-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[#2759] feat(server,core): Add service admin and metalake admin #2758
Merged
Merged
Changes from all commits
Commits
Show all changes
28 commits
Select commit
Hold shift + click to select a range
691f1c1
Add MetalakeAdminManager
ae3d7ae
fix
f1abac8
add more comments
ea216e6
Merge remote-tracking branch 'upstream/main' into MetalakeAdmin
f5ce9b7
fix style
24e1ea7
polish
beb35c3
polish the comment
23bd8e2
fix style
2d144dd
fix ut
f89eab2
Merge remote-tracking branch 'upstream/main' into MetalakeAdmin
f643de6
fix build
06780e2
Add comment
a6134b9
address comments
cf6b4bf
remove lock
43e379b
rename config options
224737b
move variable
e9348dc
fix
7b5ea94
address comments
03d4bc8
Merge remote-tracking branch 'upstream/main' into MetalakeAdmin
50c7132
Merge remote-tracking branch 'upstream/main' into MetalakeAdmin
e4b3183
address comments
78ed449
address comments
1b999c5
address comments
69b2aab
address comments
2cd9518
address comments
e86fecb
Move names
af859af
Add more comments
734c3b0
Add ut
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
135 changes: 135 additions & 0 deletions
135
core/src/main/java/com/datastrato/gravitino/authorization/AdminManager.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
/* | ||
* Copyright 2024 Datastrato Pvt Ltd. | ||
* This software is licensed under the Apache License version 2. | ||
*/ | ||
package com.datastrato.gravitino.authorization; | ||
|
||
import com.datastrato.gravitino.Config; | ||
import com.datastrato.gravitino.Configs; | ||
import com.datastrato.gravitino.Entity; | ||
import com.datastrato.gravitino.EntityAlreadyExistsException; | ||
import com.datastrato.gravitino.EntityStore; | ||
import com.datastrato.gravitino.NameIdentifier; | ||
import com.datastrato.gravitino.Namespace; | ||
import com.datastrato.gravitino.exceptions.UserAlreadyExistsException; | ||
import com.datastrato.gravitino.meta.AuditInfo; | ||
import com.datastrato.gravitino.meta.UserEntity; | ||
import com.datastrato.gravitino.storage.IdGenerator; | ||
import com.datastrato.gravitino.utils.PrincipalUtils; | ||
import com.google.common.collect.Lists; | ||
import java.io.IOException; | ||
import java.time.Instant; | ||
import java.util.List; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
/** | ||
* There are two kinds of admin roles in the system: service admin and metalake admin. The service | ||
* admin is configured instead of managing by APIs. It is responsible for creating metalake admin. | ||
* If Gravitino enables authorization, service admin is required. Metalake admin can create a | ||
* metalake or drops its metalake. The metalake admin will be responsible for managing the access | ||
* control. AdminManager operates underlying store using the lock because kv storage needs the lock. | ||
*/ | ||
public class AdminManager { | ||
|
||
private static final Logger LOG = LoggerFactory.getLogger(AdminManager.class); | ||
|
||
private final EntityStore store; | ||
private final IdGenerator idGenerator; | ||
private final List<String> serviceAdmins; | ||
|
||
public AdminManager(EntityStore store, IdGenerator idGenerator, Config config) { | ||
this.store = store; | ||
this.idGenerator = idGenerator; | ||
this.serviceAdmins = config.get(Configs.SERVICE_ADMINS); | ||
} | ||
|
||
/** | ||
* Adds a new metalake admin. | ||
* | ||
* @param user The name of the User. | ||
* @return The added User instance. | ||
* @throws UserAlreadyExistsException If a User with the same identifier already exists. | ||
* @throws RuntimeException If adding the User encounters storage issues. | ||
*/ | ||
public synchronized User addMetalakeAdmin(String user) { | ||
|
||
UserEntity userEntity = | ||
UserEntity.builder() | ||
.withId(idGenerator.nextId()) | ||
.withName(user) | ||
.withNamespace( | ||
Namespace.of( | ||
Entity.SYSTEM_METALAKE_RESERVED_NAME, | ||
Entity.AUTHORIZATION_CATALOG_NAME, | ||
Entity.ADMIN_SCHEMA_NAME)) | ||
.withRoles(Lists.newArrayList()) | ||
.withAuditInfo( | ||
AuditInfo.builder() | ||
.withCreator(PrincipalUtils.getCurrentPrincipal().getName()) | ||
.withCreateTime(Instant.now()) | ||
.build()) | ||
.build(); | ||
try { | ||
store.put(userEntity, false /* overwritten */); | ||
return userEntity; | ||
} catch (EntityAlreadyExistsException e) { | ||
LOG.warn("User {} in the metalake admin already exists", user, e); | ||
throw new UserAlreadyExistsException("User %s in the metalake admin already exists", user); | ||
} catch (IOException ioe) { | ||
LOG.error("Adding user {} failed to the metalake admin due to storage issues", user, ioe); | ||
throw new RuntimeException(ioe); | ||
} | ||
} | ||
|
||
/** | ||
* Removes a metalake admin. | ||
* | ||
* @param user The name of the User. | ||
* @return `true` if the User was successfully removed, `false` otherwise. | ||
* @throws RuntimeException If removing the User encounters storage issues. | ||
*/ | ||
public synchronized boolean removeMetalakeAdmin(String user) { | ||
try { | ||
return store.delete(ofMetalakeAdmin(user), Entity.EntityType.USER); | ||
} catch (IOException ioe) { | ||
LOG.error( | ||
"Removing user {} from the metalake admin {} failed due to storage issues", user, ioe); | ||
throw new RuntimeException(ioe); | ||
} | ||
} | ||
|
||
/** | ||
* Judges whether the user is the service admin. | ||
* | ||
* @param user the name of the user | ||
* @return true, if the user is service admin, otherwise false. | ||
*/ | ||
public boolean isServiceAdmin(String user) { | ||
return serviceAdmins.contains(user); | ||
} | ||
|
||
/** | ||
* Judges whether the user is the metalake admin. | ||
* | ||
* @param user the name of the user | ||
* @return true, if the user is metalake admin, otherwise false. | ||
*/ | ||
public synchronized boolean isMetalakeAdmin(String user) { | ||
try { | ||
return store.exists(ofMetalakeAdmin(user), Entity.EntityType.USER); | ||
} catch (IOException ioe) { | ||
LOG.error( | ||
"Fail to check whether {} is the metalake admin {} due to storage issues", user, ioe); | ||
throw new RuntimeException(ioe); | ||
} | ||
} | ||
|
||
private NameIdentifier ofMetalakeAdmin(String user) { | ||
return NameIdentifier.of( | ||
Entity.SYSTEM_METALAKE_RESERVED_NAME, | ||
Entity.AUTHORIZATION_CATALOG_NAME, | ||
Entity.ADMIN_SCHEMA_NAME, | ||
user); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking that we can support more than one service admin using comma separated configuration.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't forget to add this to the doc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have created an issue #2818 to track this. Because I need to split the security document into three parts. I don't add the document in the pull request.