This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch branch-1.2-lts
in repository https://gitbox.apache.org/repos/asf/doris.git
commit 84025ad8942d5ea60df4a040124d6becc1d71700
Author: Ashin Gau <ashin...@users.noreply.github.com>
AuthorDate: Wed Dec 21 08:58:06 2022 +0800
[fix](multi-catalog) can't show databases when creating a new user in
external catalog (#15204)
Fix bug: A new user with grants to access external catalog can't show
databases.
---
.../main/java/org/apache/doris/analysis/ShowDbStmt.java | 3 ++-
.../src/main/java/org/apache/doris/qe/ShowExecutor.java | 3 ++-
.../test/java/org/apache/doris/qe/ShowExecutorTest.java | 16 ++++++++++++++++
.../data/external_catalog_p0/hive/test_hive_other.out | 5 +++++
.../external_catalog_p0/hive/test_hive_other.groovy | 11 +++++++++++
5 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDbStmt.java
b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDbStmt.java
index e29605a640..f38199042e 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDbStmt.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/ShowDbStmt.java
@@ -68,6 +68,7 @@ public class ShowDbStmt extends ShowStmt {
@Override
public void analyze(Analyzer analyzer) throws AnalysisException,
UserException {
super.analyze(analyzer);
+ this.catalogName = this.catalogName == null ?
analyzer.getDefaultCatalog() : this.catalogName;
}
@Override
@@ -102,7 +103,7 @@ public class ShowDbStmt extends ShowStmt {
if (pattern != null) {
sb.append(" LIKE '").append(pattern).append("'");
}
- if (catalogName != null) {
+ if (!InternalCatalog.INTERNAL_CATALOG_NAME.equals(catalogName)) {
sb.append(" FROM ").append(catalogName);
}
return sb.toString();
diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java
b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java
index 34360271ba..3969603186 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java
@@ -707,7 +707,8 @@ public class ShowExecutor {
continue;
}
- if
(!Env.getCurrentEnv().getAuth().checkDbPriv(ConnectContext.get(), fullName,
PrivPredicate.SHOW)) {
+ if
(!Env.getCurrentEnv().getAuth().checkDbPriv(ConnectContext.get(),
showDbStmt.getCatalogName(),
+ fullName, PrivPredicate.SHOW)) {
continue;
}
diff --git a/fe/fe-core/src/test/java/org/apache/doris/qe/ShowExecutorTest.java
b/fe/fe-core/src/test/java/org/apache/doris/qe/ShowExecutorTest.java
index 2368b1b3d2..1b4a3afd5a 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/qe/ShowExecutorTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/qe/ShowExecutorTest.java
@@ -34,6 +34,7 @@ import org.apache.doris.analysis.ShowTableStmt;
import org.apache.doris.analysis.ShowVariablesStmt;
import org.apache.doris.analysis.ShowViewStmt;
import org.apache.doris.analysis.TableName;
+import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Column;
import org.apache.doris.catalog.Database;
import org.apache.doris.catalog.Env;
@@ -260,6 +261,7 @@ public class ShowExecutorTest {
ctx.setEnv(AccessTestUtil.fetchAdminCatalog());
ctx.setQualifiedUser("testCluster:testUser");
ctx.setCluster("testCluster");
+ ctx.setCurrentUserIdentity(UserIdentity.ROOT);
new Expectations(ctx) {
{
@@ -272,7 +274,14 @@ public class ShowExecutorTest {
@Test
public void testShowDb() throws AnalysisException {
+ Analyzer analyzer = AccessTestUtil.fetchAdminAnalyzer(false);
ShowDbStmt stmt = new ShowDbStmt(null);
+ try {
+ stmt.analyze(analyzer);
+ } catch (UserException e) {
+ e.printStackTrace();
+ Assert.fail();
+ }
ShowExecutor executor = new ShowExecutor(ctx, stmt);
ShowResultSet resultSet = executor.execute();
@@ -301,7 +310,14 @@ public class ShowExecutorTest {
@Test
public void testShowDbPriv() throws AnalysisException {
+ Analyzer analyzer = AccessTestUtil.fetchAdminAnalyzer(false);
ShowDbStmt stmt = new ShowDbStmt(null);
+ try {
+ stmt.analyze(analyzer);
+ } catch (UserException e) {
+ e.printStackTrace();
+ Assert.fail();
+ }
ShowExecutor executor = new ShowExecutor(ctx, stmt);
ctx.setEnv(AccessTestUtil.fetchBlockCatalog());
executor.execute();
diff --git a/regression-test/data/external_catalog_p0/hive/test_hive_other.out
b/regression-test/data/external_catalog_p0/hive/test_hive_other.out
index 8d44514ed7..05c25b0e19 100644
--- a/regression-test/data/external_catalog_p0/hive/test_hive_other.out
+++ b/regression-test/data/external_catalog_p0/hive/test_hive_other.out
@@ -1,4 +1,9 @@
-- This file is automatically generated. You should know what you did if you
want to edit this
+-- !ext_catalog_grants --
+default
+tpch1_orc
+tpch1_parquet
+
-- !q24 --
zhangsan 1
lisi 1
diff --git
a/regression-test/suites/external_catalog_p0/hive/test_hive_other.groovy
b/regression-test/suites/external_catalog_p0/hive/test_hive_other.groovy
index 7f305b3714..c6b67cd70d 100644
--- a/regression-test/suites/external_catalog_p0/hive/test_hive_other.groovy
+++ b/regression-test/suites/external_catalog_p0/hive/test_hive_other.groovy
@@ -63,6 +63,17 @@ suite("test_hive_other", "p0") {
'hive.metastore.uris' = 'thrift://127.0.0.1:${hms_port}'
);
"""
+
+ // test user's grants on external catalog
+ sql """drop user if exists ext_catalog_user"""
+ sql """create user ext_catalog_user identified by '12345'"""
+ sql """grant all on internal.${context.config.defaultDb}.* to
ext_catalog_user"""
+ sql """grant all on ${catalog_name}.*.* to ext_catalog_user"""
+ connect(user = 'ext_catalog_user', password = '12345', url =
context.config.jdbcUrl) {
+ order_qt_ext_catalog_grants """show databases from
${catalog_name}"""
+ }
+ sql """drop user ext_catalog_user"""
+
sql """switch ${catalog_name}"""
sql """use `default`"""
// order_qt_show_tables """show tables"""
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
