You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by mo...@apache.org on 2021/12/21 02:25:19 UTC

[incubator-doris] branch master updated: [fix](sql-block-rule) move sql block rule check from ConnectProcessor to StmtExecutor (#7407)

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-doris.git


The following commit(s) were added to refs/heads/master by this push:
     new 998489a  [fix](sql-block-rule) move sql block rule check from ConnectProcessor to StmtExecutor (#7407)
998489a is described below

commit 998489ac5054a2ce39322f73027ea66d70053156
Author: Henry2SS <45...@users.noreply.github.com>
AuthorDate: Tue Dec 21 10:25:09 2021 +0800

    [fix](sql-block-rule) move sql block rule check from ConnectProcessor to StmtExecutor (#7407)
    
    SqlBlockRule should block only query stmt. And exclude explain stmt.
---
 .../en/administrator-guide/block-rule/sql-block.md |  3 ++-
 .../administrator-guide/block-rule/sql-block.md    |  3 ++-
 .../java/org/apache/doris/qe/ConnectProcessor.java |  8 +-----
 .../java/org/apache/doris/qe/StmtExecutor.java     | 11 ++++++++
 .../doris/blockrule/SqlBlockRuleMgrTest.java       | 29 ++++++++++++++++++++++
 5 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/docs/en/administrator-guide/block-rule/sql-block.md b/docs/en/administrator-guide/block-rule/sql-block.md
index 569e90e..aa3bc3b 100644
--- a/docs/en/administrator-guide/block-rule/sql-block.md
+++ b/docs/en/administrator-guide/block-rule/sql-block.md
@@ -26,7 +26,8 @@ under the License.
 
 # SQL Block Rule
 
-Support SQL block rule by user level, by regex way to deny specify SQL
+Support SQL block rule by user level, by regex way to deny specify SQL.
+This function is only used to limit the query statement, and does not limit the execution of the explain statement.
 
 ## Rule
 
diff --git a/docs/zh-CN/administrator-guide/block-rule/sql-block.md b/docs/zh-CN/administrator-guide/block-rule/sql-block.md
index ad44109..ec0a326 100644
--- a/docs/zh-CN/administrator-guide/block-rule/sql-block.md
+++ b/docs/zh-CN/administrator-guide/block-rule/sql-block.md
@@ -26,7 +26,8 @@ under the License.
 
 # SQL黑名单
 
-支持按用户配置SQL黑名单,通过正则匹配的方式拒绝指定SQL
+支持按用户配置SQL黑名单,通过正则匹配的方式拒绝指定SQL。
+该功能仅用于限制查询语句,并且不会限制 explain 语句的执行。
 
 ## 规则
 
diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectProcessor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectProcessor.java
index 7df6e1e..ef11cae 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectProcessor.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectProcessor.java
@@ -183,13 +183,7 @@ public class ConnectProcessor {
         }
         String sqlHash = DigestUtils.md5Hex(originStmt);
         ctx.setSqlHash(sqlHash);
-        try {
-            Catalog.getCurrentCatalog().getSqlBlockRuleMgr().matchSql(originStmt, sqlHash, ctx.getQualifiedUser());
-        } catch (AnalysisException e) {
-            LOG.warn(e.getMessage());
-            ctx.getState().setError(e.getMysqlErrorCode(), e.getMessage());
-            return;
-        }
+
         ctx.getAuditEventBuilder().reset();
         ctx.getAuditEventBuilder()
                 .setTimestamp(System.currentTimeMillis())
diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java
index 615454e..7222a24 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java
@@ -348,6 +348,17 @@ public class StmtExecutor implements ProfileWriter {
 
             if (parsedStmt instanceof QueryStmt) {
                 context.getState().setIsQuery(true);
+                if (!((QueryStmt) parsedStmt).isExplain()) {
+                    // sql/sqlHash block
+                    try {
+                        Catalog.getCurrentCatalog().getSqlBlockRuleMgr().matchSql(originStmt.originStmt, context.getSqlHash(), context.getQualifiedUser());
+                    } catch (AnalysisException e) {
+                        LOG.warn(e.getMessage());
+                        context.getState().setError(e.getMysqlErrorCode(), e.getMessage());
+                        return;
+                    }
+                    // limitations: partitionNum, tabletNum, cardinality
+                }
                 MetricRepo.COUNTER_QUERY_BEGIN.increase(1L);
                 int retryTime = Config.max_query_retry_time;
                 for (int i = 0; i < retryTime; i++) {
diff --git a/fe/fe-core/src/test/java/org/apache/doris/blockrule/SqlBlockRuleMgrTest.java b/fe/fe-core/src/test/java/org/apache/doris/blockrule/SqlBlockRuleMgrTest.java
index fdd977d..2778781 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/blockrule/SqlBlockRuleMgrTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/blockrule/SqlBlockRuleMgrTest.java
@@ -17,24 +17,32 @@
 
 package org.apache.doris.blockrule;
 
+import org.apache.doris.analysis.AlterSqlBlockRuleStmt;
+import org.apache.doris.analysis.Analyzer;
 import org.apache.doris.analysis.CreateDbStmt;
 import org.apache.doris.analysis.CreateSqlBlockRuleStmt;
 import org.apache.doris.analysis.CreateTableStmt;
 import org.apache.doris.analysis.SetUserPropertyStmt;
+import org.apache.doris.analysis.ShowSqlBlockRuleStmt;
 import org.apache.doris.catalog.Catalog;
 import org.apache.doris.common.AnalysisException;
+import org.apache.doris.common.DdlException;
 import org.apache.doris.common.ExceptionChecker;
+import org.apache.doris.common.UserException;
 import org.apache.doris.metric.MetricRepo;
 import org.apache.doris.qe.ConnectContext;
 import org.apache.doris.utframe.UtFrameUtils;
 
 import org.apache.commons.codec.digest.DigestUtils;
 import org.junit.AfterClass;
+import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
 import java.io.File;
 import java.util.UUID;
+import java.util.HashMap;
+import java.util.Map;
 
 public class SqlBlockRuleMgrTest {
     
@@ -126,4 +134,25 @@ public class SqlBlockRuleMgrTest {
         String createSql = "CREATE SQL_BLOCK_RULE test_rule PROPERTIES(\"sql\"=\"select \\\\* from test_table\",\"enable\"=\"true\")";
         CreateSqlBlockRuleStmt createSqlBlockRuleStmt = (CreateSqlBlockRuleStmt) UtFrameUtils.parseAndAnalyzeStmt(createSql, connectContext);
     }
+
+    @Test
+    public void testOnlyBlockQuery() throws DdlException, UserException {
+        SqlBlockRuleMgr mgr = new SqlBlockRuleMgr();
+        Analyzer analyzer = new Analyzer(Catalog.getCurrentCatalog(), connectContext);
+
+        SqlBlockRule sqlRule = new SqlBlockRule("test_rule1", "test", null, true, true);
+        mgr.replayCreate(sqlRule);
+
+        Map<String, String> properties = new HashMap<>();
+        properties.put(CreateSqlBlockRuleStmt.SQL_PROPERTY, "select \\* from test_table");
+        AlterSqlBlockRuleStmt stmt = new AlterSqlBlockRuleStmt("test_rule1", properties);
+
+        stmt.analyze(analyzer);
+        mgr.alterSqlBlockRule(stmt);
+
+        ShowSqlBlockRuleStmt showStmt = new ShowSqlBlockRuleStmt("test_rule1");
+
+        Assert.assertEquals(1, mgr.getSqlBlockRule(showStmt).size());
+        Assert.assertEquals("select \\* from test_table", mgr.getSqlBlockRule(showStmt).get(0).getSql());
+    }
 }

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org