Delete Maintain Auth

Author: JackieTien97

integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java

@@ -1358,8 +1358,21 @@ public void testClusterManagementSqlOfTableModel() throws Exception {
       try (Connection JackConnection =
               EnvFactory.getEnv().getConnection("Jack", "temppw", BaseEnv.TABLE_SQL_DIALECT);
           Statement Jack = JackConnection.createStatement()) {
-        testClusterManagementSqlImpl(
-            clusterManagementSQLList, () -> adminStmt.execute("GRANT MAINTAIN TO USER Jack"), Jack);
+        // Jack has no authority to execute these SQLs
+        for (String sql : clusterManagementSQLList) {
+          try {
+            Jack.execute(sql);
+          } catch (IoTDBSQLException e) {
+            if (TSStatusCode.NO_PERMISSION.getStatusCode() != e.getErrorCode()) {
+              fail(
+                  String.format(
+                      "SQL should fail because of no permission, but the error code is %d: %s",
+                      e.getErrorCode(), sql));
+            }
+            continue;
+          }
+          fail(String.format("SQL should fail because of no permission: %s", sql));
+        }
       }
     }
   }

integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBClusterAuthorityRelationalIT.java

@@ -348,7 +348,6 @@ public void permissionTest()
               false));
       grantSysPrivilegeAndCheck(client, "user1", "role1", true, PrivilegeType.MANAGE_USER, false);
       grantSysPrivilegeAndCheck(client, "user1", "role1", true, PrivilegeType.MANAGE_ROLE, true);
-      grantSysPrivilegeAndCheck(client, "user1", "role1", false, PrivilegeType.MAINTAIN, true);
       grantPrivilegeAndCheck(
           client, "user1", "", true, new PrivilegeUnion("database", "table", PrivilegeType.SELECT));
       grantPrivilegeAndCheck(

integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBRelationalAuthIT.java

@@ -154,7 +154,6 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {
       // admin can do all things below.
       adminStmt.execute("GRANT MANAGE_USER to user testuser2 with grant option");
       adminStmt.execute("GRANT MANAGE_ROLE to user testuser");
-      adminStmt.execute("GRANT MAINTAIN to ROLE testrole with grant option");
 
       adminStmt.execute("use testdb");
       adminStmt.execute("GRANT SELECT ON TABLE TB to user testuser");
@@ -179,7 +178,6 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {
       // testdb.* insert
       // any alter
       // manage_role
-      // MAINTAIN with grant option
 
       // cannot create user
       Assert.assertThrows(
@@ -210,7 +208,6 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {
           () -> {
             userStmt.execute("GRANT manage_role to role testrole2");
           });
-      userStmt.execute("GRANT MAINTAIN to ROLE testrole2");
 
       // can list itself privileges and the all roles privileges
       ResultSet rs = userStmt.executeQuery("List privileges of user testuser");
@@ -221,15 +218,13 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {
                   ",*.*,ALTER,false,",
                   ",testdb.*,INSERT,false,",
                   ",testdb.tb,SELECT,false,",
-                  ",testdb.tb,INSERT,false,",
-                  "testrole2,,MAINTAIN,false,",
-                  "testrole,,MAINTAIN,true,"));
+                  ",testdb.tb,INSERT,false,"));
       TestUtils.assertResultSetEqual(rs, "Role,Scope,Privileges,GrantOption,", ans);
       rs = userStmt.executeQuery("List privileges of role testrole");
-      ans = new HashSet<>(Collections.singletonList("testrole,,MAINTAIN,true,"));
+      ans = new HashSet<>();
       TestUtils.assertResultSetEqual(rs, "Role,Scope,Privileges,GrantOption,", ans);
       rs = userStmt.executeQuery("List privileges of role testrole2");
-      ans = new HashSet<>(Collections.singletonList("testrole2,,MAINTAIN,false,"));
+      ans = new HashSet<>();
       TestUtils.assertResultSetEqual(rs, "Role,Scope,Privileges,GrantOption,", ans);
       // testdb.TB's privilege is not grant option.
       Assert.assertThrows(

integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/tablemodel/manual/basic/IoTDBPipeLifeCycleIT.java

@@ -20,14 +20,12 @@
 package org.apache.iotdb.pipe.it.dual.tablemodel.manual.basic;
 
 import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
 import org.apache.iotdb.commons.client.sync.SyncConfigNodeIServiceClient;
 import org.apache.iotdb.confignode.rpc.thrift.TCreatePipeReq;
 import org.apache.iotdb.db.it.utils.TestUtils;
 import org.apache.iotdb.it.env.cluster.node.DataNodeWrapper;
 import org.apache.iotdb.it.framework.IoTDBTestRunner;
 import org.apache.iotdb.itbase.category.MultiClusterIT2DualTableManualBasic;
-import org.apache.iotdb.itbase.env.BaseEnv;
 import org.apache.iotdb.pipe.it.dual.tablemodel.TableModelUtils;
 import org.apache.iotdb.pipe.it.dual.tablemodel.manual.AbstractPipeTableModelDualManualIT;
 import org.apache.iotdb.rpc.TSStatusCode;
@@ -39,7 +37,6 @@
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -49,10 +46,7 @@
 import static org.apache.iotdb.db.it.utils.TestUtils.assertTableNonQueryTestFail;
 import static org.apache.iotdb.db.it.utils.TestUtils.assertTableTestFail;
 import static org.apache.iotdb.db.it.utils.TestUtils.createUser;
-import static org.apache.iotdb.db.it.utils.TestUtils.executeNonQueriesWithRetry;
 import static org.apache.iotdb.db.it.utils.TestUtils.executeNonQueryWithRetry;
-import static org.apache.iotdb.db.it.utils.TestUtils.executeQueryWithRetry;
-import static org.apache.iotdb.db.it.utils.TestUtils.grantUserSystemPrivileges;
 
 @RunWith(IoTDBTestRunner.class)
 @Category({MultiClusterIT2DualTableManualBasic.class})
@@ -725,91 +719,59 @@ public void testPermission() {
             + "  'connector.ip'='127.0.0.1',\n"
             + "  'connector.port'='6668'\n"
             + ")",
-        "803: Access Denied: No permissions for this operation, please add privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user is allowed",
         "test",
         "test123",
         null);
     assertTableNonQueryTestFail(
         senderEnv,
         "drop pipe testPipe",
-        "803: Access Denied: No permissions for this operation, please add privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user is allowed",
         "test",
         "test123",
         null);
     assertTableTestFail(
         senderEnv,
         "show pipes",
-        "803: Access Denied: No permissions for this operation, please add privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user is allowed",
         "test",
         "test123",
         null);
     assertTableNonQueryTestFail(
         senderEnv,
         "start pipe testPipe",
-        "803: Access Denied: No permissions for this operation, please add privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user is allowed",
         "test",
         "test123",
         null);
     assertTableNonQueryTestFail(
         senderEnv,
         "stop pipe testPipe",
-        "803: Access Denied: No permissions for this operation, please add privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user is allowed",
         "test",
         "test123",
         null);
 
     assertTableNonQueryTestFail(
         senderEnv,
         "create pipePlugin TestProcessor as 'org.apache.iotdb.db.pipe.example.TestProcessor' USING URI 'xxx'",
-        "803: Access Denied: No permissions for this operation, please add privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user is allowed",
         "test",
         "test123",
         null);
     assertTableNonQueryTestFail(
         senderEnv,
         "drop pipePlugin TestProcessor",
-        "803: Access Denied: No permissions for this operation, please add privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user is allowed",
         "test",
         "test123",
         null);
     assertTableTestFail(
         senderEnv,
         "show pipe plugins",
-        "803: Access Denied: No permissions for this operation, please add privilege MAINTAIN",
+        "803: Access Denied: No permissions for this operation, only root user is allowed",
         "test",
         "test123",
         null);
-
-    grantUserSystemPrivileges(senderEnv, "test", PrivilegeType.MAINTAIN);
-
-    executeNonQueryWithRetry(
-        senderEnv,
-        "create pipe testPipe\n"
-            + "with connector (\n"
-            + "  'connector'='write-back-connector'\n"
-            + ")",
-        "test",
-        "test123",
-        null,
-        BaseEnv.TABLE_SQL_DIALECT);
-    executeQueryWithRetry(
-        senderEnv, "show pipes", "test", "test123", null, BaseEnv.TABLE_SQL_DIALECT);
-    executeNonQueriesWithRetry(
-        senderEnv,
-        Arrays.asList("start pipe testPipe", "stop pipe testPipe", "drop pipe testPipe"),
-        "test",
-        "test123",
-        null,
-        BaseEnv.TABLE_SQL_DIALECT);
-
-    assertTableNonQueryTestFail(
-        senderEnv,
-        "create pipePlugin TestProcessor as 'org.apache.iotdb.db.pipe.example.TestProcessor' USING URI 'xxx'",
-        "701: Untrusted uri xxx",
-        "test",
-        "test123",
-        null);
-    executeQueryWithRetry(
-        senderEnv, "show pipe plugins", "test", "test123", null, BaseEnv.TABLE_SQL_DIALECT);
   }
 }