[feature](selectdb-cloud) Disable admin stmt in cloud mode (apache#1064)

Disable the following stmt.

* AdminRebalanceDiskStmt/AdminCancelRebalanceDiskStmt
* AdminRepairTableStmt/AdminCancelRepairTableStmt
* AdminCheckTabletsStmt
* AdminCleanTrashStmt
* AdminCompactTableStmt
* AdminCopyTabletStmt
* AdminDiagnoseTabletStmt
* AdminSetConfigStmt
* AdminSetReplicaStatusStmt
* AdminShowConfigStmt
* AdminShowReplicaDistributionStmt
* AdminShowReplicaStatusStmt
* AdminShowTabletStorageFormatStmt

Leaving a backdoor for the user root:

* AdminSetConfigStmt
* AdminShowConfigStmt
* AdminShowReplicaDistributionStmt
* AdminShowReplicaStatusStmt
* AdminDiagnoseTabletStmt

fe/fe-core/src/main/java/org/apache/doris/qe/DdlExecutor.java

@@ -125,6 +125,7 @@
 import org.apache.doris.load.loadv2.JobState;
 import org.apache.doris.load.loadv2.LoadJob;
 import org.apache.doris.load.sync.SyncJobManager;
+import org.apache.doris.mysql.privilege.PaloAuth;
 
 import com.google.common.collect.Lists;
 import org.apache.logging.log4j.LogManager;
@@ -296,12 +297,29 @@ public static void execute(Env env, DdlStmt ddlStmt) throws Exception {
         } else if (ddlStmt instanceof TruncateTableStmt) {
             env.truncateTable((TruncateTableStmt) ddlStmt);
         } else if (ddlStmt instanceof AdminRepairTableStmt) {
+            if (!Config.cloud_unique_id.isEmpty()) {
+                LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString());
+                throw new DdlException("Unsupported operaiton");
+            }
             env.getTabletChecker().repairTable((AdminRepairTableStmt) ddlStmt);
         } else if (ddlStmt instanceof AdminCancelRepairTableStmt) {
+            if (!Config.cloud_unique_id.isEmpty()) {
+                LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString());
+                throw new DdlException("Unsupported operaiton");
+            }
             env.getTabletChecker().cancelRepairTable((AdminCancelRepairTableStmt) ddlStmt);
         } else if (ddlStmt instanceof AdminCompactTableStmt) {
+            if (!Config.cloud_unique_id.isEmpty()) {
+                LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString());
+                throw new DdlException("Unsupported operaiton");
+            }
             env.compactTable((AdminCompactTableStmt) ddlStmt);
         } else if (ddlStmt instanceof AdminSetConfigStmt) {
+            if (!Config.cloud_unique_id.isEmpty()
+                    && ConnectContext.get().getCurrentUserIdentity().getUser().equals(PaloAuth.ROOT_USER)) {
+                LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString());
+                throw new DdlException("Unsupported operaiton");
+            }
             env.setConfig((AdminSetConfigStmt) ddlStmt);
         } else if (ddlStmt instanceof CreateFileStmt) {
             env.getSmallFileMgr().createFile((CreateFileStmt) ddlStmt);
@@ -318,6 +336,10 @@ public static void execute(Env env, DdlStmt ddlStmt) throws Exception {
             }
             env.checkTablets((AdminCheckTabletsStmt) ddlStmt);
         } else if (ddlStmt instanceof AdminSetReplicaStatusStmt) {
+            if (!Config.cloud_unique_id.isEmpty()) {
+                LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString());
+                throw new DdlException("Unsupported operaiton");
+            }
             env.setReplicaStatus((AdminSetReplicaStatusStmt) ddlStmt);
         } else if (ddlStmt instanceof CreateResourceStmt) {
             env.getResourceMgr().createResource((CreateResourceStmt) ddlStmt);
@@ -339,10 +361,22 @@ public static void execute(Env env, DdlStmt ddlStmt) throws Exception {
         } else if (ddlStmt instanceof StopSyncJobStmt) {
             env.getSyncJobManager().stopSyncJob((StopSyncJobStmt) ddlStmt);
         } else if (ddlStmt instanceof AdminCleanTrashStmt) {
+            if (!Config.cloud_unique_id.isEmpty()) {
+                LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString());
+                throw new DdlException("Unsupported operaiton");
+            }
             env.cleanTrash((AdminCleanTrashStmt) ddlStmt);
         } else if (ddlStmt instanceof AdminRebalanceDiskStmt) {
+            if (!Config.cloud_unique_id.isEmpty()) {
+                LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString());
+                throw new DdlException("Unsupported operaiton");
+            }
             env.getTabletScheduler().rebalanceDisk((AdminRebalanceDiskStmt) ddlStmt);
         } else if (ddlStmt instanceof AdminCancelRebalanceDiskStmt) {
+            if (!Config.cloud_unique_id.isEmpty()) {
+                LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString());
+                throw new DdlException("Unsupported operaiton");
+            }
             env.getTabletScheduler().cancelRebalanceDisk((AdminCancelRebalanceDiskStmt) ddlStmt);
         } else if (ddlStmt instanceof CreateSqlBlockRuleStmt) {
             env.getSqlBlockRuleMgr().createSqlBlockRule((CreateSqlBlockRuleStmt) ddlStmt);

fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java

@@ -174,6 +174,7 @@
 import org.apache.doris.load.LoadJob;
 import org.apache.doris.load.LoadJob.JobState;
 import org.apache.doris.load.routineload.RoutineLoadJob;
+import org.apache.doris.mysql.privilege.PaloAuth;
 import org.apache.doris.mysql.privilege.PrivPredicate;
 import org.apache.doris.statistics.StatisticsJobManager;
 import org.apache.doris.system.Backend;
@@ -336,10 +337,25 @@ public ShowResultSet execute() throws AnalysisException {
         } else if (stmt instanceof ShowTrashDiskStmt) {
             handleShowTrashDisk();
         } else if (stmt instanceof AdminShowReplicaStatusStmt) {
+            if (!Config.cloud_unique_id.isEmpty() && !ctx.getCurrentUserIdentity()
+                    .getUser().equals(PaloAuth.ROOT_USER)) {
+                LOG.info("stmt={}, not supported in cloud mode", stmt.toString());
+                throw new AnalysisException("Unsupported operaiton");
+            }
             handleAdminShowTabletStatus();
         } else if (stmt instanceof AdminShowReplicaDistributionStmt) {
+            if (!Config.cloud_unique_id.isEmpty() && !ctx.getCurrentUserIdentity()
+                    .getUser().equals(PaloAuth.ROOT_USER)) {
+                LOG.info("stmt={}, not supported in cloud mode", stmt.toString());
+                throw new AnalysisException("Unsupported operaiton");
+            }
             handleAdminShowTabletDistribution();
         } else if (stmt instanceof AdminShowConfigStmt) {
+            if (!Config.cloud_unique_id.isEmpty() && !ctx.getCurrentUserIdentity()
+                    .getUser().equals(PaloAuth.ROOT_USER)) {
+                LOG.info("stmt={}, not supported in cloud mode", stmt.toString());
+                throw new AnalysisException("Unsupported operaiton");
+            }
             handleAdminShowConfig();
         } else if (stmt instanceof ShowSmallFilesStmt) {
             handleShowSmallFiles();
@@ -372,8 +388,17 @@ public ShowResultSet execute() throws AnalysisException {
         } else if (stmt instanceof ShowLastInsertStmt) {
             handleShowLastInsert();
         } else if (stmt instanceof AdminShowTabletStorageFormatStmt) {
+            if (!Config.cloud_unique_id.isEmpty()) {
+                LOG.info("stmt={}, not supported in cloud mode", stmt.toString());
+                throw new AnalysisException("Unsupported operaiton");
+            }
             handleAdminShowTabletStorageFormat();
         } else if (stmt instanceof AdminDiagnoseTabletStmt) {
+            if (!Config.cloud_unique_id.isEmpty() && !ctx.getCurrentUserIdentity()
+                    .getUser().equals(PaloAuth.ROOT_USER)) {
+                LOG.info("stmt={}, not supported in cloud mode", stmt.toString());
+                throw new AnalysisException("Unsupported operaiton");
+            }
             handleAdminDiagnoseTablet();
         } else if (stmt instanceof ShowCreateMaterializedViewStmt) {
             handleShowCreateMaterializedView();