Pipe: Enabled config audit logger & Fixed some checks of config privilege & keep the tree model show pipes aligned with table model's & Fixed the bug that password with "-" prefix cannot be directly entered in Cli & Fixed some pipe ITs & Added the missing source privilege check for PipeAlterEncodingCompressorPlan (apache#16957)

* fix

* permission-change

* user_role

* part

* fix

* f

* fix

* fix

* fix

* no-excep

* pw-args

* fix

* test

* partial

* hdx

* Update IoTDBConfigNodeReceiver.java

* part

* fix

* refactor

* fix

* IT-fix

* fix-SQL

* clean

* fix

* add-test

* fix

Author: Caideyipi

integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeLifeCycleIT.java

@@ -833,12 +833,8 @@ public void testPermission() {
         "803: No permissions for this operation, please add privilege SYSTEM",
         "test",
         "test123123456");
-    assertTestFail(
-        senderEnv,
-        "show pipes",
-        "803: No permissions for this operation, please add privilege SYSTEM",
-        "test",
-        "test123123456");
+    // Will not throw exception
+    executeQueryWithRetry(senderEnv, "show pipes", "test", "test123123456");
     assertNonQueryTestFail(
         senderEnv,
         "start pipe testPipe",
@@ -866,7 +862,7 @@ public void testPermission() {
         "test123123456");
     assertTestFail(
         senderEnv,
-        "show pipe plugins",
+        "show pipePlugins",
         "803: No permissions for this operation, please add privilege SYSTEM",
         "test",
         "test123123456");

integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipePermissionIT.java

@@ -22,7 +22,6 @@
 import org.apache.iotdb.common.rpc.thrift.TSStatus;
 import org.apache.iotdb.commons.client.sync.SyncConfigNodeIServiceClient;
 import org.apache.iotdb.confignode.rpc.thrift.TCreatePipeReq;
-import org.apache.iotdb.confignode.rpc.thrift.TShowPipeReq;
 import org.apache.iotdb.consensus.ConsensusFactory;
 import org.apache.iotdb.db.it.utils.TestUtils;
 import org.apache.iotdb.it.env.MultiEnvFactory;
@@ -39,6 +38,7 @@
 import org.junit.runner.RunWith;
 
 import java.sql.Connection;
+import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 import java.util.Arrays;
@@ -360,8 +360,9 @@ public void testSourcePermission() {
     TestUtils.executeNonQuery(senderEnv, "create database root.test1");
 
     // Shall be transferred
+    // The root.test may or may not be transferred due to delayed start of the config source
     TestUtils.assertDataEventuallyOnEnv(
-        receiverEnv, "count databases root.tes*", "count,", Collections.singleton("1,"));
+        receiverEnv, "count databases root.test1", "count,", Collections.singleton("1,"));
 
     // Alter pipe, throw exception if no privileges
     try (final Connection connection = senderEnv.getConnection();
@@ -417,10 +418,12 @@ public void testSourcePermission() {
     TestUtils.executeNonQuery(senderEnv, "revoke SYSTEM on root.** from user thulab");
 
     // A user shall only see its own pipe
-    try (final SyncConfigNodeIServiceClient client =
-        (SyncConfigNodeIServiceClient) senderEnv.getLeaderConfigNodeConnection()) {
-      Assert.assertEquals(
-          1, client.showPipe(new TShowPipeReq().setUserName("thulab")).pipeInfoList.size());
+    try (final Connection connection = senderEnv.getConnection("thulab", "passwD@123456");
+        final Statement statement = connection.createStatement()) {
+      // Will not throw any exception
+      final ResultSet resultSet = statement.executeQuery("show pipes");
+      Assert.assertTrue(resultSet.next());
+      Assert.assertFalse(resultSet.next());
     } catch (Exception e) {
       fail(e.getMessage());
     }

iotdb-client/cli/src/main/java/org/apache/iotdb/cli/AbstractCli.java

@@ -321,9 +321,7 @@ static String[] removePasswordArgs(String[] args) {
       }
     }
     if (index >= 0) {
-      if (index + 1 >= args.length
-          || args[index + 1].startsWith("-")
-          || (keywordSet.contains(args[index + 1]))) {
+      if (index + 1 >= args.length || keywordSet.contains(args[index + 1])) {
         return ArrayUtils.remove(args, index);
       }
     }

iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/ConfigManager.java

@@ -1353,23 +1353,6 @@ public TAuthizedPatternTreeResp fetchAuthizedPatternTree(String username, int pe
     }
   }
 
-  public TPermissionInfoResp checkUserPrivilegeGrantOpt(String username, PrivilegeUnion union) {
-    TSStatus status = confirmLeader();
-    TPermissionInfoResp resp = new TPermissionInfoResp();
-    if (status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
-      try {
-        resp = permissionManager.checkUserPrivilegeGrantOpt(username, union);
-      } catch (AuthException e) {
-        status.setCode(e.getCode().getStatusCode()).setMessage(e.getMessage());
-        resp.setStatus(status);
-        return resp;
-      }
-    } else {
-      resp.setStatus(status);
-    }
-    return resp;
-  }
-
   public TPermissionInfoResp checkRoleOfUser(String username, String rolename) {
     TSStatus status = confirmLeader();
     TPermissionInfoResp resp = new TPermissionInfoResp();

iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/manager/PermissionManager.java

@@ -134,12 +134,6 @@ public PathPatternTree fetchRawAuthorizedPTree(final String userName, final Priv
     return authorInfo.generateRawAuthorizedPTree(userName, type);
   }
 
-  public TPermissionInfoResp checkUserPrivilegeGrantOpt(String username, PrivilegeUnion union)
-      throws AuthException {
-    union.setGrantOption(true);
-    return authorInfo.checkUserPrivileges(username, union);
-  }
-
   public TPermissionInfoResp checkRoleOfUser(String username, String rolename)
       throws AuthException {
     return authorInfo.checkRoleOfUser(username, rolename);