Patch for rename user and audit log (apache#16535)

* Fix audit logger

* Fix rename user bugs

* Unify username parser

Author: CRZbulabula

integration-test/src/test/java/org/apache/iotdb/confignode/it/regionmigration/pass/commit/IoTDBRegionReconstructForIoTV1IT.java

@@ -151,7 +151,7 @@ public void normal1C3DTest() throws Exception {
                 EnvFactory.getEnv()
                     .getConnection(
                         EnvFactory.getEnv().dataNodeIdToWrapper(dataNodeToBeReconstructed).get(),
-                        CommonDescriptor.getInstance().getConfig().getAdminName(),
+                        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
                         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
                         BaseEnv.TREE_SQL_DIALECT);
             Statement flushStatement = flushConn.createStatement()) {

integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBUserRenameIT.java

@@ -68,6 +68,11 @@ private void userRenameTest(String dialect) throws SQLException {
         Statement adminStmt = adminCon.createStatement()) {
       adminStmt.execute("CREATE USER user1 'IoTDB@2021abc'");
       adminStmt.execute("CREATE USER user2 'IoTDB@2023abc'");
+      if (BaseEnv.TABLE_SQL_DIALECT.equals(dialect)) {
+        adminStmt.execute("GRANT SECURITY TO USER user2");
+      } else {
+        adminStmt.execute("GRANT SECURITY ON root.** TO USER user2");
+      }
       try (Connection userCon =
               EnvFactory.getEnv().getConnection("user1", "IoTDB@2021abc", dialect);
           Statement userStmt = userCon.createStatement()) {
@@ -77,20 +82,36 @@ private void userRenameTest(String dialect) throws SQLException {
         // A normal user can only rename himself
         userStmt.execute("ALTER USER user1 RENAME TO user3");
       }
+      try (Connection userCon =
+              EnvFactory.getEnv().getConnection("user2", "IoTDB@2023abc", dialect);
+          Statement userStmt = userCon.createStatement()) {
+        // User with SECURITY privilege can rename other users
+        userStmt.execute("ALTER USER user3 RENAME TO user1");
+        // Nobody can rename superuser
+        Assert.assertThrows(
+            SQLException.class, () -> userStmt.execute("ALTER USER root RENAME TO admin"));
+      }
       // Cannot rename an unexisting user
       Assert.assertThrows(
           SQLException.class, () -> adminStmt.execute("ALTER USER user4 RENAME TO user5"));
       // Cannot rename to an already existed user
       Assert.assertThrows(
-          SQLException.class, () -> adminStmt.execute("ALTER USER user2 RENAME TO user3"));
-      // The superuser can rename anyone
-      adminStmt.execute("ALTER USER user3 RENAME TO user4");
+          SQLException.class, () -> adminStmt.execute("ALTER USER user2 RENAME TO user1"));
+      // Cannot rename to an illegal name
+      Assert.assertThrows(
+          SQLException.class, () -> adminStmt.execute("ALTER USER user2 RENAME TO p00"));
+      // Only the superuser can rename him/herself
       adminStmt.execute("ALTER USER root RENAME TO admin");
     }
-    // Ensure every rename works
     try (Connection adminCon = EnvFactory.getEnv().getConnection("admin", "root", dialect);
         Statement adminStmt = adminCon.createStatement()) {
-      final String ans = "0,admin,\n" + "10000,user4,\n" + "10001,user2,\n";
+      // We can rename other user to root
+      adminStmt.execute("ALTER USER user1 RENAME TO root");
+      adminStmt.execute("ALTER USER root RENAME TO user4");
+      // We can create another root
+      adminStmt.execute("CREATE USER root 'IoTDB@2025abc'");
+      // Ensure everything works
+      final String ans = "0,admin,\n" + "10000,user4,\n" + "10001,user2,\n" + "10002,root,\n";
       ResultSet resultSet = adminStmt.executeQuery("LIST USER");
       validateResultSet(resultSet, ans);
     }

integration-test/src/test/java/org/apache/iotdb/relational/it/query/old/builtinfunction/scalar/IoTDBBitwiseFunctionTableIT.java

@@ -148,7 +148,7 @@ public void bitCountTestError1() {
         EnvFactory.getEnv(),
         "select time,s2,s3,bit_count(9,64),bit_count(s2,64),bit_count(s2,s3) from bit_count_error_table",
         "Argument exception, the scalar function num must be representable with the bits specified. 9 cannot be represented with 2 bits.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }
@@ -159,7 +159,7 @@ public void bitCountTestError2() {
         EnvFactory.getEnv(),
         "select time,s2,s3,bit_count(9,1),bit_count(s2,1),bit_count(s2,s3) from bit_count_error_table",
         "Argument exception, the scalar function bit_count bits must be between 2 and 64.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }
@@ -170,15 +170,15 @@ public void bitCountTestWithNonInteger() {
         EnvFactory.getEnv(),
         "select time, bit_count(s4) from bit_count_error_table",
         "701: Scalar function bit_count only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
 
     assertTableTestFail(
         EnvFactory.getEnv(),
         "select time, bit_count(s1,s4) from bit_count_error_table",
         "701: Scalar function bit_count only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }
@@ -204,15 +204,15 @@ public void bitwiseAndTestWithNonInteger() {
         EnvFactory.getEnv(),
         "select time, bitwise_and(s4) from bitwise_and_table",
         "701: Scalar function bitwise_and only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
 
     assertTableTestFail(
         EnvFactory.getEnv(),
         "select time, bitwise_and(s1,s4) from bitwise_and_table",
         "701: Scalar function bitwise_and only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }
@@ -240,15 +240,15 @@ public void bitwiseNotTestWithNonInteger() {
         EnvFactory.getEnv(),
         "select time, bitwise_not(s4) from bitwise_not_table",
         "701: Scalar function bitwise_not only accepts one argument and it must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
 
     assertTableTestFail(
         EnvFactory.getEnv(),
         "select time, bitwise_not(s1,s4) from bitwise_not_table",
         "701: Scalar function bitwise_not only accepts one argument and it must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }
@@ -274,15 +274,15 @@ public void bitwiseOrTestWithNonInteger() {
         EnvFactory.getEnv(),
         "select time, bitwise_or(s4) from bitwise_or_table",
         "701: Scalar function bitwise_or only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
 
     assertTableTestFail(
         EnvFactory.getEnv(),
         "select time, bitwise_or(s1,s4) from bitwise_or_table",
         "701: Scalar function bitwise_or only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }
@@ -308,15 +308,15 @@ public void bitwiseXorTestWithNonInteger() {
         EnvFactory.getEnv(),
         "select time, bitwise_xor(s4) from bitwise_xor_table",
         "701: Scalar function bitwise_xor only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
 
     assertTableTestFail(
         EnvFactory.getEnv(),
         "select time, bitwise_xor(s1,s4) from bitwise_xor_table",
         "701: Scalar function bitwise_xor only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }
@@ -347,15 +347,15 @@ public void bitwiseLeftShiftTestWithNonInteger() {
         EnvFactory.getEnv(),
         "select time, bitwise_left_shift(s4) from bitwise_left_shift_table",
         "701: Scalar function bitwise_left_shift only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
 
     assertTableTestFail(
         EnvFactory.getEnv(),
         "select time, bitwise_left_shift(s1,s4) from bitwise_left_shift_table",
         "701: Scalar function bitwise_left_shift only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }
@@ -388,15 +388,15 @@ public void bitwiseRightShiftTestWithNonInteger() {
         EnvFactory.getEnv(),
         "select time, bitwise_right_shift(s4) from bitwise_right_shift_table",
         "701: Scalar function bitwise_right_shift only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
 
     assertTableTestFail(
         EnvFactory.getEnv(),
         "select time, bitwise_right_shift(s1,s4) from bitwise_right_shift_table",
         "701: Scalar function bitwise_right_shift only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }
@@ -423,15 +423,15 @@ public void bitwiseRightShiftArithmeticTestWithNonInteger() {
         EnvFactory.getEnv(),
         "select time, bitwise_right_shift_arithmetic(s4) from bitwise_right_shift_arithmetic_table",
         "701: Scalar function bitwise_right_shift_arithmetic only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
 
     assertTableTestFail(
         EnvFactory.getEnv(),
         "select time, bitwise_right_shift_arithmetic(s1,s4) from bitwise_right_shift_arithmetic_table",
         "701: Scalar function bitwise_right_shift_arithmetic only accepts two arguments and they must be Int32 or Int64 data type.",
-        CommonDescriptor.getInstance().getConfig().getAdminName(),
+        CommonDescriptor.getInstance().getConfig().getDefaultAdminName(),
         CommonDescriptor.getInstance().getConfig().getAdminPassword(),
         DATABASE_NAME);
   }

integration-test/src/test/java/org/apache/iotdb/session/it/IoTDBSessionCompressedIT.java

@@ -63,7 +63,7 @@ public static void setUpClass() throws IoTDBConnectionException {
     ITableSession session1 =
         new TableSessionBuilder()
             .nodeUrls(nodeUrls)
-            .username(CommonDescriptor.getInstance().getConfig().getAdminName())
+            .username(CommonDescriptor.getInstance().getConfig().getDefaultAdminName())
             .password(CommonDescriptor.getInstance().getConfig().getAdminPassword())
             .enableCompression(true)
             .enableRedirection(true)
@@ -83,7 +83,7 @@ public static void setUpClass() throws IoTDBConnectionException {
     ITableSession session2 =
         new TableSessionBuilder()
             .nodeUrls(nodeUrls)
-            .username(CommonDescriptor.getInstance().getConfig().getAdminName())
+            .username(CommonDescriptor.getInstance().getConfig().getDefaultAdminName())
             .password(CommonDescriptor.getInstance().getConfig().getAdminPassword())
             .enableCompression(true)
             .enableRedirection(true)
@@ -103,7 +103,7 @@ public static void setUpClass() throws IoTDBConnectionException {
     ITableSession session3 =
         new TableSessionBuilder()
             .nodeUrls(nodeUrls)
-            .username(CommonDescriptor.getInstance().getConfig().getAdminName())
+            .username(CommonDescriptor.getInstance().getConfig().getDefaultAdminName())
             .password(CommonDescriptor.getInstance().getConfig().getAdminPassword())
             .enableCompression(true)
             .enableRedirection(true)
@@ -123,7 +123,7 @@ public static void setUpClass() throws IoTDBConnectionException {
     ITableSession session4 =
         new TableSessionBuilder()
             .nodeUrls(nodeUrls)
-            .username(CommonDescriptor.getInstance().getConfig().getAdminName())
+            .username(CommonDescriptor.getInstance().getConfig().getDefaultAdminName())
             .password(CommonDescriptor.getInstance().getConfig().getAdminPassword())
             .enableCompression(true)
             .enableRedirection(true)
@@ -143,7 +143,7 @@ public static void setUpClass() throws IoTDBConnectionException {
     ITableSession session5 =
         new TableSessionBuilder()
             .nodeUrls(nodeUrls)
-            .username(CommonDescriptor.getInstance().getConfig().getAdminName())
+            .username(CommonDescriptor.getInstance().getConfig().getDefaultAdminName())
             .password(CommonDescriptor.getInstance().getConfig().getAdminPassword())
             .enableCompression(false)
             .enableRedirection(true)

iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IoTDBSqlParser.g4

@@ -1046,7 +1046,7 @@ deleteStatement
 
 // Create User
 createUser
-    : CREATE USER userName=identifier password=STRING_LITERAL
+    : CREATE USER userName=usernameWithRoot password=STRING_LITERAL
     ;
 
 // Create Role
@@ -1061,7 +1061,7 @@ alterUser
 
 // Rename user
 renameUser
-    : ALTER USER username=usernameWithRoot RENAME TO newUsername=identifier
+    : ALTER USER username=usernameWithRoot RENAME TO newUsername=usernameWithRoot
     ;
 
 // ---- Alter User Account Unlock
@@ -1071,7 +1071,7 @@ alterUserAccountUnlock
 
 // Grant User Privileges
 grantUser
-    : GRANT privileges ON prefixPath (COMMA prefixPath)* TO USER userName=identifier (grantOpt)?
+    : GRANT privileges ON prefixPath (COMMA prefixPath)* TO USER userName=usernameWithRoot (grantOpt)?
     ;
 
 // Grant Role Privileges
@@ -1086,12 +1086,12 @@ grantOpt
 
 // Grant User Role
 grantRoleToUser
-    : GRANT ROLE roleName=identifier TO userName=identifier
+    : GRANT ROLE roleName=identifier TO userName=usernameWithRoot
     ;
 
 // Revoke User Privileges
 revokeUser
-    : REVOKE privileges ON prefixPath (COMMA prefixPath)* FROM USER userName=identifier
+    : REVOKE privileges ON prefixPath (COMMA prefixPath)* FROM USER userName=usernameWithRoot
     ;
 
 // Revoke Role Privileges
@@ -1101,12 +1101,12 @@ revokeRole
 
 // Revoke Role From User
 revokeRoleFromUser
-    : REVOKE ROLE roleName=identifier FROM userName=identifier
+    : REVOKE ROLE roleName=identifier FROM userName=usernameWithRoot
     ;
 
 // Drop User
 dropUser
-    : DROP USER userName=identifier
+    : DROP USER userName=usernameWithRoot
     ;
 
 // Drop Role

iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/pipe/receiver/protocol/IoTDBConfigNodeReceiver.java

@@ -325,7 +325,7 @@ private TSStatus checkPermission(final ConfigPhysicalPlan plan) {
       case CreateSchemaTemplate:
       case CommitSetSchemaTemplate:
       case PipeUnsetTemplate:
-        return CommonDescriptor.getInstance().getConfig().getAdminName().equals(username)
+        return CommonDescriptor.getInstance().getConfig().getDefaultAdminName().equals(username)
             ? StatusUtils.OK
             : new TSStatus(TSStatusCode.NO_PERMISSION.getStatusCode())
                 .setMessage("Only the admin user can perform this operation");

iotdb-core/consensus/src/main/java/org/apache/iotdb/consensus/pipe/consensuspipe/ConsensusPipeManager.java

@@ -114,7 +114,8 @@ public void createConsensusPipe(Peer senderPeer, Peer receiverPeer, boolean need
             .put(EXTRACTOR_CAPTURE_TABLE_KEY, String.valueOf(true))
             .put(EXTRACTOR_CAPTURE_TREE_KEY, String.valueOf(true))
             .put(
-                EXTRACTOR_IOTDB_USER_KEY, CommonDescriptor.getInstance().getConfig().getAdminName())
+                EXTRACTOR_IOTDB_USER_KEY,
+                CommonDescriptor.getInstance().getConfig().getDefaultAdminName())
             .build(),
         ImmutableMap.<String, String>builder()
             .put(PROCESSOR_KEY, config.getProcessorPluginName())

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java

@@ -77,7 +77,8 @@
 public class AuthorityChecker {
 
   public static int SUPER_USER_ID = 0;
-  public static String SUPER_USER = CommonDescriptor.getInstance().getConfig().getAdminName();
+  public static String SUPER_USER =
+      CommonDescriptor.getInstance().getConfig().getDefaultAdminName();
   public static String SUPER_USER_ID_IN_STR = "0";
 
   public static final TSStatus SUCCEED = new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/executor/ClusterConfigTaskExecutor.java

@@ -2678,7 +2678,7 @@ public SettableFuture<ConfigTaskResult> createTopic(
               "fakePipeName",
               // TODO: currently use root to create topic
               temporaryTopicMeta.generateExtractorAttributes(
-                  CommonDescriptor.getInstance().getConfig().getAdminName()),
+                  CommonDescriptor.getInstance().getConfig().getDefaultAdminName()),
               temporaryTopicMeta.generateProcessorAttributes(),
               temporaryTopicMeta.generateConnectorAttributes("fakeConsumerGroupId"));
     } catch (final Exception e) {