Pipe: Implemented tree auth check for source + write-back-sink #16531
+3,558
−1,967
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* fix * fix * fix * fix * fix * fix * fix * fix * refactor * fix * fix * partial * grass * Update PipeConfigTreePrivilegeParseVisitor.java * Feature/client hide password (#16468) * session hide password * fix start-cli.sh * fix start-cli.bat * client hide password * fix client warning * echo cmd line * fix * Update PipeConfigTreePrivilegeParseVisitor.java * partial * partial * fix * fix * partial --------- Co-authored-by: Hongzhi Gao <[email protected]>
…to fix-audit-logger
* fix * fix * fix * fix * fix * fix * fix * fix * refactor * fix * fix * partial * grass * Update PipeConfigTreePrivilegeParseVisitor.java * Feature/client hide password (#16468) * session hide password * fix start-cli.sh * fix start-cli.bat * client hide password * fix client warning * echo cmd line * fix * Update PipeConfigTreePrivilegeParseVisitor.java * partial * partial * fix * fix * partial --------- Co-authored-by: Hongzhi Gao <[email protected]>
…to fix-audit-logger
# Conflicts: # integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBTreePatternFormatIT.java # integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipeInclusionIT.java # iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/PipeConfigTreePatternParseVisitor.java # iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/auth/AuthorInfo.java # iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/persistence/schema/CNPhysicalPlanGenerator.java # iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/manager/pipe/source/PipeConfigTreePatternParseVisitorTest.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/agent/task/connection/PipeEventCollector.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/event/common/tsfile/parser/TsFileInsertionEventParser.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/event/common/tsfile/parser/TsFileInsertionEventParserProvider.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/event/common/tsfile/parser/query/TsFileInsertionEventQueryParser.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/event/common/tsfile/parser/scan/TsFileInsertionEventScanParser.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/event/common/tsfile/parser/table/TsFileInsertionEventTableParser.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/visitor/PipeTableStatementDataTypeConvertExecutionVisitor.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/executor/ClusterConfigTaskExecutor.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/storageengine/load/converter/LoadTableStatementDataTypeConvertExecutionVisitor.java # iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/pipe/datastructure/pattern/IoTDBTreePattern.java
# Conflicts: # iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/source/PipeConfigTreePatternParseVisitor.java # iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/agent/task/connection/PipeEventCollector.java # iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/pipe/datastructure/pattern/IoTDBTreePattern.java
jt2594838
reviewed
Nov 20, 2025
...test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipePermissionIT.java
Outdated
Show resolved
Hide resolved
Comment on lines
+379
to
+386
| // A user shall only see its own pipe | ||
| try (final SyncConfigNodeIServiceClient client = | ||
| (SyncConfigNodeIServiceClient) senderEnv.getLeaderConfigNodeConnection()) { | ||
| Assert.assertEquals( | ||
| 1, client.showPipe(new TShowPipeReq().setUserName("thulab")).pipeInfoList.size()); | ||
| } catch (Exception e) { | ||
| fail(e.getMessage()); | ||
| } |
Contributor
There was a problem hiding this comment.
You can show another user's pipe simply by setting the request's username?
Collaborator
Author
There was a problem hiding this comment.
Yes, but if the config client can be initialized outside of IoTDB, a user can do everything without permission, because the permissions are checked on DataNode. So users shall not have the chance to directly "set" the request's username
Comment on lines
+249
to
+256
| if (!Boolean.TRUE.equals(isTableDatabasePlan)) { | ||
| final Optional<ConfigPhysicalPlan> result = treePrivilegeParseVisitor.process(plan, userName); | ||
| if (result.isPresent()) { | ||
| return Optional.of( | ||
| new PipeConfigRegionWritePlanEvent(result.get(), event.isGeneratedByPipe())); | ||
| } | ||
| } | ||
|
|
||
| final Optional<ConfigPhysicalPlan> result = | ||
| TABLE_PRIVILEGE_PARSE_VISITOR.process(plan, userName); | ||
| if (result.isPresent()) { | ||
| return Optional.of( | ||
| new PipeConfigRegionWritePlanEvent(result.get(), event.isGeneratedByPipe())); | ||
| if (!Boolean.FALSE.equals(isTableDatabasePlan)) { |
Contributor
There was a problem hiding this comment.
Reverse the conditions to remove unnecessary !.
Collaborator
Author
There was a problem hiding this comment.
This cannot be done because other than table database, the planNodes are processed by both of the visitor but will only be filtered by one and pass directly through another. The ! is to tell 'null + FALSE' and 'TRUE + NULL'
Comment on lines
+132
to
+173
| public boolean canShowSchemaTemplate(final String templateName, final String userName) { | ||
| try { | ||
| return ConfigNode.getInstance() | ||
| .getConfigManager() | ||
| .getPermissionManager() | ||
| .checkUserPrivileges(userName, new PrivilegeUnion(PrivilegeType.SYSTEM)) | ||
| .getStatus() | ||
| .getCode() | ||
| == TSStatusCode.SUCCESS_STATUS.getStatusCode() | ||
| || ConfigNode.getInstance() | ||
| .getConfigManager() | ||
| .getClusterSchemaManager() | ||
| .getPathsSetTemplate(templateName, ALL_MATCH_SCOPE) | ||
| .getPathList() | ||
| .stream() | ||
| .anyMatch( | ||
| path -> { | ||
| try { | ||
| return ConfigNode.getInstance() | ||
| .getConfigManager() | ||
| .getPermissionManager() | ||
| .checkUserPrivileges( | ||
| userName, | ||
| new PrivilegeUnion( | ||
| Collections.singletonList( | ||
| new PartialPath(path) | ||
| .concatNode(MULTI_LEVEL_PATH_WILDCARD)), | ||
| PrivilegeType.READ_SCHEMA)) | ||
| .getStatus() | ||
| .getCode() | ||
| == TSStatusCode.SUCCESS_STATUS.getStatusCode(); | ||
| } catch (final IllegalPathException e) { | ||
| throw new RuntimeException(e); | ||
| } | ||
| }); | ||
| } catch (final Exception e) { | ||
| LOGGER.warn( | ||
| "Un-parse-able path name encountered during template privilege trimming, please check", | ||
| e); | ||
| return false; | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
Add a test to cover this?
...ava/org/apache/iotdb/confignode/manager/pipe/source/PipeConfigTreePrivilegeParseVisitor.java
Show resolved
Hide resolved
Comment on lines
509
to
531
| final Set<IDeviceID> devices = getDeviceSet(); | ||
| if (Objects.nonNull(devices)) { | ||
| final List<MeasurementPath> measurementList = new ArrayList<>(); | ||
| for (final IDeviceID device : devices) { | ||
| measurementList.add(new MeasurementPath(device, IoTDBConstant.ONE_LEVEL_PATH_WILDCARD)); | ||
| } | ||
| final TSStatus status = | ||
| AuthorityChecker.getAccessControl() | ||
| .checkSeriesPrivilege4Pipe( | ||
| new UserEntity(Long.parseLong(userId), userName, cliHostname), | ||
| measurementList, | ||
| PrivilegeType.READ_DATA); | ||
| if (TSStatusCode.SUCCESS_STATUS.getStatusCode() != status.getCode()) { | ||
| if (skipIfNoPrivileges) { | ||
| shouldParse4Privilege = true; | ||
| } else { | ||
| throw new AccessDeniedException(status.getMessage()); | ||
| } | ||
| } | ||
| } else { | ||
| shouldParse4Privilege = true; | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
If the file only contains root.db1.d1.s1 (on which the user has privileges), but the user does not have privileges on root.db1.s2, and skipIfNoPrivileges = false, then the file will not be transferred?
Collaborator
Author
There was a problem hiding this comment.
Of course, "skipIf == false" means the pipe will stop for any data/schema without privilege.
...e/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/writeback/WriteBackSink.java
Outdated
Show resolved
Hide resolved
Comment on lines
-206
to
+211
| TABLE_PRIVILEGE_PARSE_VISITOR.process( | ||
| ((PipeSchemaRegionWritePlanEvent) event).getPlanNode(), userEntity); | ||
| treePrivilegeParseVisitor | ||
| .process(((PipeSchemaRegionWritePlanEvent) event).getPlanNode(), userEntity) | ||
| .flatMap(planNode -> TABLE_PRIVILEGE_PARSE_VISITOR.process(planNode, userEntity)); |
Contributor
There was a problem hiding this comment.
The same node is processed by both treeVisitor and tableVisitor?
Collaborator
Author
There was a problem hiding this comment.
This is OK because one kind of node will only be parsed by one visitor. In the other one it just "pass by"
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
Outdated
Show resolved
Hide resolved
...mons/src/main/java/org/apache/iotdb/commons/pipe/datastructure/pattern/IoTDBTreePattern.java
Show resolved
Hide resolved
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
As the title said.
This PR has:
for an unfamiliar reader.
for code coverage.
Key changed/added classes (or packages if there are too many classes) in this PR