Permission for Relation model. #13158
Conversation
| plan = new AuthorPlan(configPhysicalPlanType); | ||
| plan = new AuthorTreePlan(configPhysicalPlanType); | ||
| break; | ||
| case RCreateRole: |
There was a problem hiding this comment.
Better keep the order consistent to the definitions.
| final boolean grantOpt, | ||
| final int permission, | ||
| final String password) { | ||
| super(authorType); |
There was a problem hiding this comment.
May directly call the super() with more parameters.
| @@ -576,7 +577,7 @@ public void AuthorPlanTest() throws IOException, IllegalPathException { | |||
|
|
|||
| // create user | |||
| req0 = | |||
| new AuthorPlan( | |||
| new AuthorTreePlan( | |||
There was a problem hiding this comment.
Remember to add the ser/de tests for new plans.
There was a problem hiding this comment.
Their ser/de functions were tested at authOperationProcedureTest, which ser/de itself and its owned author plan.
| case REVOKE_USER_ROLE: | ||
| return QueryType.WRITE; | ||
| case LIST_ROLE: | ||
| case LIST_USER: |
There was a problem hiding this comment.
Has the "List privilege" been designed, or are they shown in the "list role/user"?
There was a problem hiding this comment.
This file is outdate, see RelationalAuthorStatement.java
| + tableName | ||
| + "user name:" | ||
| + userName | ||
| + "role name" |
There was a problem hiding this comment.
The format can be more normalized..
There was a problem hiding this comment.
This file is not exist in this pr, see RelationalAuthorStatement.java.
| } | ||
| return text; | ||
| } | ||
| @Override |
There was a problem hiding this comment.
Bettter add a blank line, and why do we use "''" in the password?
| if (ctx.grant_privilege_object().ON() != null) { | ||
| String privilegeText = ctx.grant_privilege_object().object_privilege().getText(); | ||
| PrivilegeType priv = PrivilegeType.valueOf(privilegeText.toUpperCase()); | ||
| if (ctx.grant_privilege_object().object_type().getText().equalsIgnoreCase("TABLE")) { |
There was a problem hiding this comment.
Are the "db.table" and "ANY" taken into account here?
|
|
||
| TSStatus checkUserSysPrivileges(String username, int permisssion); | ||
| TSStatus checkUserSysPrivileges(String username, PrivilegeType permisssion); |
There was a problem hiding this comment.
Better change it to "permission", not "permisssion"..
|
Be sure to check the license issues. |
| this.grantOption = false; | ||
| } | ||
|
|
||
| public PrivilegeModelType ModelType() { |
| 7: required bool grantOpt | ||
| } | ||
|
|
||
| struct TCheckUserRelationalPrivilegesReq { |
ColinLeeo
force-pushed
the
colin_table_auth
branch
from
a6077b0 to
5e99d00
Compare
ColinLeeo
force-pushed
the
colin_table_auth
branch
from
a5c57ee to
07fd8de
Compare
ColinLeeo
force-pushed
the
colin_table_auth
branch
from
d36e6a5 to
4496e1a
Compare
add author rpc.
ColinLeeo
force-pushed
the
colin_table_auth
branch
from
7f58b02 to
db6dd55
Compare
| ; | ||
|
|
||
| privilegeObjectScope | ||
| : systemPrivilege |
There was a problem hiding this comment.
This pr is to big.. I will create a new pr base this pr to support ALL.
| @@ -1191,6 +1301,7 @@ PASSING: 'PASSING'; | |||
| PAST: 'PAST'; | |||
| PATH: 'PATH'; | |||
| PATTERN: 'PATTERN'; | |||
| PASSWORD: 'PASSWORD'; | |||
There was a problem hiding this comment.
Be sure to check the dictionary order...
| return tableName; | ||
| } | ||
|
|
||
| public Set<Integer> getPermissions() { |
There was a problem hiding this comment.
It works when we support ALL privileges.
| ReadWriteIOUtils.write(getType().getPlanType(), stream); | ||
| BasicStructureSerDeUtil.write(userName, stream); | ||
| BasicStructureSerDeUtil.write(roleName, stream); | ||
| BasicStructureSerDeUtil.write(password, stream); |
There was a problem hiding this comment.
Do you need to write "newPassword"?
There was a problem hiding this comment.
Actually, newPassword is useless. In TreeAuthorPlan, It is used to store the user's new password, which can be replaced by a password field. So in RelationalAuthorPlan, the user's new password or his original password will all be stored in the password field.
| BasicStructureSerDeUtil.write(userName, stream); | ||
| BasicStructureSerDeUtil.write(roleName, stream); | ||
| BasicStructureSerDeUtil.write(password, stream); | ||
| if (databaseName == null) { |
There was a problem hiding this comment.
Can we write this string directly?
| plan.getRoleName(), | ||
| plan.getPassword(), | ||
| plan.getNewPassword(), | ||
| plan.getPermissions(), |
There was a problem hiding this comment.
Better change this to back to "permissions"... This has been trimmed by user's pattern....
| Assert.assertEquals(privs.get(0).getPrivileges().size(), 2); | ||
| Assert.assertFalse(privs.get(0).getPrivileges().contains(PrivilegeType.READ_DATA.ordinal())); | ||
| AuthUtils.removePrivilege(rootPath, PrivilegeType.READ_DATA, privs); | ||
| Assert.assertEquals(privs.get(0).getPrivilegeIntSet().size(), 2); |
There was a problem hiding this comment.
May put the "expected value" first...
| @@ -604,7 +605,7 @@ private ColumnHeaderConstant() { | |||
| public static final List<ColumnHeader> LIST_USER_PRIVILEGES_Column_HEADERS = | |||
There was a problem hiding this comment.
Use upper case here, and better name it as "USER_OR_ROLE_PRIVILEGES"
| LOGGER.warn("Cannot load admin, Creating a new one", e); | ||
| admin = null; | ||
| } | ||
| User admin = getEntry(CommonDescriptor.getInstance().getConfig().getAdminName()); |
There was a problem hiding this comment.
”Entry“ may be too unclear... Maybe "identity" is better?
| } | ||
|
|
||
| @Override | ||
| public boolean createUser( | ||
| public boolean createEntry( |
There was a problem hiding this comment.
Name it "createUser" if this is not overrided from its super class.
| lock.readUnlock(username); | ||
| return user; | ||
| public User getEntry(String username) { | ||
| return (User) super.getEntry(username); |
There was a problem hiding this comment.
Do we need to override it here?
| public boolean checkTBVisible(String database, String tbName) { | ||
| return !anyScopePrivilegeSet.isEmpty() | ||
| || (objectPrivilegeMap.containsKey(database) | ||
| && objectPrivilegeMap.get(database).getTablePrivilegeMap().containsKey(tbName)); |
There was a problem hiding this comment.
Seemingly this shall be "||" according to the definition? Though you may need to check if any DB privileges exist....
| @@ -387,6 +466,10 @@ private void checkCacheAvailable() { | |||
| cacheOutDate = false; | |||
| } | |||
|
|
|||
| public void setAcceptCache(boolean acceptCache) { | |||
| @@ -88,4 +94,184 @@ public void checkCanShowOrDescTable(String userName, QualifiedObjectName tableNa | |||
| public void checkUserHasMaintainPrivilege(String userName) { | |||
| authChecker.checkGlobalPrivilege(userName, TableModelPrivilege.MAINTAIN); | |||
| } | |||
|
|
|||
| @Override | |||
| public void checkUserCanRunAuthorStatement(String userName, RelationalAuthorStatement statement) { | |||
There was a problem hiding this comment.
Can we reuse the AuthorType and checking logic of the (tree) AuthorStatement? They look the same....
|
|
||
| protected Set<PrivilegeType> anyScopePrivileGrantOptSet; |
| return objectPrivilegeMap; | ||
| } | ||
|
|
||
| public DatabasePrivilege getObjectPrivilege(String objectName) { |
There was a problem hiding this comment.
This method is dangerous... Currently it's only used in "grant" thus it is OK. However, if someone wants to only get the database privilege from outside, there will be an empty database privilege, then the database may be able to be shown.
| role.revokeTBPrivilegeGrantOption(dbName, tbName, privilegeType); | ||
| return true; | ||
| } | ||
| if (role.hasPrivilegeToRevoke(dbName, tbName, privilegeType)) { |
| public boolean checkPathPrivilege(PartialPath path, int privilegeId) { | ||
| return AuthUtils.checkPathPrivilege(path, privilegeId, pathPrivilegeList); | ||
| public boolean checkTablePrivilegeGrantOption(String dbname, String table, PrivilegeType priv) { | ||
| if (checkAnyScopePrivilegeGrantOption(priv)) { |
There was a problem hiding this comment.
This may be called twice..
| @@ -193,33 +535,43 @@ public boolean equals(Object o) { | |||
| return Objects.equals(name, role.name) | |||
| && Objects.equals(pathPrivilegeList, role.pathPrivilegeList) | |||
| && Objects.equals(sysPrivilegeSet, role.sysPrivilegeSet) | |||
| && Objects.equals(sysPriGrantOpt, role.sysPriGrantOpt); | |||
| && Objects.equals(sysPriGrantOpt, role.sysPriGrantOpt) | |||
| && Objects.equals(objectPrivilegeMap, role.objectPrivilegeMap); | |||
| } | |||
|
|
|||
| @Override | |||
| public int hashCode() { | |||
| return Objects.hash(name, pathPrivilegeList, sysPrivilegeSet); | |||
| @@ -193,33 +535,43 @@ public boolean equals(Object o) { | |||
| return Objects.equals(name, role.name) | |||
| && Objects.equals(pathPrivilegeList, role.pathPrivilegeList) | |||
| && Objects.equals(sysPrivilegeSet, role.sysPrivilegeSet) | |||
| && Objects.equals(sysPriGrantOpt, role.sysPriGrantOpt); | |||
| && Objects.equals(sysPriGrantOpt, role.sysPriGrantOpt) | |||
| && Objects.equals(objectPrivilegeMap, role.objectPrivilegeMap); | |||
| return role; | ||
| } | ||
| int version = dataInputStream.readInt(); | ||
| assert version == VERSION; |
There was a problem hiding this comment.
Should guarantee the compatibility here...
| } | ||
|
|
||
| @Override | ||
| public int hashCode() { | ||
| return Objects.hash(name, pathPrivilegeList, sysPrivilegeSet); | ||
| } | ||
|
|
||
| private void serializePrivilegeSet(DataOutputStream outputStream, Set<PrivilegeType> set) |
There was a problem hiding this comment.
May be identical to SerializeUtils.serializePrivilegeTypeSet...
| for (PrivilegeType type : types) { | ||
| dataOutputStream.writeInt(type.ordinal()); | ||
| } | ||
| } catch (IOException e) { |
| @@ -246,6 +598,14 @@ public void deserialize(ByteBuffer buffer) { | |||
| pathPrivilege.deserialize(buffer); | |||
| pathPrivilegeList.add(pathPrivilege); | |||
| } | |||
|
|
|||
| void reset() throws AuthException; | ||
|
|
||
| /** | ||
| * List all roles in the database. |
| /** | ||
| * List all roles in the database. | ||
| * | ||
| * @return A list that contains names of all roles. |
| void grantPrivilegeToEntry(String entryName, PrivilegeUnion privilegeUnion) throws AuthException; | ||
|
|
||
| /** | ||
| * Revoke a privilege on seriesPath from a entry. |
| } | ||
|
|
||
| public TablePrivilege() { | ||
| // |
There was a problem hiding this comment.
Leaving "//" may not be a good idea...
| @@ -423,6 +465,7 @@ public TAuthizedPatternTreeResp generateAuthizedPTree(String username, int permi | |||
| throws AuthException { | |||
| TAuthizedPatternTreeResp resp = new TAuthizedPatternTreeResp(); | |||
There was a problem hiding this comment.
Better rename this to "Authorized"
| @@ -1169,6 +1170,67 @@ protected Void visitShowTopics(ShowTopics node, Integer context) { | |||
| return null; | |||
| } | |||
|
|
|||
| @Override | |||
| protected Void visitRelationalAuthorPlan(RelationalAuthorStatement node, Integer context) { | |||
There was a problem hiding this comment.
Well, personally I think all other sqls just write the full SQL...
|
|
||
| assertEquals( | ||
| authorInfo.checkRoleOfUser("user", "role").getStatus().getCode(), | ||
| TSStatusCode.SUCCESS_STATUS.getStatusCode()); |
There was a problem hiding this comment.
Better place the expected value at first.
| // to check relational privilege, database or table is required | ||
| // to check system privilege, just spec permission | ||
|
|
||
| // if grant opt is ture, check grant option of spec permission. |
| } | ||
|
|
||
| public DatabasePrivilege() { | ||
| // |
| } | ||
|
|
||
| DatabasePrivilege that = (DatabasePrivilege) o; | ||
| return databaseName.equals(that.databaseName) |
There was a problem hiding this comment.
Using "Objects.equals()" may be safer because the "databaseName" is nullable(though now nullable privilege won't call "equals()")
| tableName.getDatabaseName(), | ||
| tableName.getObjectName()); | ||
| if (result.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) { | ||
| throw new RuntimeException(new IoTDBException(result.getMessage(), result.getCode())); |
There was a problem hiding this comment.
Use "AccessControlException" instead?
| return; | ||
| } | ||
| TSStatus result = | ||
| AuthorityChecker.getTSStatus( |
| @Override | ||
| public void checkTablePrivilegeGrantOption( | ||
| String userName, QualifiedObjectName tableName, TableModelPrivilege privilege) { | ||
| TSStatus result = |
There was a problem hiding this comment.
Why there are no "AuthorityChecker.SUPER_USER.equals(userName)" here...
| @Override | ||
| public void checkDatabasePrivilegeGrantOption( | ||
| String userName, String databaseName, TableModelPrivilege privilege) { | ||
| TSStatus result = |
There was a problem hiding this comment.
Why there are no "AuthorityChecker.SUPER_USER.equals(userName)" here...
| @Override | ||
| public Node visitAlterUserStatement(RelationalSqlParser.AlterUserStatementContext ctx) { | ||
| RelationalAuthorStatement stmt = new RelationalAuthorStatement(AuthorRType.UPDATE_USER); | ||
| stmt.setRoleName(ctx.userName.getText()); |
| if (toTable) { | ||
| databaseName = clientSession.getDatabaseName(); | ||
| if (databaseName == null) { | ||
| throw new SemanticException("Database is set yet."); |
| if (fromTable) { | ||
| databaseName = clientSession.getDatabaseName(); | ||
| if (databaseName == null) { | ||
| throw new SemanticException("Database is set yet."); |
| private Set<PrivilegeType> privileges; | ||
| private Set<PrivilegeType> grantOpts; | ||
|
|
||
| private final int PRI_SIZE = PrivilegeType.getPrivilegeCount(PrivilegeModelType.TREE); |
| for (Integer privilegeId : privileges) { | ||
| builder.append(" ").append(PrivilegeType.values()[privilegeId]); | ||
| if (grantOpts.contains(privilegeId)) { | ||
| List<PrivilegeType> sortedPrivileges = new ArrayList<>(privileges); |
There was a problem hiding this comment.
Better change line 185 BTW
| dbPrivilege2.revokeTablePrivilege("test", PrivilegeType.SELECT); | ||
| dbPrivilege2.revokeTableGrantOption("test", PrivilegeType.SELECT); | ||
| dbPrivilege2.revokeTablePrivilege("test", PrivilegeType.DELETE); | ||
| Assert.assertEquals(dbPrivilege2.getTablePrivilegeMap().size(), 1); |
There was a problem hiding this comment.
Notice the order of the expected value and the actual one
| dbPrivilege2.revokeTablePrivilege("test2", PrivilegeType.SELECT); | ||
| dbPrivilege2.revokeDBPrivilege(PrivilegeType.INSERT); | ||
| dbPrivilege2.revokeDBGrantOption(PrivilegeType.ALTER); | ||
| Assert.assertEquals(dbPrivilege2.getTablePrivilegeMap().size(), 0); |
| } else if (item.isRelationalPrivilege()) { | ||
| databasePrivilege.grantDBPrivilege(item); | ||
| databasePrivilege.grantDBGrantOption(item); | ||
| databasePrivilege.grantTablePrivilege("testTable", item); |
There was a problem hiding this comment.
Better add grant option for admin
|
|
||
| public class TablePrivilegeTest { | ||
| @Test | ||
| public void testTablePrivilege_Init() { |
There was a problem hiding this comment.
This may not reflect the real change of table privilege, because the "privilege" and "grant option" seems indepentent here.
| @@ -756,11 +757,12 @@ public void testNormalGrantRevoke() { | |||
|
|
|||
| // 3. check simple privilege revoke from user/role on simple path | |||
| for (PrivilegeType type : PrivilegeType.values()) { | |||
| if (type.isRelationalPrivilege()) continue; | |||
There was a problem hiding this comment.
Better place the "continue" in a separate line?
| * seriesPath-free privilege, this should be "root". | ||
| * @param privilegeId An integer that represents a privilege. | ||
| * @param grantOpt Whether the privilege is grant option. | ||
| * @param userName The username of the user to which the privilege should be added. |
There was a problem hiding this comment.
Better add a little description fro the "union" field
| roles[i].getPathPrivilegeList().add(pathPrivilege); | ||
| roles[i].getSysPrivilege().add(i + 4); | ||
| roles[i].grantSysPrivilege(PrivilegeType.values()[i + 4], false); | ||
| roles[i].grantDBPrivilege("testdb", PrivilegeType.CREATE, false); |
There was a problem hiding this comment.
Seemingly the "CREATE" is granted twice
| user1.toString()); | ||
| Assert.assertTrue(user1.equals(user)); | ||
| Assert.assertEquals(user1, user); |
There was a problem hiding this comment.
Better swap the sequence
| import static org.junit.Assert.assertTrue; | ||
|
|
||
| @RunWith(IoTDBTestRunner.class) | ||
| @Category({LocalStandaloneIT.class, ClusterIT.class}) |
There was a problem hiding this comment.
@category({TableLocalStandaloneIT.class, TableClusterIT.class})
| import static org.junit.Assert.assertTrue; | ||
|
|
||
| @RunWith(IoTDBTestRunner.class) | ||
| @Category({ClusterIT.class}) |
There was a problem hiding this comment.
@category({TableClusterIT.class})
| public class IoTDBClusterAuthorityRelationalIT { | ||
| @Before | ||
| public void setUp() throws Exception { | ||
| // Init 1C0D environment |
| assertEquals(status.getCode(), TSStatusCode.SUCCESS_STATUS.getStatusCode()); | ||
| } | ||
|
|
||
| private void cleanUserAndRole(SyncConfigNodeIServiceClient client) throws TException { |
| AuthorRType.GRANT_USER_ROLE.ordinal(), "user1", "role1", "", "", "", -1, false)); | ||
| grantSysPrivilegeAndCheck(client, "user1", "role1", true, PrivilegeType.MANAGE_USER, false); | ||
| grantSysPrivilegeAndCheck(client, "user1", "role1", true, PrivilegeType.MANAGE_ROLE, true); | ||
| grantSysPrivilegeAndCheck(client, "user1", "role1", false, PrivilegeType.MAINTAIN, true); |
There was a problem hiding this comment.
Better only specify one of user and role to make it clearer…… And in fact we shall only pass one "name" into the parameter
| @@ -101,174 +98,143 @@ public void createAndDeleteUser() throws AuthException { | |||
|
|
|||
| @Test | |||
| public void createAndDeleteRole() throws AuthException { | |||
| authorizer.createRole(user.getName()); | |||
| authorizer.createRole(userName); | |||
| } catch (AuthException e) { | ||
| assertEquals("Role user already exists", e.getMessage()); | ||
| } | ||
| authorizer.deleteRole(user.getName()); | ||
| authorizer.createUser("test", "password"); |
| try { | ||
| authorizer.revokePrivilegeFromUser( | ||
| user.getName(), nodeName, PrivilegeType.READ_DATA.ordinal()); | ||
| userName, new PrivilegeUnion(nodeName, PrivilegeType.READ_DATA)); | ||
| } catch (AuthException e) { | ||
| assertEquals("User user does not have READ_DATA on root.laptop.d1", e.getMessage()); |
There was a problem hiding this comment.
This will not be thrown now, do not catch it
| accessor.saveEntry(user); | ||
| accessor.reset(); | ||
| User loadUser = accessor.loadEntry("test"); | ||
| assertEquals(user, loadUser); |
There was a problem hiding this comment.
Better reserve the "List" and "Delete" tests.
| List<String> resultLines = Arrays.asList(result.split("\n")); | ||
| assertEquals(ansLines.size(), resultLines.size()); | ||
| for (String resultLine : resultLines) { | ||
| assertTrue(ansLines.contains(resultLine)); |
There was a problem hiding this comment.
Why use "contains"? BTW, there is a similar function called TestUtils.assertResultSetEqual().
| return "No such role %s"; | ||
| } | ||
|
|
||
| protected BasicRoleManager() { |
|
|
||
| // user's priv: | ||
| // 1. MANAGE_DATABASE | ||
| // 2. USE_PIPE with grant option | ||
| // 3. READ_DATA root.d1.** | ||
| // 4. WRITE_SCHEMA root.d1.** with grant option | ||
| // 5. SELECT on database, ALTER on database with grant option | ||
| // 6. UPDATE on database.table, DELETE on database.table with grant option | ||
|
|
||
| // role's priv: | ||
| // 1. USE_UDF | ||
| // 2. USE_CQ with grant option | ||
| // 3. READ_DATA root.t9.** with grant option |
| "user1", Collections.singletonList(pathRoot), PrivilegeType.MANAGE_USER.ordinal())); | ||
| Assert.assertEquals( | ||
| authorityFetcher.checkUserSysPrivilegesGrantOpt("user1", PrivilegeType.USE_PIPE).getCode(), | ||
| TSStatusCode.SUCCESS_STATUS.getStatusCode()); |
There was a problem hiding this comment.
Put the expected value at the front
| authorityFetcher | ||
| .checkUserPathPrivilegesGrantOpt( | ||
| "user1", | ||
| Collections.singletonList(new PartialPath("root.d1.d1.**")), |
There was a problem hiding this comment.
Above just said "root.d1.d2"
| Collections.singletonList(new PartialPath("root.**")), | ||
| PrivilegeType.WRITE_SCHEMA) | ||
| .getCode(), | ||
| TSStatusCode.NO_PERMISSION.getStatusCode()); | ||
| // reuqire root.d1.d2 with write_schema, return true |
|
|
||
| List<String> roleList = new ArrayList<>(); | ||
| if (roleOfUser.exists()) { | ||
| Set<String> roleList = new HashSet<>(); |
| assert (tag == VERSION); | ||
| user.setName(IOUtils.readString(dataInputStream, STRING_ENCODING, strBufferLocal)); | ||
| user.setPassword(IOUtils.readString(dataInputStream, STRING_ENCODING, strBufferLocal)); | ||
| user.setSysPrivilegesWithMask(dataInputStream.readInt()); |
There was a problem hiding this comment.
Why not put this in "loadPrivileges"?
| Set<String> roleSet = new HashSet<>(); | ||
| if (roleOfUser.exists()) { | ||
| inputStream = new FileInputStream(roleOfUser); | ||
| try (DataInputStream roleInpuStream = |
| public List<String> listAllUsers() { | ||
| File userDir = SystemFileFactory.INSTANCE.getFile(userDirPath); | ||
| public List<String> listAllEntries() { | ||
| File userDir = SystemFileFactory.INSTANCE.getFile(entryDirPath); | ||
| String[] names = | ||
| userDir.list( | ||
| (dir, name) -> | ||
| (name.endsWith(IoTDBConstant.PROFILE_SUFFIX) | ||
| && !name.endsWith(ROLE_SUFFIX + IoTDBConstant.PROFILE_SUFFIX)) | ||
| || (name.endsWith(TEMP_SUFFIX) && !name.endsWith(ROLE_SUFFIX + TEMP_SUFFIX))); |
There was a problem hiding this comment.
ROLE_SUFFIX + PROFILE_SUFFIX + TEMP_SUFFIX?
In this pr: