feat: support create/alter/drop user statement (#3678)

* feat: add Encrypt * feat: add sql node * feat: auth in sdk * fix: fix test * fix: fix bugs * test: add case * feat: hide password in terminal * feat: update sdk * fix: fix test * feat: add user in spark * fix: fix python * docs: add doc * fix: skip python test * fix: fix comment * fix: revert HandleDelete * feat: add user to openmldb-import * fix: fix alter root password --------- Co-authored-by: 4paradigm <[email protected]> Co-authored-by: denglong <[email protected]>
4paradigm · Feb 2, 2024 · 7ca5f44 · 7ca5f44
1 parent 7d755ff
commit 7ca5f44
Show file tree

Hide file tree

Showing 71 changed files with 1,421 additions and 319 deletions.
diff --git a/cases/plan/alter.yaml b/cases/plan/alter.yaml
@@ -0,0 +1,44 @@
+# Copyright 2021 4Paradigm
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cases:
+  - id: alter_user
+    desc: alter user
+    sql: |
+      alter user root set options(password="123456");
+    expect:
+      node_tree_str: |
+        +-node[kAlterUserStmt]
+          +-if_exists: false
+          +-user: root
+          +-options:
+            +-password:
+              +-expr[primary]
+                +-value: 123456
+                +-type: string
+
+  - id: alter_user_if_exist
+    desc: alter user
+    sql: |
+      alter user if exists root set options(password="123456");
+    expect:
+      node_tree_str: |
+        +-node[kAlterUserStmt]
+          +-if_exists: true
+          +-user: root
+          +-options:
+            +-password:
+              +-expr[primary]
+                +-value: 123456
+                +-type: string
diff --git a/cases/plan/cmd.yaml b/cases/plan/cmd.yaml
@@ -189,6 +189,23 @@ cases:
           +-cmd_type: drop database
           +-if_exists: true
           +-args: [db1]
+  - id: drop_user
+    desc: DROP USER IF EXISTS
+    sql: DROP USER IF EXISTS user1
+    expect:
+      node_tree_str: |
+        +-node[CMD]
+          +-cmd_type: drop user
+          +-if_exists: true
+          +-args: [user1]
+  - id: drop_user_1
+    desc: DROP USER
+    sql: DROP USER user1
+    expect:
+      node_tree_str: |
+        +-node[CMD]
+          +-cmd_type: drop user
+          +-args: [user1]
   - id: show_deployments
     desc: show deployments
     sql: SHOW DEPLOYMENTS;

diff --git a/cases/plan/create.yaml b/cases/plan/create.yaml
@@ -1025,6 +1025,7 @@ cases:
             +-0:
               +-node[kCompressType]
                 +-compress_type: snappy
+
   - id: 35
     desc: Create table with array & map type
     sql: |
@@ -1067,3 +1068,40 @@ cases:
           |      +-column_name: attrs
           |      +-column_type: map<string, int32 NOT NULL> NOT NULL
           +-table_option_list: []
+
+  - id: 36
+    desc: create user
+    sql: |
+      create user root;
+    expect:
+      node_tree_str: |
+        +-node[kCreateUserStmt]
+          +-if_not_exists: false
+          +-user: root
+          +-options: <nil>
+
+  - id: 37
+    desc: create user if not exist
+    sql: |
+      create user if not exists root;
+    expect:
+      node_tree_str: |
+        +-node[kCreateUserStmt]
+          +-if_not_exists: true
+          +-user: root
+          +-options: <nil>
+
+  - id: create_user_passwd
+    desc: create user with password
+    sql: |
+      create user root OPTIONS (password="123456");
+    expect:
+      node_tree_str: |
+        +-node[kCreateUserStmt]
+          +-if_not_exists: false
+          +-user: root
+          +-options:
+            +-password:
+              +-expr[primary]
+                +-value: 123456
+                +-type: string
diff --git a/docs/en/deploy/install_deploy.md b/docs/en/deploy/install_deploy.md
@@ -560,6 +560,8 @@ cp conf/apiserver.flags.template conf/apiserver.flags
 * Modify the `endpoint`. The `endpoint` consists of a colon-separated deployment machine IP/domain name and port number (endpoints cannot use 0.0.0.0 and 127.0.0.1, and must be a public IP).
 * Modify `zk_cluster` to point to the address of the ZooKeeper service that has already been started (see [Deploy ZooKeeper - 4. ZooKeeper Service Address and Connection Test](zookeeper_addr)). If the ZooKeeper service is a cluster, separate the addresses with commas, for example, `172.27.128.33:7181,172.27.128.32:7181,172.27.128.31:7181`.
 * Modify `zk_root_path`. In this example, `/openmldb_cluster` is used. Note that **components under the same cluster share the same `zk_root_path`**. So in this deployment, the `zk_root_path` for each component's configuration is `/openmldb_cluster`.
+* You can specify the username and password to connect to the server using `--user` and `--password`.
+* By default, it connects to the server using the root user and an empty password. If you've changed the root password, you need to specify the new password using `--password`.
 
 ```
 --endpoint=172.27.128.33:8080
@@ -636,6 +638,7 @@ cp conf/taskmanager.properties.template conf/taskmanager.properties
 * Modify `offline.data.prefix`: Set it to the storage path for offline tables. In Yarn mode, modify it to the corresponding HDFS path.
 * Modify `spark.master`: Set it according to the desired mode. Currently supports local and yarn modes for running offline tasks.
 * Modify `spark.home`: Set it to the Spark environment path. If not configured, the `SPARK_HOME` environment variable will be used. It should be the directory where the spark-optimized package was extracted in the first step, and it must be an absolute path.
+* You can specify the username and password to connect to the server using `user` and `password`. If you've changed the root password, you'll need to specify the new password for the root user.
 
 ```
 server.host=172.27.128.33

diff --git a/docs/en/quickstart/cli.md b/docs/en/quickstart/cli.md
@@ -34,6 +34,10 @@ Below we will describe some commonly used configuration options.
 
 - zk_session_timeout: The expected ZooKeeper session timeout is not necessarily the actual session timeout. If the value is set too large, ZooKeeper Server's tickTime or maxSessionTimeout also needs to be adjusted.
 
+- user: Specify the username for login. If not specified, it defaults to 'root'.
+
+- password: Specify the password for login. If not specified, you'll be prompted to enter the password in interactive mode.
+
 ## Non-Interactive Usage
 
 The interface that appears after starting the CLI is called an interactive interface. You need to enter SQL statements and press Enter to execute operations. Here are some non-interactive usage methods for batch processing or debugging.

diff --git a/docs/en/quickstart/sdk/java_sdk.md b/docs/en/quickstart/sdk/java_sdk.md
@@ -53,6 +53,9 @@ Connection connection = DriverManager.getConnection("jdbc:openmldb:///?zk=localh
 
 // Set database in jdbcUrl
 Connection connection1 = DriverManager.getConnection("jdbc:openmldb:///test_db?zk=localhost:6181&zkPath=/openmldb");
+
+// Set user and password in jdbcUrl
+Connection connection = DriverManager.getConnection("jdbc:openmldb:///?zk=localhost:6181&zkPath=/openmldb&user=root&password=123456");
 ```
 
 The database specified in the Connection address must exist when creating the connection.
@@ -113,6 +116,10 @@ option.setZkCluster("127.0.0.1:2181");
 option.setZkPath("/openmldb");
 option.setSessionTimeout(10000);
 option.setRequestTimeout(60000);
+// If not specified, it defaults to 'root'
+option.setUser("root");
+// If not specified, it defaults to being empty
+option.setPassword("123456");
 ```
 Then, use SdkOption to create the Executor.
 

diff --git a/docs/en/quickstart/sdk/python_sdk.md b/docs/en/quickstart/sdk/python_sdk.md
@@ -21,6 +21,8 @@ Parameter `db_name` name must exist, and the database must be created before the
 ```python
 import openmldb.dbapi
 db = openmldb.dbapi.connect(zk="$zkcluster", zkPath="$zkpath")
+# You can set the username and password as follows. If no username is set, it defaults to 'root', and the password defaults to being empty
+# db = openmldb.dbapi.connect(zk="$zkcluster", zkPath="$zkpath", user="$user", password="$password")
 cursor = db.cursor()
 ```
 
@@ -124,6 +126,8 @@ Parameter `db_name` must exist, and the database must be created before the conn
 ```python
 import sqlalchemy as db
 engine = db.create_engine('openmldb:///?zk=127.0.0.1:2181&zkPath=/openmldb')
+# You can set the username and password as follows.
+# create_engine('openmldb:///db_name?zk=zkcluster&zkPath=zkpath&user=root&password=123456')
 connection = engine.connect()
 ```
 

diff --git a/docs/en/reference/sql/ddl/ALTER_USER_STATEMENT.md b/docs/en/reference/sql/ddl/ALTER_USER_STATEMENT.md
@@ -0,0 +1,45 @@
+# ALTER USER
+
+The `ALTER USER` statement is used to modify a user's password.
+
+## Syntax
+```sql
+AlterUserstmt ::=
+    'ALTER' 'USER' [IF EXISTS] UserName SET OptOptionsList
+
+UserName ::= Identifier
+
+OptOptionsList ::=
+    "OPTIONS" OptionList
+
+OptionList ::=
+    OptionsListPrefix ")"
+
+OptionsListPrefix ::=
+    "(" OptionEntry
+    | OptionsListPrefix "," OptionEntry
+
+OptionEntry ::=
+    Identifier "=" Identifier
+```
+
+## **Examples**
+```sql
+ALTER USER user1;
+-- SUCCEED
+ALTER USER IF EXISTS user2 SET OPTIONS(password='123456');
+-- SUCCEED
+ALTER USER user3 SET OPTIONS (password='123456');
+-- SUCCEED
+```
+
+```{note}
+1. If the password is not specified in the OPTIONS, the password will not be changed
+2. You can only specify the password in the OPTIONS
+```
+
+## Related SQL
+
+[CREATE USER](./CREATE_USER_STATEMENT.md)
+[DROP USER](./DROP_USER_STATEMENT.md)
+[SHOW CURRENT_USER](./SHOW_CURRENT_USER_STATEMENT.md)
diff --git a/docs/en/reference/sql/ddl/CREATE_USER_STATEMENT.md b/docs/en/reference/sql/ddl/CREATE_USER_STATEMENT.md
@@ -0,0 +1,45 @@
+# CREATE USER
+
+The `CREATE USER` statement is used to create a user
+
+## Syntax
+```sql
+CreateUserstmt ::=
+    'CREATE' 'USER' [IF NOT EXISTS] UserName OptOptionsList
+
+UserName ::= Identifier
+
+OptOptionsList ::=
+    "OPTIONS" OptionList
+
+OptionList ::=
+    OptionsListPrefix ")"
+
+OptionsListPrefix ::=
+    "(" OptionEntry
+    | OptionsListPrefix "," OptionEntry
+
+OptionEntry ::=
+    Identifier "=" Identifier
+```
+
+## **Examples**
+```sql
+CREATE USER user1;
+-- SUCCEED
+CREATE USER IF NOT EXISTS user2;
+-- SUCCEED
+CREATE USER user3 OPTIONS (password='123456');
+-- SUCCEED
+```
+
+```{note}
+1. Only the password can be specified in the OPTIONS
+2. The password will be empty if not specified explicitly
+```
+
+## Related SQL
+
+[DROP USER](./DROP_USER_STATEMENT.md)
+[ALTER USER](./ALTER_USER_STATEMENT.md)
+[SHOW CURRENT_USER](./SHOW_CURRENT_USER_STATEMENT.md)
diff --git a/docs/en/reference/sql/ddl/DROP_USER_STATEMENT.md b/docs/en/reference/sql/ddl/DROP_USER_STATEMENT.md
@@ -0,0 +1,29 @@
+# DROP USER
+
+The `DROP USER` statement is used to drop a user.
+
+## Syntax
+```sql
+DropUserstmt ::=
+    'DROP' 'USER' [IF EXISTS] UserName
+
+UserName ::= Identifier
+```
+
+## **Examples**
+```sql
+DROP USER user1;
+-- SUCCEED
+DROP USER IF EXISTS user2;
+-- SUCCEED
+```
+
+```{note}
+1. The user `root` cannot be deleted
+```
+
+## Related SQL
+
+[CREATE USER](./CREATE_USER_STATEMENT.md)
+[ALTER USER](./ALTER_USER_STATEMENT.md)
+[SHOW CURRENT_USER](./SHOW_CURRENT_USER_STATEMENT.md)
diff --git a/docs/en/reference/sql/ddl/SHOW_CURRENT_USER_STATEMENT.md b/docs/en/reference/sql/ddl/SHOW_CURRENT_USER_STATEMENT.md
@@ -0,0 +1,17 @@
+# SHOW CURRENT_USER
+
+The `SHOW CURRENT_USER` statement is used to display the current user.
+
+## **Examples**
+```sql
+SHOW CURRENT_USER;
+ ------
+  User
+ ------
+  root
+ ------
+```
+
+[CREATE USER](./CREATE_USER_STATEMENT.md)
+[ALTER USER](./ALTER_USER_STATEMENT.md)
+[DROP USER](./DROP_USER_STATEMENT.md)
diff --git a/docs/zh/deploy/install_deploy.md b/docs/zh/deploy/install_deploy.md
@@ -594,6 +594,8 @@ cp conf/apiserver.flags.template conf/apiserver.flags
 **注意：**
 
 * 如果http请求并发度较大，可自行调大APIServer的线程数，`--thread_pool_size`，默认为16，重启生效。
+* 可以通过`--user`和`--password`指定连接服务端的用户名和密码
+* 默认会用root用户空密码去连接服务端，如果修改了root密码，需要用`--password`指定新密码
 
 **3. 启动服务**
 
@@ -655,6 +657,7 @@ cp conf/taskmanager.properties.template conf/taskmanager.properties
 * 修改`offline.data.prefix`为离线表存储路径，如果使用Yarn模式需要修改为对应HDFS路径。
 * 修改`spark.master`为离线任务运行模式，目前支持local和yarn模式。
 * 修改`spark.home`为Spark环境路径，如果不配置或配置为空则使用`SPARK_HOME`环境变量的配置。也可在配置文件中设置，路径为绝对路径。
+* 可以通过`user`和`password`指定连接server端用户名和密码。默认会用root用户空密码去连接服务端，如果修改了root密码，需要指定新密码.
 
 ```
 server.host=172.27.128.33

diff --git a/docs/zh/openmldb_sql/ddl/ALTER_USER_STATEMENT.md b/docs/zh/openmldb_sql/ddl/ALTER_USER_STATEMENT.md
@@ -0,0 +1,45 @@
+# ALTER USER
+
+`ALTER USER` 语句可用来修改用户密码。
+
+## 语法
+```sql
+AlterUserstmt ::=
+    'ALTER' 'USER' [IF EXISTS] UserName SET OptOptionsList
+
+UserName ::= Identifier
+
+OptOptionsList ::=
+    "OPTIONS" OptionList
+
+OptionList ::=
+    OptionsListPrefix ")"
+
+OptionsListPrefix ::=
+    "(" OptionEntry
+    | OptionsListPrefix "," OptionEntry
+
+OptionEntry ::=
+    Identifier "=" Identifier
+```
+
+## **示例**
+```sql
+ALTER USER user1;
+-- SUCCEED
+ALTER USER IF EXISTS user2 SET OPTIONS(password='123456');
+-- SUCCEED
+ALTER USER user3 SET OPTIONS (password='123456');
+-- SUCCEED
+```
+
+```{note}
+1. 如果不指定OPTIONS密码不会修改
+2. OPTIONS中只能指定password
+```
+
+## 相关SQL
+
+[CREATE USER](./CREATE_USER_STATEMENT.md)
+[DROP USER](./DROP_USER_STATEMENT.md)
+[SHOW CURRENT_USER](./SHOW_CURRENT_USER_STATEMENT.md)