Skip to content

[fix](auth)fix missing authentication #33347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
morningman merged 70 commits into from
Apr 15, 2024
Merged

[fix](auth)fix missing authentication #33347

morningman merged 70 commits into from
Apr 15, 2024

Conversation

@zddr
Copy link
Contributor

@zddr zddr commented Apr 8, 2024
edited
Loading

Proposed changes

Issue Number: close #xxx

  • Modified permission prompt information: added display of which permission items are required to perform the current operation, removed prompt information for "current user" and "IP"
  • AdminCopyTablet use PrivPredicate.ADMIN check auth, before is PrivPredicate.OPERATOR
  • row policy use PrivPredicate.GRANT
  • storage policy keep PrivPredicate.ADMIN unchanged
  • create/alter view need has select_priv on base table
  • cancel alter system need PrivPredicate.OPERATOR
  • drop sync materialized view need alter_priv before is drop_priv
  • SetLdapPassVar need admin_priv before only root/admin can do
  • ShowCatalogRecycleBin use PrivPredicate.ADMIN
  • ShowCreateRepository use PrivPredicate.ADMIN
  • ShowDataRepository use PrivPredicate.ADMIN
  • ShowEncryptKey use PrivPredicate.ADMIN
  • ShowPlugins use PrivPredicate.ADMIN
  • ShowRepositories use PrivPredicate.ADMIN
  • ShowSnapshot use PrivPredicate.ADMIN
  • ShowTabletsBelong use PrivPredicate.ADMIN
  • ShowTranscation use PrivPredicate.ADMIN
  • show create db use show instead of PrivPredicate.ALTER_CREATE_DROP
  • cancel export,if table size >1,use db.PrivPredicate.SELECT,else use table.PrivPredicate.SELECT
  • show stream load,table.PrivPredicate.LOAD
  • show load,if table size >1,use db.PrivPredicate.LOAD,else use table.PrivPredicate.LOAD

Further comments

If this is a relatively large or complex change, kick off the discussion at dev@doris.apache.org by explaining why you chose the solution you did and what alternatives you considered, etc...

@doris-robot
Copy link

doris-robot commented Apr 8, 2024

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR

Since 2024-03-18, the Document has been moved to doris-website.
See Doris Document.

@zddr zddr marked this pull request as draft April 8, 2024 03:24
@zddr
Copy link
Contributor Author

zddr commented Apr 9, 2024

run buildall

@github-actions github-actions bot added the approved Indicates a PR has been approved by one committer. label Apr 12, 2024
@github-actions
Copy link
Contributor

github-actions bot commented Apr 12, 2024

PR approved by at least one committer and no changes requested.

@github-actions
Copy link
Contributor

github-actions bot commented Apr 12, 2024

PR approved by anyone and no changes requested.

@zddr
Copy link
Contributor Author

zddr commented Apr 12, 2024

run buildall

@github-actions github-actions bot removed the approved Indicates a PR has been approved by one committer. label Apr 12, 2024
@doris-robot
Copy link

doris-robot commented Apr 12, 2024

TPC-H: Total hot run time: 38856 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit c7ced180439c77551e8fdc3abf1f55e8c08a2798, data reload: false

------ Round 1 ----------------------------------
q1	17612	4352	4262	4262
q2	2035	196	208	196
q3	10421	1196	1235	1196
q4	10418	773	796	773
q5	7551	2715	2668	2668
q6	211	132	135	132
q7	1008	617	601	601
q8	9220	2074	2044	2044
q9	7959	6565	6532	6532
q10	8544	3563	3553	3553
q11	460	239	236	236
q12	401	229	218	218
q13	19026	2979	2956	2956
q14	279	240	238	238
q15	525	495	495	495
q16	537	395	388	388
q17	979	621	753	621
q18	7386	6896	6712	6712
q19	1612	1523	1530	1523
q20	697	318	316	316
q21	3554	3000	2888	2888
q22	365	308	311	308
Total cold run time: 110800 ms
Total hot run time: 38856 ms

----- Round 2, with runtime_filter_mode=off -----
q1	4232	4215	4252	4215
q2	383	265	273	265
q3	3004	2761	2752	2752
q4	1876	1557	1586	1557
q5	5399	5367	5349	5349
q6	214	126	125	125
q7	2264	1874	1879	1874
q8	3210	3362	3357	3357
q9	8601	8587	8577	8577
q10	3879	3678	3705	3678
q11	590	510	495	495
q12	747	577	603	577
q13	17347	3007	3026	3007
q14	308	278	279	278
q15	502	477	475	475
q16	487	423	425	423
q17	1762	1454	1439	1439
q18	7568	7442	7453	7442
q19	1644	1537	1574	1537
q20	1937	1748	1744	1744
q21	4864	4696	4831	4696
q22	557	451	478	451
Total cold run time: 71375 ms
Total hot run time: 54313 ms

@doris-robot
Copy link

doris-robot commented Apr 12, 2024

TPC-DS: Total hot run time: 183609 ms 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit c7ced180439c77551e8fdc3abf1f55e8c08a2798, data reload: false

query1	888	1124	1141	1124
query2	6471	2565	2518	2518
query3	6655	205	210	205
query4	37699	21757	21345	21345
query5	4169	391	405	391
query6	234	186	176	176
query7	4042	302	285	285
query8	221	175	179	175
query9	5801	2324	2312	2312
query10	548	240	250	240
query11	14768	14215	14175	14175
query12	139	96	88	88
query13	999	359	374	359
query14	10135	7009	6886	6886
query15	216	190	183	183
query16	6812	261	265	261
query17	1701	606	567	567
query18	1518	295	279	279
query19	199	157	161	157
query20	94	91	88	88
query21	200	126	123	123
query22	4943	4848	4864	4848
query23	33588	32928	33083	32928
query24	12265	3013	2900	2900
query25	572	391	394	391
query26	1747	157	159	157
query27	3102	307	309	307
query28	7543	2058	2033	2033
query29	869	616	604	604
query30	315	163	165	163
query31	912	713	760	713
query32	62	54	60	54
query33	588	248	248	248
query34	886	483	489	483
query35	862	693	700	693
query36	1016	938	883	883
query37	226	70	72	70
query38	3537	3448	3405	3405
query39	1589	1548	1658	1548
query40	277	127	134	127
query41	53	46	48	46
query42	106	99	99	99
query43	609	534	541	534
query44	1306	708	708	708
query45	282	246	265	246
query46	1050	714	746	714
query47	1944	1844	1869	1844
query48	372	297	302	297
query49	1139	368	372	368
query50	761	385	387	385
query51	6714	6603	6594	6594
query52	110	89	103	89
query53	354	277	275	275
query54	256	241	218	218
query55	76	71	69	69
query56	238	221	218	218
query57	1214	1148	1126	1126
query58	224	203	203	203
query59	3454	3335	3192	3192
query60	243	221	244	221
query61	94	93	88	88
query62	616	440	447	440
query63	305	280	279	279
query64	5033	4066	4010	4010
query65	3063	3026	3026	3026
query66	1362	331	332	331
query67	15620	14879	15137	14879
query68	7368	541	536	536
query69	582	301	305	301
query70	1256	1141	1122	1122
query71	484	278	263	263
query72	6469	2621	2424	2424
query73	849	315	315	315
query74	6787	6398	6424	6398
query75	3426	2358	2348	2348
query76	4389	1119	1135	1119
query77	656	247	249	247
query78	11076	10137	10184	10137
query79	7878	523	533	523
query80	1787	449	435	435
query81	522	237	239	237
query82	825	102	99	99
query83	203	172	173	172
query84	267	85	88	85
query85	1167	321	310	310
query86	462	321	298	298
query87	3679	3573	3537	3537
query88	5972	2272	2377	2272
query89	529	370	371	370
query90	1930	174	177	174
query91	133	109	105	105
query92	66	48	48	48
query93	6667	533	506	506
query94	1132	182	182	182
query95	380	284	288	284
query96	606	265	257	257
query97	2677	2463	2475	2463
query98	229	215	208	208
query99	1198	852	843	843
Total cold run time: 306657 ms
Total hot run time: 183609 ms

@doris-robot
Copy link

doris-robot commented Apr 12, 2024

ClickBench: Total hot run time: 30.29 s 
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit c7ced180439c77551e8fdc3abf1f55e8c08a2798, data reload: false

query1	0.04	0.03	0.03
query2	0.07	0.04	0.03
query3	0.23	0.05	0.04
query4	1.70	0.07	0.06
query5	0.50	0.48	0.48
query6	1.12	0.64	0.66
query7	0.02	0.01	0.02
query8	0.06	0.04	0.05
query9	0.54	0.50	0.50
query10	0.55	0.55	0.56
query11	0.15	0.11	0.11
query12	0.15	0.12	0.13
query13	0.60	0.58	0.59
query14	0.77	0.78	0.78
query15	0.82	0.81	0.79
query16	0.34	0.37	0.38
query17	1.00	0.96	1.02
query18	0.20	0.25	0.23
query19	1.75	1.69	1.66
query20	0.02	0.01	0.00
query21	15.42	0.66	0.64
query22	4.50	7.32	2.12
query23	18.36	1.40	1.24
query24	2.22	0.23	0.21
query25	0.14	0.08	0.08
query26	0.26	0.16	0.16
query27	0.08	0.08	0.08
query28	13.38	1.01	0.97
query29	12.60	3.27	3.25
query30	0.26	0.06	0.05
query31	2.97	0.38	0.36
query32	3.23	0.46	0.45
query33	2.79	2.80	2.83
query34	17.04	4.38	4.40
query35	4.49	4.48	4.54
query36	0.64	0.46	0.45
query37	0.18	0.16	0.15
query38	0.15	0.15	0.15
query39	0.05	0.04	0.04
query40	0.18	0.14	0.14
query41	0.09	0.04	0.04
query42	0.05	0.04	0.04
query43	0.04	0.03	0.04
Total cold run time: 109.75 s
Total hot run time: 30.29 s

@doris-robot
Copy link

doris-robot commented Apr 12, 2024

Load test result on machine: 'aliyun_ecs.c7a.8xlarge_32C64G'

Load test result on commit c7ced180439c77551e8fdc3abf1f55e8c08a2798 with default session variables
Stream load json:         18 seconds loaded 2358488459 Bytes, about 124 MB/s
Stream load orc:          58 seconds loaded 1101869774 Bytes, about 18 MB/s
Stream load parquet:      33 seconds loaded 861443392 Bytes, about 24 MB/s
Insert into select:       14.2 seconds inserted 10000000 Rows, about 704K ops/s

@github-actions
Copy link
Contributor

github-actions bot commented Apr 15, 2024

PR approved by at least one committer and no changes requested.

@github-actions github-actions bot added the approved Indicates a PR has been approved by one committer. label Apr 15, 2024
@morningman morningman merged commit 229b9b9 into apache:master Apr 15, 2024
deardeng added a commit to deardeng/incubator-doris that referenced this pull request Apr 16, 2024
@deardeng
[fix](cloud) Fix some regression case due to apache#33347
19eff3a
dataroaring pushed a commit that referenced this pull request Apr 17, 2024
@deardeng
[fix](cloud) Fix some regression case due to #33347 (#33727)
b4c7f13
morningman pushed a commit to morningman/doris that referenced this pull request Apr 22, 2024
@zddr @morningman
[fix](auth)fix missing authentication (apache#33347)
2b34f49 
- Modified permission prompt information: added display of which permission items are required to perform the current operation, removed prompt information for "current user" and "IP"
- `AdminCopyTablet` use `PrivPredicate.ADMIN` check auth, before is `PrivPredicate.OPERATOR`
- `row policy` use `PrivPredicate.GRANT`
- `storage policy` keep `PrivPredicate.ADMIN` unchanged
- `create/alter view` need has `select_priv` on base table
- `cancel alter system` need `PrivPredicate.OPERATOR`
- `drop sync materialized view` need `alter_priv` before is `drop_priv`
- `SetLdapPassVar` need `admin_priv` before only `root/admin` can do
- `ShowCatalogRecycleBin` use `PrivPredicate.ADMIN`
-  `ShowCreateRepository` use `PrivPredicate.ADMIN`
- `ShowDataRepository` use `PrivPredicate.ADMIN`
- `ShowEncryptKey` use `PrivPredicate.ADMIN`
- `ShowPlugins` use `PrivPredicate.ADMIN`
- `ShowRepositories` use `PrivPredicate.ADMIN`
- `ShowSnapshot` use `PrivPredicate.ADMIN`
- `ShowTabletsBelong` use `PrivPredicate.ADMIN`
- `ShowTranscation` use `PrivPredicate.ADMIN`
- `show create db` use `show` instead of `PrivPredicate.ALTER_CREATE_DROP`
- `cancel export`,if table size >1,use `db.PrivPredicate.SELECT`,else use `table.PrivPredicate.SELECT`
- `show stream load`,`table.PrivPredicate.LOAD`
- `show load`,if table size >1, use `db.PrivPredicate.LOAD`,else use `table.PrivPredicate.LOAD`
@morningman morningman mentioned this pull request Apr 22, 2024
Merged
morningman added a commit that referenced this pull request Apr 22, 2024
@morningman @zddr
[fix](auth)fix missing authentication (#33347) (#33956)
98e90dd 
bp #33347

Co-authored-by: zhangdong <493738387@qq.com>
dataroaring pushed a commit that referenced this pull request Apr 24, 2024
@deardeng @dataroaring
[fix](cloud) Fix some regression case due to #33347 (#33727)
377c6c4
@morningman morningman mentioned this pull request May 16, 2024
Closed
1 task
@zddr zddr mentioned this pull request Jul 25, 2024
Merged
morrySnow pushed a commit that referenced this pull request Jul 30, 2024
@zddr
[fix](auth) show routine load db is null (#38365)
45f03ca 
fix 

- when label contains dbName, will loss
intro by #27861

- show routine load for xxx.yyy can export authentication error
intro by #33347

Note: Cases will be added uniformly in other PRs
feiniaofeiafei pushed a commit to feiniaofeiafei/doris that referenced this pull request Aug 9, 2024
@zddr @feiniaofeiafei
[fix](auth) show routine load db is null (apache#38365)
8e3e473 
fix 

- when label contains dbName, will loss
intro by apache#27861

- show routine load for xxx.yyy can export authentication error
intro by apache#33347

Note: Cases will be added uniformly in other PRs
dataroaring pushed a commit that referenced this pull request Aug 11, 2024
@zddr @dataroaring
[fix](auth) show routine load db is null (#38365)
bbdd820 
fix 

- when label contains dbName, will loss
intro by #27861

- show routine load for xxx.yyy can export authentication error
intro by #33347

Note: Cases will be added uniformly in other PRs
dataroaring pushed a commit that referenced this pull request Aug 16, 2024
@zddr @dataroaring
[fix](auth) show routine load db is null (#38365)
0862fd3 
fix 

- when label contains dbName, will loss
intro by #27861

- show routine load for xxx.yyy can export authentication error
intro by #33347

Note: Cases will be added uniformly in other PRs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@morningman morningman morningman approved these changes

+1 more reviewer

@BePPPower BePPPower BePPPower approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by one committer. dev/2.1.3-merged kind/behavior-changed reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@zddr @doris-robot @morningman @BePPPower