogicalCheckPolicy<>(relation); connectContext.getSessionVariable().setEnableNereidsPlanner(true); createPolicy("CREATE ROW POLICY " @@ -144,6 +148,9 @@ public class CheckRowPolicyTest extends TestWithFeService { Assertions.assertTrue(ImmutableList.copyOf(filter.getConjuncts()).get(0) instanceof EqualTo); Assertions.assertTrue(filter.getConjuncts().toString().contains("'k1 = 1")); - dropPolicy("DROP ROW POLICY " + policyName); + dropPolicy("DROP ROW POLICY " + + policyName + + " ON " + + tableName); } } diff --git a/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java b/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java index d7d286e60f3..85c432f0114 100644 --- a/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java +++ b/fe/fe-core/src/test/java/org/apache/doris/policy/PolicyTest.java @@ -110,13 +110,13 @@ public class PolicyTest extends TestWithFeService { String queryStr = "EXPLAIN select /*+ SET_VAR(enable_nereids_planner=false) */ * from test.table1"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("`k1` = 1")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1"); // test role createPolicy("CREATE ROW POLICY test_row_policy ON test.table1 AS PERMISSIVE TO ROLE role1 USING (k1 = 2)"); queryStr = "EXPLAIN select /*+ SET_VAR(enable_nereids_planner=false) */ * from test.table1"; explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("`k1` = 2")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1 for role role1"); } @Test @@ -126,13 +126,13 @@ public class PolicyTest extends TestWithFeService { String queryStr = "EXPLAIN select * from test.table1"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("k1[#0] = 1")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1"); //test role createPolicy("CREATE ROW POLICY test_row_policy ON test.table1 AS PERMISSIVE TO ROLE role1 USING (k1 = 2)"); queryStr = "EXPLAIN select * from test.table1"; explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("k1[#0] = 2")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1"); } @Test @@ -142,7 +142,7 @@ public class PolicyTest extends TestWithFeService { String queryStr = "EXPLAIN select /*+ SET_VAR(enable_nereids_planner=false) */ * from test.table3"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("`k1` = 1")); - dropPolicy("DROP ROW POLICY test_unique_policy"); + dropPolicy("DROP ROW POLICY test_unique_policy ON test.table3"); } @Test @@ -152,7 +152,7 @@ public class PolicyTest extends TestWithFeService { String queryStr = "EXPLAIN select * from test.table3"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("k1[#0] = 1")); - dropPolicy("DROP ROW POLICY test_unique_policy"); + dropPolicy("DROP ROW POLICY test_unique_policy ON test.table3"); } @Test @@ -164,7 +164,7 @@ public class PolicyTest extends TestWithFeService { queryStr = "EXPLAIN select /*+ SET_VAR(enable_nereids_planner=false) */ * from test.table1 b"; explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("`b`.`k1` = 1")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1"); } @Test @@ -178,7 +178,7 @@ public class PolicyTest extends TestWithFeService { queryStr = "EXPLAIN select * from test.table1 b"; explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("k1[#0] = 1")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1"); connectContext.getSessionVariable().setEnableNereidsPlanner(beforeConfig); } @@ -189,7 +189,7 @@ public class PolicyTest extends TestWithFeService { = "EXPLAIN select /*+ SET_VAR(enable_nereids_planner=false) */ * from test.table1 union all select * from test.table1"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("`k1` = 1")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1"); } @Test @@ -198,7 +198,7 @@ public class PolicyTest extends TestWithFeService { String queryStr = "EXPLAIN select * from test.table1 union all select * from test.table1"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("k1[#0] = 1")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1"); } @Test @@ -208,7 +208,7 @@ public class PolicyTest extends TestWithFeService { = "EXPLAIN insert into test.table1 select /*+ SET_VAR(enable_nereids_planner=false) */ * from test.table1"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("`k1` = 1")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1"); } @Test @@ -217,7 +217,7 @@ public class PolicyTest extends TestWithFeService { String queryStr = "EXPLAIN insert into test.table1 select * from test.table1"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("k1[#0] = 1")); - dropPolicy("DROP ROW POLICY test_row_policy"); + dropPolicy("DROP ROW POLICY test_row_policy ON test.table1"); } @Test @@ -228,7 +228,7 @@ public class PolicyTest extends TestWithFeService { ExceptionChecker.expectThrowsWithMsg(DdlException.class, "the policy test_row_policy1 already create", () -> createPolicy("CREATE ROW POLICY test_row_policy1 ON test.table1 AS PERMISSIVE" + " TO test_policy USING (k1 = 1)")); - dropPolicy("DROP ROW POLICY test_row_policy1"); + dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1"); } @Test @@ -247,8 +247,8 @@ public class PolicyTest extends TestWithFeService { (ShowPolicyStmt) parseAndAnalyzeStmt("SHOW ROW POLICY"); int firstSize = Env.getCurrentEnv().getPolicyMgr().showPolicy(showPolicyStmt).getResultRows().size(); Assertions.assertTrue(firstSize > 0); - dropPolicy("DROP ROW POLICY test_row_policy1"); - dropPolicy("DROP ROW POLICY test_row_policy2"); + dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1"); + dropPolicy("DROP ROW POLICY test_row_policy2 ON test.table1"); int secondSize = Env.getCurrentEnv().getPolicyMgr().showPolicy(showPolicyStmt).getResultRows().size(); Assertions.assertEquals(2, firstSize - secondSize); } @@ -256,10 +256,10 @@ public class PolicyTest extends TestWithFeService { @Test public void testDropPolicy() throws Exception { createPolicy("CREATE ROW POLICY test_row_policy1 ON test.table1 AS PERMISSIVE TO test_policy USING (k2 = 1)"); - dropPolicy("DROP ROW POLICY test_row_policy1"); - dropPolicy("DROP ROW POLICY IF EXISTS test_row_policy5"); + dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1"); + dropPolicy("DROP ROW POLICY IF EXISTS test_row_policy5 ON test.table1"); ExceptionChecker.expectThrowsWithMsg(DdlException.class, "the policy test_row_policy1 not exist", - () -> dropPolicy("DROP ROW POLICY test_row_policy1")); + () -> dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1")); } @Test @@ -271,10 +271,10 @@ public class PolicyTest extends TestWithFeService { String queryStr = "EXPLAIN select /*+ SET_VAR(enable_nereids_planner=false) */ * from test.table1"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("`k1` = 1 AND `k2` = 1 AND `k2` = 2 OR `k2` = 1")); - dropPolicy("DROP ROW POLICY test_row_policy1"); - dropPolicy("DROP ROW POLICY test_row_policy2"); - dropPolicy("DROP ROW POLICY test_row_policy3"); - dropPolicy("DROP ROW POLICY test_row_policy4"); + dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1"); + dropPolicy("DROP ROW POLICY test_row_policy2 ON test.table1"); + dropPolicy("DROP ROW POLICY test_row_policy3 ON test.table1"); + dropPolicy("DROP ROW POLICY test_row_policy4 ON test.table1"); } @Test @@ -285,9 +285,9 @@ public class PolicyTest extends TestWithFeService { String queryStr = "EXPLAIN select * from test.table1"; String explainString = getSQLPlanOrErrorMsg(queryStr); Assertions.assertTrue(explainString.contains("k2[#1] IN (1, 2) AND k1[#0] = 1")); - dropPolicy("DROP ROW POLICY test_row_policy1"); - dropPolicy("DROP ROW POLICY test_row_policy3"); - dropPolicy("DROP ROW POLICY test_row_policy4"); + dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1"); + dropPolicy("DROP ROW POLICY test_row_policy3 ON test.table1"); + dropPolicy("DROP ROW POLICY test_row_policy4 ON test.table1"); } @Test @@ -306,8 +306,8 @@ public class PolicyTest extends TestWithFeService { String aliasSql = "select /*+ SET_VAR(enable_nereids_planner=false) */ * from table1 t1 join table2 t2 on t1.k1=t2.k1"; Assertions.assertTrue(getSQLPlanOrErrorMsg(aliasSql).contains("PREDICATES: `t1`.`k1` = 1 AND `t1`.`k2` = 1")); - dropPolicy("DROP ROW POLICY test_row_policy1"); - dropPolicy("DROP ROW POLICY test_row_policy2"); + dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1"); + dropPolicy("DROP ROW POLICY test_row_policy2 ON test.table1"); } @Test @@ -322,8 +322,8 @@ public class PolicyTest extends TestWithFeService { Assertions.assertTrue(getSQLPlanOrErrorMsg(subQuerySql).contains("PREDICATES: k1 = 1 AND k2 = 1")); String aliasSql = "select * from table1 t1 join table2 t2 on t1.k1=t2.k1"; Assertions.assertTrue(getSQLPlanOrErrorMsg(aliasSql).contains("PREDICATES: k1 = 1 AND k2 = 1")); - dropPolicy("DROP ROW POLICY test_row_policy1"); - dropPolicy("DROP ROW POLICY test_row_policy2"); + dropPolicy("DROP ROW POLICY test_row_policy1 ON test.table1"); + dropPolicy("DROP ROW POLICY test_row_policy2 ON test.table1"); } @Test diff --git a/regression-test/suites/account_p0/test_nereids_row_policy.groovy b/regression-test/suites/account_p0/test_nereids_row_policy.groovy index bcc1a7b8177..d12b11261d8 100644 --- a/regression-test/suites/account_p0/test_nereids_row_policy.groovy +++ b/regression-test/suites/account_p0/test_nereids_row_policy.groovy @@ -51,7 +51,7 @@ suite("test_nereids_row_policy") { def dropPolciy = { name -> sql """ - DROP ROW POLICY IF EXISTS ${name} + DROP ROW POLICY IF EXISTS ${name} ON ${dbName}.${tableName} FOR ${user} """ } --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org For additional commands, e-mail: commits-h...@doris.apache.org