From 5ac4cae6b512649cdeab62d2afe5122613c35788 Mon Sep 17 00:00:00 2001 From: Lei Zhang <27994433+SWJTU-ZhangLei@users.noreply.github.com> Date: Sat, 12 Nov 2022 00:16:54 +0800 Subject: [PATCH] [feature](selectdb-cloud) Disable admin stmt in cloud mode (#1064) Disable the following stmt. * AdminRebalanceDiskStmt/AdminCancelRebalanceDiskStmt * AdminRepairTableStmt/AdminCancelRepairTableStmt * AdminCheckTabletsStmt * AdminCleanTrashStmt * AdminCompactTableStmt * AdminCopyTabletStmt * AdminDiagnoseTabletStmt * AdminSetConfigStmt * AdminSetReplicaStatusStmt * AdminShowConfigStmt * AdminShowReplicaDistributionStmt * AdminShowReplicaStatusStmt * AdminShowTabletStorageFormatStmt Leaving a backdoor for the user root: * AdminSetConfigStmt * AdminShowConfigStmt * AdminShowReplicaDistributionStmt * AdminShowReplicaStatusStmt * AdminDiagnoseTabletStmt --- .../java/org/apache/doris/qe/DdlExecutor.java | 34 +++++++++++++++++++ .../org/apache/doris/qe/ShowExecutor.java | 25 ++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/DdlExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/DdlExecutor.java index a81ccb464315cc1..18c10c5268575ea 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/qe/DdlExecutor.java +++ b/fe/fe-core/src/main/java/org/apache/doris/qe/DdlExecutor.java @@ -125,6 +125,7 @@ import org.apache.doris.load.loadv2.JobState; import org.apache.doris.load.loadv2.LoadJob; import org.apache.doris.load.sync.SyncJobManager; +import org.apache.doris.mysql.privilege.PaloAuth; import com.google.common.collect.Lists; import org.apache.logging.log4j.LogManager; @@ -296,12 +297,29 @@ public static void execute(Env env, DdlStmt ddlStmt) throws Exception { } else if (ddlStmt instanceof TruncateTableStmt) { env.truncateTable((TruncateTableStmt) ddlStmt); } else if (ddlStmt instanceof AdminRepairTableStmt) { + if (!Config.cloud_unique_id.isEmpty()) { + LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString()); + throw new DdlException("Unsupported operaiton"); + } env.getTabletChecker().repairTable((AdminRepairTableStmt) ddlStmt); } else if (ddlStmt instanceof AdminCancelRepairTableStmt) { + if (!Config.cloud_unique_id.isEmpty()) { + LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString()); + throw new DdlException("Unsupported operaiton"); + } env.getTabletChecker().cancelRepairTable((AdminCancelRepairTableStmt) ddlStmt); } else if (ddlStmt instanceof AdminCompactTableStmt) { + if (!Config.cloud_unique_id.isEmpty()) { + LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString()); + throw new DdlException("Unsupported operaiton"); + } env.compactTable((AdminCompactTableStmt) ddlStmt); } else if (ddlStmt instanceof AdminSetConfigStmt) { + if (!Config.cloud_unique_id.isEmpty() + && ConnectContext.get().getCurrentUserIdentity().getUser().equals(PaloAuth.ROOT_USER)) { + LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString()); + throw new DdlException("Unsupported operaiton"); + } env.setConfig((AdminSetConfigStmt) ddlStmt); } else if (ddlStmt instanceof CreateFileStmt) { env.getSmallFileMgr().createFile((CreateFileStmt) ddlStmt); @@ -318,6 +336,10 @@ public static void execute(Env env, DdlStmt ddlStmt) throws Exception { } env.checkTablets((AdminCheckTabletsStmt) ddlStmt); } else if (ddlStmt instanceof AdminSetReplicaStatusStmt) { + if (!Config.cloud_unique_id.isEmpty()) { + LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString()); + throw new DdlException("Unsupported operaiton"); + } env.setReplicaStatus((AdminSetReplicaStatusStmt) ddlStmt); } else if (ddlStmt instanceof CreateResourceStmt) { env.getResourceMgr().createResource((CreateResourceStmt) ddlStmt); @@ -339,10 +361,22 @@ public static void execute(Env env, DdlStmt ddlStmt) throws Exception { } else if (ddlStmt instanceof StopSyncJobStmt) { env.getSyncJobManager().stopSyncJob((StopSyncJobStmt) ddlStmt); } else if (ddlStmt instanceof AdminCleanTrashStmt) { + if (!Config.cloud_unique_id.isEmpty()) { + LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString()); + throw new DdlException("Unsupported operaiton"); + } env.cleanTrash((AdminCleanTrashStmt) ddlStmt); } else if (ddlStmt instanceof AdminRebalanceDiskStmt) { + if (!Config.cloud_unique_id.isEmpty()) { + LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString()); + throw new DdlException("Unsupported operaiton"); + } env.getTabletScheduler().rebalanceDisk((AdminRebalanceDiskStmt) ddlStmt); } else if (ddlStmt instanceof AdminCancelRebalanceDiskStmt) { + if (!Config.cloud_unique_id.isEmpty()) { + LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString()); + throw new DdlException("Unsupported operaiton"); + } env.getTabletScheduler().cancelRebalanceDisk((AdminCancelRebalanceDiskStmt) ddlStmt); } else if (ddlStmt instanceof CreateSqlBlockRuleStmt) { env.getSqlBlockRuleMgr().createSqlBlockRule((CreateSqlBlockRuleStmt) ddlStmt); diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java index 9b953c346354efa..d38339357574cf5 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java +++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java @@ -174,6 +174,7 @@ import org.apache.doris.load.LoadJob; import org.apache.doris.load.LoadJob.JobState; import org.apache.doris.load.routineload.RoutineLoadJob; +import org.apache.doris.mysql.privilege.PaloAuth; import org.apache.doris.mysql.privilege.PrivPredicate; import org.apache.doris.statistics.StatisticsJobManager; import org.apache.doris.system.Backend; @@ -336,10 +337,25 @@ public ShowResultSet execute() throws AnalysisException { } else if (stmt instanceof ShowTrashDiskStmt) { handleShowTrashDisk(); } else if (stmt instanceof AdminShowReplicaStatusStmt) { + if (!Config.cloud_unique_id.isEmpty() && !ctx.getCurrentUserIdentity() + .getUser().equals(PaloAuth.ROOT_USER)) { + LOG.info("stmt={}, not supported in cloud mode", stmt.toString()); + throw new AnalysisException("Unsupported operaiton"); + } handleAdminShowTabletStatus(); } else if (stmt instanceof AdminShowReplicaDistributionStmt) { + if (!Config.cloud_unique_id.isEmpty() && !ctx.getCurrentUserIdentity() + .getUser().equals(PaloAuth.ROOT_USER)) { + LOG.info("stmt={}, not supported in cloud mode", stmt.toString()); + throw new AnalysisException("Unsupported operaiton"); + } handleAdminShowTabletDistribution(); } else if (stmt instanceof AdminShowConfigStmt) { + if (!Config.cloud_unique_id.isEmpty() && !ctx.getCurrentUserIdentity() + .getUser().equals(PaloAuth.ROOT_USER)) { + LOG.info("stmt={}, not supported in cloud mode", stmt.toString()); + throw new AnalysisException("Unsupported operaiton"); + } handleAdminShowConfig(); } else if (stmt instanceof ShowSmallFilesStmt) { handleShowSmallFiles(); @@ -372,8 +388,17 @@ public ShowResultSet execute() throws AnalysisException { } else if (stmt instanceof ShowLastInsertStmt) { handleShowLastInsert(); } else if (stmt instanceof AdminShowTabletStorageFormatStmt) { + if (!Config.cloud_unique_id.isEmpty()) { + LOG.info("stmt={}, not supported in cloud mode", stmt.toString()); + throw new AnalysisException("Unsupported operaiton"); + } handleAdminShowTabletStorageFormat(); } else if (stmt instanceof AdminDiagnoseTabletStmt) { + if (!Config.cloud_unique_id.isEmpty() && !ctx.getCurrentUserIdentity() + .getUser().equals(PaloAuth.ROOT_USER)) { + LOG.info("stmt={}, not supported in cloud mode", stmt.toString()); + throw new AnalysisException("Unsupported operaiton"); + } handleAdminDiagnoseTablet(); } else if (stmt instanceof ShowCreateMaterializedViewStmt) { handleShowCreateMaterializedView();