manager/general/src/main/java/org/apache/doris/stack/component/ClusterUserComponent.java - doris-manager - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 package org.apache.doris.stack.component;

 import org.apache.doris.stack.dao.ClusterUserMembershipRepository;
 import org.apache.doris.stack.entity.ClusterUserMembershipEntity;
 import org.apache.doris.stack.exception.UserNoSelectClusterException;
 import org.apache.doris.stack.model.request.user.UserGroupRole;
 import org.apache.doris.stack.dao.ClusterInfoRepository;
 import org.apache.doris.stack.dao.CoreUserRepository;
 import org.apache.doris.stack.dao.PermissionsGroupMembershipRepository;
 import org.apache.doris.stack.dao.PermissionsGroupRoleRepository;
 import org.apache.doris.stack.entity.ClusterInfoEntity;
 import org.apache.doris.stack.entity.CoreUserEntity;
 import org.apache.doris.stack.entity.PermissionsGroupMembershipEntity;
 import org.apache.doris.stack.entity.PermissionsGroupRoleEntity;
 import org.apache.doris.stack.exception.NoPermissionException;
 import org.apache.doris.stack.model.response.user.GroupMember;
 import org.apache.doris.stack.service.BaseService;
 import lombok.extern.slf4j.Slf4j;

 import org.apache.doris.stack.util.CredsUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;

 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;

 /**
  * @Description：The engine cluster management tool class is mainly responsible for
  * verifying whether the user has the permission of cluster space
  */
 @Component
 @Slf4j
 public class ClusterUserComponent extends BaseService {

     @Autowired
     private ClusterInfoRepository clusterInfoRepository;

     @Autowired
     private PermissionsGroupRoleRepository groupRoleRepository;

     @Autowired
     private PermissionsGroupMembershipRepository membershipRepository;

     @Autowired
     private CoreUserRepository userRepository;

     @Autowired
     private ClusterUserMembershipRepository clusterUserMembershipRepository;

     /**
      * Obtain the user's current space information.
      * All API accesses in the space need to obtain the current space ID
      * @param user
      * @return
      * @throws Exception
      */
     public ClusterInfoEntity getUserCurrentCluster(CoreUserEntity user) throws Exception {
         long clusterId = user.getClusterId();
         if (clusterId < 1) {
             log.error("The user do not have current cluster");
             throw new UserNoSelectClusterException();
         }

         Optional<ClusterInfoEntity> clusterInfoEntityOp = clusterInfoRepository.findById((long) clusterId);
         if (clusterInfoEntityOp.equals(Optional.empty())) {
             log.error("The user current cluster {} has been deleted", clusterId);
             throw new UserNoSelectClusterException();
         }
         ClusterInfoEntity clusterInfoEntity = clusterInfoEntityOp.get();
         try {
             clusterInfoEntity.setPasswd(CredsUtil.aesDecrypt(clusterInfoEntity.getPasswd()));
         } catch (Exception e) {
             log.warn("execute more than once select in one thread, the password was cached. msg {}", e.getMessage());
         }

         return clusterInfoEntity;
     }

     // add a user for all space which doesn't have default user
 //    public void addDefaultUserForSpace() throws Exception {
 //        log.debug("add default user");
 //        List<ClusterInfoEntity> clusterInfoEntities = clusterInfoRepository.findAll();
 //        for (ClusterInfoEntity clusterInfo : clusterInfoEntities) {
 //            int adminGroupUserId = clusterInfo.getAdminGroupId();
 //            int allUserGroupId = clusterInfo.getAllUserGroupId();
 //            long clusterId = clusterInfo.getId();
 //            if (membershipRepository.getByUserId(-1L * clusterId).size() < 2) {
 //
 //                addDefaultUserForSpace(clusterId, adminGroupUserId, allUserGroupId);
 //            }
 //        }
 //    }

 //    public void addDefaultUserForSpace(long clusterId, int adminGroupUserId, int allUserGroupId) throws Exception {
 //        log.debug("add default user for space");
 //        // add into admin group
 //        PermissionsGroupMembershipEntity adminMembershipEntity = new PermissionsGroupMembershipEntity();
 //        adminMembershipEntity.setUserId(-clusterId);
 //        adminMembershipEntity.setGroupId(adminGroupUserId);
 //        membershipRepository.save(adminMembershipEntity);
 //        // add into all user group
 //        PermissionsGroupMembershipEntity allUserMembershipEntity = new PermissionsGroupMembershipEntity();
 //        allUserMembershipEntity.setUserId(-clusterId);
 //        allUserMembershipEntity.setGroupId(allUserGroupId);
 //        membershipRepository.save(allUserMembershipEntity);
 //    }

     /**
      * Judge whether the user is in the space
      * @param userId
      * @return
      * @throws Exception
      */
     public boolean checkUserBelongToCluster(int userId, long clusterId) throws Exception {
         // built in user
         if (userId == BuiltInUserComponent.BUILT_USER_ID) {
             return true;
         }
         List<ClusterUserMembershipEntity> clusterUserMembershipEntities =
                 clusterUserMembershipRepository.getByUserIdAndClusterId(userId, clusterId);
         if (clusterUserMembershipEntities.isEmpty()) {
             log.error("The user {} is not a space {} user.", userId, clusterId);
             throw new NoPermissionException();
         }
         return true;
     }

     /**
      * Judge whether the user is in the space
      * @param userId
      * @return
      * @throws Exception
      */
     public boolean userBelongToCluster(int userId, long clusterId) {
         List<ClusterUserMembershipEntity> clusterUserMembershipEntities =
                 clusterUserMembershipRepository.getByUserIdAndClusterId(userId, clusterId);
         if (clusterUserMembershipEntities.isEmpty()) {
             return false;
         } else {
             return true;
         }
     }

     /**
      * Determine whether the user is the administrator role of a space
      * @param userId
      * @param clusterInfo
      * @return
      */
     public boolean userIsClusterAdminRole(int userId, ClusterInfoEntity clusterInfo) {
         int adminGroupRoleId = clusterInfo.getAdminGroupId();
         List<PermissionsGroupMembershipEntity> membershipEntities =
                 membershipRepository.getByUserIdAndGroupId(userId, adminGroupRoleId);
         if (membershipEntities == null || membershipEntities.isEmpty()) {
             return false;
         }
         return true;
     }

     /**
      * Add a normal user to the space
      * @param userId
      * @param clusterInfo
      */
     public void addUserToCluster(int userId, ClusterInfoEntity clusterInfo) {
         ClusterUserMembershipEntity membershipEntity =
                 new ClusterUserMembershipEntity(userId, clusterInfo.getId());
         clusterUserMembershipRepository.save(membershipEntity);

         addGroupUserMembership(userId, clusterInfo.getAllUserGroupId());
     }

     /**
      * Add an administrator user to the space
      * @param userId
      * @param clusterInfo
      */
     public void addAdminUserToCluster(int userId, ClusterInfoEntity clusterInfo) {
         addUserToCluster(userId, clusterInfo);
         addGroupUserMembership(userId, clusterInfo.getAdminGroupId());
     }

     /**
      * Check whether the user is the administrator role user of the space
      * Available to space level APIs
      * @param user
      * @return
      * @throws Exception
      */
     public long getUserCurrentClusterIdAndCheckAdmin(CoreUserEntity user) throws Exception {
         ClusterInfoEntity cluster = getUserCurrentCluster(user);
         long clusterId = cluster.getId();
         if (!user.isSuperuser() && !user.getIsClusterAdmin()) {
             log.error("The user {} not cluster {} space admin", user.getId(), clusterId);
             throw new NoPermissionException();
         }
         return clusterId;
     }

     /**
      * Check whether the user is the administrator role user of the space
      * Available to space level APIs
      * @param user
      * @return
      * @throws Exception
      */
     public ClusterInfoEntity getUserCurrentClusterAndCheckAdmin(CoreUserEntity user) throws Exception {
         ClusterInfoEntity cluster = getUserCurrentCluster(user);
         if (!user.isSuperuser() && !user.getIsClusterAdmin()) {
             log.error("The user {} not cluster {} space admin", user.getId(), cluster.getId());
             throw new NoPermissionException();
         }
         return cluster;
     }

     /**
      * Check whether the user has the operation permission of the administrator role of the space
      * Space level API usage
      * @param user
      * @param clusterId
      * @return
      * @throws Exception
      */
     public ClusterInfoEntity checkUserClusterAdminPermission(CoreUserEntity user, long clusterId) throws Exception {
         // The super admin user has all space administrator permissions by default and can operate directly
         if (user.isSuperuser()) {
             return clusterInfoRepository.findById((long) clusterId).get();
         } else {
             int userId = user.getId();
             ClusterInfoEntity clusterInfoEntity = clusterInfoRepository.findById((long) clusterId).get();

             boolean isAdmin = userIsClusterAdminRole(userId, clusterInfoEntity);

             if (!isAdmin) {
                 log.error("The user {} is not a space {} user.", userId, clusterId);
                 throw new NoPermissionException();
             }
             return clusterInfoEntity;
         }
     }

     /**
      * Check whether the user has the operation permission of the administrator role of the space
      * APIs that can be accessed at both platform and space levels are used
      * @param user
      * @param clusterId
      * @return
      * @throws Exception
      */
     public void checkUserSpuerAdminOrClusterAdmin(CoreUserEntity user, long clusterId) throws Exception {
         // The super admin user has all space administrator permissions by default and can operate directly
         if (user.isSuperuser()) {
             return;
         } else {
             int userId = user.getId();
             ClusterInfoEntity clusterInfoEntity = clusterInfoRepository.findById((long) clusterId).get();

             boolean isAdmin = userIsClusterAdminRole(userId, clusterInfoEntity);

             if (!isAdmin) {
                 log.error("The user {} is not a space {} user.", userId, clusterId);
                 throw new NoPermissionException();
             }
             return;
         }
     }

     /**
      * Initialize the correspondence between permission groups and users
      *
      * @param userId
      * @param groupId
      * @return
      */
     public int addGroupUserMembership(int userId, int groupId) {
         PermissionsGroupMembershipEntity amdinMembershipEntity =
                 new PermissionsGroupMembershipEntity(userId, groupId);
         return membershipRepository.save(amdinMembershipEntity).getId();
     }

     /**
      * Create a user group and return the user group ID
      *
      * @return
      */
     public int addPermissionsGroup(String name, long clusterId, UserGroupRole role) {
         // Create a user group and bind the relationship with the Doris cluster and user information.
         PermissionsGroupRoleEntity groupRoleEntity =
                 new PermissionsGroupRoleEntity(name, role.name(), clusterId);
         int groupId = groupRoleRepository.save(groupRoleEntity).getGroupId();
         log.debug("create group {}.", groupId);

         return groupId;
     }

     /**
      * Create a user group and return the user group ID
      *
      * @return
      */
     public int addPermissionsGroup(String name, long clusterId, UserGroupRole role, String dorisUserName,
                                    String passwd) {
         // Create a user group and bind the relationship with the Doris cluster and user information.
         PermissionsGroupRoleEntity groupRoleEntity =
                 new PermissionsGroupRoleEntity(name, role.name(), clusterId, dorisUserName, passwd);
         int groupId = groupRoleRepository.save(groupRoleEntity).getGroupId();
         log.debug("create group {}.", groupId);

         return groupId;
     }

     /**
      * Save user group password information
      * @Param
      * @return
      */
     public PermissionsGroupRoleEntity addPermissionsGroupWithPaloUser(String name, long clusterId,
                                                                       UserGroupRole role, String password,
                                                                       String userName) throws Exception {
         // Create a user group and bind the relationship with the Doris cluster and user information.
         password = CredsUtil.aesEncrypt(password);
         PermissionsGroupRoleEntity groupRoleEntity =
                 new PermissionsGroupRoleEntity(name, role.name(), clusterId, userName, password);
         int groupId = groupRoleRepository.save(groupRoleEntity).getGroupId();
         log.debug("create group {}.", groupId);

         return groupRoleEntity;
     }

     /**
      * Get all members of a permission group
      *
      * @param groupId
      * @return
      */
     public List<GroupMember> getGroupMembers(int groupId) {
         log.debug("get group {} all members.", groupId);
         List<Integer> stopLdapUsers = userRepository.getByEmptyEntryUUID();
         List<PermissionsGroupMembershipEntity> users = membershipRepository.getByGroupId(groupId);

         List<GroupMember> members = new ArrayList<>();
         for (PermissionsGroupMembershipEntity membershipEntity : users) {
             // get user
             if (membershipEntity.getUserId() < 0 || stopLdapUsers.contains(membershipEntity.getUserId())) {
                 continue;
             }
             CoreUserEntity userEntity = userRepository.findById(membershipEntity.getUserId()).get();

             // construct Member
             GroupMember member = new GroupMember();
             member.setMembershipId(membershipEntity.getId());
             member.setUserId(membershipEntity.getUserId());
             member.setName(userEntity.getFirstName());
             member.setEmail(userEntity.getEmail());

             // add list
             members.add(member);
         }
         return members;
     }

     // Encrypt the cluster unencrypted password
     public void encryptClusterPassword() throws Exception {
         log.debug("encrypt password for cluster");
         List<ClusterInfoEntity> clusterInfoEntities = clusterInfoRepository.findAll();
         log.debug("encrypt password for cluster, size is {}", clusterInfoEntities.size());
         for (ClusterInfoEntity clusterInfo : clusterInfoEntities) {
             if (clusterInfo.getPasswd() == null) {
                 log.debug("cluster password is null");
                 continue;
             }
             if (!clusterInfo.getPasswd().trim().equals("")) {
                 try {
                     CredsUtil.aesDecrypt(clusterInfo.getPasswd());
                     log.debug("password has been encrypted");
                     continue;
                 } catch (Exception e) {
                     log.debug("password has not been encrypted");
                 }
             }
             // Empty string is still empty after encryption
             clusterInfo.setPasswd(CredsUtil.aesEncrypt(clusterInfo.getPasswd()));
             clusterInfoRepository.save(clusterInfo);
         }
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	package org.apache.doris.stack.component;

	import org.apache.doris.stack.dao.ClusterUserMembershipRepository;
	import org.apache.doris.stack.entity.ClusterUserMembershipEntity;
	import org.apache.doris.stack.exception.UserNoSelectClusterException;
	import org.apache.doris.stack.model.request.user.UserGroupRole;
	import org.apache.doris.stack.dao.ClusterInfoRepository;
	import org.apache.doris.stack.dao.CoreUserRepository;
	import org.apache.doris.stack.dao.PermissionsGroupMembershipRepository;
	import org.apache.doris.stack.dao.PermissionsGroupRoleRepository;
	import org.apache.doris.stack.entity.ClusterInfoEntity;
	import org.apache.doris.stack.entity.CoreUserEntity;
	import org.apache.doris.stack.entity.PermissionsGroupMembershipEntity;
	import org.apache.doris.stack.entity.PermissionsGroupRoleEntity;
	import org.apache.doris.stack.exception.NoPermissionException;
	import org.apache.doris.stack.model.response.user.GroupMember;
	import org.apache.doris.stack.service.BaseService;
	import lombok.extern.slf4j.Slf4j;

	import org.apache.doris.stack.util.CredsUtil;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.stereotype.Component;

	import java.util.ArrayList;
	import java.util.List;
	import java.util.Optional;

	/**
	* @Description：The engine cluster management tool class is mainly responsible for
	* verifying whether the user has the permission of cluster space
	*/
	@Component
	@Slf4j
	public class ClusterUserComponent extends BaseService {

	@Autowired
	private ClusterInfoRepository clusterInfoRepository;

	@Autowired
	private PermissionsGroupRoleRepository groupRoleRepository;

	@Autowired
	private PermissionsGroupMembershipRepository membershipRepository;

	@Autowired
	private CoreUserRepository userRepository;

	@Autowired
	private ClusterUserMembershipRepository clusterUserMembershipRepository;

	/**
	* Obtain the user's current space information.
	* All API accesses in the space need to obtain the current space ID
	* @param user
	* @return
	* @throws Exception
	*/
	public ClusterInfoEntity getUserCurrentCluster(CoreUserEntity user) throws Exception {
	long clusterId = user.getClusterId();
	if (clusterId < 1) {
	log.error("The user do not have current cluster");
	throw new UserNoSelectClusterException();
	}

	Optional<ClusterInfoEntity> clusterInfoEntityOp = clusterInfoRepository.findById((long) clusterId);
	if (clusterInfoEntityOp.equals(Optional.empty())) {
	log.error("The user current cluster {} has been deleted", clusterId);
	throw new UserNoSelectClusterException();
	}
	ClusterInfoEntity clusterInfoEntity = clusterInfoEntityOp.get();
	try {
	clusterInfoEntity.setPasswd(CredsUtil.aesDecrypt(clusterInfoEntity.getPasswd()));
	} catch (Exception e) {
	log.warn("execute more than once select in one thread, the password was cached. msg {}", e.getMessage());
	}

	return clusterInfoEntity;
	}

	// add a user for all space which doesn't have default user
	// public void addDefaultUserForSpace() throws Exception {
	// log.debug("add default user");
	// List<ClusterInfoEntity> clusterInfoEntities = clusterInfoRepository.findAll();
	// for (ClusterInfoEntity clusterInfo : clusterInfoEntities) {
	// int adminGroupUserId = clusterInfo.getAdminGroupId();
	// int allUserGroupId = clusterInfo.getAllUserGroupId();
	// long clusterId = clusterInfo.getId();
	// if (membershipRepository.getByUserId(-1L * clusterId).size() < 2) {
	//
	// addDefaultUserForSpace(clusterId, adminGroupUserId, allUserGroupId);
	// }
	// }
	// }

	// public void addDefaultUserForSpace(long clusterId, int adminGroupUserId, int allUserGroupId) throws Exception {
	// log.debug("add default user for space");
	// // add into admin group
	// PermissionsGroupMembershipEntity adminMembershipEntity = new PermissionsGroupMembershipEntity();
	// adminMembershipEntity.setUserId(-clusterId);
	// adminMembershipEntity.setGroupId(adminGroupUserId);
	// membershipRepository.save(adminMembershipEntity);
	// // add into all user group
	// PermissionsGroupMembershipEntity allUserMembershipEntity = new PermissionsGroupMembershipEntity();
	// allUserMembershipEntity.setUserId(-clusterId);
	// allUserMembershipEntity.setGroupId(allUserGroupId);
	// membershipRepository.save(allUserMembershipEntity);
	// }

	/**
	* Judge whether the user is in the space
	* @param userId
	* @return
	* @throws Exception
	*/
	public boolean checkUserBelongToCluster(int userId, long clusterId) throws Exception {
	// built in user
	if (userId == BuiltInUserComponent.BUILT_USER_ID) {
	return true;
	}
	List<ClusterUserMembershipEntity> clusterUserMembershipEntities =
	clusterUserMembershipRepository.getByUserIdAndClusterId(userId, clusterId);
	if (clusterUserMembershipEntities.isEmpty()) {
	log.error("The user {} is not a space {} user.", userId, clusterId);
	throw new NoPermissionException();
	}
	return true;
	}

	/**
	* Judge whether the user is in the space
	* @param userId
	* @return
	* @throws Exception
	*/
	public boolean userBelongToCluster(int userId, long clusterId) {
	List<ClusterUserMembershipEntity> clusterUserMembershipEntities =
	clusterUserMembershipRepository.getByUserIdAndClusterId(userId, clusterId);
	if (clusterUserMembershipEntities.isEmpty()) {
	return false;
	} else {
	return true;
	}
	}

	/**
	* Determine whether the user is the administrator role of a space
	* @param userId
	* @param clusterInfo
	* @return
	*/
	public boolean userIsClusterAdminRole(int userId, ClusterInfoEntity clusterInfo) {
	int adminGroupRoleId = clusterInfo.getAdminGroupId();
	List<PermissionsGroupMembershipEntity> membershipEntities =
	membershipRepository.getByUserIdAndGroupId(userId, adminGroupRoleId);
	if (membershipEntities == null \|\| membershipEntities.isEmpty()) {
	return false;
	}
	return true;
	}

	/**
	* Add a normal user to the space
	* @param userId
	* @param clusterInfo
	*/
	public void addUserToCluster(int userId, ClusterInfoEntity clusterInfo) {
	ClusterUserMembershipEntity membershipEntity =
	new ClusterUserMembershipEntity(userId, clusterInfo.getId());
	clusterUserMembershipRepository.save(membershipEntity);

	addGroupUserMembership(userId, clusterInfo.getAllUserGroupId());
	}

	/**
	* Add an administrator user to the space
	* @param userId
	* @param clusterInfo
	*/
	public void addAdminUserToCluster(int userId, ClusterInfoEntity clusterInfo) {
	addUserToCluster(userId, clusterInfo);
	addGroupUserMembership(userId, clusterInfo.getAdminGroupId());
	}

	/**
	* Check whether the user is the administrator role user of the space
	* Available to space level APIs
	* @param user
	* @return
	* @throws Exception
	*/
	public long getUserCurrentClusterIdAndCheckAdmin(CoreUserEntity user) throws Exception {
	ClusterInfoEntity cluster = getUserCurrentCluster(user);
	long clusterId = cluster.getId();
	if (!user.isSuperuser() && !user.getIsClusterAdmin()) {
	log.error("The user {} not cluster {} space admin", user.getId(), clusterId);
	throw new NoPermissionException();
	}
	return clusterId;
	}

	/**
	* Check whether the user is the administrator role user of the space
	* Available to space level APIs
	* @param user
	* @return
	* @throws Exception
	*/
	public ClusterInfoEntity getUserCurrentClusterAndCheckAdmin(CoreUserEntity user) throws Exception {
	ClusterInfoEntity cluster = getUserCurrentCluster(user);
	if (!user.isSuperuser() && !user.getIsClusterAdmin()) {
	log.error("The user {} not cluster {} space admin", user.getId(), cluster.getId());
	throw new NoPermissionException();
	}
	return cluster;
	}

	/**
	* Check whether the user has the operation permission of the administrator role of the space
	* Space level API usage
	* @param user
	* @param clusterId
	* @return
	* @throws Exception
	*/
	public ClusterInfoEntity checkUserClusterAdminPermission(CoreUserEntity user, long clusterId) throws Exception {
	// The super admin user has all space administrator permissions by default and can operate directly
	if (user.isSuperuser()) {
	return clusterInfoRepository.findById((long) clusterId).get();
	} else {
	int userId = user.getId();
	ClusterInfoEntity clusterInfoEntity = clusterInfoRepository.findById((long) clusterId).get();

	boolean isAdmin = userIsClusterAdminRole(userId, clusterInfoEntity);

	if (!isAdmin) {
	log.error("The user {} is not a space {} user.", userId, clusterId);
	throw new NoPermissionException();
	}
	return clusterInfoEntity;
	}
	}

	/**
	* Check whether the user has the operation permission of the administrator role of the space
	* APIs that can be accessed at both platform and space levels are used
	* @param user
	* @param clusterId
	* @return
	* @throws Exception
	*/
	public void checkUserSpuerAdminOrClusterAdmin(CoreUserEntity user, long clusterId) throws Exception {
	// The super admin user has all space administrator permissions by default and can operate directly
	if (user.isSuperuser()) {
	return;
	} else {
	int userId = user.getId();
	ClusterInfoEntity clusterInfoEntity = clusterInfoRepository.findById((long) clusterId).get();

	boolean isAdmin = userIsClusterAdminRole(userId, clusterInfoEntity);

	if (!isAdmin) {
	log.error("The user {} is not a space {} user.", userId, clusterId);
	throw new NoPermissionException();
	}
	return;
	}
	}

	/**
	* Initialize the correspondence between permission groups and users
	*
	* @param userId
	* @param groupId
	* @return
	*/
	public int addGroupUserMembership(int userId, int groupId) {
	PermissionsGroupMembershipEntity amdinMembershipEntity =
	new PermissionsGroupMembershipEntity(userId, groupId);
	return membershipRepository.save(amdinMembershipEntity).getId();
	}

	/**
	* Create a user group and return the user group ID
	*
	* @return
	*/
	public int addPermissionsGroup(String name, long clusterId, UserGroupRole role) {
	// Create a user group and bind the relationship with the Doris cluster and user information.
	PermissionsGroupRoleEntity groupRoleEntity =
	new PermissionsGroupRoleEntity(name, role.name(), clusterId);
	int groupId = groupRoleRepository.save(groupRoleEntity).getGroupId();
	log.debug("create group {}.", groupId);

	return groupId;
	}

	/**
	* Create a user group and return the user group ID
	*
	* @return
	*/
	public int addPermissionsGroup(String name, long clusterId, UserGroupRole role, String dorisUserName,
	String passwd) {
	// Create a user group and bind the relationship with the Doris cluster and user information.
	PermissionsGroupRoleEntity groupRoleEntity =
	new PermissionsGroupRoleEntity(name, role.name(), clusterId, dorisUserName, passwd);
	int groupId = groupRoleRepository.save(groupRoleEntity).getGroupId();
	log.debug("create group {}.", groupId);

	return groupId;
	}

	/**
	* Save user group password information
	* @Param
	* @return
	*/
	public PermissionsGroupRoleEntity addPermissionsGroupWithPaloUser(String name, long clusterId,
	UserGroupRole role, String password,
	String userName) throws Exception {
	// Create a user group and bind the relationship with the Doris cluster and user information.
	password = CredsUtil.aesEncrypt(password);
	PermissionsGroupRoleEntity groupRoleEntity =
	new PermissionsGroupRoleEntity(name, role.name(), clusterId, userName, password);
	int groupId = groupRoleRepository.save(groupRoleEntity).getGroupId();
	log.debug("create group {}.", groupId);

	return groupRoleEntity;
	}

	/**
	* Get all members of a permission group
	*
	* @param groupId
	* @return
	*/
	public List<GroupMember> getGroupMembers(int groupId) {
	log.debug("get group {} all members.", groupId);
	List<Integer> stopLdapUsers = userRepository.getByEmptyEntryUUID();
	List<PermissionsGroupMembershipEntity> users = membershipRepository.getByGroupId(groupId);

	List<GroupMember> members = new ArrayList<>();
	for (PermissionsGroupMembershipEntity membershipEntity : users) {
	// get user
	if (membershipEntity.getUserId() < 0 \|\| stopLdapUsers.contains(membershipEntity.getUserId())) {
	continue;
	}
	CoreUserEntity userEntity = userRepository.findById(membershipEntity.getUserId()).get();

	// construct Member
	GroupMember member = new GroupMember();
	member.setMembershipId(membershipEntity.getId());
	member.setUserId(membershipEntity.getUserId());
	member.setName(userEntity.getFirstName());
	member.setEmail(userEntity.getEmail());

	// add list
	members.add(member);
	}
	return members;
	}

	// Encrypt the cluster unencrypted password
	public void encryptClusterPassword() throws Exception {
	log.debug("encrypt password for cluster");
	List<ClusterInfoEntity> clusterInfoEntities = clusterInfoRepository.findAll();
	log.debug("encrypt password for cluster, size is {}", clusterInfoEntities.size());
	for (ClusterInfoEntity clusterInfo : clusterInfoEntities) {
	if (clusterInfo.getPasswd() == null) {
	log.debug("cluster password is null");
	continue;
	}
	if (!clusterInfo.getPasswd().trim().equals("")) {
	try {
	CredsUtil.aesDecrypt(clusterInfo.getPasswd());
	log.debug("password has been encrypted");
	continue;
	} catch (Exception e) {
	log.debug("password has not been encrypted");
	}
	}
	// Empty string is still empty after encryption
	clusterInfo.setPasswd(CredsUtil.aesEncrypt(clusterInfo.getPasswd()));
	clusterInfoRepository.save(clusterInfo);
	}
	}
	}