Re: [PR] [feature](merge-cloud) Add cloud cluster auth and cloud route [doris]

Wed, 07 Feb 2024 23:18:10 -0800 


gavinchou commented on code in PR #30784:
URL: https://github.com/apache/doris/pull/30784#discussion_r1482396937


##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Privilege.java:
##########
@@ -78,6 +80,7 @@ public enum Privilege {
                     .put(CREATE_PRIV, "CREATE")
                     .put(DROP_PRIV, "DROP")
                     .put(USAGE_PRIV, "USAGE")
+                    .put(CLUSTER_USAGE_PRIV, "USAGE")

Review Comment:
   does the order matter?



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java:
##########
@@ -574,6 +601,14 @@ public void write(DataOutput out) throws IOException {
             entry.getValue().write(out);
         }
 
+        // default cloud cluster
+        if (defaultCloudCluster == null) {

Review Comment:
   This is an incompatible change and should be carefully changed.
   The proposed impl. seems not correct.



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java:
##########
@@ -574,6 +601,14 @@ public void write(DataOutput out) throws IOException {
             entry.getValue().write(out);
         }
 
+        // default cloud cluster
+        if (defaultCloudCluster == null) {

Review Comment:
   consider using gson from this PR on



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/UserProperty.java:
##########
@@ -604,6 +639,11 @@ public void readFields(DataInput in) throws IOException {
             clusterToDppConfig.put(cluster, dppConfig);
         }
 
+        // default cloud cluster
+        if (in.readBoolean()) {

Review Comment:
   ditto. no meta version control is a buggy impl.



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Privilege.java:
##########
@@ -31,7 +31,8 @@ public enum Privilege {
     CREATE_PRIV("Create_priv", 6, "Privilege for creating database or table"),
     DROP_PRIV("Drop_priv", 7, "Privilege for dropping database or table"),
     USAGE_PRIV("Usage_priv", 8, "Privilege for using resource or 
workloadGroup"),
-    SHOW_VIEW_PRIV("Show_view_priv", 9, "Privilege for show create view");
+    SHOW_VIEW_PRIV("Show_view_priv", 9, "Privilege for show create view"),
+    CLUSTER_USAGE_PRIV("Cluster_Usage_priv", 10, "Privilege for using 
cluster");

Review Comment:
   Is it compatible with the original impl?



##########
fe/fe-core/src/main/java/org/apache/doris/catalog/authorizer/ranger/hive/RangerHiveAccessController.java:
##########
@@ -182,6 +183,12 @@ public void checkColsPriv(UserIdentity currentUser, String 
ctl, String db, Strin
         checkPrivileges(currentUser, convertToAccessType(wanted), resources);
     }
 
+    @Override
+    public boolean checkCloudPriv(UserIdentity currentUser, String 
resourceName,
+                                  PrivPredicate wanted, ResourceTypeEnum type) 
{
+        return false;

Review Comment:
   Always false?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to