From e6a065c98a9974306825ca44700cf7d6e6f9f40d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 6 Nov 2024 14:54:59 +0800 Subject: [PATCH] branch-2.1: [fix](auth)Fix after fe restarting, external permissions are lost (#43307) Cherry-picked from #43275 Co-authored-by: zhangdong <493738387@qq.com> --- .../apache/doris/mysql/privilege/Auth.java | 4 +- .../suites/auth_up_down_hive_p0/load.groovy | 45 +++++++++++++++++++ .../test_up_down_hive_auth.groovy | 32 +++++++++++++ 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 regression-test/suites/auth_up_down_hive_p0/load.groovy create mode 100644 regression-test/suites/auth_up_down_hive_p0/test_up_down_hive_auth.groovy diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java index c39863cb23d638..dca598ef4ba606 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java @@ -597,7 +597,9 @@ private void grantInternal(UserIdentity userIdent, String role, TablePattern tbl throws DdlException { writeLock(); try { - checkTablePatternExist(tblPattern); + if (!isReplay) { + checkTablePatternExist(tblPattern); + } if (role == null) { if (!doesUserExist(userIdent)) { throw new DdlException("user " + userIdent + " does not exist"); diff --git a/regression-test/suites/auth_up_down_hive_p0/load.groovy b/regression-test/suites/auth_up_down_hive_p0/load.groovy new file mode 100644 index 00000000000000..c972d6905ce6fb --- /dev/null +++ b/regression-test/suites/auth_up_down_hive_p0/load.groovy @@ -0,0 +1,45 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +suite("test_up_down_hive_prepare_auth","p0,auth,restart_fe,external,hive,external_docker,external_docker_hive") { + String enabled = context.config.otherConfigs.get("enableHiveTest") + if (enabled == null || !enabled.equalsIgnoreCase("true")) { + logger.info("diable Hive test.") + return; + } + String suiteName = "auth_up_down_hive" + String hivePrefix = "hive2"; + String hms_port = context.config.otherConfigs.get(hivePrefix + "HmsPort") + String externalEnvIp = context.config.otherConfigs.get("externalEnvIp") + String catalogName = "${hivePrefix}_${suiteName}_catalog" + String userName = "${hivePrefix}_${suiteName}_user" + String pwd = 'C123_567p' + + try_sql("DROP USER ${userName}") + sql """CREATE USER '${userName}' IDENTIFIED BY '${pwd}'""" + + sql """drop catalog if exists ${catalogName}""" + sql """create catalog if not exists ${catalogName} properties ( + "type"="hms", + 'hive.metastore.uris' = 'thrift://${externalEnvIp}:${hms_port}' + );""" + sql """grant select_priv on ${catalogName}.tpch1_parquet.customer to ${userName}""" + + def res = sql """show grants for ${userName}""" + logger.info("res: " + res.toString()) + assertTrue(res.toString().contains("${catalogName}.tpch1_parquet.customer")) +} diff --git a/regression-test/suites/auth_up_down_hive_p0/test_up_down_hive_auth.groovy b/regression-test/suites/auth_up_down_hive_p0/test_up_down_hive_auth.groovy new file mode 100644 index 00000000000000..8a305bcc87d025 --- /dev/null +++ b/regression-test/suites/auth_up_down_hive_p0/test_up_down_hive_auth.groovy @@ -0,0 +1,32 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +suite("test_up_down_hive_auth","p0,mtmv,restart_fe,external,hive,external_docker,external_docker_hive") { + String enabled = context.config.otherConfigs.get("enableHiveTest") + if (enabled == null || !enabled.equalsIgnoreCase("true")) { + logger.info("diable Hive test.") + return; + } + String suiteName = "auth_up_down_hive" + String hivePrefix = "hive2"; + String catalogName = "${hivePrefix}_${suiteName}_catalog" + String userName = "${hivePrefix}_${suiteName}_user" + + def res = sql """show grants for ${userName}""" + logger.info("res: " + res.toString()) + assertTrue(res.toString().contains("${catalogName}.tpch1_parquet.customer")) +}