You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by "abhishekrb19 (via GitHub)" <gi...@apache.org> on 2023/03/28 20:56:30 UTC

[GitHub] [druid] abhishekrb19 opened a new pull request, #13992: Add `msqDenySelect` query context parameter to (dis)allow MSQ SELECT queries.

abhishekrb19 opened a new pull request, #13992:
URL: https://github.com/apache/druid/pull/13992

   
   
   <!-- Replace XXXX with the id of the issue fixed in this PR. Remove this section if there is no corresponding issue. Don't reference the issue in the title of this pull-request. -->
   
   <!-- If you are a committer, follow the PR action item checklist for committers:
   https://github.com/apache/druid/blob/master/dev/committer-instructions.md#pr-and-issue-action-item-checklist-for-committers. -->
   
   ### Description
   
   This PR adds a new query context parameter `msqDenySelect` that, when set to true in the sql task API,  `SELECT` statements will be blocked from planning. This parameter is set to `false` by default, so _all_ queries will plan.
   
   
   <!-- Describe the goal of this PR, what problem are you fixing. If there is a corresponding issue (referenced above), it's not necessary to repeat the description here, however, you may choose to keep one summary sentence. -->
   
   <!-- Describe your patch: what did you change in code? How did you fix the problem? -->
   
   <!-- If there are several relatively logically separate changes in this PR, create a mini-section for each of them. For example: -->
   
   <!--
   In each section, please describe design decisions made, including:
    - Choice of algorithms
    - Behavioral aspects. What configuration values are acceptable? How are corner cases and error conditions handled, such as when there are insufficient resources?
    - Class organization and design (how the logic is split between classes, inheritance, composition, design patterns)
    - Method organization and design (how the logic is split between methods, parameters and return types)
    - Naming (class, method, API, configuration, HTTP endpoint, names of emitted metrics)
   -->
   
   
   <!-- It's good to describe an alternative design (or mention an alternative name) for every design (or naming) decision point and compare the alternatives with the designs that you've implemented (or the names you've chosen) to highlight the advantages of the chosen designs and names. -->
   
   <!-- If there was a discussion of the design of the feature implemented in this PR elsewhere (e. g. a "Proposal" issue, any other issue, or a thread in the development mailing list), link to that discussion from this PR description and explain what have changed in your final design compared to your original proposal or the consensus version in the end of the discussion. If something hasn't changed since the original discussion, you can omit a detailed discussion of those aspects of the design here, perhaps apart from brief mentioning for the sake of readability of this PR description. -->
   
   <!-- Some of the aspects mentioned above may be omitted for simple and small changes. -->
   
   <!-- Give your best effort to summarize your changes in a couple of sentences aimed toward Druid users. 
   
   If your change doesn't have end user impact, you can skip this section.
   
   For tips about how to write a good release note, see [Release notes](https://github.com/apache/druid/blob/master/CONTRIBUTING.md#release-notes).
   
   -->
   
   
   <!-- Check the items by putting "x" in the brackets for the done things. Not all of these items apply to every PR. Remove the items which are not done or not relevant to the PR. None of the items from the checklist below are strictly necessary, but it would be very helpful if you at least self-review the PR. -->
   
   This PR has:
   
   - [x] been self-reviewed.
   - [x] added documentation for new or modified features or behaviors.
   - [x] added unit tests or modified existing tests to cover new code paths, ensuring the threshold for [code coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md) is met.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] abhishekrb19 commented on pull request #13992: Add `msqDenySelect` query context parameter to (dis)allow MSQ SELECT queries.

Posted by "abhishekrb19 (via GitHub)" <gi...@apache.org>.
abhishekrb19 commented on PR #13992:
URL: https://github.com/apache/druid/pull/13992#issuecomment-1487588439

   It looks like only 1 GHA check ran. The tests didn't seem to run


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] abhishekrb19 commented on pull request #13992: Add `msqDenySelect` planner config to (dis)allow MSQ SELECT queries.

Posted by "abhishekrb19 (via GitHub)" <gi...@apache.org>.
abhishekrb19 commented on PR #13992:
URL: https://github.com/apache/druid/pull/13992#issuecomment-1502050294

   Closing this in favor of a different approach which would include query kind in the `EXPLAIN PLAN` output. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] FrankChen021 commented on pull request #13992: Add `msqDenySelect` planner config to (dis)allow MSQ SELECT queries.

Posted by "FrankChen021 (via GitHub)" <gi...@apache.org>.
FrankChen021 commented on PR #13992:
URL: https://github.com/apache/druid/pull/13992#issuecomment-1487969792

   > It looks like only 1 GHA check ran. The tests didn't seem to run
   
   This's because the ASF recently requires committers to click a 'apporve' button to run CI. We discussed this matter in dev mailing thread and wanted to change it back.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] paul-rogers commented on a diff in pull request #13992: Add `msqDenySelect` planner config to (dis)allow MSQ SELECT queries.

Posted by "paul-rogers (via GitHub)" <gi...@apache.org>.
paul-rogers commented on code in PR #13992:
URL: https://github.com/apache/druid/pull/13992#discussion_r1151278696


##########
extensions-core/multi-stage-query/src/test/java/org/apache/druid/msq/test/CalciteSelectQueryMSQTest.java:
##########
@@ -183,4 +190,53 @@ public void testArrayAggQueryOnComplexDatatypes()
       );
     }
   }
+
+  @Test
+  public void testMsqDenySelectEnabledQuery()
+  {
+    msqCompatible();
+    try {
+      testQuery(
+          PlannerConfig.builder().msqDenySelect(true).build(),
+          "SELECT COUNT(*) FROM druid.foo "
+          + "WHERE dim2 <> 'a' "
+          + "and __time BETWEEN TIMESTAMP '2000-01-01 00:00:00' AND TIMESTAMP '2000-12-31 23:59:59.999'",
+          CalciteTests.REGULAR_USER_AUTH_RESULT,
+          ImmutableList.of(),
+          ImmutableList.of()
+      );
+      Assert.fail("query execution should fail");
+    }
+    catch (SqlPlanningException e) {
+      Assert.assertTrue(
+          e.getMessage().contains("Cannot execute SELECT with SQL engine 'msq-task'")
+      );
+    }
+  }
+
+  @Test
+  public void testMsqDenySelectDisabledQuery()

Review Comment:
   A test that denies access should probably expect an error, I would think.



##########
processing/src/main/java/org/apache/druid/query/QueryContexts.java:
##########
@@ -110,6 +110,7 @@
   public static final boolean DEFAULT_ENABLE_DEBUG = false;
   public static final int DEFAULT_IN_SUB_QUERY_THRESHOLD = Integer.MAX_VALUE;
   public static final boolean DEFAULT_ENABLE_TIME_BOUNDARY_PLANNING = false;
+  public static final boolean DEFAULT_MSQ_DENY_SELECT = false;

Review Comment:
   No longer needed.



##########
extensions-core/multi-stage-query/src/test/java/org/apache/druid/msq/test/CalciteSelectQueryMSQTest.java:
##########
@@ -183,4 +190,53 @@ public void testArrayAggQueryOnComplexDatatypes()
       );
     }
   }
+
+  @Test
+  public void testMsqDenySelectEnabledQuery()
+  {
+    msqCompatible();

Review Comment:
   These tests probably want to be in `CalciteInsertDmlTest`, if they can share config. Those tests are run only for MSQ. The test in this form runs for both MSQ and non-MSQ, which may not be what you wanted.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org

[GitHub] [druid] abhishekrb19 closed pull request #13992: Add `msqDenySelect` planner config to (dis)allow MSQ SELECT queries.

Posted by "abhishekrb19 (via GitHub)" <gi...@apache.org>.
abhishekrb19 closed pull request #13992: Add `msqDenySelect` planner config to (dis)allow MSQ SELECT queries.
URL: https://github.com/apache/druid/pull/13992


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org