You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by GitBox <gi...@apache.org> on 2022/10/08 14:55:55 UTC
[GitHub] [doris] stalary commented on a diff in pull request #13051: [feature](auth) support user password policy and alter user stmt
stalary commented on code in PR #13051:
URL: https://github.com/apache/doris/pull/13051#discussion_r989912993
##########
docs/zh-CN/docs/advanced/variables.md:
##########
@@ -520,4 +523,27 @@ SELECT /*+ SET_VAR(query_timeout = 1, enable_partition_cache=true) */ sleep(3);
用于调试目的。在向量化执行引擎中,当发现读取Aggregate Key模型或者Unique Key模型的数据结果有问题的时候,把此变量的值设置为`true`,将会把Aggregate Key模型或者Unique Key模型的数据当成Duplicate Key模型读取。
* `skip_delete_predicate`
- 用于调试目的。在向量化执行引擎中,当发现读取表的数据结果有误的时候,把此变量的值设置为`true`,将会把被删除的数据当成正常数据读取。
\ No newline at end of file
+
+ 用于调试目的。在向量化执行引擎中,当发现读取表的数据结果有误的时候,把此变量的值设置为`true`,将会把被删除的数据当成正常数据读取。
+
+* `default_password_lifetime`
+
+ 默认的密码过期时间。默认值为 0,即表示不过期。单位为天。该参数只有当用户的密码过期属性为 DEFAULT 值时,才启用。如:
+
+ ```
+ CREATE USER user1 IDENTIFIED BY "12345" PASSWORD_EXPIRE DEFAULT;
+ ALTER USER user1 PASSWORD_EXPIRE DEFAULT;
+ ```
+* `password_history`
Review Comment:
Would it be better to use the default prefix as well?
##########
fe/fe-core/src/main/java/org/apache/doris/analysis/PasswordOptions.java:
##########
@@ -0,0 +1,156 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.analysis;
+
+import org.apache.doris.common.AnalysisException;
+import org.apache.doris.common.io.Text;
+import org.apache.doris.common.io.Writable;
+import org.apache.doris.mysql.privilege.PasswordPolicy.HistoryPolicy;
+import org.apache.doris.persist.gson.GsonUtils;
+
+import com.google.gson.annotations.SerializedName;
+
+import java.io.DataInput;
+import java.io.DataOutput;
+import java.io.IOException;
+
+public class PasswordOptions implements Writable {
+
+ public static final int UNSET = -2;
+ public static final PasswordOptions UNSET_OPTION = new PasswordOptions(UNSET, UNSET, UNSET, UNSET, UNSET, UNSET);
+
+ // -2: not set
+ // -1: default, use default_password_lifetime
+ // 0: disabled
+ // > 0: expire day
+ @SerializedName(value = "expirePolicySecond")
+ private long expirePolicySecond;
+ // -2: not set
+ // -1: default, use password_history
+ // 0: disabled
+ // > 0: num of history passwords
+ @SerializedName(value = "historyPolicy")
+ private int historyPolicy;
+ // -2: not set
+ @SerializedName(value = "reusePolicy")
+ private int reusePolicy;
+ // -2: not set
+ // 0: disable
+ // > 0:
+ @SerializedName(value = "loginAttempts")
+ private int loginAttempts;
+ // -2: not set
+ // -1: unbounded
+ // 0: disabled
+ // > 0: lock days
+ @SerializedName(value = "passwordLockSecond")
+ private long passwordLockSecond;
+
+ // -2: not set
+ // -1: lock the account
+ // 1: unlock the account
+ @SerializedName(value = "accountUnlocked")
+ private int accountUnlocked;
+
+ public PasswordOptions(long expirePolicySecond, int historyPolicy, int reusePolicy,
+ int loginAttempts, long passwordLockSecond, int accountUnlocked) {
+ this.expirePolicySecond = expirePolicySecond;
+ this.historyPolicy = historyPolicy;
+ this.reusePolicy = reusePolicy;
+ this.loginAttempts = loginAttempts;
+ this.passwordLockSecond = passwordLockSecond;
+ this.accountUnlocked = accountUnlocked;
+ }
+
+ public long getExpirePolicySecond() {
+ return expirePolicySecond;
+ }
+
+ public int getHistoryPolicy() {
+ return historyPolicy;
+ }
+
+ public int getReusePolicy() {
+ return reusePolicy;
+ }
+
+ public int getLoginAttempts() {
+ return loginAttempts;
+ }
+
+ public long getPasswordLockSecond() {
+ return passwordLockSecond;
+ }
+
+ public int getAccountUnlocked() {
+ return accountUnlocked;
+ }
+
+ public void analyze() throws AnalysisException {
+ if (expirePolicySecond < -2L) {
+ throw new AnalysisException("The password expire time must be DAFAULT or >= 0");
+ }
+ if (historyPolicy < -2 || historyPolicy > HistoryPolicy.MAX_HISTORY_SIZE) {
+ throw new AnalysisException("The password history number must be DEFAULT or between 0 and 10");
Review Comment:
```suggestion
throw new AnalysisException("The password history number must be DEFAULT or between 0 and " + HistoryPolicy.MAX_HISTORY_SIZE);
```
##########
docs/zh-CN/docs/advanced/variables.md:
##########
@@ -80,6 +80,9 @@ SET GLOBAL exec_mem_limit = 137438953472
只支持全局生效的变量包括:
- `default_rowset_type`
+- `default_password_lifetime`
+- `password_history`
Review Comment:
```suggestion
- `default_password_history`
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org