This is an automated email from the ASF dual-hosted git repository.
shuwenwei pushed a commit to branch AuthEnhance
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/AuthEnhance by this push:
new 77a71f20c53 fix IoTDBRelationalAuthIT
77a71f20c53 is described below
commit 77a71f20c53d780b29a7427551b86ea2ead2168f
Author: shuwenwei <[email protected]>
AuthorDate: Thu Sep 18 16:57:30 2025 +0800
fix IoTDBRelationalAuthIT
---
.../iotdb/db/it/auth/IoTDBRelationalAuthIT.java | 148 ++++++---------------
1 file changed, 44 insertions(+), 104 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBRelationalAuthIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBRelationalAuthIT.java
index f2f0aef18ba..dd325356eb7 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBRelationalAuthIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBRelationalAuthIT.java
@@ -66,8 +66,22 @@ public class IoTDBRelationalAuthIT {
Statement adminStmt = adminCon.createStatement()) {
adminStmt.execute("create user testuser 'password123456'");
+ try (Connection userCon =
+ EnvFactory.getEnv()
+ .getConnection("testuser", "password123456",
BaseEnv.TABLE_SQL_DIALECT);
+ Statement userStmt = userCon.createStatement()) {
+ ResultSet resultSet = userStmt.executeQuery("LIST USER");
+ Assert.assertTrue(resultSet.next());
+ Assert.assertEquals("testuser", resultSet.getString(1));
+ Assert.assertFalse(resultSet.next());
+ }
adminStmt.execute("create database testdb");
- adminStmt.execute("GRANT MANAGE_USER to user testuser");
+ adminStmt.execute("GRANT SECURITY to user testuser");
+ Assert.assertThrows(
+ SQLException.class,
+ () -> {
+ adminStmt.execute("GRANT MANAGE_USER to user testuser");
+ });
Assert.assertThrows(
SQLException.class,
() -> {
@@ -85,7 +99,11 @@ public class IoTDBRelationalAuthIT {
adminStmt.execute("GRANT MAINTAIN to user testuser");
});
- adminStmt.execute("GRANT MANAGE_ROLE TO USER testuser");
+ Assert.assertThrows(
+ SQLException.class,
+ () -> {
+ adminStmt.execute("GRANT MANAGE_ROLE to user testuser");
+ });
adminStmt.execute("GRANT SELECT ON ANY TO USER testuser");
adminStmt.execute("GRANT INSERT ON ANY TO USER testuser");
adminStmt.execute("GRANT DELETE ON ANY TO USER testuser");
@@ -106,8 +124,7 @@ public class IoTDBRelationalAuthIT {
Set<String> ans =
new HashSet<>(
Arrays.asList(
- ",,MANAGE_USER,false,",
- ",,MANAGE_ROLE,false,",
+ ",,SECURITY,false,",
",*.*,SELECT,false,",
",*.*,INSERT,false,",
",*.*,DELETE,false,",
@@ -162,8 +179,7 @@ public class IoTDBRelationalAuthIT {
});
// admin can do all things below.
- adminStmt.execute("GRANT MANAGE_USER to user testuser2 with grant
option");
- adminStmt.execute("GRANT MANAGE_ROLE to user testuser");
+ adminStmt.execute("GRANT SECURITY to user testuser with grant option");
adminStmt.execute("use testdb");
adminStmt.execute("GRANT SELECT ON TABLE TB to user testuser");
@@ -183,49 +199,18 @@ public class IoTDBRelationalAuthIT {
EnvFactory.getEnv()
.getConnection("testuser", "password123456",
BaseEnv.TABLE_SQL_DIALECT);
Statement userStmt = userCon1.createStatement()) {
- // 1. user1's privileges
- // testdb.TB select
- // testdb.TB insert
- // testdb.* insert
- // any alter
- // manage_role
-
- // cannot create user
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userStmt.execute("CREATE USER testuser3 'password'");
- });
+
// can create role
userStmt.execute("CREATE ROLE testrole2");
// can grant role to user
userStmt.execute("GRANT ROLE testrole2 to testuser");
- // cannot grant privileges to other
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userStmt.execute("GRANT SELECT ON testdb.TB to role testrole2");
- });
-
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userStmt.execute("GRANT ALTER ON ANY to role testrole2");
- });
-
- // cannot grant manage_role to other
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userStmt.execute("GRANT manage_role to role testrole2");
- });
// can list itself privileges and the all roles privileges
ResultSet rs = userStmt.executeQuery("List privileges of user testuser");
Set<String> ans =
new HashSet<>(
Arrays.asList(
- ",,MANAGE_ROLE,false,",
+ ",,SECURITY,true,",
",*.*,ALTER,false,",
",testdb.*,INSERT,false,",
",testdb.tb,SELECT,false,",
@@ -237,60 +222,14 @@ public class IoTDBRelationalAuthIT {
rs = userStmt.executeQuery("List privileges of role testrole2");
TestUtils.assertResultSetEqual(
rs, "Role,Scope,Privileges,GrantOption,", Collections.emptySet());
- // testdb.TB's privilege is not grant option.
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userStmt.execute("GRANT insert on testdb.TB to role testrole2");
- });
-
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userStmt.execute("GRANT ALTER on any to role testrole2");
- });
- }
-
- try (Connection userCon1 =
- EnvFactory.getEnv()
- .getConnection("testuser2", "password123456",
BaseEnv.TABLE_SQL_DIALECT);
- Statement userStmt = userCon1.createStatement()) {
- // 2. user2's privileges
- // MANAGE_USER with grant option
- // testdb.tb drop with grant option
- // testdb.tb create with grant option
- // testdb.* drop with grant option
- // any select with grant option
-
- // can create user.
userStmt.execute("CREATE USER testuser3 'password123456'");
- // can not create role
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userStmt.execute("CREATE ROLE testrole3");
- });
-
- // cannot list role's privileges
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userStmt.executeQuery("List privileges of role testrole");
- });
-
userStmt.execute("GRANT drop on database testdb to user testuser3");
userStmt.execute("GRANT SELECT ON database testdb to user testuser3");
- ResultSet rs = userStmt.executeQuery("List privileges of user
testuser3");
- Set<String> ans =
- new HashSet<>(Arrays.asList(",testdb.*,SELECT,false,",
",testdb.*,DROP,false,"));
+ rs = userStmt.executeQuery("List privileges of user testuser3");
+ ans = new HashSet<>(Arrays.asList(",testdb.*,SELECT,false,",
",testdb.*,DROP,false,"));
TestUtils.assertResultSetEqual(rs, "Role,Scope,Privileges,GrantOption,",
ans);
userStmt.execute("REVOKE SELECT ON DATABASE testdb from user testuser3");
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userStmt.execute("GRANT CREATE ON DATABASE testdb to user
testuser3");
- });
rs = userStmt.executeQuery("List privileges of user testuser3");
TestUtils.assertResultSetEqual(
@@ -329,7 +268,7 @@ public class IoTDBRelationalAuthIT {
+ " with grant option");
Set<String> listPrivilegeResult = new HashSet<>();
for (PrivilegeType privilegeType : PrivilegeType.values()) {
- if (privilegeType.isRelationalPrivilege()) {
+ if (privilegeType.isRelationalPrivilege() &&
!privilegeType.isDeprecated()) {
listPrivilegeResult.add(
(isUser ? "," : "test,") + "testdb.tb1," + privilegeType +
",true,");
}
@@ -426,6 +365,12 @@ public class IoTDBRelationalAuthIT {
// 1. grant all on user/role
adminStmt.execute("grant all to " + (isUser ? "user test" : "role
test"));
for (PrivilegeType privilegeType : PrivilegeType.values()) {
+ if (privilegeType.isDeprecated()) {
+ continue;
+ }
+ if (privilegeType == PrivilegeType.AUDIT) {
+ continue;
+ }
if (privilegeType.isRelationalPrivilege()) {
listPrivilegeResult.add((isUser ? "," : "test,") + "*.*," +
privilegeType + ",false,");
} else if (privilegeType.forRelationalSys()) {
@@ -475,7 +420,10 @@ public class IoTDBRelationalAuthIT {
Set<String> listUserPrivilegeResult = new HashSet<>();
for (PrivilegeType privilegeType : PrivilegeType.values()) {
- if (privilegeType == PrivilegeType.SELECT) {
+ if (privilegeType == PrivilegeType.SELECT ||
privilegeType.isDeprecated()) {
+ continue;
+ }
+ if (privilegeType == PrivilegeType.AUDIT) {
continue;
}
if (privilegeType.isRelationalPrivilege()) {
@@ -488,6 +436,12 @@ public class IoTDBRelationalAuthIT {
Set<String> listRolePrivilegeResult = new HashSet<>();
for (PrivilegeType privilegeType : PrivilegeType.values()) {
+ if (privilegeType.isDeprecated()) {
+ continue;
+ }
+ if (privilegeType == PrivilegeType.AUDIT) {
+ continue;
+ }
if (privilegeType.isRelationalPrivilege()) {
listRolePrivilegeResult.add("role1,*.*," + privilegeType + ",true,");
}
@@ -507,20 +461,6 @@ public class IoTDBRelationalAuthIT {
resultSet = userConStatement.executeQuery("List privileges of role
role1");
TestUtils.assertResultSetEqual(
resultSet, "Role,Scope,Privileges,GrantOption,",
listRolePrivilegeResult);
-
- // Do not have grant option
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userConStatement.execute("GRANT SELECT ON DATABASE TEST to role
role1");
- });
-
- // Do not have grant option
- Assert.assertThrows(
- SQLException.class,
- () -> {
- userConStatement.execute("GRANT ALL to user test2");
- });
}
try (Connection userCon =
@@ -537,7 +477,7 @@ public class IoTDBRelationalAuthIT {
try (Connection adminCon =
EnvFactory.getEnv().getConnection(BaseEnv.TABLE_SQL_DIALECT);
Statement adminStmt = adminCon.createStatement()) {
- adminStmt.execute("revoke MANAGE_USER from user test2");
+ adminStmt.execute("revoke SECURITY from user test2");
}
try (Connection userCon =
