-
Notifications
You must be signed in to change notification settings - Fork 320
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: user authz #3941
feat: user authz #3941
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3941 +/- ##
=============================================
- Coverage 75.22% 41.61% -33.62%
Complexity 711 711
=============================================
Files 754 196 -558
Lines 135575 11790 -123785
Branches 2072 1534 -538
=============================================
- Hits 101991 4906 -97085
+ Misses 33281 6581 -26700
Partials 303 303 ☔ View full report in Codecov by Sentry. |
SDK Test Report104 files +2 104 suites +2 2m 20s ⏱️ -11s Results for commit a2770ec. ± Comparison against base commit 59d79f6. This pull request removes 30 and adds 9 tests. Note that renamed tests count towards both.
♻️ This comment has been updated with latest results. |
@@ -98,6 +98,8 @@ enum SqlNodeType { | |||
kColumnSchema, | |||
kCreateUserStmt, | |||
kAlterUserStmt, | |||
kGrantStmt, | |||
kRevokeStmt, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
append new enums only
CHECK_STATUS(AstStringLiteralToString(grantee, &grantee_str)); | ||
grantees.push_back(grantee_str); | ||
} | ||
*output = node_manager->MakeNode<node::GrantNode>(target_type, target_path.at(0), target_path.at(1), privileges, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what if target_path
size = 1 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in grant statements the target_path is required to have 2 elements: database and target
SetColumnDesc("host", type::DataType::kString, table_info->add_column_desc()); | ||
SetColumnDesc("user", type::DataType::kString, table_info->add_column_desc()); | ||
SetColumnDesc("password", type::DataType::kString, table_info->add_column_desc()); | ||
SetColumnDesc("Host", type::DataType::kString, table_info->add_column_desc()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any usage over this table from the previous release ? If so it would a breaking change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes it's a breaking change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
* feat: sbin use the generated zk conf (#3901) Co-authored-by: lijiangnan <[email protected]> * refactor!: relocate go sdk (#3889) * refactor!: relocate go sdk moving to https://github.com/4paradigm/openmldb-go-sdk * go readme * ci: fix sdk workflow * docs: fix example (#3907) raw SQL request mode example was wrong because execute_mode should be request * fix: make clients use always send auth info (#3906) * fix: make clients use auth by default * fix: let skip auth flag only affect verify * feat: tablets get user table remotely (#3918) * fix: make clients use auth by default * fix: let skip auth flag only affect verify * feat: tablets get user table remotely * fix: use FLAGS_system_table_replica_num for user table * fix: recoverdata support load disk table (#3888) * docs: add map desc in create table (#3912) * ci(#3904): python mac jobs fix (#3905) * fix(#3909): checkout execute_mode in config clause in sql client (#3910) * feat: merge dag sql (#3911) * feat: merge AIOS DAG SQL * feat: mergeDAGSQL * add AIOSUtil * feat: add AIOS merge SQL test case * feat: split margeDAGSQL and validateSQLInRequest * fix: gcformat space and continuous sign (#3921) * fix: gcformat space * fix: gcformat continuous sign use hash * fix: delete incorrect comments * feat: merge 090 features to main (#3929) * Set s3 and aws dependencies ad provided (#3897) * feat: execlude zookeeper for curator (#3899) * Execlude zookeeper when using curator * Fix local build java * Run script to update post release version (#3931) * feat: crud users synchronously (#3928) * fix: make clients use auth by default * fix: let skip auth flag only affect verify * feat: tablets get user table remotely * fix: use FLAGS_system_table_replica_num for user table * feat: consistent user cruds * fix: pass instance of tablet and nameserver into auth lambda to allow locking * feat: best effort try to flush user data to all tablets * fix: lock scope * fix: stop user sync thread safely * fix: default values for user table columns * feat(parser): simple ANSI SQL rewriter (#3934) * feat(parser): simple ANSI SQL rewriter * feat(draft): translate request mode query * feat: request query rewriter * test: tpc rewrite cases * feat(rewrite): enable ansi sql rewriter in `ExecuteSQL` You may explicitly set this feature on via `set session ansi_sql_rewriter = 'true'` TODO: this rewriter feature should be off by default * build(deps-dev): bump urllib3 from 1.26.18 to 1.26.19 in /docs (#3948) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 1.26.19. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.18...1.26.19) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(udf): isin (#3939) * feat(#3916): support @@execute_mode = 'request' (#3924) * feat(udf): array_combine & array_join (#3945) * feat(udf): array_combine * feat(udf): new functions - array_combine - array_join * feat: casting arrays to array<string> for array_combine WIP, string allocation need fix * fix: array_combine with non-string types * feat(array_combine): handle null inputs * fix(array_combine): behavior tweaks - use empty string if delimiter is null - restrict to array_combine(string, array<T> ...) * feat: support batchrequest in ProcessQuery (#3938) * feat: user authz (#3941) * feat: change user table to match mysql * feat: support user authz * fix: cean up created users * build(deps-dev): bump requests from 2.31.0 to 2.32.2 in /docs (#3951) Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.2. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.2) --- updated-dependencies: - dependency-name: requests dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump org.apache.derby:derby (#3949) Bumps org.apache.derby:derby from 10.14.2.0 to 10.17.1.0. --- updated-dependencies: - dependency-name: org.apache.derby:derby dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump org.postgresql:postgresql (#3950) Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.3.3 to 42.3.9. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.3.3...REL42.3.9) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: iot table (#3944) * feat: iot table * fix * fix * fix delete key entry * fix comment * ut * ut test * fix ut * sleep more for truncate * sleep 16 * tool pytest fix and swig fix * fix * clean * move to base * fix * fix coverage ut * fix --------- Co-authored-by: Huang Wei <[email protected]> * feat(open-mysql-db): pandas support (#3868) * feat(open-mysql-db): refactor 1. remove unnecessary instance var port 2. fix cause null bug 3. remove unnecessary throws 4. fix ctx.close() sequence bug 5. config sessionTimeout and requestTimeout 6. add docs of SqlEngine * feat(open-mysql-db): refactor * feat(open-mysql-db): revert passsword * feat(open-mysql-db): mock commit and schema table count * feat(open-mysql-db): replace data type text with string * feat(open-mysql-db): remove null --------- Co-authored-by: yangwucheng <[email protected]> * fix: drop aggr tables in drop table (#3908) * fix: drop aggr tables in drop table * fix * fix test * fix * fix --------- Co-authored-by: Huang Wei <[email protected]> * ci(#3954): fix checkout action on old glibc OS (#3955) * ci(#3954): fix checkout action on old glibc OS * ci: include checkout fix in all workflows * ci: fix python-sdk * test: node-2 to node-3 (#3957) node-3 is not available, moving to node-2 * feat: support locate(substr, str[, pos]) function(#820) (#3943) * fix(scripts): deploy spark correctly (#3958) $SPARK_HOME may be a symbolic link referring to a invalid directory, so we'd try 'rm -f' first * Add changelog for 0.9.1 (#3959) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: venessa <[email protected]> Co-authored-by: lijiangnan <[email protected]> Co-authored-by: aceforeverd <[email protected]> Co-authored-by: oh2024 <[email protected]> Co-authored-by: HuangWei <[email protected]> Co-authored-by: wyl4pd <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Huang Wei <[email protected]> Co-authored-by: yangwucheng <[email protected]> Co-authored-by: yangwucheng <[email protected]> Co-authored-by: howd <[email protected]>
* feat: sbin use the generated zk conf (#3901) Co-authored-by: lijiangnan <[email protected]> * refactor!: relocate go sdk (#3889) * refactor!: relocate go sdk moving to https://github.com/4paradigm/openmldb-go-sdk * go readme * ci: fix sdk workflow * docs: fix example (#3907) raw SQL request mode example was wrong because execute_mode should be request * fix: make clients use always send auth info (#3906) * fix: make clients use auth by default * fix: let skip auth flag only affect verify * feat: tablets get user table remotely (#3918) * fix: make clients use auth by default * fix: let skip auth flag only affect verify * feat: tablets get user table remotely * fix: use FLAGS_system_table_replica_num for user table * fix: recoverdata support load disk table (#3888) * docs: add map desc in create table (#3912) * ci(#3904): python mac jobs fix (#3905) * fix(#3909): checkout execute_mode in config clause in sql client (#3910) * feat: merge dag sql (#3911) * feat: merge AIOS DAG SQL * feat: mergeDAGSQL * add AIOSUtil * feat: add AIOS merge SQL test case * feat: split margeDAGSQL and validateSQLInRequest * fix: gcformat space and continuous sign (#3921) * fix: gcformat space * fix: gcformat continuous sign use hash * fix: delete incorrect comments * feat: merge 090 features to main (#3929) * Set s3 and aws dependencies ad provided (#3897) * feat: execlude zookeeper for curator (#3899) * Execlude zookeeper when using curator * Fix local build java * Run script to update post release version (#3931) * feat: crud users synchronously (#3928) * fix: make clients use auth by default * fix: let skip auth flag only affect verify * feat: tablets get user table remotely * fix: use FLAGS_system_table_replica_num for user table * feat: consistent user cruds * fix: pass instance of tablet and nameserver into auth lambda to allow locking * feat: best effort try to flush user data to all tablets * fix: lock scope * fix: stop user sync thread safely * fix: default values for user table columns * feat(parser): simple ANSI SQL rewriter (#3934) * feat(parser): simple ANSI SQL rewriter * feat(draft): translate request mode query * feat: request query rewriter * test: tpc rewrite cases * feat(rewrite): enable ansi sql rewriter in `ExecuteSQL` You may explicitly set this feature on via `set session ansi_sql_rewriter = 'true'` TODO: this rewriter feature should be off by default * build(deps-dev): bump urllib3 from 1.26.18 to 1.26.19 in /docs (#3948) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 1.26.19. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.18...1.26.19) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(udf): isin (#3939) * feat(#3916): support @@execute_mode = 'request' (#3924) * feat(udf): array_combine & array_join (#3945) * feat(udf): array_combine * feat(udf): new functions - array_combine - array_join * feat: casting arrays to array<string> for array_combine WIP, string allocation need fix * fix: array_combine with non-string types * feat(array_combine): handle null inputs * fix(array_combine): behavior tweaks - use empty string if delimiter is null - restrict to array_combine(string, array<T> ...) * feat: support batchrequest in ProcessQuery (#3938) * feat: user authz (#3941) * feat: change user table to match mysql * feat: support user authz * fix: cean up created users * build(deps-dev): bump requests from 2.31.0 to 2.32.2 in /docs (#3951) Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.2. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.2) --- updated-dependencies: - dependency-name: requests dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump org.apache.derby:derby (#3949) Bumps org.apache.derby:derby from 10.14.2.0 to 10.17.1.0. --- updated-dependencies: - dependency-name: org.apache.derby:derby dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump org.postgresql:postgresql (#3950) Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.3.3 to 42.3.9. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.3.3...REL42.3.9) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: iot table (#3944) * feat: iot table * fix * fix * fix delete key entry * fix comment * ut * ut test * fix ut * sleep more for truncate * sleep 16 * tool pytest fix and swig fix * fix * clean * move to base * fix * fix coverage ut * fix --------- Co-authored-by: Huang Wei <[email protected]> * feat(open-mysql-db): pandas support (#3868) * feat(open-mysql-db): refactor 1. remove unnecessary instance var port 2. fix cause null bug 3. remove unnecessary throws 4. fix ctx.close() sequence bug 5. config sessionTimeout and requestTimeout 6. add docs of SqlEngine * feat(open-mysql-db): refactor * feat(open-mysql-db): revert passsword * feat(open-mysql-db): mock commit and schema table count * feat(open-mysql-db): replace data type text with string * feat(open-mysql-db): remove null --------- Co-authored-by: yangwucheng <[email protected]> * fix: drop aggr tables in drop table (#3908) * fix: drop aggr tables in drop table * fix * fix test * fix * fix --------- Co-authored-by: Huang Wei <[email protected]> * ci(#3954): fix checkout action on old glibc OS (#3955) * ci(#3954): fix checkout action on old glibc OS * ci: include checkout fix in all workflows * ci: fix python-sdk * test: node-2 to node-3 (#3957) node-3 is not available, moving to node-2 * feat: support locate(substr, str[, pos]) function(#820) (#3943) * fix(scripts): deploy spark correctly (#3958) $SPARK_HOME may be a symbolic link referring to a invalid directory, so we'd try 'rm -f' first * Add changelog for 0.9.1 (#3959) * fix: select from JOB_INFO should always in online mode (#3963) * fix: select from JOB_INFO should always in online mode Fix error when user set default `execute_mode` to offline: ```sql set global execute_mode = 'offline'; select 1; ``` * fix: query mode on user & pre_agg tables * build(docker): centos7 EOL (#3965) * build(docker): centos7 EOL * fix vault address for aarch64 * ci(docker): disable arm64 image Dont have arm machine to test * fix(docker): numpy version lock (#3966) * Update docs version to 0.9.1 (#3960) * add blog post (#3936) * refactor: fix compile for mcjit and improve to tests (#3952) * refactor: rm SQL_CASE_BASE_DIR * fix: compile on mcjit * feat: setup SqlCaseBaseDir for hybridse TODO: also setup for tests in src/ * docs: add blog post (#3913) * Include new posts * update links * minor change * ci: update create-pull-request action to v6 in udf-doc-gen workflow & rm deprecated file sync (#3964) * Updated create-pull-request action to v6 in udf-doc-gen workflow * Removed references to docs/en/reference/sql/udfs_8h.md as the file no longer exists * build: upgrade openmldb sdk version in self host (#3962) * docs: add changelog for 0.9.2 (#3968) * docs: update version 0.9.2 in docs (#3970) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: venessa <[email protected]> Co-authored-by: lijiangnan <[email protected]> Co-authored-by: aceforeverd <[email protected]> Co-authored-by: oh2024 <[email protected]> Co-authored-by: HuangWei <[email protected]> Co-authored-by: wyl4pd <[email protected]> Co-authored-by: tobe <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Huang Wei <[email protected]> Co-authored-by: yangwucheng <[email protected]> Co-authored-by: yangwucheng <[email protected]> Co-authored-by: howd <[email protected]> Co-authored-by: Siqi Wang <[email protected]> Co-authored-by: Jayaprakash0511 <[email protected]>
What kind of change does this PR introduce?
feature
What is the current behavior? (You can also link to an open issue here)
Grant/Revoke statements are not supported at all
What is the new behavior (if this is a feature change)?
Grant/Revoke is supported for the CREATE USER and DROP USER statements
Grant options is supported and is used to give permissions to grant