[#2234] feat(core): Add the support of User entity

[qqqttt123]

What changes were proposed in this pull request?

Add the UserEntity. Gravitino doesn't manage users, just sets up the relationship between the metalake and the user. So we don't bring too many fields in the User entity. More user information should be managed by external user system.

Why are the changes needed?

Fix: #2234

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Add UT.

[jerryshao]

Why do we need namespace for User?

[qqqttt123]

User is under a metalake. So we should have a namespace.

[jerryshao]

it's weird to use namespace here, we don't have a namespace concept for "User".

You can use metalake directly, or remove this interface. Since I don't see the usage of namespace from the current code.

[jerryshao]

Do you need to add some more basic information for user?

[qqqttt123]

I hesitate to add them. If some properties are very important, we can make them become fields later. At the beginning, we can put them into the properties.

[qqqttt123]

Not to choose to name this CombinedUser Because the underlying system may have different users. We can't map them one to one.
Not to choose to name this BaseUser. Because BaseUser looks like an abstract class although we already have a class BaseMetalake.

[jerryshao]

I don't like this name, user is just a user, MetalakeUser will make me think that this user is only for metalake.

[qqqttt123]

How about concreteUser, UserImpl and BasicUser?

[qqqttt123]

How about ManagedUser?

[jerryshao]

So you define properties here, but don't have a related method in the User interface, how do users use this?

[qqqttt123]

I have defined the method properties() in User.java #24L.

[jerryshao]

@yuqi1129 please help to check this part. I don't think the change is enough to support User.

[yuqi1129]

@qqqttt123

1. If a catalog and a user share the same entity, Gravitino will receive an error, so we need to take actions to prevent this from happening.
2. You may also need to implement rational entity stores.

[qqqttt123]

1. How to prevent it?
2. I prefer doing it in another pr.

[yuqi1129]

How to prevent it?

We need to consider it any way, let me think about it also.

[yuqi1129]

@qqqttt123
We'd better add some comments about it, If the name of a user and catalog is the same, they will share the same id in the id-name mapping, If we drop any one( the user or the catalog), the ID of it may also be removed( though we will not abandon the id of the name when dropping an entity), so I suggest we need to add some comment about it.

You can add the following comments here:

// As the name of users and catalogs shares the same ID if their names are the same, we must be cautious
// that we should NOT drop the id when remove a user or catalog, for more please refer to `KvNameMappingService`

https://github.com/datastrato/gravitino/pull/2481/files#:~:text=USER%2C-,new%20String,-%5B%5D%20%7BUSER.

[qqqttt123]

In my thought,

1. Metalake is a tenant concept us. We have users, groups and roles under the metalake. They will be isolated among metalakes.

[jerryshao]

What I want is that the semantic is correct to support different operations, no matter what underlying mapping you use.

Besides, I don't think the storage hierarchy should be directly mapping the semantic layer. Like user, it is a concept under the metalake. But we can store them in a system catalog/table, we don't have to store it directly under metalake.

[jerryshao]

Another potential issue is that renaming may not go as planned. For instance, the catalog 'A' and user A share the same id 1, when we rename catalog A to B, then the mapping then become B to 1 and user A can't be found.

This problem should also exist for other entities, it should be fixed. For example, renaming table from A to B, then the fileset A cannot be found either.

[jerryshao]

You should never assume that there's only one entity type under the specific namespace.

[jerryshao]

Do we need to wait for @yuqi1129 's fix or we can merge it beforehand?

[yuqi1129]

@qqqttt123

1. If a catalog and a user share the same entity, Gravitino will receive an error, so we need to take actions to prevent this from happening.
2. You may also need to implement rational entity stores.

[yuqi1129]

This appears to be not a standard Java document format.

[qqqttt123]

From the Snowflake, the user model is as follows.

CREATE [ OR REPLACE ] USER [ IF NOT EXISTS ] <name>
  [ objectProperties ]
  [ objectParams ]
  [ sessionParams ]
  [ [ WITH ] TAG ( <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' , ... ] )

objectProperties ::=
  PASSWORD = '<string>'
  LOGIN_NAME = <string>
  DISPLAY_NAME = <string>
  FIRST_NAME = <string>
  MIDDLE_NAME = <string>
  LAST_NAME = <string>
  EMAIL = <string>
  MUST_CHANGE_PASSWORD = TRUE | FALSE
  DISABLED = TRUE | FALSE
  DAYS_TO_EXPIRY = <integer>
  MINS_TO_UNLOCK = <integer>
  DEFAULT_WAREHOUSE = <string>
  DEFAULT_NAMESPACE = <string>
  DEFAULT_ROLE = <string>
  DEFAULT_SECONDARY_ROLES = ( 'ALL' )
  MINS_TO_BYPASS_MFA = <integer>
  RSA_PUBLIC_KEY = <string>
  RSA_PUBLIC_KEY_2 = <string>
  COMMENT = '<string_literal>'


sessionParams ::=
  ABORT_DETACHED_QUERY = TRUE | FALSE
  AUTOCOMMIT = TRUE | FALSE
  BINARY_INPUT_FORMAT = <string>
  BINARY_OUTPUT_FORMAT = <string>
  DATE_INPUT_FORMAT = <string>
  DATE_OUTPUT_FORMAT = <string>
  ERROR_ON_NONDETERMINISTIC_MERGE = TRUE | FALSE
  ERROR_ON_NONDETERMINISTIC_UPDATE = TRUE | FALSE
  JSON_INDENT = <num>
  LOCK_TIMEOUT = <num>
  QUERY_TAG = <string>
  ROWS_PER_RESULTSET = <num>
  SIMULATED_DATA_SHARING_CONSUMER = <string>
  STATEMENT_TIMEOUT_IN_SECONDS = <num>
  STRICT_JSON_OUTPUT = TRUE | FALSE
  TIMESTAMP_DAY_IS_ALWAYS_24H = TRUE | FALSE
  TIMESTAMP_INPUT_FORMAT = <string>
  TIMESTAMP_LTZ_OUTPUT_FORMAT = <string>
  TIMESTAMP_NTZ_OUTPUT_FORMAT = <string>
  TIMESTAMP_OUTPUT_FORMAT = <string>
  TIMESTAMP_TYPE_MAPPING = <string>
  TIMESTAMP_TZ_OUTPUT_FORMAT = <string>
  TIMEZONE = <string>
  TIME_INPUT_FORMAT = <string>
  TIME_OUTPUT_FORMAT = <string>
  TRANSACTION_DEFAULT_ISOLATION_LEVEL = <string>
  TWO_DIGIT_CENTURY_START = <num>
  UNSUPPORTED_DDL_ACTION = <string>
  USE_CACHED_RESULT = TRUE | FALSE
  WEEK_OF_YEAR_POLICY = <num>
  WEEK_START = <num>

We could ignore the session properties. Gravitino doesn't have the concept of the session. For object projecties, some of them may be useful like

displayName
email
defaultRole (If a user have multiple roles which have the privillege to create item, the item use the default role to create item)
comment

[qqqttt123]

From the Databricks, https://docs.databricks.com/api/workspace/users/create
You can see

{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "id": "string",
  "userName": "user@example.com",
  "emails": [
    {
      "$ref": "string",
      "value": "string",
      "display": "string",
      "primary": true,
      "type": "string"
    }
  ],
  "name": {
    "givenName": "string",
    "familyName": "string"
  },
  "displayName": "string",
  "groups": [
    {
      "$ref": "string",
      "value": "string",
      "display": "string",
      "primary": true,
      "type": "string"
    }
  ],
  "roles": [
    {
      "$ref": "string",
      "value": "string",
      "display": "string",
      "primary": true,
      "type": "string"
    }
  ],
  "entitlements": [
    {
      "$ref": "string",
      "value": "string",
      "display": "string",
      "primary": true,
      "type": "string"
    }
  ],
  "externalId": "string",
  "active": true
}

active seems an important property. Snowflake has similar property DISABLED.
Some of properties are like Snowflake. We can add these properties, too.
It is worth noticing about the property schema. It is related to scim. But I think this may be an advanced property. We can consider it later.

[qqqttt123]

From the Ranger, https://ranger.apache.org/apidocs/resource_XUserREST.html#resource_XUserREST_createXUser_POST

{
  "name" : "...",
  "firstName" : "...",
  "lastName" : "...",
  "emailAddress" : "...",
  "password" : "...",
  "description" : "...",
  "credStoreId" : 12345,
  "groupIdList" : [ 12345, 12345 ],
  "myClassType" : 12345,
  "status" : 12345,
  "isVisible" : 12345,
  "userSource" : 12345,
  "userRoleList" : [ "...", "..." ],
  "groupNameList" : [ "...", "..." ],
  "otherAttributes" : "...",
  "syncSource" : "...",
  "id" : 12345,
  "createDate" : 12345,
  "updateDate" : 12345,
  "owner" : "...",
  "updatedBy" : "..."
}

Some properties are similar to the Snowflake. Description is similar to the comment.

[qqqttt123]

From the surveys above, I think we can add the properties

firstName
lastName
displayName
emailAddress
comment
active
defaultRole
groups
roles

roles and groups may have some consistent issues when we drop a user, because we lack the transaction, but it should be acceptable.
For example,
we delete a user from a group first. Then we delete the user.
If service goes down after we delete a user from a group, the user won't be deleted, but the group has deleted the user.

[qqqttt123]

CI isn't stable. It's not caused by this pull request.

[jerryshao]

/** An exception thrown when a user already exists. */

[qqqttt123]

Done.

[jerryshao]

I think we can have a UserManager under this AccessControlManager, so that we don't have to put everything in the AccessControlManager.

[qqqttt123]

Done.

[jerryshao]

You'd better define this reserved Namespace in the entity/user entity, not here in auth constants.

[qqqttt123]

Done.

[qqqttt123]

Put SYSTEM_CATALOG_RESERVED_NAME into CatalogEntity.
Put USER_SCHEMA_NAME into UserEntity.

[jerryshao]

Capitalize the first letter.

[qqqttt123]

Done.

[jerryshao]

I think this should also added to the catalog's common rule? @mchades

[jerryshao]

What is the purpose of this method, I cannot get it.

[qqqttt123]

If we delete a metalake, we should remove the users under the metalake.

[qqqttt123]

I resolved the conflict with the main branch.

[jerryshao]

This is meaningless, please add more meaningful description.

[qqqttt123]

Added.

[jerryshao]

What is "User instance"?

[qqqttt123]

Done. Removed the comment.

[jerryshao]

I think we can remove some of the javadoc here, it's not so useful.

[qqqttt123]

done. Removed the comment.