feat/TS-6863-add-use-token-para

docs/en/14-reference/01-components/01-taosd.md

@@ -214,7 +214,8 @@ The effective value of charset is UTF-8.
 | audit                      |                   | Supported, effective immediately   | Audit feature switch; Enterprise parameter                                                                                                                                                                                                                                     |
 | auditInterval              |                   | Supported, effective immediately   | Time interval for reporting audit data; Enterprise parameter                                                                                                                                                                                                                   |
 | auditLevel                 |                   | Supported, effective immediately   | Audit level for reporting audit data; Enterprise parameter; range 1 - 5, default value 3, 1 means system level, 2 means cluster level, 3 means database level, 4 means child table level, 5 means data level.                                                                                                         |
-| auditHttps                 |                   | Supported, effective immediately   | Whether to use https to report audit data; Enterprise parameter; range 0 - 1, default value 1 (1: use https, 0: do not use).                                                                                                         |
+| auditHttps                 |                   | Supported, effective immediately   | Whether to use https to report audit data; Enterprise parameter; range 0 - 1, default value 0 (1: use https, 0: do not use).                                                                                                         |
+| auditUseToken              |                   | Supported, effective immediately   | Whether to use token to report audit data; Enterprise parameter; range 0 - 1, default value 1 (1: use token, 0: do not use).                                                                                                         |
 | auditCreateTable           |                   | Supported, effective immediately   | Whether to enable audit feature for creating subtables; Enterprise parameter                                                                                                                                                                                                   |
 | encryptAlgorithm           |                   | Not supported                      | Data encryption algorithm; Enterprise parameter                                                                                                                                                                                                                                |
 | encryptScope               |                   | Not supported                      | Encryption scope; Enterprise parameter                                                                                                                                                                                                                                         |

docs/zh/14-reference/01-components/01-taosd.md

@@ -1032,7 +1032,7 @@ charset 的有效值是 UTF-8。
 - 最大值：5
 - 参数类型：全局配置参数
 - 动态修改：支持通过 SQL 修改，立即生效。
-- 支持版本：从 v3.3.9.0 版本开始引入
+- 支持版本：从 v3.4.0.0 版本开始引入
 
 #### auditHttps
 
@@ -1043,7 +1043,18 @@ charset 的有效值是 UTF-8。
 - 最大值：1
 - 参数类型：全局配置参数
 - 动态修改：支持通过 SQL 修改，立即生效。
-- 支持版本：从 v3.3.9.0 版本开始引入
+- 支持版本：从 v3.4.0.0 版本开始引入
+
+#### auditUseToken
+
+- 说明：审计数据上报时是否使用 token **`企业版参数`**
+- 类型：整数; 0:不使用，1：使用
+- 默认值：1
+- 最小值：0
+- 最大值：1
+- 参数类型：全局配置参数
+- 动态修改：支持通过 SQL 修改，立即生效。
+- 支持版本：从 v3.4.0.0 版本开始引入
 
 #### auditCreateTable
 

include/common/tglobal.h

@@ -212,6 +212,7 @@ extern bool    tsEnableAuditInsert;
 extern int32_t tsAuditLevel;
 extern int32_t tsAuditInterval;
 extern bool    tsAuditHttps;
+extern bool    tsAuditUseToken;
 
 // telem
 extern bool     tsEnableTelem;

source/common/src/tglobal.c

@@ -211,6 +211,7 @@ bool    tsEnableAuditInsert = true;
 int32_t tsAuditInterval = 5000;
 int32_t tsAuditLevel = AUDIT_LEVEL_DATABASE;
 bool    tsAuditHttps = false;
+bool    tsAuditUseToken = true;
 #else
 bool    tsEnableAudit = false;
 bool    tsEnableAuditCreateTable = false;
@@ -220,6 +221,7 @@ bool    tsEnableAuditInsert = false;
 int32_t tsAuditInterval = 200000;
 int32_t tsAuditLevel = AUDIT_LEVEL_NONE;
 bool    tsAuditHttps = false;
+bool    tsAuditUseToken = true;
 #endif
 
 // telem
@@ -975,6 +977,7 @@ static int32_t taosAddServerCfg(SConfig *pCfg) {
   TAOS_CHECK_RETURN(cfgAddBool(pCfg, "auditCreateTable", tsEnableAuditCreateTable, CFG_SCOPE_SERVER, CFG_DYN_SERVER,CFG_CATEGORY_GLOBAL));
   TAOS_CHECK_RETURN(cfgAddInt32(pCfg, "auditInterval", tsAuditInterval, 500, 200000, CFG_SCOPE_SERVER, CFG_DYN_SERVER,CFG_CATEGORY_GLOBAL));
   TAOS_CHECK_RETURN(cfgAddBool(pCfg, "auditHttps", tsAuditHttps, CFG_SCOPE_SERVER, CFG_DYN_ENT_SERVER,CFG_CATEGORY_GLOBAL));
+  TAOS_CHECK_RETURN(cfgAddBool(pCfg, "auditUseToken", tsAuditUseToken, CFG_SCOPE_SERVER, CFG_DYN_ENT_SERVER,CFG_CATEGORY_GLOBAL));
 
   TAOS_CHECK_RETURN(cfgAddBool(pCfg, "telemetryReporting", tsEnableTelem, CFG_SCOPE_SERVER, CFG_DYN_ENT_SERVER,CFG_CATEGORY_GLOBAL));
   TAOS_CHECK_RETURN(cfgAddInt32(pCfg, "telemetryInterval", tsTelemInterval, 1, 200000, CFG_SCOPE_SERVER, CFG_DYN_SERVER,CFG_CATEGORY_GLOBAL));
@@ -1807,6 +1810,9 @@ static int32_t taosSetServerCfg(SConfig *pCfg) {
   TAOS_CHECK_GET_CFG_ITEM(pCfg, pItem, "auditHttps");
   tsAuditHttps = pItem->bval;
 
+  TAOS_CHECK_GET_CFG_ITEM(pCfg, pItem, "auditUseToken");
+  tsAuditUseToken = pItem->bval;
+
   TAOS_CHECK_GET_CFG_ITEM(pCfg, pItem, "auditInterval");
   tsAuditInterval = pItem->i32;
 #endif
@@ -2840,6 +2846,7 @@ static int32_t taosCfgDynamicOptionsForServer(SConfig *pCfg, const char *name) {
                                          {"auditInterval", &tsAuditInterval},
                                          {"auditLevel", &tsAuditLevel},
                                          {"auditHttps", &tsAuditHttps},
+                                         {"auditUseToken", &tsAuditUseToken},
                                          {"slowLogThreshold", &tsSlowLogThreshold},
                                          {"compressMsgSize", &tsCompressMsgSize},
                                          {"compressor", &tsCompressor},

source/dnode/mgmt/mgmt_dnode/src/dmHandle.c

@@ -304,7 +304,9 @@ void dmSendStatusReq(SDnodeMgmt *pMgmt) {
   req.analVer = taosAnalyGetVersion();
   req.timeWhiteVer = pMgmt->pData->timeWhiteVer;
 
-  getAuditDbNameToken(req.auditDB, req.auditToken);
+  if (tsAuditUseToken) {
+    getAuditDbNameToken(req.auditDB, req.auditToken);
+  }
 
   int32_t contLen = tSerializeSStatusReq(NULL, 0, &req);
   if (contLen < 0) {

source/dnode/mnode/impl/inc/mndUser.h

@@ -54,6 +54,8 @@ int64_t mndGetTimeWhiteListVersion(SMnode *pMnode);
 int32_t mndRefreshUserDateTimeWhiteList(SMnode *pMnode);
 int64_t mndGetUserTimeWhiteListVer(SMnode *pMnode, SUserObj *pUser);
 
+int32_t mndGetAuditUser(SMnode *pMnode, char *user);
+
 void mndGetUserLoginInfo(const char *user, SLoginInfo *pLoginInfo);
 void mndSetUserLoginInfo(const char *user, const SLoginInfo *pLoginInfo);
 bool mndIsTotpEnabledUser(SUserObj *pUser);

source/dnode/mnode/impl/src/mndDnode.c

@@ -813,13 +813,24 @@ static int32_t mndProcessStatusReq(SRpcMsg *pReq) {
   bool    analVerChanged = (analVer != statusReq.analVer);
   bool    auditDBChanged = false;
   char    auditDB[TSDB_DB_FNAME_LEN] = {0};
-  SDbObj *pDb = mndAcquireAuditDb(pMnode);
-  if (pDb != NULL) {
-    tstrncpy(auditDB, pDb->name, TSDB_DB_FNAME_LEN);
-    mndReleaseDb(pMnode, pDb);
-  }
+  if (tsAuditUseToken) {
+    SDbObj *pDb = mndAcquireAuditDb(pMnode);
+    if (pDb != NULL) {
+      SName name = {0};
+      if (tNameFromString(&name, pDb->name, T_NAME_ACCT | T_NAME_DB) < 0)
+        mError("db:%s, failed to parse db name", pDb->name);
+      tstrncpy(auditDB, name.dbname, TSDB_DB_FNAME_LEN);
+      mndReleaseDb(pMnode, pDb);
+    }
 
-  if (strncmp(statusReq.auditDB, auditDB, TSDB_DB_FNAME_LEN) != 0) auditDBChanged = true;
+    char    auditUser[TSDB_USER_LEN] = {0};
+    int32_t ret = 0;
+    if ((ret = mndGetAuditUser(pMnode, auditUser)) != 0) {
+      mError("dnode:%d, failed to get audit user since %s", pDnode->id, tstrerror(ret));
+    }
+
+    if (strncmp(statusReq.auditDB, auditDB, TSDB_DB_FNAME_LEN) != 0) auditDBChanged = true;
+  }
 
   bool needCheck = !online || dnodeChanged || reboot || supportVnodesChanged || analVerChanged ||
                    pMnode->ipWhiteVer != statusReq.ipWhiteVer || pMnode->timeWhiteVer != statusReq.timeWhiteVer ||

source/dnode/mnode/impl/src/mndUser.c

@@ -3657,6 +3657,10 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) {
   TAOS_RETURN(code);
 }
 
+int32_t mndGetAuditUser(SMnode *pMnode, char* user){
+  return 0;
+}
+
 static int32_t mndDropUser(SMnode *pMnode, SRpcMsg *pReq, SUserObj *pUser) {
   STrans *pTrans = mndTransCreate(pMnode, TRN_POLICY_ROLLBACK, TRN_CONFLICT_NOTHING, pReq, "drop-user");
   if (pTrans == NULL) {