This is an automated email from the ASF dual-hosted git repository. yongzao pushed a commit to branch trigger-audit-log-v1 in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 944a342f8612ca3780751bd37a3c100a90321a84 Author: Yongzao <[email protected]> AuthorDate: Sat Sep 20 15:35:23 2025 +0800 almost --- .../org/apache/iotdb/db/audit/AuditLogger.java | 9 +- .../org/apache/iotdb/db/audit/DNAuditLogger.java | 13 ++- .../legacy/IoTDBLegacyPipeReceiverAgent.java | 9 +- .../protocol/legacy/loader/DeletionLoader.java | 9 +- .../protocol/legacy/loader/TsFileLoader.java | 9 +- .../iotdb/db/protocol/session/SessionManager.java | 35 +++++- .../impl/DataNodeInternalRPCServiceImpl.java | 9 +- .../db/queryengine/common/MPPQueryContext.java | 51 +++++++-- .../iotdb/db/queryengine/common/SessionInfo.java | 48 ++++++-- .../fragment/FragmentInstanceContext.java | 7 +- .../plan/analyze/load/LoadTsFileAnalyzer.java | 4 +- .../plan/analyze/schema/SchemaValidator.java | 4 +- .../execution/config/TableConfigTaskVisitor.java | 125 +++++++++++---------- .../fetcher/TableHeaderSchemaValidator.java | 5 +- .../relational/security/ITableAuthCheckerImpl.java | 8 -- .../metrics/IoTDBInternalLocalReporter.java | 15 ++- .../apache/iotdb/db/utils/DataNodeAuthUtils.java | 27 ++++- .../apache/iotdb/commons/audit/AuditLogFields.java | 6 +- .../apache/iotdb/commons/audit/IAuditEntity.java | 4 +- .../org/apache/iotdb/commons/audit/UserEntity.java | 66 +++++++++++ .../org/apache/iotdb/commons/auth/entity/User.java | 4 + 21 files changed, 344 insertions(+), 123 deletions(-) diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/AuditLogger.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/AuditLogger.java index ccd7c6a12b2..9d4eb188bfa 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/AuditLogger.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/AuditLogger.java @@ -20,6 +20,7 @@ package org.apache.iotdb.db.audit; import org.apache.iotdb.commons.audit.AuditLogOperation; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.conf.IoTDBConstant; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.utils.CommonDateTimeUtils; @@ -65,7 +66,13 @@ public class AuditLogger { private static final IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig(); private static final List<AuditLogStorage> auditLogStorageList = config.getAuditLogStorage(); private static final SessionInfo sessionInfo = - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()); + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()); private static final List<AuditLogOperation> auditLogOperationList = config.getAuditableOperationType(); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java index 0bd1178c654..c66899fdea7 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java @@ -25,6 +25,7 @@ import org.apache.iotdb.commons.audit.AuditEventType; import org.apache.iotdb.commons.audit.AuditLogFields; import org.apache.iotdb.commons.audit.AuditLogOperation; import org.apache.iotdb.commons.audit.PrivilegeLevel; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.client.IClientManager; import org.apache.iotdb.commons.client.exception.ClientManagerException; @@ -97,7 +98,13 @@ public class DNAuditLogger extends AbstractAuditLogger { private static final String AUDIT_CN_LOG_DEVICE = "root.__audit.log.node_%s.u_all"; private static final Coordinator COORDINATOR = Coordinator.getInstance(); private static final SessionInfo sessionInfo = - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()); + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()); private static final SessionManager SESSION_MANAGER = SessionManager.getInstance(); @@ -106,7 +113,7 @@ public class DNAuditLogger extends AbstractAuditLogger { private static final DataNodeDevicePathCache DEVICE_PATH_CACHE = DataNodeDevicePathCache.getInstance(); - private static AtomicBoolean tableViewIsInitialized = new AtomicBoolean(false); + private static final AtomicBoolean tableViewIsInitialized = new AtomicBoolean(false); private DNAuditLogger() { // Empty constructor @@ -311,7 +318,7 @@ public class DNAuditLogger extends AbstractAuditLogger { if (!checkBeforeLog(auditLogFields)) { return; } - int userId = auditLogFields.getUserId(); + long userId = auditLogFields.getUserId(); String user = String.valueOf(userId); if (userId == -1) { user = "none"; diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/IoTDBLegacyPipeReceiverAgent.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/IoTDBLegacyPipeReceiverAgent.java index d0217b6e3f8..3edc29e9612 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/IoTDBLegacyPipeReceiverAgent.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/IoTDBLegacyPipeReceiverAgent.java @@ -21,6 +21,7 @@ package org.apache.iotdb.db.pipe.receiver.protocol.legacy; import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.conf.CommonDescriptor; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.path.PartialPath; @@ -141,7 +142,13 @@ public class IoTDBLegacyPipeReceiverAgent { .executeForTreeModel( statement, queryId, - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()), + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()), "", partitionFetcher, schemaFetcher, diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/loader/DeletionLoader.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/loader/DeletionLoader.java index 46292b09746..244ec579206 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/loader/DeletionLoader.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/loader/DeletionLoader.java @@ -19,6 +19,7 @@ package org.apache.iotdb.db.pipe.receiver.protocol.legacy.loader; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.conf.CommonDescriptor; import org.apache.iotdb.db.auth.AuthorityChecker; import org.apache.iotdb.db.conf.IoTDBDescriptor; @@ -64,7 +65,13 @@ public class DeletionLoader implements ILoader { .executeForTreeModel( statement, queryId, - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()), + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()), "", PARTITION_FETCHER, SCHEMA_FETCHER, diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/loader/TsFileLoader.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/loader/TsFileLoader.java index e181ec1d592..d3698e97d07 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/loader/TsFileLoader.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/legacy/loader/TsFileLoader.java @@ -19,6 +19,7 @@ package org.apache.iotdb.db.pipe.receiver.protocol.legacy.loader; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.path.PartialPath; import org.apache.iotdb.db.auth.AuthorityChecker; @@ -67,7 +68,13 @@ public class TsFileLoader implements ILoader { .executeForTreeModel( statement, queryId, - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()), + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()), "", PARTITION_FETCHER, SCHEMA_FETCHER, diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java index a5a04e98b27..0f69c8c0711 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java @@ -20,6 +20,8 @@ package org.apache.iotdb.db.protocol.session; import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.commons.audit.UserEntity; +import org.apache.iotdb.commons.auth.entity.User; import org.apache.iotdb.commons.conf.CommonDescriptor; import org.apache.iotdb.commons.conf.IoTDBConstant; import org.apache.iotdb.commons.exception.IoTDBRuntimeException; @@ -33,6 +35,9 @@ import org.apache.iotdb.commons.utils.AuthUtils; import org.apache.iotdb.commons.utils.CommonDateTimeUtils; import org.apache.iotdb.db.audit.AuditLogger; import org.apache.iotdb.db.auth.AuthorityChecker; +import org.apache.iotdb.db.auth.BasicAuthorityCache; +import org.apache.iotdb.db.auth.ClusterAuthorityFetcher; +import org.apache.iotdb.db.auth.IAuthorityFetcher; import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.apache.iotdb.db.protocol.basic.BasicOpenSessionResp; import org.apache.iotdb.db.protocol.thrift.OperationType; @@ -58,6 +63,7 @@ import org.apache.iotdb.service.rpc.thrift.TSLastDataQueryReq; import org.apache.iotdb.service.rpc.thrift.TSProtocolVersion; import org.apache.commons.lang3.StringUtils; +import org.apache.ratis.util.MemoizedSupplier; import org.apache.tsfile.read.common.block.TsBlock; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -103,6 +109,9 @@ public class SessionManager implements SessionManagerMBean { public static final TSProtocolVersion CURRENT_RPC_VERSION = TSProtocolVersion.IOTDB_SERVICE_PROTOCOL_V3; + private static final MemoizedSupplier<IAuthorityFetcher> authorityFetcher = + MemoizedSupplier.valueOf(() -> new ClusterAuthorityFetcher(new BasicAuthorityCache())); + private static final boolean ENABLE_AUDIT_LOG = IoTDBDescriptor.getInstance().getConfig().isEnableAuditLog(); @@ -157,7 +166,13 @@ public class SessionManager implements SessionManagerMBean { try { Statement statement = StatementGenerator.createStatement(lastDataQueryReq); SessionInfo sessionInfo = - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()); + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()); queryId = requestQueryId(); ExecutionResult result = @@ -541,9 +556,11 @@ public class SessionManager implements SessionManagerMBean { } public SessionInfo getSessionInfo(IClientSession session) { + User user = authorityFetcher.get().getUser(session.getUsername()); + long userId = user == null ? -1 : user.getUserId(); return new SessionInfo( session.getId(), - session.getUsername(), + new UserEntity(userId, session.getUsername(), session.getClientAddress()), session.getZoneId(), session.getClientVersion(), session.getDatabaseName(), @@ -555,7 +572,7 @@ public class SessionManager implements SessionManagerMBean { public SessionInfo copySessionInfoForTreeModel(final SessionInfo sessionInfo) { return new SessionInfo( sessionInfo.getSessionId(), - sessionInfo.getUserName(), + sessionInfo.getUserEntity(), ZoneId.systemDefault(), sessionInfo.getVersion(), sessionInfo.getDatabaseName().orElse(null), @@ -563,9 +580,11 @@ public class SessionManager implements SessionManagerMBean { } public SessionInfo getSessionInfoOfTreeModel(IClientSession session) { + User user = authorityFetcher.get().getUser(session.getUsername()); + long userId = user == null ? -1 : user.getUserId(); return new SessionInfo( session.getId(), - session.getUsername(), + new UserEntity(userId, session.getUsername(), session.getClientAddress()), ZoneId.systemDefault(), session.getClientVersion(), session.getDatabaseName(), @@ -573,9 +592,11 @@ public class SessionManager implements SessionManagerMBean { } public SessionInfo getSessionInfoOfTableModel(IClientSession session) { + User user = authorityFetcher.get().getUser(session.getUsername()); + long userId = user == null ? -1 : user.getUserId(); return new SessionInfo( session.getId(), - session.getUsername(), + new UserEntity(userId, session.getUsername(), session.getClientAddress()), ZoneId.systemDefault(), session.getClientVersion(), session.getDatabaseName(), @@ -583,9 +604,11 @@ public class SessionManager implements SessionManagerMBean { } public SessionInfo getSessionInfoOfPipeReceiver(IClientSession session, String databaseName) { + User user = authorityFetcher.get().getUser(session.getUsername()); + long userId = user == null ? -1 : user.getUserId(); return new SessionInfo( session.getId(), - session.getUsername(), + new UserEntity(userId, session.getUsername(), session.getClientAddress()), ZoneId.systemDefault(), session.getClientVersion(), databaseName, diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java index 885ec26936b..063cc37057c 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java @@ -43,6 +43,7 @@ import org.apache.iotdb.common.rpc.thrift.TTimePartitionSlot; import org.apache.iotdb.commons.audit.AuditEventType; import org.apache.iotdb.commons.audit.AuditLogFields; import org.apache.iotdb.commons.audit.AuditLogOperation; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.client.request.AsyncRequestContext; import org.apache.iotdb.commons.cluster.NodeStatus; @@ -2966,7 +2967,13 @@ public class DataNodeInternalRPCServiceImpl implements IDataNodeRPCService.Iface try { InsertRowStatement statement = StatementGenerator.createStatement(req); SessionInfo sessionInfo = - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()); + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()); long queryId = SESSION_MANAGER.requestQueryId(); ExecutionResult result = diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/common/MPPQueryContext.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/common/MPPQueryContext.java index 28c18ad619b..4ae9a7d93cf 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/common/MPPQueryContext.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/common/MPPQueryContext.java @@ -433,8 +433,18 @@ public class MPPQueryContext implements IAuditEntity { this.userQuery = userQuery; } + // ================= Authentication Interfaces ========================= + + private AuditEventType auditEventType; + + private AuditLogOperation auditLogOperation; + + private PrivilegeType privilegeType; + + private boolean result; + @Override - public int getUserId() { + public long getUserId() { return session.getUserId(); } @@ -445,37 +455,62 @@ public class MPPQueryContext implements IAuditEntity { @Override public String getCliHostname() { - return session.getCliHostname; + return session.getCliHostname(); } @Override public AuditEventType getAuditEventType() { - return null; + return auditEventType; + } + + @Override + public IAuditEntity setAuditEventType(AuditEventType auditEventType) { + this.auditEventType = auditEventType; + return this; } @Override public AuditLogOperation getAuditLogOperation() { - return null; + return auditLogOperation; + } + + @Override + public IAuditEntity setAuditLogOperation(AuditLogOperation auditLogOperation) { + this.auditLogOperation = auditLogOperation; + return this; } @Override public PrivilegeType getPrivilegeType() { - // The privilege type will be given ultimately. - return null; + return privilegeType; + } + + @Override + public IAuditEntity setPrivilegeType(PrivilegeType privilegeType) { + this.privilegeType = privilegeType; + return this; } @Override public boolean getResult() { - return false; + return result; + } + + @Override + public IAuditEntity setResult(boolean result) { + this.result = result; + return this; } @Override public String getDatabase() { - return session.getDatabaseName().orElse(null); + return session.getDatabaseName().orElse(""); } @Override public String getSqlString() { return sql; } + + // ================= Authentication Interfaces ========================= } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/common/SessionInfo.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/common/SessionInfo.java index 24da35578d3..a240f2d6d3f 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/common/SessionInfo.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/common/SessionInfo.java @@ -19,6 +19,7 @@ package org.apache.iotdb.db.queryengine.common; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.conf.IoTDBConstant.ClientVersion; import org.apache.iotdb.db.protocol.session.IClientSession; import org.apache.iotdb.db.queryengine.plan.relational.security.Identity; @@ -36,7 +37,7 @@ import java.util.Optional; public class SessionInfo { private final long sessionId; - private final String userName; + private final UserEntity userEntity; private final ZoneId zoneId; @Nullable private final String databaseName; @@ -45,9 +46,9 @@ public class SessionInfo { private ClientVersion version = ClientVersion.V_1_0; - public SessionInfo(long sessionId, String userName, ZoneId zoneId) { + public SessionInfo(long sessionId, UserEntity userEntity, ZoneId zoneId) { this.sessionId = sessionId; - this.userName = userName; + this.userEntity = userEntity; this.zoneId = zoneId; this.databaseName = null; this.sqlDialect = IClientSession.SqlDialect.TREE; @@ -55,22 +56,22 @@ public class SessionInfo { public SessionInfo( long sessionId, - String userName, + UserEntity userEntity, ZoneId zoneId, @Nullable String databaseName, IClientSession.SqlDialect sqlDialect) { - this(sessionId, userName, zoneId, ClientVersion.V_1_0, databaseName, sqlDialect); + this(sessionId, userEntity, zoneId, ClientVersion.V_1_0, databaseName, sqlDialect); } public SessionInfo( long sessionId, - String userName, + UserEntity userEntity, ZoneId zoneId, ClientVersion version, @Nullable String databaseName, IClientSession.SqlDialect sqlDialect) { this.sessionId = sessionId; - this.userName = userName; + this.userEntity = userEntity; this.zoneId = zoneId; this.version = version; this.databaseName = databaseName; @@ -81,8 +82,20 @@ public class SessionInfo { return sessionId; } + public UserEntity getUserEntity() { + return userEntity; + } + + public long getUserId() { + return userEntity.getUserId(); + } + public String getUserName() { - return userName; + return userEntity.getUsername(); + } + + public String getCliHostname() { + return userEntity.getCliHostname(); } public ZoneId getZoneId() { @@ -94,7 +107,7 @@ public class SessionInfo { } public Identity getIdentity() { - return new Identity(userName); + return new Identity(userEntity.getUsername()); } public Optional<String> getDatabaseName() { @@ -107,7 +120,9 @@ public class SessionInfo { public static SessionInfo deserializeFrom(final ByteBuffer buffer) { final long sessionId = ReadWriteIOUtils.readLong(buffer); + final long userId = ReadWriteIOUtils.readLong(buffer); final String userName = ReadWriteIOUtils.readString(buffer); + final String cliHostname = ReadWriteIOUtils.readString(buffer); final ZoneId zoneId = ZoneId.of(Objects.requireNonNull(ReadWriteIOUtils.readString(buffer))); final boolean hasDatabaseName = ReadWriteIOUtils.readBool(buffer); String databaseName = null; @@ -115,12 +130,19 @@ public class SessionInfo { databaseName = ReadWriteIOUtils.readString(buffer); } final IClientSession.SqlDialect sqlDialect1 = IClientSession.SqlDialect.deserializeFrom(buffer); - return new SessionInfo(sessionId, userName, zoneId, databaseName, sqlDialect1); + return new SessionInfo( + sessionId, + new UserEntity(userId, userName, cliHostname), + zoneId, + databaseName, + sqlDialect1); } public void serialize(final DataOutputStream stream) throws IOException { ReadWriteIOUtils.write(sessionId, stream); - ReadWriteIOUtils.write(userName, stream); + ReadWriteIOUtils.write(userEntity.getUserId(), stream); + ReadWriteIOUtils.write(userEntity.getUsername(), stream); + ReadWriteIOUtils.write(userEntity.getCliHostname(), stream); ReadWriteIOUtils.write(zoneId.getId(), stream); if (databaseName == null) { ReadWriteIOUtils.write((byte) 0, stream); @@ -133,7 +155,9 @@ public class SessionInfo { public void serialize(final ByteBuffer buffer) { ReadWriteIOUtils.write(sessionId, buffer); - ReadWriteIOUtils.write(userName, buffer); + ReadWriteIOUtils.write(userEntity.getUserId(), buffer); + ReadWriteIOUtils.write(userEntity.getUsername(), buffer); + ReadWriteIOUtils.write(userEntity.getCliHostname(), buffer); ReadWriteIOUtils.write(zoneId.getId(), buffer); if (databaseName == null) { ReadWriteIOUtils.write((byte) 0, buffer); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/execution/fragment/FragmentInstanceContext.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/execution/fragment/FragmentInstanceContext.java index 40b16de4ad0..be153fc4169 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/execution/fragment/FragmentInstanceContext.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/execution/fragment/FragmentInstanceContext.java @@ -20,6 +20,7 @@ package org.apache.iotdb.db.queryengine.execution.fragment; import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.exception.IoTDBException; import org.apache.iotdb.commons.exception.IoTDBRuntimeException; import org.apache.iotdb.commons.path.AlignedFullPath; @@ -213,7 +214,9 @@ public class FragmentInstanceContext extends QueryContext { FragmentInstanceId id, FragmentInstanceStateMachine stateMachine) { FragmentInstanceContext instanceContext = new FragmentInstanceContext( - id, stateMachine, new SessionInfo(1, "test", ZoneId.systemDefault())); + id, + stateMachine, + new SessionInfo(1, new UserEntity(666, "test", "127.0.0.1"), ZoneId.systemDefault())); instanceContext.initialize(); instanceContext.start(); return instanceContext; @@ -228,7 +231,7 @@ public class FragmentInstanceContext extends QueryContext { new FragmentInstanceContext( id, stateMachine, - new SessionInfo(1, "test", ZoneId.systemDefault()), + new SessionInfo(1, new UserEntity(666, "test", "127.0.0.1"), ZoneId.systemDefault()), memoryReservationManager); instanceContext.initialize(); instanceContext.start(); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/load/LoadTsFileAnalyzer.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/load/LoadTsFileAnalyzer.java index 0f90d7c8724..54d5796d90e 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/load/LoadTsFileAnalyzer.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/load/LoadTsFileAnalyzer.java @@ -398,7 +398,7 @@ public class LoadTsFileAnalyzer implements AutoCloseable { final SessionInfo newSessionInfo = new SessionInfo( sessionInfo.getSessionId(), - sessionInfo.getUserName(), + sessionInfo.getUserEntity(), sessionInfo.getZoneId(), sessionInfo.getDatabaseName().orElse(null), IClientSession.SqlDialect.TABLE); @@ -408,7 +408,7 @@ public class LoadTsFileAnalyzer implements AutoCloseable { final SessionInfo newSessionInfo = new SessionInfo( sessionInfo.getSessionId(), - sessionInfo.getUserName(), + sessionInfo.getUserEntity(), sessionInfo.getZoneId(), sessionInfo.getDatabaseName().orElse(null), IClientSession.SqlDialect.TREE); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/SchemaValidator.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/SchemaValidator.java index c79b54146fe..ecd7539107b 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/SchemaValidator.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/analyze/schema/SchemaValidator.java @@ -74,8 +74,8 @@ public class SchemaValidator { accessControl.checkCanInsertIntoTable( context.getSession().getUserName(), new QualifiedObjectName( - unQualifyDatabaseName(insertStatement.getDatabase()), - insertStatement.getTableName())); + unQualifyDatabaseName(insertStatement.getDatabase()), insertStatement.getTableName()), + context); insertStatement.validateTableSchema(metadata, context); insertStatement.updateAfterSchemaValidation(context); insertStatement.validateDeviceSchema(metadata, context); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java index be114ce6020..b474204b133 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java @@ -292,13 +292,15 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitCreateDB(final CreateDB node, final MPPQueryContext context) { - accessControl.checkCanCreateDatabase(context.getSession().getUserName(), node.getDbName()); + accessControl.checkCanCreateDatabase( + context.getSession().getUserName(), node.getDbName(), context); return visitDatabaseStatement(node, context); } @Override protected IConfigTask visitAlterDB(final AlterDB node, final MPPQueryContext context) { - accessControl.checkCanAlterDatabase(context.getSession().getUserName(), node.getDbName()); + accessControl.checkCanAlterDatabase( + context.getSession().getUserName(), node.getDbName(), context); return visitDatabaseStatement(node, context); } @@ -373,7 +375,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitUse(final Use node, final MPPQueryContext context) { context.setQueryType(QueryType.WRITE); accessControl.checkCanShowOrUseDatabase( - context.getSession().getUserName(), node.getDatabaseId().getValue()); + context.getSession().getUserName(), node.getDatabaseId().getValue(), context); return new UseDBTask(node, clientSession); } @@ -381,7 +383,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitDropDB(final DropDB node, final MPPQueryContext context) { context.setQueryType(QueryType.WRITE); accessControl.checkCanDropDatabase( - context.getSession().getUserName(), node.getDbName().getValue()); + context.getSession().getUserName(), node.getDbName().getValue(), context); return new DropDBTask(node, clientSession); } @@ -407,7 +409,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitShowCluster( final ShowCluster showCluster, final MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // As the implementation is identical, we'll simply translate to the // corresponding tree-model variant and execute that. ShowClusterStatement treeStatement = new ShowClusterStatement(); @@ -419,7 +421,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitShowRegions( final ShowRegions showRegions, final MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // As the implementation is identical, we'll simply translate to the // corresponding tree-model variant and execute that. final ShowRegionStatement treeStatement = new ShowRegionStatement(); @@ -436,7 +438,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitRemoveDataNode( final RemoveDataNode removeDataNode, final MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // As the implementation is identical, we'll simply translate to the // corresponding tree-model variant and execute that. final RemoveDataNodeStatement treeStatement = @@ -448,7 +450,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitRemoveConfigNode( final RemoveConfigNode removeConfigNode, final MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // As the implementation is identical, we'll simply translate to the // corresponding tree-model variant and execute that. final RemoveConfigNodeStatement treeStatement = @@ -460,7 +462,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitRemoveAINode( final RemoveAINode removeAINode, final MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // As the implementation is identical, we'll simply translate to the // corresponding tree-model variant and execute that. return new RemoveAINodeTask(new RemoveAINodeStatement()); @@ -470,7 +472,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitShowDataNodes( final ShowDataNodes showDataNodesStatement, final MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowDataNodesTask(); } @@ -478,7 +480,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitShowConfigNodes( final ShowConfigNodes showConfigNodesStatement, final MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowConfigNodesTask(); } @@ -486,7 +488,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitShowAINodes( final ShowAINodes showAINodesStatement, final MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowAINodesTask(); } @@ -494,7 +496,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitClearCache( final ClearCache clearCacheStatement, final MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ClearCacheTask(clearCacheStatement); } @@ -510,7 +512,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final Pair<String, TsTable> databaseTablePair = parseTable4CreateTableOrView(node, context); final TsTable table = databaseTablePair.getRight(); accessControl.checkCanCreateViewFromTreePath( - context.getSession().getUserName(), node.getPrefixPath()); + context.getSession().getUserName(), node.getPrefixPath(), context); final String msg = TreeViewSchema.setPathPattern(table, node.getPrefixPath()); if (Objects.nonNull(msg)) { throw new SemanticException(msg); @@ -530,7 +532,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanCreateTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); final TsTable table = new TsTable(tableName); @@ -613,7 +615,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanAlterTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); final String newName = node.getTarget().getValue(); if (tableName.equals(newName)) { @@ -637,7 +639,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanAlterTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); final ColumnDefinition definition = node.getColumn(); return new AlterTableAddColumnTask( @@ -667,7 +669,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanAlterTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); final String oldName = node.getSource().getValue(); final String newName = node.getTarget().getValue(); @@ -694,7 +696,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanAlterTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); return new AlterTableDropColumnTask( database, @@ -715,7 +717,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanAlterTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); return new AlterTableSetPropertiesTask( database, @@ -735,7 +737,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanAlterTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); return new AlterTableCommentTableTask( database, @@ -755,7 +757,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanAlterTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); return new AlterTableCommentColumnTask( database, @@ -837,7 +839,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanDropTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); return new DropTableTask( database, tableName, context.getQueryId().getId(), node.isExists(), node.isView()); @@ -857,7 +859,8 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont accessControl.checkCanDeleteFromTable( context.getSession().getUserName(), - new QualifiedObjectName(node.getDatabase(), node.getTableName())); + new QualifiedObjectName(node.getDatabase(), node.getTableName()), + context); return new DeleteDeviceTask(node, context.getQueryId().getId(), context.getSession()); } @@ -904,7 +907,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont final String tableName = databaseTablePair.getRight(); accessControl.checkCanShowOrDescTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); if (Boolean.TRUE.equals(node.getShowCreateView())) { return new ShowCreateViewTask(database, tableName); @@ -919,7 +922,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitFlush(final Flush node, final MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new FlushTask(((FlushStatement) node.getInnerTreeStatement())); } @@ -930,7 +933,9 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont (SetConfigurationStatement) node.getInnerTreeStatement(); try { accessControl.checkMissingPrivileges( - context.getSession().getUserName(), setConfigurationStatement.getNeededPrivileges()); + context.getSession().getUserName(), + setConfigurationStatement.getNeededPrivileges(), + context); } catch (IOException e) { throw new AccessDeniedException("Failed to check config item permission"); } @@ -954,14 +959,14 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitStartRepairData(StartRepairData node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new StartRepairDataTask(((StartRepairDataStatement) node.getInnerTreeStatement())); } @Override protected IConfigTask visitStopRepairData(StopRepairData node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new StopRepairDataTask(((StopRepairDataStatement) node.getInnerTreeStatement())); } @@ -975,7 +980,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitSetSystemStatus(SetSystemStatus node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new SetSystemStatusTask(((SetSystemStatusStatement) node.getInnerTreeStatement())); } @@ -1027,7 +1032,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitCreatePipe(final CreatePipe node, final MPPQueryContext context) { context.setQueryType(QueryType.WRITE); final String userName = context.getSession().getUserName(); - accessControl.checkUserGlobalSysPrivilege(userName); + accessControl.checkUserGlobalSysPrivilege(userName, context); final Map<String, String> extractorAttributes = node.getExtractorAttributes(); final String pipeName = node.getPipeName(); @@ -1159,7 +1164,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont context.setQueryType(QueryType.WRITE); final String userName = context.getSession().getUserName(); - accessControl.checkUserGlobalSysPrivilege(userName); + accessControl.checkUserGlobalSysPrivilege(userName, context); final String pipeName = node.getPipeName(); final Map<String, String> extractorAttributes = node.getExtractorAttributes(); @@ -1196,35 +1201,35 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitDropPipe(DropPipe node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new DropPipeTask(node); } @Override protected IConfigTask visitStartPipe(StartPipe node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new StartPipeTask(node); } @Override protected IConfigTask visitStopPipe(StopPipe node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new StopPipeTask(node); } @Override protected IConfigTask visitShowPipes(ShowPipes node, MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowPipeTask(node, context.getSession().getUserName()); } @Override protected IConfigTask visitCreatePipePlugin(CreatePipePlugin node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); if (node.getUriString() != null && isUriTrusted(node.getUriString())) { // 1. user specified uri and that uri is trusted // 2. user doesn't specify uri @@ -1238,21 +1243,21 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitDropPipePlugin(DropPipePlugin node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new DropPipePluginTask(node); } @Override protected IConfigTask visitShowPipePlugins(ShowPipePlugins node, MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowPipePluginsTask(node); } @Override protected IConfigTask visitCreateTopic(CreateTopic node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // Inject table model into the topic attributes node.getTopicAttributes() @@ -1264,28 +1269,28 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitDropTopic(DropTopic node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new DropTopicTask(node); } @Override protected IConfigTask visitShowTopics(ShowTopics node, MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowTopicsTask(node); } @Override protected IConfigTask visitShowSubscriptions(ShowSubscriptions node, MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowSubscriptionsTask(node); } @Override protected IConfigTask visitDropSubscription(DropSubscription node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new DropSubscriptionTask(node); } @@ -1318,21 +1323,21 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitShowVersion(ShowVersion node, MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowVersionTask(); } @Override protected IConfigTask visitShowVariables(ShowVariables node, MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowVariablesTask(); } @Override protected IConfigTask visitShowClusterId(ShowClusterId node, MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowClusterIdTask(); } @@ -1352,7 +1357,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont throw new AccessDeniedException(status.getMessage()); } accessControl.checkUserCanRunRelationalAuthorStatement( - context.getSession().getUserName(), node); + context.getSession().getUserName(), node, context); if (node.getAuthorType() == AuthorRType.UPDATE_USER) { visitUpdateUser(node); } @@ -1381,7 +1386,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitCreateFunction(CreateFunction node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); if (node.getUriString().map(ExecutableManager::isUriTrusted).orElse(true)) { // 1. user specified uri and that uri is trusted // 2. user doesn't specify uri @@ -1401,14 +1406,14 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitDropFunction(DropFunction node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new DropFunctionTask(Model.TABLE, node.getUdfName()); } @Override protected IConfigTask visitMigrateRegion(MigrateRegion migrateRegion, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // As the implementation is identical, we'll simply translate to the // corresponding tree-model variant and execute that. return new MigrateRegionTask(migrateRegion); @@ -1418,7 +1423,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont protected IConfigTask visitReconstructRegion( ReconstructRegion reconstructRegion, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // As the implementation is identical, we'll simply translate to the // corresponding tree-model variant and execute that. return new ReconstructRegionTask(reconstructRegion); @@ -1427,7 +1432,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitExtendRegion(ExtendRegion extendRegion, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // As the implementation is identical, we'll simply translate to the // corresponding tree-model variant and execute that. return new ExtendRegionTask(extendRegion); @@ -1436,7 +1441,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitRemoveRegion(RemoveRegion removeRegion, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); // As the implementation is identical, we'll simply translate to the // corresponding tree-model variant and execute that. return new RemoveRegionTask(removeRegion); @@ -1445,7 +1450,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitCreateTraining(CreateTraining node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new CreateTrainingTask( node.getModelId(), node.getParameters(), node.getExistingModelId(), node.getTargetSql()); } @@ -1453,7 +1458,7 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitCreateModel(CreateModel node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); String uri = node.getUri(); if (uri != null && ExecutableManager.isUriTrusted(uri)) { // user specified uri and that uri is trusted @@ -1472,14 +1477,14 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitDropModel(DropModel node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new DropModelTask(node.getModelId()); } @Override protected IConfigTask visitShowLoadedModels(ShowLoadedModels node, MPPQueryContext context) { context.setQueryType(QueryType.READ); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new ShowLoadedModelsTask(node.getDeviceIdList()); } @@ -1492,14 +1497,14 @@ public class TableConfigTaskVisitor extends AstVisitor<IConfigTask, MPPQueryCont @Override protected IConfigTask visitLoadModel(LoadModel node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new LoadModelTask(node.getModelId(), node.getDeviceIdList()); } @Override protected IConfigTask visitUnloadModel(UnloadModel node, MPPQueryContext context) { context.setQueryType(QueryType.WRITE); - accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName()); + accessControl.checkUserGlobalSysPrivilege(context.getSession().getUserName(), context); return new UnloadModelTask(node.getModelId(), node.getDeviceIdList()); } } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/metadata/fetcher/TableHeaderSchemaValidator.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/metadata/fetcher/TableHeaderSchemaValidator.java index 48d0b3624d4..8db44a29585 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/metadata/fetcher/TableHeaderSchemaValidator.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/metadata/fetcher/TableHeaderSchemaValidator.java @@ -264,7 +264,8 @@ public class TableHeaderSchemaValidator { addColumnSchema(tableSchema.getColumns(), tsTable); accessControl.checkCanCreateTable( context.getSession().getUserName(), - new QualifiedObjectName(database, tableSchema.getTableName())); + new QualifiedObjectName(database, tableSchema.getTableName()), + context); final CreateTableTask createTableTask = new CreateTableTask(tsTable, database, true); try { final ListenableFuture<ConfigTaskResult> future = createTableTask.execute(configTaskExecutor); @@ -362,7 +363,7 @@ public class TableHeaderSchemaValidator { final MPPQueryContext context) { DataNodeSchemaLockManager.getInstance().releaseReadLock(context); accessControl.checkCanAlterTable( - context.getSession().getUserName(), new QualifiedObjectName(database, tableName)); + context.getSession().getUserName(), new QualifiedObjectName(database, tableName), context); final AlterTableAddColumnTask task = new AlterTableAddColumnTask( database, diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/ITableAuthCheckerImpl.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/ITableAuthCheckerImpl.java index 07c092ff6c2..9fabcf94c51 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/ITableAuthCheckerImpl.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/ITableAuthCheckerImpl.java @@ -240,7 +240,6 @@ public class ITableAuthCheckerImpl implements ITableAuthChecker { if (AuthorityChecker.SUPER_USER.equals(userName)) { recordAuditLog( auditEntity - .setDatabase(tableName.getDatabaseName()) .setAuditLogOperation(privilege.getAuditLogOperation()) .setPrivilegeType(privilege.getPrivilegeType()) .setResult(true), @@ -270,7 +269,6 @@ public class ITableAuthCheckerImpl implements ITableAuthChecker { if (AuthorityChecker.SUPER_USER.equals(userName)) { recordAuditLog( auditEntity - .setDatabase(tableName.getDatabaseName()) .setAuditLogOperation(privilege.getAuditLogOperation()) .setPrivilegeType(privilege.getPrivilegeType()) .setResult(true), @@ -308,7 +306,6 @@ public class ITableAuthCheckerImpl implements ITableAuthChecker { == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { recordAuditLog( auditEntity - .setDatabase(tableName.getDatabaseName()) .setAuditLogOperation(AuditLogOperation.CONTROL) .setPrivilegeType(PrivilegeType.SYSTEM) .setResult(true), @@ -317,7 +314,6 @@ public class ITableAuthCheckerImpl implements ITableAuthChecker { } recordAuditLog( auditEntity - .setDatabase(tableName.getDatabaseName()) .setAuditLogOperation(AuditLogOperation.CONTROL) .setPrivilegeType(PrivilegeType.SYSTEM) .setResult(false), @@ -331,7 +327,6 @@ public class ITableAuthCheckerImpl implements ITableAuthChecker { if (AuthorityChecker.SUPER_USER.equals(userName)) { recordAuditLog( auditEntity - .setDatabase(tableName.getDatabaseName()) .setAuditLogOperation(AuditLogOperation.QUERY) .setPrivilegeType(PrivilegeType.READ_SCHEMA) .setResult(true), @@ -344,7 +339,6 @@ public class ITableAuthCheckerImpl implements ITableAuthChecker { && !AuthorityChecker.checkSystemPermission(userName, PrivilegeType.AUDIT)) { recordAuditLog( auditEntity - .setDatabase(tableName.getDatabaseName()) .setAuditLogOperation(AuditLogOperation.QUERY) .setPrivilegeType(PrivilegeType.READ_SCHEMA) .setResult(false), @@ -355,7 +349,6 @@ public class ITableAuthCheckerImpl implements ITableAuthChecker { if (AuthorityChecker.checkSystemPermission(userName, PrivilegeType.SYSTEM)) { recordAuditLog( auditEntity - .setDatabase(tableName.getDatabaseName()) .setAuditLogOperation(AuditLogOperation.QUERY) .setPrivilegeType(PrivilegeType.READ_SCHEMA) .setResult(true), @@ -366,7 +359,6 @@ public class ITableAuthCheckerImpl implements ITableAuthChecker { userName, tableName.getDatabaseName(), tableName.getObjectName())) { recordAuditLog( auditEntity - .setDatabase(tableName.getDatabaseName()) .setAuditLogOperation(AuditLogOperation.QUERY) .setPrivilegeType(PrivilegeType.READ_SCHEMA) .setResult(false), diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/service/metrics/IoTDBInternalLocalReporter.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/service/metrics/IoTDBInternalLocalReporter.java index c35ca1a704e..2ba061b0ea2 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/service/metrics/IoTDBInternalLocalReporter.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/service/metrics/IoTDBInternalLocalReporter.java @@ -20,6 +20,7 @@ package org.apache.iotdb.db.service.metrics; import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.client.IClientManager; import org.apache.iotdb.commons.client.exception.ClientManagerException; import org.apache.iotdb.commons.concurrent.threadpool.ScheduledExecutorUtil; @@ -30,6 +31,7 @@ import org.apache.iotdb.confignode.rpc.thrift.TDatabaseSchema; import org.apache.iotdb.confignode.rpc.thrift.TGetDatabaseReq; import org.apache.iotdb.confignode.rpc.thrift.TShowDatabaseResp; import org.apache.iotdb.db.auth.AuthorityChecker; +import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.apache.iotdb.db.exception.query.QueryProcessException; import org.apache.iotdb.db.protocol.client.ConfigNodeClient; import org.apache.iotdb.db.protocol.client.ConfigNodeClientManager; @@ -88,7 +90,14 @@ public class IoTDBInternalLocalReporter extends IoTDBInternalReporter { public IoTDBInternalLocalReporter() { partitionFetcher = ClusterPartitionFetcher.getInstance(); schemaFetcher = ClusterSchemaFetcher.getInstance(); - sessionInfo = new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()); + sessionInfo = + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()); IClientManager<ConfigRegionId, ConfigNodeClient> configNodeClientManager = ConfigNodeClientManager.getInstance(); @@ -129,9 +138,7 @@ public class IoTDBInternalLocalReporter extends IoTDBInternalReporter { currentServiceFuture = ScheduledExecutorUtil.safelyScheduleAtFixedRate( service, - () -> { - writeMetricToIoTDB(autoGauges); - }, + () -> writeMetricToIoTDB(autoGauges), 1, MetricConfigDescriptor.getInstance().getMetricConfig().getAsyncCollectPeriodInSecond(), TimeUnit.SECONDS); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java index dcc95f366c8..05ab37a696c 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java @@ -20,6 +20,7 @@ package org.apache.iotdb.db.utils; import org.apache.iotdb.common.rpc.thrift.TSStatus; +import org.apache.iotdb.commons.audit.UserEntity; import org.apache.iotdb.commons.conf.CommonDescriptor; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.exception.IoTDBException; @@ -29,6 +30,7 @@ import org.apache.iotdb.commons.utils.AuthUtils; import org.apache.iotdb.commons.utils.CommonDateTimeUtils; import org.apache.iotdb.commons.utils.StatusUtils; import org.apache.iotdb.db.auth.AuthorityChecker; +import org.apache.iotdb.db.conf.IoTDBDescriptor; import org.apache.iotdb.db.exception.sql.SemanticException; import org.apache.iotdb.db.protocol.session.SessionManager; import org.apache.iotdb.db.queryengine.common.SessionInfo; @@ -79,8 +81,15 @@ public class DataNodeAuthUtils { + AuthUtils.encryptPassword(password) + "' order by time desc limit 1", ZoneId.systemDefault()); + SessionInfo sessionInfo = - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()); + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()); queryId = SessionManager.getInstance().requestQueryId(); ExecutionResult result = @@ -171,7 +180,13 @@ public class DataNodeAuthUtils { long queryId = -1; try { SessionInfo sessionInfo = - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()); + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()); queryId = SessionManager.getInstance().requestQueryId(); ExecutionResult result = @@ -218,7 +233,13 @@ public class DataNodeAuthUtils { long queryId = -1; try { SessionInfo sessionInfo = - new SessionInfo(0, AuthorityChecker.SUPER_USER, ZoneId.systemDefault()); + new SessionInfo( + 0, + new UserEntity( + AuthorityChecker.SUPER_USER_ID, + AuthorityChecker.SUPER_USER, + IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), + ZoneId.systemDefault()); queryId = SessionManager.getInstance().requestQueryId(); ExecutionResult result = diff --git a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AuditLogFields.java b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AuditLogFields.java index 2c060911def..22f3ad408f9 100644 --- a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AuditLogFields.java +++ b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AuditLogFields.java @@ -24,7 +24,7 @@ import org.apache.iotdb.commons.auth.entity.PrivilegeType; public class AuditLogFields { private final String username; - private final int userId; + private final long userId; private final String cliHostname; private final AuditEventType auditType; private final AuditLogOperation operationType; @@ -35,7 +35,7 @@ public class AuditLogFields { public AuditLogFields( String username, - int userId, + long userId, String cliHostname, AuditEventType auditType, AuditLogOperation operationType, @@ -58,7 +58,7 @@ public class AuditLogFields { return username; } - public int getUserId() { + public long getUserId() { return userId; } diff --git a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/IAuditEntity.java b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/IAuditEntity.java index ccba49082a1..4c8d3424a67 100644 --- a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/IAuditEntity.java +++ b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/IAuditEntity.java @@ -4,7 +4,7 @@ import org.apache.iotdb.commons.auth.entity.PrivilegeType; public interface IAuditEntity { - int getUserId(); + long getUserId(); String getUsername(); @@ -28,7 +28,5 @@ public interface IAuditEntity { String getDatabase(); - IAuditEntity setDatabase(String database); - String getSqlString(); } diff --git a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/UserEntity.java b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/UserEntity.java new file mode 100644 index 00000000000..5fd18c2e4b6 --- /dev/null +++ b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/UserEntity.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.iotdb.commons.audit; + +import java.util.Objects; + +/** This class defines the fields of a user entity to be audited. */ +public class UserEntity { + + private final long userId; + + private final String username; + + private final String cliHostname; + + public UserEntity(long userId, String username, String cliHostname) { + this.userId = userId; + this.username = username; + this.cliHostname = cliHostname; + } + + public long getUserId() { + return userId; + } + + public String getUsername() { + return username; + } + + public String getCliHostname() { + return cliHostname; + } + + @Override + public boolean equals(Object o) { + if (o == null || getClass() != o.getClass()) { + return false; + } + UserEntity that = (UserEntity) o; + return userId == that.userId + && Objects.equals(username, that.username) + && Objects.equals(cliHostname, that.cliHostname); + } + + @Override + public int hashCode() { + return Objects.hash(userId, username, cliHostname); + } +} diff --git a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/User.java b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/User.java index c0098cf0d51..5a803f48904 100644 --- a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/User.java +++ b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/User.java @@ -74,6 +74,10 @@ public class User extends Role { } /** ------------ get func ----------------* */ + public long getUserId() { + return -1; + } + public String getPassword() { return password; }
