zddr commented on code in PR #44905:
URL: https://github.com/apache/doris/pull/44905#discussion_r1895579614
##########
fe/fe-core/src/main/java/org/apache/doris/backup/RestoreJob.java:
##########
@@ -1263,6 +1315,205 @@ private void checkAndRestoreResources() {
}
}
+ private void checkAndRestorePrivileges() {
+ List<User> users =
jobInfo.newBackupObjects.backupGlobalInfo.getUserList();
+ List<UserIdentity> localUsers = Lists.newArrayList();
+
+ for (User user : users) {
+ if
(Env.getCurrentEnv().getAuth().doesUserExist(user.getUserIdentity())) {
+ localUsers.add(user.getUserIdentity());
+ continue;
+ }
+ try {
+
Env.getCurrentEnv().getAuth().createUserInternal(user.getUserIdentity(), null,
+ user.getPassword().getPassword(), true,
PasswordOptions.UNSET_OPTION,
+ user.getComment(), UUID.randomUUID().toString(),
false);
+ } catch (DdlException e) {
+ LOG.error("restore user fail should not happen", e);
+ status = new Status(ErrCode.COMMON_ERROR, "restore user "
+ + user.getUserIdentity().toString() + " failed:" +
e.getMessage());
+ return;
+ }
+ restoredUsers.add(user);
+ }
+
+ List<UserProperty> userProperties =
jobInfo.newBackupObjects.backupGlobalInfo.getUserProperties();
+ for (UserProperty userProperty : userProperties) {
+ for (UserIdentity localIdentity : localUsers) {
+ if
(localIdentity.getUser().equals(userProperty.getQualifiedUser())) {
+ continue;
+ }
+ }
+ try {
+ List<Pair<String, String>> properties = Lists.newArrayList();
+ List<List<String>> list = userProperty.fetchProperty();
+ for (List<String> row : list) {
+ String key = row.get(0);
+ String value = row.get(1);
+ if (key.equals(UserProperty.PROP_RESOURCE_TAGS)) {
+ continue;
+ }
+
+ if (key.equals(UserProperty.PROP_WORKLOAD_GROUP) &&
!reserveWorkloadGroup) {
+ properties.add(Pair.of(key,
WorkloadGroupMgr.DEFAULT_GROUP_NAME));
+ continue;
+ }
+
+ if (!value.equals("")) {
+ properties.add(Pair.of(key, value));
+ }
+
+ }
+
Env.getCurrentEnv().getAuth().updateUserPropertyInternal(userProperty.getQualifiedUser(),
+ properties, false /* is replay */);
+ } catch (Exception e) {
+ LOG.error("restore user property fail should not happen", e);
+ status = new Status(ErrCode.COMMON_ERROR, "restore user "
+ + userProperty.getQualifiedUser() + "'s property
failed:" + e.getMessage());
+ return;
+ }
+ }
+
+ Map<UserIdentity, PasswordPolicy> policyMap =
jobInfo.newBackupObjects.backupGlobalInfo.getPolicyMap();
+ for (Map.Entry<UserIdentity, PasswordPolicy> entry :
policyMap.entrySet()) {
+ UserIdentity identity = entry.getKey();
+ PasswordPolicy passwordPolicy = entry.getValue();
+ for (UserIdentity localIdentity : localUsers) {
+ if (localIdentity.equals(identity)) {
+ continue;
+ }
+ }
+ try {
+ PasswordOptions passwordOptions = new
PasswordOptions(passwordPolicy.getExpirePolicy().expirationSecond,
+ passwordPolicy.getHistoryPolicy().historyNum, -2,
+ passwordPolicy.getFailedLoginPolicy().numFailedLogin,
+
passwordPolicy.getFailedLoginPolicy().passwordLockSeconds, -2);
+
Env.getCurrentEnv().getAuth().getPasswdPolicyManager().updatePolicy(identity,
null, passwordOptions);
+ } catch (Exception e) {
+ LOG.error("restore user password policy fail should not
happen", e);
+ status = new Status(ErrCode.COMMON_ERROR, "restore user "
+ + identity.toString() + "'s password policy
failed:" + e.getMessage());
+ return;
+ }
+ }
+
+ List<Policy> rowPolicies =
jobInfo.newBackupObjects.backupGlobalInfo.getRowPolicies();
+ for (Policy policy : rowPolicies) {
+ RowPolicy rowPolicy = (RowPolicy) policy;
+ if (Env.getCurrentEnv().getPolicyMgr().existPolicy(policy)) {
+ continue;
+ }
+
+ try {
+ Env.getCurrentEnv().getPolicyMgr().createRowPolicy(rowPolicy);
+ } catch (Exception e) {
+ LOG.error("restore row policy fail should not happen", e);
+ status = new Status(ErrCode.COMMON_ERROR, "restore row policy "
+ + policy.getPolicyName() + " failed:" +
e.getMessage());
+ return;
+ }
+ restoredRowPolicies.add(rowPolicy);
+ }
+
+ List<SqlBlockRule> sqlBlockRules =
jobInfo.newBackupObjects.backupGlobalInfo.getSqlBlockRules();
+ for (SqlBlockRule sqlBlockRule : sqlBlockRules) {
+ if
(Env.getCurrentEnv().getSqlBlockRuleMgr().existRule(sqlBlockRule.getName())) {
+ continue;
+ }
+
+ try {
+
Env.getCurrentEnv().getSqlBlockRuleMgr().createSqlBlockRule(sqlBlockRule,
false);
+ } catch (Exception e) {
+ LOG.error("restore sqlBlockRule fail should not happen", e);
+ status = new Status(ErrCode.COMMON_ERROR, "restore
sqlBlockRule "
+ + sqlBlockRule.getName() + " failed:" +
e.getMessage());
+ return;
+ }
+ restoredSqlBlockRules.add(sqlBlockRule);
+ }
+
+ List<Role> roles =
jobInfo.newBackupObjects.backupGlobalInfo.getRoleList();
+ for (Role role : roles) {
+ Role oldRule =
Env.getCurrentEnv().getAuth().getRoleByName(role.getRoleName());
Review Comment:
oldRule==>oldRole?
##########
regression-test/suites/backup_restore/test_backup_restore_priv.groovy:
##########
@@ -0,0 +1,590 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+suite("test_backup_restore_priv", "backup_restore") {
+ String suiteName = "test_backup_restore_priv"
+ String repoName = "${suiteName}_repo"
+ String dbName = "${suiteName}_db"
+ String tableName = "${suiteName}_table"
+ String snapshotName = "${suiteName}_snapshot"
+ def tokens = context.config.jdbcUrl.split('/')
+ def url=tokens[0] + "//" + tokens[2] + "/" + dbName + "?"
+
+ def syncer = getSyncer()
+ syncer.createS3Repository(repoName)
+
+ sql "DROP DATABASE IF EXISTS ${dbName}"
+ sql "CREATE DATABASE IF NOT EXISTS ${dbName}"
+ sql "DROP TABLE IF EXISTS ${dbName}.${tableName}"
+ sql """
+ CREATE TABLE if NOT EXISTS ${dbName}.${tableName}
+ (
+ `test` INT,
+ `id` INT
+ )
+ ENGINE=OLAP
+ UNIQUE KEY(`test`, `id`)
+ DISTRIBUTED BY HASH(id) BUCKETS 1
+ PROPERTIES (
+ "replication_allocation" = "tag.location.default: 1"
+ )
+ """
+ def insert_num = 5
+ for (int i = 0; i < insert_num; ++i) {
+ sql """
+ INSERT INTO ${dbName}.${tableName} VALUES (${i}, ${i})
+ """
+ }
+
+ res = sql "SELECT * FROM ${dbName}.${tableName}"
+ assertEquals(res.size(), insert_num)
+
+ sql "drop user if exists user1;"
+ sql "drop user if exists user2;"
+ sql "drop user if exists user3;"
+
+ sql "drop role if exists role_select;"
+ sql "drop role if exists role_load;"
+ sql "drop row policy if exists test_row_policy_1 on
${dbName}.${tableName};"
+ sql "drop sql_block_rule if exists test_block_rule;"
+ sql "drop catalog if exists mysql;"
+ sql "drop workload group if exists wg1;"
+ sql "drop workload group if exists wg2;"
+
+
+ sql "CREATE USER 'user1' IDENTIFIED BY '12345' PASSWORD_EXPIRE INTERVAL 10
DAY FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1 DAY;"
+ sql "CREATE USER 'user2' IDENTIFIED BY '12345' PASSWORD_EXPIRE INTERVAL 10
DAY FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1 DAY;"
+ sql "CREATE USER 'user3' IDENTIFIED BY '12345' PASSWORD_EXPIRE INTERVAL 10
DAY FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1 DAY;"
+
+ sql "create role role_select;"
Review Comment:
add `col priv` case ;
add `grant priv to user` case
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
