3

Author: morningman

fe/fe-core/src/main/java/org/apache/doris/analysis/SelectStmt.java

@@ -381,7 +381,7 @@ public void getTables(Analyzer analyzer, boolean expandView, Map<Long, TableIf>
                             .checkTblPriv(ConnectContext.get(), tblRef.getName(), PrivPredicate.SELECT)) {
                         ErrorReport.reportAnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR, "SELECT",
                                 ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(),
-                                dbName + ": " + tableName);
+                                dbName + "." + tableName);
                     }
                     tableMap.put(table.getId(), table);
                 }

fe/fe-core/src/main/java/org/apache/doris/analysis/UserIdentity.java

@@ -40,6 +40,7 @@
 import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
+import java.util.Set;
 
 // https://dev.mysql.com/doc/refman/8.0/en/account-names.html
 // user name must be literally matched.
@@ -52,12 +53,14 @@ public class UserIdentity implements Writable, GsonPostProcessable {
 
     @SerializedName(value = "user")
     private String user;
-
     @SerializedName(value = "host")
     private String host;
-
     @SerializedName(value = "isDomain")
     private boolean isDomain;
+    // The roles which this user belongs to.
+    // Used for authorization in Access Controller
+    // This field is only set when getting current user from auth and not need to persist
+    private Set<String> roles;
 
     private boolean isAnalyzed = false;
 
@@ -125,6 +128,14 @@ public void setIsAnalyzed() {
         this.isAnalyzed = true;
     }
 
+    public void setRoles(Set<String> roles) {
+        this.roles = roles;
+    }
+
+    public Set<String> getRoles() {
+        return roles;
+    }
+
     public void analyze(String clusterName) throws AnalysisException {
         if (isAnalyzed) {
             return;

fe/fe-core/src/main/java/org/apache/doris/catalog/TableIf.java

@@ -135,7 +135,7 @@ default int getBaseColumnIdxByName(String colName) {
     enum TableType {
         MYSQL, ODBC, OLAP, SCHEMA, INLINE_VIEW, VIEW, BROKER, ELASTICSEARCH, HIVE, ICEBERG, HUDI, JDBC,
         TABLE_VALUED_FUNCTION, HMS_EXTERNAL_TABLE, ES_EXTERNAL_TABLE, MATERIALIZED_VIEW, JDBC_EXTERNAL_TABLE,
-        ICEBERG_EXTERNAL_TABLE;
+        ICEBERG_EXTERNAL_TABLE, TEST_EXTERNAL_TABLE;
 
         public String toEngineName() {
             switch (this) {

fe/fe-core/src/main/java/org/apache/doris/catalog/external/JdbcExternalTable.java

@@ -47,6 +47,7 @@ public JdbcExternalTable(long id, String name, String dbName, JdbcExternalCatalo
         super(id, name, catalog, dbName, TableType.JDBC_EXTERNAL_TABLE);
     }
 
+    @Override
     protected synchronized void makeSureInitialized() {
         if (!objectCreated) {
             jdbcTable = toJdbcTable();

fe/fe-core/src/main/java/org/apache/doris/catalog/external/TestExternalDatabase.java

@@ -0,0 +1,150 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.catalog.external;
+
+import org.apache.doris.catalog.Env;
+import org.apache.doris.datasource.ExternalCatalog;
+import org.apache.doris.datasource.InitDatabaseLog;
+import org.apache.doris.datasource.test.TestExternalCatalog;
+import org.apache.doris.persist.gson.GsonPostProcessable;
+
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
+import com.google.gson.annotations.SerializedName;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
+public class TestExternalDatabase extends ExternalDatabase<TestExternalTable> implements GsonPostProcessable {
+    private static final Logger LOG = LogManager.getLogger(TestExternalDatabase.class);
+
+    // Cache of table name to table id.
+    private Map<String, Long> tableNameToId = Maps.newConcurrentMap();
+    @SerializedName(value = "idToTbl")
+    private Map<Long, TestExternalTable> idToTbl = Maps.newConcurrentMap();
+
+    public TestExternalDatabase(ExternalCatalog extCatalog, long id, String name) {
+        super(extCatalog, id, name);
+    }
+
+    @Override
+    protected void init() {
+        InitDatabaseLog initDatabaseLog = new InitDatabaseLog();
+        initDatabaseLog.setType(InitDatabaseLog.Type.TEST);
+        initDatabaseLog.setCatalogId(extCatalog.getId());
+        initDatabaseLog.setDbId(id);
+        List<String> tableNames = extCatalog.listTableNames(null, name);
+        if (tableNames != null) {
+            Map<String, Long> tmpTableNameToId = Maps.newConcurrentMap();
+            Map<Long, TestExternalTable> tmpIdToTbl = Maps.newHashMap();
+            for (String tableName : tableNames) {
+                long tblId;
+                if (tableNameToId != null && tableNameToId.containsKey(tableName)) {
+                    tblId = tableNameToId.get(tableName);
+                    tmpTableNameToId.put(tableName, tblId);
+                    TestExternalTable table = idToTbl.get(tblId);
+                    tmpIdToTbl.put(tblId, table);
+                    initDatabaseLog.addRefreshTable(tblId);
+                } else {
+                    tblId = Env.getCurrentEnv().getNextId();
+                    tmpTableNameToId.put(tableName, tblId);
+                    TestExternalTable table = new TestExternalTable(tblId, tableName, name,
+                            (TestExternalCatalog) extCatalog);
+                    tmpIdToTbl.put(tblId, table);
+                    initDatabaseLog.addCreateTable(tblId, tableName);
+                }
+            }
+            tableNameToId = tmpTableNameToId;
+            idToTbl = tmpIdToTbl;
+        }
+        initialized = true;
+        Env.getCurrentEnv().getEditLog().logInitExternalDb(initDatabaseLog);
+    }
+
+    public void setTableExtCatalog(ExternalCatalog extCatalog) {
+        for (TestExternalTable table : idToTbl.values()) {
+            table.setCatalog(extCatalog);
+        }
+    }
+
+    public void replayInitDb(InitDatabaseLog log, ExternalCatalog catalog) {
+        Map<String, Long> tmpTableNameToId = Maps.newConcurrentMap();
+        Map<Long, TestExternalTable> tmpIdToTbl = Maps.newConcurrentMap();
+        for (int i = 0; i < log.getRefreshCount(); i++) {
+            TestExternalTable table = getTableForReplay(log.getRefreshTableIds().get(i));
+            tmpTableNameToId.put(table.getName(), table.getId());
+            tmpIdToTbl.put(table.getId(), table);
+        }
+        for (int i = 0; i < log.getCreateCount(); i++) {
+            TestExternalTable table = new TestExternalTable(log.getCreateTableIds().get(i),
+                    log.getCreateTableNames().get(i), name, (TestExternalCatalog) catalog);
+            tmpTableNameToId.put(table.getName(), table.getId());
+            tmpIdToTbl.put(table.getId(), table);
+        }
+        tableNameToId = tmpTableNameToId;
+        idToTbl = tmpIdToTbl;
+        initialized = true;
+    }
+
+    // TODO(ftw): drew
+    @Override
+    public Set<String> getTableNamesWithLock() {
+        makeSureInitialized();
+        return Sets.newHashSet(tableNameToId.keySet());
+    }
+
+    @Override
+    public List<TestExternalTable> getTables() {
+        makeSureInitialized();
+        return Lists.newArrayList(idToTbl.values());
+    }
+
+    @Override
+    public TestExternalTable getTableNullable(String tableName) {
+        makeSureInitialized();
+        if (!tableNameToId.containsKey(tableName)) {
+            return null;
+        }
+        return idToTbl.get(tableNameToId.get(tableName));
+    }
+
+    @Override
+    public TestExternalTable getTableNullable(long tableId) {
+        makeSureInitialized();
+        return idToTbl.get(tableId);
+    }
+
+    public TestExternalTable getTableForReplay(long tableId) {
+        return idToTbl.get(tableId);
+    }
+
+    @Override
+    public void gsonPostProcess() throws IOException {
+        tableNameToId = Maps.newConcurrentMap();
+        for (TestExternalTable tbl : idToTbl.values()) {
+            tableNameToId.put(tbl.getName(), tbl.getId());
+        }
+        rwLock = new ReentrantReadWriteLock(true);
+    }
+}

fe/fe-core/src/main/java/org/apache/doris/catalog/external/TestExternalTable.java

@@ -0,0 +1,63 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.catalog.external;
+
+import org.apache.doris.catalog.Column;
+import org.apache.doris.datasource.test.TestExternalCatalog;
+import org.apache.doris.thrift.TTableDescriptor;
+import org.apache.doris.thrift.TTableType;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import java.util.List;
+
+/**
+ * Elasticsearch external table.
+ */
+public class TestExternalTable extends ExternalTable {
+    private static final Logger LOG = LogManager.getLogger(TestExternalTable.class);
+
+    public TestExternalTable(long id, String name, String dbName, TestExternalCatalog catalog) {
+        super(id, name, catalog, dbName, TableType.TEST_EXTERNAL_TABLE);
+    }
+
+    @Override
+    protected synchronized void makeSureInitialized() {
+
+    }
+
+    @Override
+    public String getMysqlType() {
+        return type.name();
+    }
+
+    @Override
+    public TTableDescriptor toThrift() {
+        makeSureInitialized();
+        TTableDescriptor tTableDescriptor = new TTableDescriptor(getId(), TTableType.TEST_EXTERNAL_TABLE,
+                getFullSchema().size(),
+                0, getName(), "");
+        return tTableDescriptor;
+    }
+
+    @Override
+    public List<Column> initSchema() {
+        return ((TestExternalCatalog) catalog).mockedSchema(dbName, name);
+    }
+}

fe/fe-core/src/main/java/org/apache/doris/common/util/PropertyAnalyzer.java

@@ -31,6 +31,7 @@
 import org.apache.doris.catalog.Type;
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.Config;
+import org.apache.doris.datasource.CatalogMgr;
 import org.apache.doris.policy.Policy;
 import org.apache.doris.policy.StoragePolicy;
 import org.apache.doris.resource.Tag;
@@ -41,6 +42,7 @@
 import org.apache.doris.thrift.TStorageType;
 import org.apache.doris.thrift.TTabletType;
 
+import com.google.common.base.Joiner;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
 import com.google.common.collect.Maps;
@@ -809,5 +811,29 @@ public static void checkCatalogProperties(Map<String, String> properties, boolea
                 throw new AnalysisException(e.getMessage());
             }
         }
+        // validate access controller properties
+        // eg:
+        // (
+        // "access_controller.name" = "my_access",
+        // "access_controller.my_access.class" = "org.apache.doris.mysql.privilege.RangerAccessControllerFactory",
+        // "access_controller.my_access.properties.prop1" = "xxx",
+        // "access_controller.my_access.properties.prop2" = "yyy",
+        // )
+        // 1. get access controller name
+        String acName = properties.getOrDefault(CatalogMgr.ACCESS_CONTROLLER_NAME_PROP, "");
+        if (!Strings.isNullOrEmpty(acName)) {
+            // 2. get access controller class name
+            String className = properties.getOrDefault(
+                    Joiner.on(".").join(CatalogMgr.ACCESS_CONTROLLER_PREFIX_PROP, acName, "class"), "");
+            if (Strings.isNullOrEmpty(className)) {
+                throw new AnalysisException("missing factory class name for access controller: " + acName);
+            }
+            // 3. check if class exists
+            try {
+                Class.forName(className);
+            } catch (ClassNotFoundException e) {
+                throw new AnalysisException("failed to find class " + className, e);
+            }
+        }
     }
 }

fe/fe-core/src/main/java/org/apache/doris/datasource/CatalogFactory.java

@@ -26,7 +26,9 @@
 import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.Resource;
 import org.apache.doris.common.DdlException;
+import org.apache.doris.common.FeConstants;
 import org.apache.doris.datasource.iceberg.IcebergExternalCatalogFactory;
+import org.apache.doris.datasource.test.TestExternalCatalog;
 
 import org.apache.parquet.Strings;
 
@@ -37,7 +39,6 @@
  * A factory to create catalog instance of log or covert catalog into log.
  */
 public class CatalogFactory {
-
     /**
      * Convert the sql statement into catalog log.
      */
@@ -80,11 +81,11 @@ private static CatalogIf constructorCatalog(
             Resource catalogResource = Optional.ofNullable(Env.getCurrentEnv().getResourceMgr().getResource(resource))
                     .orElseThrow(() -> new DdlException("Resource doesn't exist: " + resource));
             catalogType = catalogResource.getType().name().toLowerCase();
-            if (props.containsKey("type")) {
+            if (props.containsKey(CatalogMgr.CATALOG_TYPE_PROP)) {
                 throw new DdlException("Can not set 'type' when creating catalog with resource");
             }
         } else {
-            String type = props.get("type");
+            String type = props.get(CatalogMgr.CATALOG_TYPE_PROP);
             if (Strings.isNullOrEmpty(type)) {
                 throw new DdlException("Missing property 'type' in properties");
             }
@@ -106,6 +107,12 @@ private static CatalogIf constructorCatalog(
             case "iceberg":
                 catalog = IcebergExternalCatalogFactory.createCatalog(catalogId, name, resource, props);
                 break;
+            case "test":
+                if (!FeConstants.runningUnitTest) {
+                    throw new DdlException("test catalog is only for FE unit test");
+                }
+                catalog = new TestExternalCatalog(catalogId, name, resource, props);
+                break;
             default:
                 throw new DdlException("Unknown catalog type: " + catalogType);
         }

fe/fe-core/src/main/java/org/apache/doris/datasource/CatalogMgr.java

@@ -76,6 +76,10 @@
 public class CatalogMgr implements Writable, GsonPostProcessable {
     private static final Logger LOG = LogManager.getLogger(CatalogMgr.class);
 
+    public static final String ACCESS_CONTROLLER_PREFIX_PROP = "access_controller";
+    public static final String ACCESS_CONTROLLER_NAME_PROP = "access_controller.name";
+    public static final String CATALOG_TYPE_PROP = "type";
+
     private static final String YES = "yes";
 
     private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock(true);