Audit SQL 'COUNT DATABASE' (#16569)

Author: CRZbulabula

integration-test/src/test/java/org/apache/iotdb/db/it/audit/IoTDBAuditLogBasicIT.java

@@ -277,12 +277,12 @@ public static void closeConnectionCompletely(Connection connection) throws Inter
                   "127.0.0.1",
                   "OBJECT_AUTHENTICATION",
                   "QUERY",
-                  "[MANAGE_DATABASE]",
-                  "OBJECT",
+                  "[SYSTEM]",
+                  "GLOBAL",
                   "true",
                   "[root.__audit]",
                   "SHOW DATABASES root.__audit",
-                  "User root (ID=0) requests authority on object root.__audit with result true"),
+                  "User root (ID=0) requests authority on object [root.__audit] with result true"),
               Arrays.asList(
                   "node_1",
                   "u_0",
@@ -1305,7 +1305,7 @@ public void basicAuditLogTestForTableModel() throws SQLException, InterruptedExc
       Arrays.asList(
           "CREATE DATABASE root.test",
           "show databases",
-          //          "COUNT databases",
+          "COUNT databases",
           "set ttl to root.test.** INF",
           "create timeseries root.test.d1.s1 with datatype=BOOLEAN",
           "create timeseries root.test.d1.s2 with datatype=INT64",
@@ -1425,11 +1425,11 @@ public void basicAuditLogTestForTableModel() throws SQLException, InterruptedExc
               Arrays.asList(
                   "root.__audit.log.node_1.u_0",
                   "true",
-                  "OBJECT",
-                  "[MANAGE_DATABASE]",
+                  "GLOBAL",
+                  "[SYSTEM]",
                   "[root.__audit]",
                   "QUERY",
-                  "User root (ID=0) requests authority on object root.__audit with result true",
+                  "User root (ID=0) requests authority on object [root.__audit] with result true",
                   "SHOW DATABASES root.__audit",
                   "OBJECT_AUTHENTICATION",
                   "127.0.0.1",
@@ -1566,15 +1566,29 @@ public void basicAuditLogTestForTableModel() throws SQLException, InterruptedExc
               Arrays.asList(
                   "root.__audit.log.node_1.u_0",
                   "true",
-                  "OBJECT",
-                  "[MANAGE_DATABASE]",
+                  "GLOBAL",
+                  "[SYSTEM]",
                   "[root.**]",
                   "QUERY",
-                  "User root (ID=0) requests authority on object root.** with result true",
+                  "User root (ID=0) requests authority on object [root.**] with result true",
                   "show databases",
                   "OBJECT_AUTHENTICATION",
                   "127.0.0.1",
                   "root")),
+          // Count database
+          new AuditLogSet(
+              Arrays.asList(
+                  "root.__audit.log.node_1.u_0",
+                  "true",
+                  "GLOBAL",
+                  "[SYSTEM]",
+                  "[root.**]",
+                  "QUERY",
+                  "User root (ID=0) requests authority on object [root.**] with result true",
+                  "COUNT databases",
+                  "OBJECT_AUTHENTICATION",
+                  "127.0.0.1",
+                  "root")),
           // Set TTL to database
           new AuditLogSet(
               Arrays.asList(

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java

@@ -943,11 +943,10 @@ public TSStatus visitShowStorageGroup(
             showDatabaseStatement.getPaths().stream()
                 .distinct()
                 .collect(Collectors.toList())
-                .toString())
-        .setPrivilegeType(PrivilegeType.MANAGE_DATABASE);
+                .toString());
     if (AuthorityChecker.SUPER_USER.equals(context.getUsername())) {
       recordObjectAuthenticationAuditLog(
-          context.setResult(true), () -> showDatabaseStatement.getPathPattern().toString());
+          context.setPrivilegeType(PrivilegeType.SYSTEM).setResult(true), context::getDatabase);
       return SUCCEED;
     }
     setCanSeeAuditDB(showDatabaseStatement, context);
@@ -957,7 +956,16 @@ public TSStatus visitShowStorageGroup(
   @Override
   public TSStatus visitCountStorageGroup(
       CountDatabaseStatement countDatabaseStatement, TreeAccessCheckContext context) {
+    context
+        .setAuditLogOperation(AuditLogOperation.QUERY)
+        .setDatabase(
+            countDatabaseStatement.getPaths().stream()
+                .distinct()
+                .collect(Collectors.toList())
+                .toString());
     if (AuthorityChecker.SUPER_USER.equals(context.getUsername())) {
+      recordObjectAuthenticationAuditLog(
+          context.setPrivilegeType(PrivilegeType.SYSTEM).setResult(true), context::getDatabase);
       return SUCCEED;
     }
     setCanSeeAuditDB(countDatabaseStatement, context);