This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 5eedc0a38f4 [Fix](executor)Fix stream load IP based auth Failed.
(#34341)
5eedc0a38f4 is described below
commit 5eedc0a38f4ad321fe3b0cc48bdbf65f6de3e957
Author: wangbo <wan...@apache.org>
AuthorDate: Wed May 1 21:54:25 2024 +0800
[Fix](executor)Fix stream load IP based auth Failed. (#34341)
* Fix stream load auth
* refactor error msg
---
.../org/apache/doris/load/routineload/KafkaTaskInfo.java | 4 ++--
.../doris/resource/workloadgroup/WorkloadGroupMgr.java | 14 +++++++++++---
.../java/org/apache/doris/service/FrontendServiceImpl.java | 5 +++--
3 files changed, 16 insertions(+), 7 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/load/routineload/KafkaTaskInfo.java
b/fe/fe-core/src/main/java/org/apache/doris/load/routineload/KafkaTaskInfo.java
index fa802a896ea..384d0d22805 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/load/routineload/KafkaTaskInfo.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/load/routineload/KafkaTaskInfo.java
@@ -152,7 +152,7 @@ public class KafkaTaskInfo extends RoutineLoadTaskInfo {
}
} else {
tWgList = Env.getCurrentEnv().getWorkloadGroupMgr()
-
.getWorkloadGroupByUser(routineLoadJob.getUserIdentity());
+
.getWorkloadGroupByUser(routineLoadJob.getUserIdentity(), false);
}
if (tWgList.size() != 0) {
tExecPlanFragmentParams.setWorkloadGroups(tWgList);
@@ -185,7 +185,7 @@ public class KafkaTaskInfo extends RoutineLoadTaskInfo {
}
} else {
tWgList = Env.getCurrentEnv().getWorkloadGroupMgr()
-
.getWorkloadGroupByUser(routineLoadJob.getUserIdentity());
+
.getWorkloadGroupByUser(routineLoadJob.getUserIdentity(), false);
}
if (tWgList.size() != 0) {
tExecPlanFragmentParams.setWorkloadGroups(tWgList);
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/resource/workloadgroup/WorkloadGroupMgr.java
b/fe/fe-core/src/main/java/org/apache/doris/resource/workloadgroup/WorkloadGroupMgr.java
index b95217aca95..c8be7d78945 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/resource/workloadgroup/WorkloadGroupMgr.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/resource/workloadgroup/WorkloadGroupMgr.java
@@ -234,7 +234,8 @@ public class WorkloadGroupMgr implements Writable,
GsonPostProcessable {
return tWorkloadGroups;
}
- public List<TPipelineWorkloadGroup> getWorkloadGroupByUser(UserIdentity
user) throws UserException {
+ public List<TPipelineWorkloadGroup> getWorkloadGroupByUser(UserIdentity
user, boolean checkAuth)
+ throws UserException {
String groupName =
Env.getCurrentEnv().getAuth().getWorkloadGroup(user.getQualifiedUser());
List<TPipelineWorkloadGroup> ret = new ArrayList<>();
WorkloadGroup wg = null;
@@ -243,15 +244,22 @@ public class WorkloadGroupMgr implements Writable,
GsonPostProcessable {
if (groupName == null || groupName.isEmpty()) {
wg = nameToWorkloadGroup.get(DEFAULT_GROUP_NAME);
if (wg == null) {
- throw new RuntimeException("can not find normal workload
group for routineload");
+ throw new RuntimeException("can not find normal workload
group for user " + user);
}
} else {
wg = nameToWorkloadGroup.get(groupName);
if (wg == null) {
throw new UserException(
- "can not find workload group " + groupName + " for
user " + user.getQualifiedUser());
+ "can not find workload group " + groupName + " for
user " + user);
}
}
+ if (checkAuth && !Env.getCurrentEnv().getAccessManager()
+ .checkWorkloadGroupPriv(user, wg.getName(),
PrivPredicate.USAGE)) {
+ ErrorReport.reportAnalysisException(
+ "Access denied; you need (at least one of) the %s
privilege(s) to use workload group '%s'."
+ + " used id=(%s)",
+ ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
"USAGE/ADMIN", wg.getName(), user.toString());
+ }
ret.add(wg.toThrift());
} finally {
readUnlock();
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java
b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java
index d6029020834..c3b8477073e 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java
@@ -1918,8 +1918,9 @@ public class FrontendServiceImpl implements
FrontendService.Iface {
// mysql load request not carry user info, need fix it later.
boolean hasUserName = !StringUtils.isEmpty(request.getUser());
if (Config.enable_workload_group && hasUserName) {
- UserIdentity userIdentity =
UserIdentity.createAnalyzedUserIdentWithIp(request.getUser(), "%");
- tWorkloadGroupList =
Env.getCurrentEnv().getWorkloadGroupMgr().getWorkloadGroupByUser(userIdentity);
+ tWorkloadGroupList = Env.getCurrentEnv().getWorkloadGroupMgr()
+ .getWorkloadGroupByUser(ConnectContext.get()
+ .getCurrentUserIdentity(), true);
}
if (!Strings.isNullOrEmpty(request.getLoadSql())) {
httpStreamPutImpl(request, result);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
