This is an automated email from the ASF dual-hosted git repository.
jiangtian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 8cb4b9be877 Reduced the auth log when paths are too many (#16825)
8cb4b9be877 is described below
commit 8cb4b9be877b3d9fe013cda6eb178f41bd805384
Author: Caideyipi <[email protected]>
AuthorDate: Thu Nov 27 19:18:30 2025 +0800
Reduced the auth log when paths are too many (#16825)
* partial
* test
---
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 9 +++-
.../apache/iotdb/db/auth/AuthorityCheckerTest.java | 51 ++++++++++++++++++++++
.../apache/iotdb/commons/conf/CommonConfig.java | 9 ++++
.../iotdb/commons/conf/CommonDescriptor.java | 5 +++
4 files changed, 73 insertions(+), 1 deletion(-)
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 495c317c1ed..57bef50b796 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -304,10 +304,17 @@ public class AuthorityChecker {
prompt.append(neededPrivilege);
prompt.append(" on [");
prompt.append(pathList.get(noPermissionIndexList.get(0)));
- for (int i = 1; i < noPermissionIndexList.size(); i++) {
+ final int size =
+ Math.min(
+ noPermissionIndexList.size(),
+ CommonDescriptor.getInstance().getConfig().getPathLogMaxSize());
+ for (int i = 1; i < size; i++) {
prompt.append(", ");
prompt.append(pathList.get(noPermissionIndexList.get(i)));
}
+ if (size < noPermissionIndexList.size()) {
+ prompt.append(", ...");
+ }
prompt.append("]");
return new
TSStatus(TSStatusCode.NO_PERMISSION.getStatusCode()).setMessage(prompt.toString());
}
diff --git
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
new file mode 100644
index 00000000000..ca730c377b7
--- /dev/null
+++
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.iotdb.db.auth;
+
+import org.apache.iotdb.commons.auth.entity.PrivilegeType;
+import org.apache.iotdb.commons.conf.CommonConfig;
+import org.apache.iotdb.commons.conf.CommonDescriptor;
+import org.apache.iotdb.commons.exception.IllegalPathException;
+import org.apache.iotdb.commons.path.MeasurementPath;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+public class AuthorityCheckerTest {
+
+ @Test
+ public void testLogReduce() throws IllegalPathException {
+ final CommonConfig config = CommonDescriptor.getInstance().getConfig();
+ final int oldSize = config.getPathLogMaxSize();
+ config.setPathLogMaxSize(1);
+ Assert.assertEquals(
+ "No permissions for this operation, please add privilege WRITE_DATA on
[root.db.device.s1, ...]",
+ AuthorityChecker.getTSStatus(
+ Arrays.asList(0, 1),
+ Arrays.asList(
+ new MeasurementPath("root.db.device.s1"),
+ new MeasurementPath("root.db.device.s2")),
+ PrivilegeType.WRITE_DATA)
+ .getMessage());
+ config.setPathLogMaxSize(oldSize);
+ }
+}
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonConfig.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonConfig.java
index cd0645adf4c..62bc89ec5ae 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonConfig.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonConfig.java
@@ -472,6 +472,7 @@ public class CommonConfig {
private PrivilegeLevel auditableOperationLevel = PrivilegeLevel.GLOBAL;
private String auditableOperationResult = "SUCCESS, FAIL";
+ private int pathLogMaxSize = 100;
CommonConfig() {
// Empty constructor
@@ -2531,6 +2532,14 @@ public class CommonConfig {
this.log2SizeClassGroup = log2SizeClassGroup;
}
+ public int getPathLogMaxSize() {
+ return pathLogMaxSize;
+ }
+
+ public void setPathLogMaxSize(int pathLogMaxSize) {
+ this.pathLogMaxSize = pathLogMaxSize;
+ }
+
/**
* @param querySamplingRateLimit query_sample_throughput_bytes_per_sec
*/
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonDescriptor.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonDescriptor.java
index 2bd4d954d40..0ed6848b97d 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonDescriptor.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonDescriptor.java
@@ -276,6 +276,11 @@ public class CommonDescriptor {
"cluster_device_limit_threshold",
String.valueOf(config.getDeviceLimitThreshold()))));
+ config.setPathLogMaxSize(
+ Integer.parseInt(
+ properties.getProperty(
+ "path_log_max_size",
String.valueOf(config.getPathLogMaxSize()))));
+
loadRetryProperties(properties);
loadBinaryAllocatorProps(properties);
}
