You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by mo...@apache.org on 2021/12/21 02:25:19 UTC
[incubator-doris] branch master updated: [fix](sql-block-rule) move sql block rule check from ConnectProcessor to StmtExecutor (#7407)
This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-doris.git
The following commit(s) were added to refs/heads/master by this push:
new 998489a [fix](sql-block-rule) move sql block rule check from ConnectProcessor to StmtExecutor (#7407)
998489a is described below
commit 998489ac5054a2ce39322f73027ea66d70053156
Author: Henry2SS <45...@users.noreply.github.com>
AuthorDate: Tue Dec 21 10:25:09 2021 +0800
[fix](sql-block-rule) move sql block rule check from ConnectProcessor to StmtExecutor (#7407)
SqlBlockRule should block only query stmt. And exclude explain stmt.
---
.../en/administrator-guide/block-rule/sql-block.md | 3 ++-
.../administrator-guide/block-rule/sql-block.md | 3 ++-
.../java/org/apache/doris/qe/ConnectProcessor.java | 8 +-----
.../java/org/apache/doris/qe/StmtExecutor.java | 11 ++++++++
.../doris/blockrule/SqlBlockRuleMgrTest.java | 29 ++++++++++++++++++++++
5 files changed, 45 insertions(+), 9 deletions(-)
diff --git a/docs/en/administrator-guide/block-rule/sql-block.md b/docs/en/administrator-guide/block-rule/sql-block.md
index 569e90e..aa3bc3b 100644
--- a/docs/en/administrator-guide/block-rule/sql-block.md
+++ b/docs/en/administrator-guide/block-rule/sql-block.md
@@ -26,7 +26,8 @@ under the License.
# SQL Block Rule
-Support SQL block rule by user level, by regex way to deny specify SQL
+Support SQL block rule by user level, by regex way to deny specify SQL.
+This function is only used to limit the query statement, and does not limit the execution of the explain statement.
## Rule
diff --git a/docs/zh-CN/administrator-guide/block-rule/sql-block.md b/docs/zh-CN/administrator-guide/block-rule/sql-block.md
index ad44109..ec0a326 100644
--- a/docs/zh-CN/administrator-guide/block-rule/sql-block.md
+++ b/docs/zh-CN/administrator-guide/block-rule/sql-block.md
@@ -26,7 +26,8 @@ under the License.
# SQL黑名单
-支持按用户配置SQL黑名单,通过正则匹配的方式拒绝指定SQL
+支持按用户配置SQL黑名单,通过正则匹配的方式拒绝指定SQL。
+该功能仅用于限制查询语句,并且不会限制 explain 语句的执行。
## 规则
diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectProcessor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectProcessor.java
index 7df6e1e..ef11cae 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectProcessor.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/ConnectProcessor.java
@@ -183,13 +183,7 @@ public class ConnectProcessor {
}
String sqlHash = DigestUtils.md5Hex(originStmt);
ctx.setSqlHash(sqlHash);
- try {
- Catalog.getCurrentCatalog().getSqlBlockRuleMgr().matchSql(originStmt, sqlHash, ctx.getQualifiedUser());
- } catch (AnalysisException e) {
- LOG.warn(e.getMessage());
- ctx.getState().setError(e.getMysqlErrorCode(), e.getMessage());
- return;
- }
+
ctx.getAuditEventBuilder().reset();
ctx.getAuditEventBuilder()
.setTimestamp(System.currentTimeMillis())
diff --git a/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java b/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java
index 615454e..7222a24 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/StmtExecutor.java
@@ -348,6 +348,17 @@ public class StmtExecutor implements ProfileWriter {
if (parsedStmt instanceof QueryStmt) {
context.getState().setIsQuery(true);
+ if (!((QueryStmt) parsedStmt).isExplain()) {
+ // sql/sqlHash block
+ try {
+ Catalog.getCurrentCatalog().getSqlBlockRuleMgr().matchSql(originStmt.originStmt, context.getSqlHash(), context.getQualifiedUser());
+ } catch (AnalysisException e) {
+ LOG.warn(e.getMessage());
+ context.getState().setError(e.getMysqlErrorCode(), e.getMessage());
+ return;
+ }
+ // limitations: partitionNum, tabletNum, cardinality
+ }
MetricRepo.COUNTER_QUERY_BEGIN.increase(1L);
int retryTime = Config.max_query_retry_time;
for (int i = 0; i < retryTime; i++) {
diff --git a/fe/fe-core/src/test/java/org/apache/doris/blockrule/SqlBlockRuleMgrTest.java b/fe/fe-core/src/test/java/org/apache/doris/blockrule/SqlBlockRuleMgrTest.java
index fdd977d..2778781 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/blockrule/SqlBlockRuleMgrTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/blockrule/SqlBlockRuleMgrTest.java
@@ -17,24 +17,32 @@
package org.apache.doris.blockrule;
+import org.apache.doris.analysis.AlterSqlBlockRuleStmt;
+import org.apache.doris.analysis.Analyzer;
import org.apache.doris.analysis.CreateDbStmt;
import org.apache.doris.analysis.CreateSqlBlockRuleStmt;
import org.apache.doris.analysis.CreateTableStmt;
import org.apache.doris.analysis.SetUserPropertyStmt;
+import org.apache.doris.analysis.ShowSqlBlockRuleStmt;
import org.apache.doris.catalog.Catalog;
import org.apache.doris.common.AnalysisException;
+import org.apache.doris.common.DdlException;
import org.apache.doris.common.ExceptionChecker;
+import org.apache.doris.common.UserException;
import org.apache.doris.metric.MetricRepo;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.utframe.UtFrameUtils;
import org.apache.commons.codec.digest.DigestUtils;
import org.junit.AfterClass;
+import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import java.io.File;
import java.util.UUID;
+import java.util.HashMap;
+import java.util.Map;
public class SqlBlockRuleMgrTest {
@@ -126,4 +134,25 @@ public class SqlBlockRuleMgrTest {
String createSql = "CREATE SQL_BLOCK_RULE test_rule PROPERTIES(\"sql\"=\"select \\\\* from test_table\",\"enable\"=\"true\")";
CreateSqlBlockRuleStmt createSqlBlockRuleStmt = (CreateSqlBlockRuleStmt) UtFrameUtils.parseAndAnalyzeStmt(createSql, connectContext);
}
+
+ @Test
+ public void testOnlyBlockQuery() throws DdlException, UserException {
+ SqlBlockRuleMgr mgr = new SqlBlockRuleMgr();
+ Analyzer analyzer = new Analyzer(Catalog.getCurrentCatalog(), connectContext);
+
+ SqlBlockRule sqlRule = new SqlBlockRule("test_rule1", "test", null, true, true);
+ mgr.replayCreate(sqlRule);
+
+ Map<String, String> properties = new HashMap<>();
+ properties.put(CreateSqlBlockRuleStmt.SQL_PROPERTY, "select \\* from test_table");
+ AlterSqlBlockRuleStmt stmt = new AlterSqlBlockRuleStmt("test_rule1", properties);
+
+ stmt.analyze(analyzer);
+ mgr.alterSqlBlockRule(stmt);
+
+ ShowSqlBlockRuleStmt showStmt = new ShowSqlBlockRuleStmt("test_rule1");
+
+ Assert.assertEquals(1, mgr.getSqlBlockRule(showStmt).size());
+ Assert.assertEquals("select \\* from test_table", mgr.getSqlBlockRule(showStmt).get(0).getSql());
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org