Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add Object Table for Authz in __INTERNAL_DB #3804

Closed
wants to merge 1 commit into from
Closed

feat: Add Object Table for Authz in __INTERNAL_DB #3804

wants to merge 1 commit into from
+27 −3

Conversation

oh2024
Copy link
Collaborator

@oh2024 oh2024 commented Mar 14, 2024

What kind of change does this PR introduce?
This PR introduces a new feature that adds an object table to OpenMLDB for authorization purposes. The table is accessible in the __INTERNAL_DB database and is named OBJECT. This feature allows for enhanced security measures by facilitating permission checks and other authorization mechanisms through the newly introduced table.

What is the current behavior?
Currently, OpenMLDB lacks a dedicated object table for authorization purposes, limiting the ability to implement fine-grained access control and permission checks within the database.

What is the new behavior (if this is a feature change)?
With this change, OpenMLDB introduces an OBJECT table under the __INTERNAL_DB database, which can be interacted with using the DESCRIBE OBJECT; command. This table is designed to store authorization-related information, enabling developers and database administrators to implement more sophisticated authz mechanisms. This feature enhances OpenMLDB's security model by allowing for detailed permission settings and access control at a granular level.

@github-actions github-actions bot added the storage-engine openmldb storage engine. nameserver & tablet label Mar 14, 2024
@oh2024 oh2024 requested a review from aceforeverd March 14, 2024 02:31
@github-actions GitHub Actions
Copy link
Contributor

SDK Test Report

101 files  ±0  101 suites  ±0   2m 4s ⏱️ -4s
347 tests ±0  333 ✅ ±0  14 💤 ±0  0 ❌ ±0 
473 runs  ±0  459 ✅ ±0  14 💤 ±0  0 ❌ ±0 

Results for commit 5015ab9. ± Comparison against base commit db1c1f8.

This pull request removes 48 and adds 27 tests. Note that renamed tests count towards both. 
  PARTITION BY db1.t1.col2 ORDER BY db1.t1.col1
  PARTITION BY t1.col2 ORDER BY t1.col1
  ROWS_RANGE BETWEEN 3 PRECEDING AND CURRENT ROW
 ) limit 10;](1)
 ) limit 10;](2)
 ) limit 10;](3)
 FROM db1.t1
 FROM t1
 WINDOW w1 AS (
 last join db2.t2 order by db2.t2.col1
…

com._4paradigm.hybridse.sdk.SqlEngineTest ‑ sqlLastJoinWithMultipleDB[,  SELECT sum(db1.t1.col1) over w1 as sum_t1_col1, db2.t2.str1 as t2_str1
 FROM db1.t1
 last join db2.t2 order by db2.t2.col1
 on db1.t1.col1 = db2.t2.col1 and db1.t1.col2 = db2.t2.col0
 WINDOW w1 AS (
  PARTITION BY db1.t1.col2 ORDER BY db1.t1.col1
  ROWS_RANGE BETWEEN 3 PRECEDING AND CURRENT ROW
 ) limit 10;](2)
com._4paradigm.hybridse.sdk.SqlEngineTest ‑ sqlLastJoinWithMultipleDB[db1,  SELECT sum(t1.col1) over w1 as sum_t1_col1, db2.t2.str1 as t2_str1
 FROM t1
 last join db2.t2 order by db2.t2.col1
 on t1.col1 = db2.t2.col1 and t1.col2 = db2.t2.col0
 WINDOW w1 AS (
  PARTITION BY t1.col2 ORDER BY t1.col1
  ROWS_RANGE BETWEEN 3 PRECEDING AND CURRENT ROW
 ) limit 10;](1)
com._4paradigm.hybridse.sdk.SqlEngineTest ‑ sqlLastJoinWithMultipleDB[null,  SELECT sum(db1.t1.col1) over w1 as sum_t1_col1, db2.t2.str1 as t2_str1
 FROM db1.t1
 last join db2.t2 order by db2.t2.col1
 on db1.t1.col1 = db2.t2.col1 and db1.t1.col2 = db2.t2.col0
 WINDOW w1 AS (
  PARTITION BY db1.t1.col2 ORDER BY db1.t1.col1
  ROWS_RANGE BETWEEN 3 PRECEDING AND CURRENT ROW
 ) limit 10;](3)
com._4paradigm.hybridse.sdk.SqlEngineTest ‑ sqlMultipleDBErrorTest[, SELECT db2.t2.str1 as t2_str1
 FROM t1
 last join db2.t2 order by db2.t2.col1
 on t1.col1 = db2.t2.col1 and t1.col2 = db2.t2.col0;
, SQL parse error: Fail to transform data provider op: table t1 not exists in database []](4)
com._4paradigm.hybridse.sdk.SqlEngineTest ‑ sqlMultipleDBErrorTest[db1, SELECT db1.t2.str1 as t2_str1
 FROM t1
 last join db2.t2 order by db2.t2.col1
 on t1.col1 = db2.t2.col1 and t1.col2 = db2.t2.col0;
, SQL parse error: Column Not found: db1.t2.str1](2)
com._4paradigm.hybridse.sdk.SqlEngineTest ‑ sqlMultipleDBErrorTest[db1, SELECT db2.t2.str1 as t2_str1
 FROM t1
 last join db2.t2 order by db2.t2.col1
 on t1.col1 = t2.col1 and t1.col2 = db2.t2.col0;
, SQL parse error: Column Not found: .t2.col1](3)
com._4paradigm.hybridse.sdk.SqlEngineTest ‑ sqlMultipleDBErrorTest[db1, SELECT t2.str1 as t2_str1
 FROM t1
 last join db2.t2 order by db2.t2.col1
 on t1.col1 = db2.t2.col1 and t1.col2 = db2.t2.col0;
, SQL parse error: Column Not found: .t2.str1](1)
com._4paradigm.hybridse.sdk.SqlEngineTest ‑ sqlMultipleDBErrorTest[null, SELECT db2.t2.str1 as t2_str1
 FROM t1
 last join db2.t2 order by db2.t2.col1
 on t1.col1 = db2.t2.col1 and t1.col2 = db2.t2.col0;
, SQL parse error: Fail to transform data provider op: table t1 not exists in database []](5)
com._4paradigm.hybridse.sdk.SqlEngineTest ‑ sqlWindowLastJoin[ SELECT sum(t1.col1) over w1 as sum_t1_col1, t2.str1 as t2_str1
 FROM t1
 last join t2 order by t2.col1
 on t1.col1 = t2.col1 and t1.col2 = t2.col0
 WINDOW w1 AS (
  PARTITION BY t1.col2 ORDER BY t1.col1
  ROWS_RANGE BETWEEN 3 PRECEDING AND CURRENT ROW
 ) limit 10;](1)
com._4paradigm.openmldb.jdbc.SQLRouterSmokeTest ‑ testInsertMeta[com._4paradigm.openmldb.sdk.impl.SqlClusterExecutor@1280bae3](1)
…

@codecov Codecov
Copy link

codecov bot commented Mar 14, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 40.70%. Comparing base (db1c1f8) to head (5015ab9).

Additional details and impacted files 
@@            Coverage Diff            @@
##               main    #3804   +/-   ##
=========================================
  Coverage     40.70%   40.70%           
  Complexity      658      658           
=========================================
  Files           195      195           
  Lines         11514    11514           
  Branches       1380     1380           
=========================================
  Hits           4687     4687           
  Misses         6523     6523           
  Partials        304      304

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

Linux Test Report

 53 files  ±0   60 suites  ±0   28m 3s ⏱️ +12s
671 tests ±0  649 ✅  - 2  7 💤 ±0  15 ❌ +2 
672 runs  ±0  650 ✅  - 2  7 💤 ±0  15 ❌ +2 

For more details on these failures, see this check.

Results for commit 5015ab9. ± Comparison against base commit db1c1f8.

aceforeverd
aceforeverd reviewed Mar 14, 2024
View reviewed changes
src/nameserver/system_table.h
@@ -49,11 +50,11 @@ enum class SystemTableType {
kGlobalVariable = 3,
kDeployResponseTime,
kUser,
kObject,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

object is too general, pick a better name for privilege

Copy link
Collaborator Author

@oh2024 oh2024 Mar 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about UserPrivilege?

@oh2024 oh2024 closed this Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aceforeverd aceforeverd aceforeverd left review comments

@tobegit3hub tobegit3hub Awaiting requested review from tobegit3hub

@dl239 dl239 Awaiting requested review from dl239

@vagetablechicken vagetablechicken Awaiting requested review from vagetablechicken

Assignees

@oh2024 oh2024

Labels
storage-engine openmldb storage engine. nameserver & tablet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@oh2024 @aceforeverd