[Refactor] Refactor ConnectContext.getCluster (#50783)

Author: wangbo

fe/fe-core/src/main/java/org/apache/doris/alter/AlterJobV2.java

@@ -17,6 +17,7 @@
 
 package org.apache.doris.alter;
 
+import org.apache.doris.analysis.UserIdentity;
 import org.apache.doris.catalog.Database;
 import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.OlapTable;
@@ -105,6 +106,9 @@ public enum JobType {
     @SerializedName(value = "failedTabletBackends")
     protected Map<Long, List<Long>> failedTabletBackends = Maps.newHashMap();
 
+    @SerializedName(value = "uid")
+    protected UserIdentity userIdentity = null;
+
     public AlterJobV2(String rawSql, long jobId, JobType jobType, long dbId, long tableId, String tableName,
                       long timeoutMs) {
         this.rawSql = rawSql;
@@ -117,6 +121,10 @@ public AlterJobV2(String rawSql, long jobId, JobType jobType, long dbId, long ta
 
         this.createTimeMs = System.currentTimeMillis();
         this.jobState = JobState.PENDING;
+
+        if (ConnectContext.get() != null) {
+            userIdentity = ConnectContext.get().getCurrentUserIdentity();
+        }
     }
 
     protected AlterJobV2(JobType type) {
@@ -228,6 +236,9 @@ public synchronized void run() {
             ConnectContext ctx = new ConnectContext();
             ctx.setThreadLocalInfo();
             ctx.setCloudCluster(cloudClusterName);
+            // currently used for CloudReplica.getCurrentClusterId
+            // later maybe used for managing all workload in BE.
+            ctx.setCurrentUserIdentity(this.userIdentity);
         }
 
         // /api/debug_point/add/FE.STOP_ALTER_JOB_RUN

fe/fe-core/src/main/java/org/apache/doris/cloud/catalog/CloudEnv.java

@@ -278,8 +278,9 @@ public void checkCloudClusterPriv(String clusterName) throws DdlException {
         if (!Env.getCurrentEnv().getAccessManager().checkCloudPriv(ConnectContext.get().getCurrentUserIdentity(),
                 clusterName, PrivPredicate.USAGE, ResourceTypeEnum.CLUSTER)) {
             throw new DdlException("USAGE denied to user "
-                + ConnectContext.get().getQualifiedUser() + "'@'" + ConnectContext.get().getRemoteIP()
-                + "' for cloud cluster '" + clusterName + "'", ErrorCode.ERR_CLUSTER_NO_PERMISSIONS);
+                    + ConnectContext.get().getCurrentUserIdentity().getQualifiedUser() + "'@'" + ConnectContext.get()
+                    .getRemoteIP()
+                    + "' for cloud cluster '" + clusterName + "'", ErrorCode.ERR_CLUSTER_NO_PERMISSIONS);
         }
 
         if (!getCloudSystemInfoService().getCloudClusterNames().contains(clusterName)) {

fe/fe-core/src/main/java/org/apache/doris/cloud/catalog/CloudReplica.java

@@ -17,6 +17,7 @@
 
 package org.apache.doris.cloud.catalog;
 
+import org.apache.doris.analysis.UserIdentity;
 import org.apache.doris.catalog.ColocateTableIndex.GroupId;
 import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.Partition;
@@ -37,6 +38,7 @@
 import com.google.common.hash.HashCode;
 import com.google.common.hash.Hashing;
 import com.google.gson.annotations.SerializedName;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -212,41 +214,47 @@ private String getCurrentClusterId() throws ComputeGroupException {
         String cluster = null;
         ConnectContext context = ConnectContext.get();
         if (context != null) {
-            if (!Strings.isNullOrEmpty(context.getSessionVariable().getCloudCluster())) {
-                cluster = context.getSessionVariable().getCloudCluster();
+            // TODO(wb) rethinking whether should update err status.
+            cluster = context.getCloudCluster();
+
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("get compute group by context {}", cluster);
+            }
+
+            UserIdentity currentUid = context.getCurrentUserIdentity();
+            if (currentUid != null && !StringUtils.isEmpty(currentUid.getQualifiedUser())) {
                 try {
                     ((CloudEnv) Env.getCurrentEnv()).checkCloudClusterPriv(cluster);
                 } catch (Exception e) {
-                    LOG.warn("get compute group by session context exception");
-                    throw new ComputeGroupException(String.format("session context compute group %s check auth failed",
-                            cluster),
-                        ComputeGroupException.FailedTypeEnum.CURRENT_USER_NO_AUTH_TO_USE_DEFAULT_COMPUTE_GROUP);
-                }
-                if (LOG.isDebugEnabled()) {
-                    LOG.debug("get compute group by session context compute group: {}", cluster);
+                    LOG.warn("check compute group {} for {} auth failed.", cluster,
+                            context.getCurrentUserIdentity().toString());
+                    throw new ComputeGroupException(
+                            String.format("context compute group %s check auth failed, user is %s",
+                                    cluster, context.getCurrentUserIdentity().toString()),
+                            ComputeGroupException.FailedTypeEnum.CURRENT_USER_NO_AUTH_TO_USE_DEFAULT_COMPUTE_GROUP);
                 }
             } else {
-                cluster = context.getCloudCluster(false);
-                if (LOG.isDebugEnabled()) {
-                    LOG.debug("get compute group by context {}", cluster);
-                }
-                String clusterStatus = ((CloudSystemInfoService) Env.getCurrentSystemInfo())
-                        .getCloudStatusByName(cluster);
-                if (!Strings.isNullOrEmpty(clusterStatus)
-                        && Cloud.ClusterStatus.valueOf(clusterStatus)
-                        == Cloud.ClusterStatus.MANUAL_SHUTDOWN) {
-                    LOG.warn("auto start compute group {} in manual shutdown status", cluster);
-                    throw new ComputeGroupException(
+                LOG.info("connect context user is null.");
+                throw new ComputeGroupException("connect context's user is null",
+                        ComputeGroupException.FailedTypeEnum.CURRENT_USER_NO_AUTH_TO_USE_DEFAULT_COMPUTE_GROUP);
+            }
+
+            String clusterStatus = ((CloudSystemInfoService) Env.getCurrentSystemInfo())
+                    .getCloudStatusByName(cluster);
+            if (!Strings.isNullOrEmpty(clusterStatus)
+                    && Cloud.ClusterStatus.valueOf(clusterStatus)
+                    == Cloud.ClusterStatus.MANUAL_SHUTDOWN) {
+                LOG.warn("auto start compute group {} in manual shutdown status", cluster);
+                throw new ComputeGroupException(
                         String.format("The current compute group %s has been manually shutdown", cluster),
                         ComputeGroupException.FailedTypeEnum.CURRENT_COMPUTE_GROUP_BEEN_MANUAL_SHUTDOWN);
-                }
             }
         } else {
             if (LOG.isDebugEnabled()) {
                 LOG.debug("connect context is null in getBackendId");
             }
-            throw new ComputeGroupException("connect context not set",
-                ComputeGroupException.FailedTypeEnum.CONNECT_CONTEXT_NOT_SET);
+            throw new ComputeGroupException("connect context not set cluster ",
+                    ComputeGroupException.FailedTypeEnum.CONNECT_CONTEXT_NOT_SET);
         }
 
         return getCloudClusterIdByName(cluster);

fe/fe-core/src/main/java/org/apache/doris/cloud/load/CloudBrokerLoadJob.java

@@ -105,14 +105,9 @@ private void setCloudClusterId() throws MetaNotFoundException {
 
             this.cloudClusterId = ((CloudSystemInfoService) Env.getCurrentSystemInfo())
                     .getCloudClusterIdByName(clusterName);
-            if (!Strings.isNullOrEmpty(context.getSessionVariable().getCloudCluster())) {
-                clusterName = context.getSessionVariable().getCloudCluster();
-                this.cloudClusterId =
-                    ((CloudSystemInfoService) Env.getCurrentSystemInfo()).getCloudClusterIdByName(clusterName);
-            }
             if (Strings.isNullOrEmpty(this.cloudClusterId)) {
-                LOG.warn("cluster id is empty, cluster name {}", clusterName);
-                throw new MetaNotFoundException("cluster id is empty, cluster name: " + clusterName);
+                LOG.warn("can not find compute group: {}", clusterName);
+                throw new MetaNotFoundException("can not find compute group: " + clusterName);
             }
             sessionVariables.put(CLOUD_CLUSTER_ID, this.cloudClusterId);
         }
@@ -127,15 +122,20 @@ private AutoCloseConnectContext buildConnectContext() throws UserException {
             throw new UserException("cluster name is empty, cluster id is: " + cloudClusterId);
         }
 
+        // NOTE: set user info in context in for auth check in CloudReplica
         if (ConnectContext.get() == null) {
             ConnectContext connectContext = new ConnectContext();
             connectContext.setCloudCluster(clusterName);
+            connectContext.setCurrentUserIdentity(this.userInfo);
+            connectContext.setQualifiedUser(this.userInfo.getQualifiedUser());
             if (connectContext.getEnv() == null) {
                 connectContext.setEnv(Env.getCurrentEnv());
             }
             return new AutoCloseConnectContext(connectContext);
         } else {
             ConnectContext.get().setCloudCluster(clusterName);
+            ConnectContext.get().setCurrentUserIdentity(this.userInfo);
+            ConnectContext.get().setQualifiedUser(this.userInfo.getQualifiedUser());
             if (ConnectContext.get().getEnv() == null) {
                 ConnectContext.get().setEnv(Env.getCurrentEnv());
             }
@@ -155,7 +155,7 @@ protected LoadLoadingTask createTask(Database db, OlapTable table, List<BrokerFi
             boolean isEnableMemtableOnSinkNode, int batchSize, FileGroupAggKey aggKey,
             BrokerPendingTaskAttachment attachment) throws UserException {
         cloudClusterId = sessionVariables.get(CLOUD_CLUSTER_ID);
-        LoadLoadingTask task = new CloudLoadLoadingTask(db, table, brokerDesc,
+        LoadLoadingTask task = new CloudLoadLoadingTask(this.userInfo, db, table, brokerDesc,
                 brokerFileGroups, getDeadlineMs(), getExecMemLimit(),
                 isStrictMode(), isPartialUpdate(), transactionId, this, getTimeZone(), getTimeout(),
                 getLoadParallelism(), getSendBatchParallelism(),
@@ -167,6 +167,7 @@ brokerFileGroups, getDeadlineMs(), getExecMemLimit(),
         try (AutoCloseConnectContext r = buildConnectContext()) {
             task.init(loadId, attachment.getFileStatusByTable(aggKey),
                     attachment.getFileNumByTable(aggKey), getUserInfo());
+            task.settWorkloadGroups(tWorkloadGroups);
         } catch (UserException e) {
             throw e;
         }

fe/fe-core/src/main/java/org/apache/doris/cloud/load/CloudLoadLoadingTask.java

@@ -18,6 +18,7 @@
 package org.apache.doris.cloud.load;
 
 import org.apache.doris.analysis.BrokerDesc;
+import org.apache.doris.analysis.UserIdentity;
 import org.apache.doris.catalog.Database;
 import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.OlapTable;
@@ -41,15 +42,15 @@ public class CloudLoadLoadingTask extends LoadLoadingTask {
 
     private String cloudClusterId;
 
-    public CloudLoadLoadingTask(Database db, OlapTable table,
+    public CloudLoadLoadingTask(UserIdentity userinfo, Database db, OlapTable table,
             BrokerDesc brokerDesc, List<BrokerFileGroup> fileGroups,
             long jobDeadlineMs, long execMemLimit, boolean strictMode, boolean isPartialUpdate,
             long txnId, LoadTaskCallback callback, String timezone,
             long timeoutS, int loadParallelism, int sendBatchParallelism,
             boolean loadZeroTolerance, Profile jobProfile, boolean singleTabletLoadPerSink,
             Priority priority, boolean enableMemTableOnSinkNode, int batchSize,
             String clusterId) {
-        super(db, table, brokerDesc, fileGroups, jobDeadlineMs, execMemLimit, strictMode, isPartialUpdate,
+        super(userinfo, db, table, brokerDesc, fileGroups, jobDeadlineMs, execMemLimit, strictMode, isPartialUpdate,
                 txnId, callback, timezone, timeoutS, loadParallelism, sendBatchParallelism, loadZeroTolerance,
                 jobProfile, singleTabletLoadPerSink, priority, enableMemTableOnSinkNode, batchSize);
         this.cloudClusterId = clusterId;
@@ -63,12 +64,17 @@ private AutoCloseConnectContext buildConnectContext() throws UserException {
             throw new UserException("cluster name is empty, cluster id is: " + this.cloudClusterId);
         }
 
+        // NOTE: set user info here for the following text auth check.
         if (ConnectContext.get() == null) {
             ConnectContext connectContext = new ConnectContext();
             connectContext.setCloudCluster(clusterName);
+            connectContext.setCurrentUserIdentity(this.userInfo);
+            connectContext.setQualifiedUser(this.userInfo.getQualifiedUser());
             return new AutoCloseConnectContext(connectContext);
         } else {
             ConnectContext.get().setCloudCluster(clusterName);
+            ConnectContext.get().setCurrentUserIdentity(this.userInfo);
+            ConnectContext.get().setQualifiedUser(this.userInfo.getQualifiedUser());
             return null;
         }
     }

fe/fe-core/src/main/java/org/apache/doris/cloud/system/CloudSystemInfoService.java

@@ -539,7 +539,7 @@ public ImmutableMap<Long, Backend> getBackendsByCurrentCluster() throws Analysis
 
         Map<Long, Backend> idToBackend = Maps.newHashMap();
         try {
-            String cluster = ctx.getCurrentCloudCluster();
+            String cluster = ctx.getCloudCluster();
             if (Strings.isNullOrEmpty(cluster)) {
                 throw new AnalysisException("cluster name is empty");
             }

fe/fe-core/src/main/java/org/apache/doris/datasource/FederationBackendPolicy.java

@@ -179,8 +179,12 @@ public void init(BeSelectionPolicy policy) throws UserException {
 
         backends.addAll(policy.getCandidateBackends(computeGroup.getBackendList()));
         if (backends.isEmpty()) {
-            throw new UserException("No available backends, "
-                    + "in cloud maybe this cluster has been dropped, please `use @otherClusterName` switch it");
+            if (Config.isCloudMode()) {
+                throw new UserException("No available backends, "
+                        + "in cloud maybe this cluster has been dropped, please `use @otherClusterName` switch it");
+            } else {
+                throw new UserException("No available backends for compute group: " + computeGroup.toString());
+            }
         }
         for (Backend backend : backends) {
             assignedWeightPerBackend.put(backend, 0L);

fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java

@@ -435,7 +435,9 @@ private TNetworkAddress selectLocalRedirectBackend(boolean groupCommit, HttpServ
         int number = groupCommit ? -1 : 1;
         backendIds = Env.getCurrentSystemInfo().selectBackendIdsByPolicy(policy, number, computeGroup.getBackendList());
         if (backendIds.isEmpty()) {
-            throw new LoadException(SystemInfoService.NO_BACKEND_LOAD_AVAILABLE_MSG + ", policy: " + policy);
+            throw new LoadException(
+                    SystemInfoService.NO_BACKEND_LOAD_AVAILABLE_MSG + ", policy: " + policy + ", compute group is "
+                            + computeGroup.toString());
         }
         if (groupCommit) {
             backend = selectBackendForGroupCommit("", request, tableId);

fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/TableQueryPlanAction.java

@@ -141,7 +141,7 @@ public Object query_plan(
                     ConnectContext.get().getSessionVariable().setEnableTwoPhaseReadOpt(false);
                 }
                 if (Config.isCloudMode()) { // Choose a cluster to for this query
-                    ConnectContext.get().getCurrentCloudCluster();
+                    ConnectContext.get().getCloudCluster();
                 }
                 // parse/analysis/plan the sql and acquire tablet distributions
                 handleQuery(ConnectContext.get(), fullDbName, tblName, sql, resultMap);

fe/fe-core/src/main/java/org/apache/doris/load/loadv2/BrokerLoadJob.java

@@ -258,7 +258,7 @@ public void setComputeGroup() {
     protected LoadLoadingTask createTask(Database db, OlapTable table, List<BrokerFileGroup> brokerFileGroups,
             boolean isEnableMemtableOnSinkNode, int batchSize, FileGroupAggKey aggKey,
             BrokerPendingTaskAttachment attachment) throws UserException {
-        LoadLoadingTask task = new LoadLoadingTask(db, table, brokerDesc,
+        LoadLoadingTask task = new LoadLoadingTask(this.userInfo, db, table, brokerDesc,
                 brokerFileGroups, getDeadlineMs(), getExecMemLimit(),
                 isStrictMode(), isPartialUpdate(), transactionId, this, getTimeZone(), getTimeout(),
                 getLoadParallelism(), getSendBatchParallelism(),