starrocks icon indicating copy to clipboard operation
starrocks copied to clipboard

Published 20 hours ago verified publisher icon StarRocks

[Feature] new privilege framework: basic authorization

Open padmejin opened this issue 2 years ago • 2 comments

What type of PR is this:

  • [ ] BugFix
  • [x] Feature
  • [ ] Enhancement
  • [ ] Refactor
  • [ ] UT
  • [ ] Doc
  • [ ] Tool

Which issues of this PR fixes :

Fixes #

Problem Summary(Required) :

Introduce a new privilege framework. To avoid huge PR which is hard to review and easy to conflict, I'm splitting into several small PR, each implementing an individual aspect of the new privilege framework. This is the third one. For previous PRs see https://github.com/StarRocks/starrocks/pull/11447 https://github.com/StarRocks/starrocks/pull/11528

This PR implements the basic authorization for the select action on tables. Persisting to the image is not supported yet. with grant option is also not supported for the analyzer, but the underlying data structure has already been implemented with the unit test.

Checklist:

  • [x] I have added test cases for my bug fix or my new feature
  • [ ] I have added user document for my new feature or new function

padmejin avatar Sep 23 '22 09:09 padmejin

run starrocks_fe_unittest

padmejin avatar Sep 26 '22 05:09 padmejin

LGTM

waittttting avatar Sep 27 '22 07:09 waittttting

SonarCloud Quality Gate failed.    Quality Gate failed

Bug B 2 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 13 Code Smells

0.0% 0.0% Coverage
3.2% 3.2% Duplication

sonarqubecloud[bot] avatar Sep 28 '22 05:09 sonarqubecloud[bot]

[FE PR Coverage Check]

:heart_eyes: pass : 337 / 397 (84.89%)

file detail

path covered_line new_line coverage not_covered_line_detail
:large_blue_circle: com/starrocks/sql/analyzer/PrivilegeChecker.java 0 1 00.00% [140]
:large_blue_circle: com/starrocks/qe/DDLStmtExecutor.java 0 6 00.00% [418, 419, 421, 424, 425, 427]
:large_blue_circle: com/starrocks/persist/EditLog.java 4 17 23.53% [896, 897, 898, 899, 900, 901, 902, 905, 906, 907, 908, 909, 910]
:large_blue_circle: com/starrocks/sql/analyzer/PrivilegeCheckerV2.java 24 36 66.67% [46, 86, 93, 99, 107, 108, 110, 111, 116, 117, 118, 123]
:large_blue_circle: com/starrocks/privilege/DefaultAuthorizationProvider.java 15 20 75.00% [45, 51, 72, 79, 81]
:large_blue_circle: com/starrocks/sql/analyzer/PrivilegeStmtAnalyzerV2.java 3 4 75.00% [80]
:large_blue_circle: com/starrocks/privilege/TablePEntryObject.java 12 16 75.00% [18, 22, 26, 39]
:large_blue_circle: com/starrocks/privilege/PEntryObject.java 6 7 85.71% [22]
:large_blue_circle: com/starrocks/privilege/Action.java 7 8 87.50% [27]
:large_blue_circle: com/starrocks/privilege/PrivilegeManager.java 120 133 90.23% [85, 118, 194, 196, 197, 198, 200, 201, 202, 204, 206, 250, 258]
:large_blue_circle: com/starrocks/authentication/AuthenticationManager.java 9 10 90.00% [182]
:large_blue_circle: com/starrocks/privilege/PrivilegeCollection.java 76 78 97.44% [150, 151]
:large_blue_circle: com/starrocks/privilege/ActionSet.java 16 16 100.00% []
:large_blue_circle: com/starrocks/persist/UserPrivilegeCollectionInfo.java 14 14 100.00% []
:large_blue_circle: com/starrocks/persist/CreateUserInfo.java 11 11 100.00% []
:large_blue_circle: com/starrocks/privilege/UserPrivilegeCollection.java 1 1 100.00% []
:large_blue_circle: com/starrocks/privilege/PrivilegeTypes.java 8 8 100.00% []
:large_blue_circle: com/starrocks/sql/ast/BaseGrantRevokePrivilegeStmt.java 2 2 100.00% []
:large_blue_circle: com/starrocks/server/GlobalStateMgr.java 4 4 100.00% []
:large_blue_circle: com/starrocks/journal/JournalEntity.java 3 3 100.00% []
:large_blue_circle: com/starrocks/privilege/PrivilegeException.java 2 2 100.00% []

wanpengfei-git avatar Sep 28 '22 05:09 wanpengfei-git

run starrocks_admit_test

wanpengfei-git avatar Sep 28 '22 06:09 wanpengfei-git