From 831d7086536bbfb8ed9d8c6a5e07f775f820e5a2 Mon Sep 17 00:00:00 2001 From: Lei Zhang <27994433+SWJTU-ZhangLei@users.noreply.github.com> Date: Mon, 6 May 2024 17:01:46 +0800 Subject: [PATCH] [feature](merge-cloud) Disable `AlterSystemStmt/AdminShowConfigStmt/AdminSetConfigStmt` in cloud mode * In cloud mode, node is managered by meta-servcie restful api not sql stmt so alter system stmt will not work * AdminShowConfig and AdminSetConfigStmt is not allowed except root in cloud mode for security reason --- .../java/org/apache/doris/analysis/AlterSystemStmt.java | 6 +++++- .../src/main/java/org/apache/doris/qe/DdlExecutor.java | 6 ++++++ .../src/main/java/org/apache/doris/qe/ShowExecutor.java | 5 +++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterSystemStmt.java b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterSystemStmt.java index a64c117110e6258..fca4cea37c0fac8 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterSystemStmt.java +++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/AlterSystemStmt.java @@ -18,6 +18,7 @@ package org.apache.doris.analysis; import org.apache.doris.catalog.Env; +import org.apache.doris.common.Config; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; import org.apache.doris.common.UserException; @@ -38,7 +39,6 @@ public AlterSystemStmt(AlterClause alterClause) { @Override public void analyze(Analyzer analyzer) throws UserException { - if (!Env.getCurrentEnv().getAccessManager().checkGlobalPriv(ConnectContext.get(), PrivPredicate.OPERATOR)) { ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "NODE"); @@ -58,6 +58,10 @@ public void analyze(Analyzer analyzer) throws UserException { || (alterClause instanceof ModifyFrontendHostNameClause) ); + if (Config.isCloudMode()) { + ErrorReport.reportAnalysisException(ErrorCode.ERR_UNKNOWN_ERROR, "Unsupported operation"); + } + alterClause.analyze(analyzer); } diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/DdlExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/DdlExecutor.java index bdc662dccec10c3..a7576f107fdaa18 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/qe/DdlExecutor.java +++ b/fe/fe-core/src/main/java/org/apache/doris/qe/DdlExecutor.java @@ -141,6 +141,7 @@ import org.apache.doris.load.loadv2.JobState; import org.apache.doris.load.loadv2.LoadJob; import org.apache.doris.load.sync.SyncJobManager; +import org.apache.doris.mysql.privilege.Auth; import org.apache.doris.persist.CleanQueryStatsInfo; import org.apache.doris.statistics.StatisticsRepository; @@ -293,6 +294,11 @@ public static void execute(Env env, DdlStmt ddlStmt) throws Exception { } else if (ddlStmt instanceof AdminCompactTableStmt) { env.compactTable((AdminCompactTableStmt) ddlStmt); } else if (ddlStmt instanceof AdminSetConfigStmt) { + if (Config.isCloudMode() + && !ConnectContext.get().getCurrentUserIdentity().getUser().equals(Auth.ROOT_USER)) { + LOG.info("stmt={}, not supported in cloud mode", ddlStmt.toString()); + throw new DdlException("Unsupported operation"); + } env.setConfig((AdminSetConfigStmt) ddlStmt); } else if (ddlStmt instanceof AdminSetTableStatusStmt) { env.setTableStatus((AdminSetTableStatusStmt) ddlStmt); diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java index 8bcd7ab15f4ea5b..a2c5eadc2843241 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java +++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ShowExecutor.java @@ -411,6 +411,11 @@ public ShowResultSet execute() throws AnalysisException { } else if (stmt instanceof ShowReplicaDistributionStmt) { handleAdminShowTabletDistribution(); } else if (stmt instanceof ShowConfigStmt) { + if (Config.isCloudMode() && !ctx.getCurrentUserIdentity() + .getUser().equals(Auth.ROOT_USER)) { + LOG.info("stmt={}, not supported in cloud mode", stmt.toString()); + throw new AnalysisException("Unsupported operation"); + } handleAdminShowConfig(); } else if (stmt instanceof ShowSmallFilesStmt) { handleShowSmallFiles();