Merge pull request #21102 from Enmk/governance/query_log

Added Grant, Revoke and System query_kind for system.query_log
2024-11-21 23:21:59 +00:00 · 2021-03-13 15:16:32 +03:00 · 2021-03-13 15:16:32 +03:00 · 36935a335f
commit 36935a335f
parent 9474414c17 f4246e7be5
8 changed files with 264 additions and 0 deletions
--- a/src/Interpreters/InterpreterGrantQuery.cpp
+++ b/src/Interpreters/InterpreterGrantQuery.cpp
@ -1,4 +1,5 @@
 #include <Interpreters/InterpreterGrantQuery.h>
+#include <Interpreters/QueryLog.h>
 #include <Parsers/ASTGrantQuery.h>
 #include <Parsers/ASTRolesOrUsersSet.h>
 #include <Interpreters/Context.h>
@ -209,4 +210,13 @@ void InterpreterGrantQuery::updateRoleFromQuery(Role & role, const ASTGrantQuery
    updateFromQueryImpl(role, query, roles_to_grant_or_revoke);
 }

+void InterpreterGrantQuery::extendQueryLogElemImpl(QueryLogElement & elem, const ASTPtr & /*ast*/, const Context &) const
+{
+    auto & query = query_ptr->as<ASTGrantQuery &>();
+    if (query.kind == Kind::GRANT)
+        elem.query_kind = "Grant";
+    else if (query.kind == Kind::REVOKE)
+        elem.query_kind = "Revoke";
+}
+
 }
--- a/src/Interpreters/InterpreterGrantQuery.h
+++ b/src/Interpreters/InterpreterGrantQuery.h
@ -21,6 +21,7 @@ public:

    static void updateUserFromQuery(User & user, const ASTGrantQuery & query);
    static void updateRoleFromQuery(Role & role, const ASTGrantQuery & query);
+    void extendQueryLogElemImpl(QueryLogElement &, const ASTPtr &, const Context &) const override;

 private:
    ASTPtr query_ptr;
--- a/src/Interpreters/InterpreterSystemQuery.cpp
+++ b/src/Interpreters/InterpreterSystemQuery.cpp
@ -754,4 +754,9 @@ AccessRightsElements InterpreterSystemQuery::getRequiredAccessForDDLOnCluster()
    return required_access;
 }

+void InterpreterSystemQuery::extendQueryLogElemImpl(QueryLogElement & elem, const ASTPtr & /*ast*/, const Context &) const
+{
+    elem.query_kind = "System";
+}
+
 }
--- a/src/Interpreters/InterpreterSystemQuery.h
+++ b/src/Interpreters/InterpreterSystemQuery.h
@ -56,6 +56,8 @@ private:

    AccessRightsElements getRequiredAccessForDDLOnCluster() const;
    void startStopAction(StorageActionBlockType action_type, bool start);
+
+    void extendQueryLogElemImpl(QueryLogElement &, const ASTPtr &, const Context &) const override;
 };


--- a/tests/queries/0_stateless/01702_system_query_log.reference
+++ b/tests/queries/0_stateless/01702_system_query_log.reference
@ -0,0 +1,92 @@
+DROP queries and also a cleanup before the test
+CREATE queries
+SET queries
+ALTER TABLE queries
+SYSTEM queries
+SHOW queries
+GRANT queries
+REVOKE queries
+Misc queries
+ACTUAL LOG CONTENT:
+Select	SELECT \'DROP queries and also a cleanup before the test\';
+Drop	DROP DATABASE IF EXISTS sqllt SYNC;
+	DROP USER IF EXISTS sqllt_user;
+	DROP ROLE IF EXISTS sqllt_role;
+	DROP POLICY IF EXISTS sqllt_policy ON sqllt.table, sqllt.view, sqllt.dictionary;
+	DROP ROW POLICY IF EXISTS sqllt_row_policy ON sqllt.table, sqllt.view, sqllt.dictionary;
+	DROP QUOTA IF EXISTS sqllt_quota;
+	DROP SETTINGS PROFILE IF EXISTS sqllt_settings_profile;
+Select	SELECT \'CREATE queries\';
+Create	CREATE DATABASE sqllt;
+Create	CREATE TABLE sqllt.table\n(\n    i UInt8, s String\n)\nENGINE = MergeTree PARTITION BY tuple() ORDER BY tuple();
+Create	CREATE VIEW sqllt.view AS SELECT i, s FROM sqllt.table;
+Create	CREATE DICTIONARY sqllt.dictionary (key UInt64, value UInt64) PRIMARY KEY key SOURCE(CLICKHOUSE(DB \'sqllt\' TABLE \'table\' HOST \'localhost\' PORT 9001)) LIFETIME(0) LAYOUT(FLAT());
+	CREATE USER sqllt_user IDENTIFIED WITH PLAINTEXT_PASSWORD BY \'password\';
+	CREATE ROLE sqllt_role;
+	CREATE POLICY sqllt_policy ON sqllt.table, sqllt.view, sqllt.dictionary AS PERMISSIVE TO ALL;
+	CREATE POLICY sqllt_row_policy ON sqllt.table, sqllt.view, sqllt.dictionary AS PERMISSIVE TO ALL;
+	CREATE QUOTA sqllt_quota KEYED BY user_name TO sqllt_role;
+	CREATE SETTINGS PROFILE sqllt_settings_profile SETTINGS interactive_delay = 200000;
+Grant	GRANT sqllt_role TO sqllt_user;
+Select	SELECT \'SET queries\';
+	SET log_profile_events=false;
+	SET DEFAULT ROLE sqllt_role TO sqllt_user;
+Select	-- SET ROLE sqllt_role; -- tests are executed by user `default` which is defined in XML and is impossible to update.\n\nSELECT \'ALTER TABLE queries\';
+Alter	ALTER TABLE sqllt.table ADD COLUMN new_col UInt32 DEFAULT 123456789;
+Alter	ALTER TABLE sqllt.table COMMENT COLUMN new_col \'dummy column with a comment\';
+Alter	ALTER TABLE sqllt.table CLEAR COLUMN new_col;
+Alter	ALTER TABLE sqllt.table MODIFY COLUMN new_col DateTime DEFAULT \'2015-05-18 07:40:13\';
+Alter	ALTER TABLE sqllt.table MODIFY COLUMN new_col REMOVE COMMENT;
+Alter	ALTER TABLE sqllt.table RENAME COLUMN new_col TO the_new_col;
+Alter	ALTER TABLE sqllt.table DROP COLUMN the_new_col;
+Alter	ALTER TABLE sqllt.table UPDATE i = i + 1 WHERE 1;
+Alter	ALTER TABLE sqllt.table DELETE WHERE i > 65535;
+Select	-- not done, seems to hard, so I\'ve skipped queries of ALTER-X, where X is:\n-- PARTITION\n-- ORDER BY\n-- SAMPLE BY\n-- INDEX\n-- CONSTRAINT\n-- TTL\n-- USER\n-- QUOTA\n-- ROLE\n-- ROW POLICY\n-- SETTINGS PROFILE\n\nSELECT \'SYSTEM queries\';
+System	SYSTEM RELOAD EMBEDDED DICTIONARIES;
+System	SYSTEM RELOAD DICTIONARIES;
+System	SYSTEM DROP DNS CACHE;
+System	SYSTEM DROP MARK CACHE;
+System	SYSTEM DROP UNCOMPRESSED CACHE;
+System	SYSTEM FLUSH LOGS;
+System	SYSTEM RELOAD CONFIG;
+System	SYSTEM STOP MERGES;
+System	SYSTEM START MERGES;
+System	SYSTEM STOP TTL MERGES;
+System	SYSTEM START TTL MERGES;
+System	SYSTEM STOP MOVES;
+System	SYSTEM START MOVES;
+System	SYSTEM STOP FETCHES;
+System	SYSTEM START FETCHES;
+System	SYSTEM STOP REPLICATED SENDS;
+System	SYSTEM START REPLICATED SENDS;
+Select	-- SYSTEM RELOAD DICTIONARY sqllt.dictionary; -- temporary out of order: Code: 210, Connection refused (localhost:9001) (version 21.3.1.1)\n-- DROP REPLICA\n-- haha, no\n-- SYSTEM KILL;\n-- SYSTEM SHUTDOWN;\n\n-- Since we don\'t really care about the actual output, suppress it with `FORMAT Null`.\nSELECT \'SHOW queries\';
+	SHOW CREATE TABLE sqllt.table FORMAT Null;
+	SHOW CREATE DICTIONARY sqllt.dictionary FORMAT Null;
+	SHOW DATABASES LIKE \'sqllt\' FORMAT Null;
+	SHOW TABLES FROM sqllt FORMAT Null;
+	SHOW DICTIONARIES FROM sqllt FORMAT Null;
+	SHOW GRANTS FORMAT Null;
+	SHOW GRANTS FOR sqllt_user FORMAT Null;
+	SHOW CREATE USER sqllt_user FORMAT Null;
+	SHOW CREATE ROLE sqllt_role FORMAT Null;
+	SHOW CREATE POLICY sqllt_policy FORMAT Null;
+	SHOW CREATE ROW POLICY sqllt_row_policy FORMAT Null;
+	SHOW CREATE QUOTA sqllt_quota FORMAT Null;
+	SHOW CREATE SETTINGS PROFILE sqllt_settings_profile FORMAT Null;
+Select	SELECT \'GRANT queries\';
+Grant	GRANT SELECT ON sqllt.table TO sqllt_user;
+Grant	GRANT DROP ON sqllt.view TO sqllt_user;
+Select	SELECT \'REVOKE queries\';
+Revoke	REVOKE SELECT ON sqllt.table FROM sqllt_user;
+Revoke	REVOKE DROP ON sqllt.view FROM sqllt_user;
+Select	SELECT \'Misc queries\';
+	DESCRIBE TABLE sqllt.table FORMAT Null;
+	CHECK TABLE sqllt.table FORMAT Null;
+Drop	DETACH TABLE sqllt.table;
+Create	ATTACH TABLE sqllt.table;
+Rename	RENAME TABLE sqllt.table TO sqllt.table_new;
+Rename	RENAME TABLE sqllt.table_new TO sqllt.table;
+Drop	TRUNCATE TABLE sqllt.table;
+Drop	DROP TABLE sqllt.table SYNC;
+	SET log_comment=\'\';
+DROP queries and also a cleanup after the test
--- a/tests/queries/0_stateless/01702_system_query_log.sql
+++ b/tests/queries/0_stateless/01702_system_query_log.sql
@ -0,0 +1,152 @@
+-- fire all kinds of queries and then check if those are present in the system.query_log
+SET log_comment='system.query_log logging test';
+
+SELECT 'DROP queries and also a cleanup before the test';
+DROP DATABASE IF EXISTS sqllt SYNC;
+DROP USER IF EXISTS sqllt_user;
+DROP ROLE IF EXISTS sqllt_role;
+DROP POLICY IF EXISTS sqllt_policy ON sqllt.table, sqllt.view, sqllt.dictionary;
+DROP ROW POLICY IF EXISTS sqllt_row_policy ON sqllt.table, sqllt.view, sqllt.dictionary;
+DROP QUOTA IF EXISTS sqllt_quota;
+DROP SETTINGS PROFILE IF EXISTS sqllt_settings_profile;
+
+SELECT 'CREATE queries';
+CREATE DATABASE sqllt;
+
+CREATE TABLE sqllt.table
+(
+    i UInt8, s String
+)
+ENGINE = MergeTree PARTITION BY tuple() ORDER BY tuple();
+
+CREATE VIEW sqllt.view AS SELECT i, s FROM sqllt.table;
+CREATE DICTIONARY sqllt.dictionary (key UInt64, value UInt64) PRIMARY KEY key SOURCE(CLICKHOUSE(DB 'sqllt' TABLE 'table' HOST 'localhost' PORT 9001)) LIFETIME(0) LAYOUT(FLAT());
+
+CREATE USER sqllt_user IDENTIFIED WITH PLAINTEXT_PASSWORD BY 'password';
+CREATE ROLE sqllt_role;
+
+CREATE POLICY sqllt_policy ON sqllt.table, sqllt.view, sqllt.dictionary AS PERMISSIVE TO ALL;
+CREATE POLICY sqllt_row_policy ON sqllt.table, sqllt.view, sqllt.dictionary AS PERMISSIVE TO ALL;
+
+CREATE QUOTA sqllt_quota KEYED BY user_name TO sqllt_role;
+CREATE SETTINGS PROFILE sqllt_settings_profile SETTINGS interactive_delay = 200000;
+
+GRANT sqllt_role TO sqllt_user;
+
+
+SELECT 'SET queries';
+SET log_profile_events=false;
+SET DEFAULT ROLE sqllt_role TO sqllt_user;
+-- SET ROLE sqllt_role; -- tests are executed by user `default` which is defined in XML and is impossible to update.
+
+SELECT 'ALTER TABLE queries';
+ALTER TABLE sqllt.table ADD COLUMN new_col UInt32 DEFAULT 123456789;
+ALTER TABLE sqllt.table COMMENT COLUMN new_col 'dummy column with a comment';
+ALTER TABLE sqllt.table CLEAR COLUMN new_col;
+ALTER TABLE sqllt.table MODIFY COLUMN new_col DateTime DEFAULT '2015-05-18 07:40:13';
+ALTER TABLE sqllt.table MODIFY COLUMN new_col REMOVE COMMENT;
+ALTER TABLE sqllt.table RENAME COLUMN new_col TO the_new_col;
+ALTER TABLE sqllt.table DROP COLUMN the_new_col;
+ALTER TABLE sqllt.table UPDATE i = i + 1 WHERE 1;
+ALTER TABLE sqllt.table DELETE WHERE i > 65535;
+
+-- not done, seems to hard, so I've skipped queries of ALTER-X, where X is:
+-- PARTITION
+-- ORDER BY
+-- SAMPLE BY
+-- INDEX
+-- CONSTRAINT
+-- TTL
+-- USER
+-- QUOTA
+-- ROLE
+-- ROW POLICY
+-- SETTINGS PROFILE
+
+SELECT 'SYSTEM queries';
+SYSTEM RELOAD EMBEDDED DICTIONARIES;
+SYSTEM RELOAD DICTIONARIES;
+SYSTEM DROP DNS CACHE;
+SYSTEM DROP MARK CACHE;
+SYSTEM DROP UNCOMPRESSED CACHE;
+SYSTEM FLUSH LOGS;
+SYSTEM RELOAD CONFIG;
+SYSTEM STOP MERGES;
+SYSTEM START MERGES;
+SYSTEM STOP TTL MERGES;
+SYSTEM START TTL MERGES;
+SYSTEM STOP MOVES;
+SYSTEM START MOVES;
+SYSTEM STOP FETCHES;
+SYSTEM START FETCHES;
+SYSTEM STOP REPLICATED SENDS;
+SYSTEM START REPLICATED SENDS;
+
+-- SYSTEM RELOAD DICTIONARY sqllt.dictionary; -- temporary out of order: Code: 210, Connection refused (localhost:9001) (version 21.3.1.1)
+-- DROP REPLICA
+-- haha, no
+-- SYSTEM KILL;
+-- SYSTEM SHUTDOWN;
+
+-- Since we don't really care about the actual output, suppress it with `FORMAT Null`.
+SELECT 'SHOW queries';
+
+SHOW CREATE TABLE sqllt.table FORMAT Null;
+SHOW CREATE DICTIONARY sqllt.dictionary FORMAT Null;
+SHOW DATABASES LIKE 'sqllt' FORMAT Null;
+SHOW TABLES FROM sqllt FORMAT Null;
+SHOW DICTIONARIES FROM sqllt FORMAT Null;
+SHOW GRANTS FORMAT Null;
+SHOW GRANTS FOR sqllt_user FORMAT Null;
+SHOW CREATE USER sqllt_user FORMAT Null;
+SHOW CREATE ROLE sqllt_role FORMAT Null;
+SHOW CREATE POLICY sqllt_policy FORMAT Null;
+SHOW CREATE ROW POLICY sqllt_row_policy FORMAT Null;
+SHOW CREATE QUOTA sqllt_quota FORMAT Null;
+SHOW CREATE SETTINGS PROFILE sqllt_settings_profile FORMAT Null;
+
+SELECT 'GRANT queries';
+GRANT SELECT ON sqllt.table TO sqllt_user;
+GRANT DROP ON sqllt.view TO sqllt_user;
+
+SELECT 'REVOKE queries';
+REVOKE SELECT ON sqllt.table FROM sqllt_user;
+REVOKE DROP ON sqllt.view FROM sqllt_user;
+
+SELECT 'Misc queries';
+DESCRIBE TABLE sqllt.table FORMAT Null;
+
+CHECK TABLE sqllt.table FORMAT Null;
+DETACH TABLE sqllt.table;
+ATTACH TABLE sqllt.table;
+
+RENAME TABLE sqllt.table TO sqllt.table_new;
+RENAME TABLE sqllt.table_new TO sqllt.table;
+TRUNCATE TABLE sqllt.table;
+DROP TABLE sqllt.table SYNC;
+
+SET log_comment='';
+---------------------------------------------------------------------------------------------------
+-- Now get all logs related to this test
+---------------------------------------------------------------------------------------------------
+
+SYSTEM FLUSH LOGS;
+SELECT 'ACTUAL LOG CONTENT:';
+
+-- Try to filter out all possible previous junk events by excluding old log entries,
+SELECT query_kind, query FROM system.query_log
+WHERE
+    log_comment LIKE '%system.query_log%' AND type == 'QueryStart' AND event_time >= now() - 10
+    AND current_database == currentDatabase()
+ORDER BY event_time_microseconds;
+
+
+-- cleanup
+SELECT 'DROP queries and also a cleanup after the test';
+DROP DATABASE IF EXISTS sqllt;
+DROP USER IF EXISTS sqllt_user;
+DROP ROLE IF EXISTS sqllt_role;
+DROP POLICY IF EXISTS sqllt_policy ON sqllt.table, sqllt.view, sqllt.dictionary;
+DROP ROW POLICY IF EXISTS sqllt_row_policy ON sqllt.table, sqllt.view, sqllt.dictionary;
+DROP QUOTA IF EXISTS sqllt_quota;
+DROP SETTINGS PROFILE IF EXISTS sqllt_settings_profile;
--- a/tests/queries/0_stateless/arcadia_skip_list.txt
+++ b/tests/queries/0_stateless/arcadia_skip_list.txt
@ -221,3 +221,4 @@
 01304_polygons_sym_difference
 01305_polygons_union
 01306_polygons_intersection
+01702_system_query_log
--- a/tests/queries/skip_list.json
+++ b/tests/queries/skip_list.json
@ -763,6 +763,7 @@
        "polygon_dicts", // they use an explicitly specified database
        "01658_read_file_to_stringcolumn",
        "01721_engine_file_truncate_on_insert", // It's ok to execute in parallel but not several instances of the same test.
+        "01702_system_query_log", // It's ok to execute in parallel with oter tests but not several instances of the same test.
        "01748_dictionary_table_dot", // creates database
        "00950_dict_get",
        "01683_flat_dictionary",