database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[pick][Improment]Add schema table workload_group_privileges (#38436) (#39708)

Browse Source 
pick #38436
This commit is contained in:
wangbo
2024-08-22 00:44:43 +08:00
committed by GitHub
parent 0e694f19db
commit a55e109e97
12 changed files with 418 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
fe/fe-core/src/main/java/org/apache/doris/analysis/SchemaTableType.java
View File

@ -79,7 +79,9 @@ public enum SchemaTableType {
SCH_WORKLOAD_POLICY("WORKLOAD_POLICY", "WORKLOAD_POLICY",
TSchemaTableType.SCH_WORKLOAD_POLICY),
SCH_FILE_CACHE_STATISTICS("FILE_CACHE_STATISTICS", "FILE_CACHE_STATISTICS",
TSchemaTableType.SCH_FILE_CACHE_STATISTICS);
TSchemaTableType.SCH_FILE_CACHE_STATISTICS),
SCH_WORKLOAD_GROUP_PRIVILEGES("WORKLOAD_GROUP_PRIVILEGES",
"WORKLOAD_GROUP_PRIVILEGES", TSchemaTableType.SCH_WORKLOAD_GROUP_PRIVILEGES);
private static final String dbName = "INFORMATION_SCHEMA";
private static SelectList fullSelectLists;

8
fe/fe-core/src/main/java/org/apache/doris/catalog/SchemaTable.java
View File

@ -524,6 +524,14 @@ public class SchemaTable extends Table {
.column("METRIC_NAME", ScalarType.createVarchar(256))
.column("METRIC_VALUE", ScalarType.createType(PrimitiveType.DOUBLE))
.build()))
.put("workload_group_privileges",
new SchemaTable(SystemIdGenerator.getNextId(), "workload_group_privileges", TableType.SCHEMA,
builder().column("GRANTEE", ScalarType.createVarchar(NAME_CHAR_LEN))
.column("WORKLOAD_GROUP_NAME", ScalarType.createVarchar(256))
.column("PRIVILEGE_TYPE", ScalarType.createVarchar(PRIVILEGE_TYPE_LEN))
.column("IS_GRANTABLE", ScalarType.createVarchar(IS_GRANTABLE_LEN))
.build())
)
.build();
private boolean fetchAllFe = false;

43
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
View File

@ -79,6 +79,7 @@ import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
@ -1161,6 +1162,48 @@ public class Auth implements Writable {
return userAuthInfos;
}
public void getUserRoleWorkloadGroupPrivs(List<List<String>> result, UserIdentity currentUserIdentity) {
readLock();
try {
boolean isCurrentUserAdmin = checkGlobalPriv(currentUserIdentity, PrivPredicate.ADMIN);
Map<String, List<User>> nameToUsers = userManager.getNameToUsers();
for (List<User> users : nameToUsers.values()) {
for (User user : users) {
if (!user.isSetByDomainResolver()) {
if (!isCurrentUserAdmin && !currentUserIdentity.equals(user.getUserIdentity())) {
continue;
}
String isGrantable = checkGlobalPriv(user.getUserIdentity(), PrivPredicate.ADMIN) ? "YES"
: "NO";
// workload group
for (PrivEntry entry : getUserWorkloadGroupPrivTable(user.getUserIdentity()).entries) {
WorkloadGroupPrivEntry workloadGroupPrivEntry = (WorkloadGroupPrivEntry) entry;
PrivBitSet savedPrivs = workloadGroupPrivEntry.getPrivSet().copy();
List<String> row = Lists.newArrayList();
row.add(user.getUserIdentity().toString());
row.add(workloadGroupPrivEntry.getOrigWorkloadGroupName());
row.add(savedPrivs.toString());
row.add(isGrantable);
result.add(row);
}
}
}
}
Set<String> currentUserRole = null;
if (!isCurrentUserAdmin) {
currentUserRole = userRoleManager.getRolesByUser(currentUserIdentity, false);
currentUserRole = currentUserRole == null ? new HashSet<>() : currentUserRole;
}
roleManager.getRoleWorkloadGroupPrivs(result, currentUserRole);
} finally {
readUnlock();
}
}
private void getUserAuthInfo(List<List<String>> userAuthInfos, UserIdentity userIdent) {
// AuthProcDir.TITLE_NAMES
List<String> userAuthInfo = Lists.newArrayList();

26
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/RoleManager.java
View File

@ -37,6 +37,7 @@ import org.apache.doris.persist.gson.GsonUtils;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.resource.workloadgroup.WorkloadGroupMgr;
import com.aliyuncs.utils.StringUtils;
import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
@ -187,6 +188,31 @@ public class RoleManager implements Writable, GsonPostProcessable {
}
}
public void getRoleWorkloadGroupPrivs(List<List<String>> result, Set<String> limitedRole) {
for (Role role : roles.values()) {
if (ClusterNamespace.getNameFromFullName(role.getRoleName()).startsWith(DEFAULT_ROLE_PREFIX)) {
continue;
}
if (limitedRole != null && !limitedRole.contains(role.getRoleName())) {
continue;
}
String isGrantable = role.checkGlobalPriv(PrivPredicate.ADMIN) ? "YES" : "NO";
for (Map.Entry<WorkloadGroupPattern, PrivBitSet> entry : role.getWorkloadGroupPatternToPrivs().entrySet()) {
List<String> row = Lists.newArrayList();
row.add(role.getRoleName());
row.add(entry.getKey().getworkloadGroupName());
if (StringUtils.isEmpty(entry.getValue().toString())) {
continue;
}
row.add(entry.getValue().toString());
row.add(isGrantable);
result.add(row);
}
}
}
public Role createDefaultRole(UserIdentity userIdent) throws DdlException {
String userDefaultRoleName = getUserDefaultRoleName(userIdent);
if (roles.containsKey(userDefaultRoleName)) {

36
fe/fe-core/src/main/java/org/apache/doris/tablefunction/MetadataGenerator.java
View File

@ -107,6 +107,8 @@ public class MetadataGenerator {
private static final ImmutableMap<String, Integer> WORKLOAD_SCHED_POLICY_COLUMN_TO_INDEX;
private static final ImmutableMap<String, Integer> WORKLOAD_GROUP_PRIVILEGES_COLUMN_TO_INDEX;
static {
ImmutableMap.Builder<String, Integer> activeQueriesbuilder = new ImmutableMap.Builder();
List<Column> activeQueriesColList = SchemaTable.TABLE_MAP.get("active_queries").getFullSchema();
@ -134,6 +136,12 @@ public class MetadataGenerator {
}
WORKLOAD_SCHED_POLICY_COLUMN_TO_INDEX = policyBuilder.build();
ImmutableMap.Builder<String, Integer> wgPrivsBuilder = new ImmutableMap.Builder();
List<Column> wgPrivsColList = SchemaTable.TABLE_MAP.get("workload_group_privileges").getFullSchema();
for (int i = 0; i < wgPrivsColList.size(); i++) {
wgPrivsBuilder.put(wgPrivsColList.get(i).getName().toLowerCase(), i);
}
WORKLOAD_GROUP_PRIVILEGES_COLUMN_TO_INDEX = wgPrivsBuilder.build();
}
public static TFetchSchemaTableDataResult getMetadataTable(TFetchSchemaTableDataRequest request) throws TException {
@ -213,6 +221,10 @@ public class MetadataGenerator {
result = workloadSchedPolicyMetadataResult(schemaTableParams);
columnIndex = WORKLOAD_SCHED_POLICY_COLUMN_TO_INDEX;
break;
case WORKLOAD_GROUP_PRIVILEGES:
result = workloadGroupPrivsMetadataResult(schemaTableParams);
columnIndex = WORKLOAD_GROUP_PRIVILEGES_COLUMN_TO_INDEX;
break;
default:
return errorResult("invalid schema table name.");
}
@ -518,6 +530,30 @@ public class MetadataGenerator {
return result;
}
private static TFetchSchemaTableDataResult workloadGroupPrivsMetadataResult(TSchemaTableRequestParams params) {
if (!params.isSetCurrentUserIdent()) {
return errorResult("current user ident is not set.");
}
UserIdentity currentUserIdentity = UserIdentity.fromThrift(params.getCurrentUserIdent());
List<List<String>> rows = new ArrayList<>();
Env.getCurrentEnv().getAuth().getUserRoleWorkloadGroupPrivs(rows, currentUserIdentity);
List<TRow> dataBatch = Lists.newArrayList();
for (List<String> privRow : rows) {
TRow trow = new TRow();
String workloadGroupName = privRow.get(1);
trow.addToColumnValue(new TCell().setStringVal(privRow.get(0))); // GRANTEE
trow.addToColumnValue(new TCell().setStringVal(workloadGroupName)); // WORKLOAD_GROUP_NAME
trow.addToColumnValue(new TCell().setStringVal(privRow.get(2))); // PRIVILEGE_TYPE
trow.addToColumnValue(new TCell().setStringVal(privRow.get(3))); // IS_GRANTABLE
dataBatch.add(trow);
}
TFetchSchemaTableDataResult result = new TFetchSchemaTableDataResult();
result.setDataBatch(dataBatch);
result.setStatus(new TStatus(TStatusCode.OK));
return result;
}
private static TFetchSchemaTableDataResult queriesMetadataResult(TSchemaTableRequestParams tSchemaTableParams,
TFetchSchemaTableDataRequest parentRequest) {
TFetchSchemaTableDataResult result = new TFetchSchemaTableDataResult();