OmniSciDB  a47db9e897
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
SysCatalog.h
Go to the documentation of this file.
1 /*
2  * Copyright 2019 MapD Technologies, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
29 #ifndef SYS_CATALOG_H
30 #define SYS_CATALOG_H
31 
32 #include <atomic>
33 #include <cstdint>
34 #include <ctime>
35 #include <limits>
36 #include <list>
37 #include <map>
38 #include <mutex>
39 #include <string>
40 #include <unordered_map>
41 #include <utility>
42 #include <vector>
43 
44 #include "Grantee.h"
45 #include "LdapServer.h"
46 #include "LinkDescriptor.h"
47 #include "ObjectRoleDescriptor.h"
48 #include "RestServer.h"
49 
50 #include "../DataMgr/DataMgr.h"
51 #include "../SqliteConnector/SqliteConnector.h"
52 #include "LeafHostInfo.h"
53 
54 #include "../Calcite/Calcite.h"
55 #include "../Shared/mapd_shared_mutex.h"
56 
57 const std::string OMNISCI_SYSTEM_CATALOG = "omnisci_system_catalog";
58 const std::string OMNISCI_DEFAULT_DB = "omnisci";
59 const std::string OMNISCI_ROOT_USER = "admin";
60 const int OMNISCI_ROOT_USER_ID = 0;
61 const std::string OMNISCI_ROOT_USER_ID_STR = "0";
62 const std::string OMNISCI_ROOT_PASSWD_DEFAULT = "HyperInteractive";
63 
64 class Calcite;
65 
66 namespace Catalog_Namespace {
67 
68 /*
69  * @type UserMetadata
70  * @brief metadata for a mapd user
71  */
72 struct UserMetadata {
73  UserMetadata(int32_t u, const std::string& n, const std::string& p, bool s, int32_t d)
74  : userId(u), userName(n), passwd_hash(p), isSuper(s), defaultDbId(d) {}
76  UserMetadata(UserMetadata const& user_meta)
77  : UserMetadata(user_meta.userId,
78  user_meta.userName,
79  user_meta.passwd_hash,
80  user_meta.isSuper.load(),
81  user_meta.defaultDbId) {}
82  int32_t userId;
83  std::string userName;
84  std::string passwd_hash;
85  std::atomic<bool> isSuper;
86  int32_t defaultDbId;
87 };
88 
89 /*
90  * @type DBMetadata
91  * @brief metadata for a mapd database
92  */
93 struct DBMetadata {
94  DBMetadata() : dbId(0), dbOwner(0) {}
95  int32_t dbId;
96  std::string dbName;
97  int32_t dbOwner;
98 };
99 
100 /*
101  * @type DBSummary
102  * @brief summary info for a mapd database
103  */
104 struct DBSummary {
105  std::string dbName;
106  std::string dbOwnerName;
107 };
108 using DBSummaryList = std::list<DBSummary>;
109 
111  public:
112  CommonFileOperations(std::string const& base_path) : base_path_(base_path) {}
113 
114  inline void removeCatalogByFullPath(std::string const& full_path);
115  inline void removeCatalogByName(std::string const& name);
116  inline auto duplicateAndRenameCatalog(std::string const& current_name,
117  std::string const& new_name);
118  inline auto assembleCatalogName(std::string const& name);
119 
120  private:
121  std::string const& base_path_;
122 };
123 
124 /*
125  * @type SysCatalog
126  * @brief class for the system-wide catalog, currently containing user and database
127  * metadata
128  */
130  public:
131  void init(const std::string& basePath,
132  std::shared_ptr<Data_Namespace::DataMgr> dataMgr,
133  const AuthMetadata& authMetadata,
134  std::shared_ptr<Calcite> calcite,
135  bool is_new_db,
136  bool aggregator,
137  const std::vector<LeafHostInfo>& string_dict_hosts);
138 
144  std::shared_ptr<Catalog> login(std::string& db,
145  std::string& username,
146  const std::string& password,
147  UserMetadata& user_meta,
148  bool check_password = true);
149  std::shared_ptr<Catalog> switchDatabase(std::string& dbname,
150  const std::string& username);
151  void createUser(const std::string& name,
152  const std::string& passwd,
153  bool issuper,
154  const std::string& dbname);
155  void dropUser(const std::string& name);
156  void alterUser(const int32_t userid,
157  const std::string* passwd,
158  bool* issuper,
159  const std::string* dbname);
160  void renameUser(std::string const& old_name, std::string const& new_name);
161  void createDatabase(const std::string& dbname, int owner);
162  void renameDatabase(std::string const& old_name, std::string const& new_name);
163  void dropDatabase(const DBMetadata& db);
164  bool getMetadataForUser(const std::string& name, UserMetadata& user);
165  bool getMetadataForUserById(const int32_t idIn, UserMetadata& user);
166  bool checkPasswordForUser(const std::string& passwd,
167  std::string& name,
168  UserMetadata& user);
169  void getMetadataWithDefault(std::string& dbname,
170  const std::string& username,
172  UserMetadata& user_meta);
173  bool getMetadataForDB(const std::string& name, DBMetadata& db);
174  bool getMetadataForDBById(const int32_t idIn, DBMetadata& db);
176  Calcite& getCalciteMgr() const { return *calciteMgr_; }
177  const std::string& getBasePath() const { return basePath_; }
179  std::list<DBMetadata> getAllDBMetadata();
180  std::list<UserMetadata> getAllUserMetadata();
184  std::list<UserMetadata> getAllUserMetadata(const int64_t dbId);
186  void createDBObject(const UserMetadata& user,
187  const std::string& objectName,
189  const Catalog_Namespace::Catalog& catalog,
190  int32_t objectId = -1);
191  void grantDBObjectPrivileges(const std::string& grantee,
192  const DBObject& object,
193  const Catalog_Namespace::Catalog& catalog);
194  void grantDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
195  const std::vector<DBObject>& objects,
196  const Catalog_Namespace::Catalog& catalog);
197  void revokeDBObjectPrivileges(const std::string& grantee,
198  const DBObject& object,
199  const Catalog_Namespace::Catalog& catalog);
200  void revokeDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
201  const std::vector<DBObject>& objects,
202  const Catalog_Namespace::Catalog& catalog);
203  void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog* catalog);
205  void getDBObjectPrivileges(const std::string& granteeName,
206  DBObject& object,
207  const Catalog_Namespace::Catalog& catalog) const;
208  bool verifyDBObjectOwnership(const UserMetadata& user,
209  DBObject object,
210  const Catalog_Namespace::Catalog& catalog);
211  void createRole(const std::string& roleName, const bool& userPrivateRole = false);
212  void dropRole(const std::string& roleName);
213  void grantRoleBatch(const std::vector<std::string>& roles,
214  const std::vector<std::string>& grantees);
215  void grantRole(const std::string& role, const std::string& grantee);
216  void revokeRoleBatch(const std::vector<std::string>& roles,
217  const std::vector<std::string>& grantees);
218  void revokeRole(const std::string& role, const std::string& grantee);
219  // check if the user has any permissions on all the given objects
220  bool hasAnyPrivileges(const UserMetadata& user, std::vector<DBObject>& privObjects);
221  // check if the user has the requested permissions on all the given objects
222  bool checkPrivileges(const UserMetadata& user,
223  const std::vector<DBObject>& privObjects) const;
224  bool checkPrivileges(const std::string& userName,
225  const std::vector<DBObject>& privObjects) const;
226  Grantee* getGrantee(const std::string& name) const;
227  Role* getRoleGrantee(const std::string& name) const;
228  User* getUserGrantee(const std::string& name) const;
229  std::vector<ObjectRoleDescriptor*> getMetadataForObject(int32_t dbId,
230  int32_t dbType,
231  int32_t objectId) const;
232  bool isRoleGrantedToGrantee(const std::string& granteeName,
233  const std::string& roleName,
234  bool only_direct) const;
235  std::vector<std::string> getRoles(bool userPrivateRole,
236  bool isSuper,
237  const std::string& userName);
238  std::vector<std::string> getRoles(const std::string& userName, const int32_t dbId);
239  void revokeDashboardSystemRole(const std::string roleName,
240  const std::vector<std::string> grantees);
241  bool isAggregator() const { return aggregator_; }
242  static SysCatalog& instance() {
243  static SysCatalog sys_cat{};
244  return sys_cat;
245  }
246 
247  void populateRoleDbObjects(const std::vector<DBObject>& objects);
248  std::string name() const { return OMNISCI_DEFAULT_DB; }
250  const Catalog_Namespace::Catalog& cat);
251  void syncUserWithRemoteProvider(const std::string& user_name,
252  const std::vector<std::string>& roles,
253  bool* issuper);
254  std::unordered_map<std::string, std::vector<std::string>> getGranteesOfSharedDashboards(
255  const std::vector<std::string>& dashboard_ids);
256 
257  private:
258  typedef std::map<std::string, Grantee*> GranteeMap;
259  typedef std::multimap<std::string, ObjectRoleDescriptor*> ObjectRoleDescriptorMap;
260 
263  , aggregator_(false)
264  , sqliteMutex_()
265  , sharedMutex_()
266  , thread_holding_sqlite_lock(std::thread::id())
267  , thread_holding_write_lock(std::thread::id()) {}
268  virtual ~SysCatalog();
269 
270  void initDB();
271  void buildRoleMap();
272  void buildUserRoleMap();
276  void createUserRoles();
277  void migratePrivileges();
278  void migratePrivileged_old();
279  void updateUserSchema();
283 
284  void loginImpl(std::string& username,
285  const std::string& password,
286  UserMetadata& user_meta);
287  bool checkPasswordForUserImpl(const std::string& passwd,
288  std::string& name,
289  UserMetadata& user);
290 
291  // Here go functions not wrapped into transactions (necessary for nested calls)
292  void grantDefaultPrivilegesToRole_unsafe(const std::string& name, bool issuper);
293  void createRole_unsafe(const std::string& roleName,
294  const bool& userPrivateRole = false);
295  void dropRole_unsafe(const std::string& roleName);
296  void grantRoleBatch_unsafe(const std::vector<std::string>& roles,
297  const std::vector<std::string>& grantees);
298  void grantRole_unsafe(const std::string& roleName, const std::string& granteeName);
299  void revokeRoleBatch_unsafe(const std::vector<std::string>& roles,
300  const std::vector<std::string>& grantees);
301  void revokeRole_unsafe(const std::string& roleName, const std::string& granteeName);
302  void updateObjectDescriptorMap(const std::string& roleName,
303  DBObject& object,
304  bool roleType,
305  const Catalog_Namespace::Catalog& cat);
306  void deleteObjectDescriptorMap(const std::string& roleName);
307  void deleteObjectDescriptorMap(const std::string& roleName,
308  DBObject& object,
309  const Catalog_Namespace::Catalog& cat);
310  void grantDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
311  const std::vector<DBObject>& objects,
312  const Catalog_Namespace::Catalog& catalog);
313  void grantDBObjectPrivileges_unsafe(const std::string& granteeName,
314  const DBObject object,
315  const Catalog_Namespace::Catalog& catalog);
316  void revokeDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
317  const std::vector<DBObject>& objects,
318  const Catalog_Namespace::Catalog& catalog);
319  void revokeDBObjectPrivileges_unsafe(const std::string& granteeName,
320  DBObject object,
321  const Catalog_Namespace::Catalog& catalog);
322  void grantAllOnDatabase_unsafe(const std::string& roleName,
323  DBObject& object,
324  const Catalog_Namespace::Catalog& catalog);
325  void revokeAllOnDatabase_unsafe(const std::string& roleName,
326  int32_t dbId,
327  Grantee* grantee);
328  bool isDashboardSystemRole(const std::string& roleName);
329  void updateUserRoleName(const std::string& roleName, const std::string& newName);
330 
331  template <typename F, typename... Args>
332  void execInTransaction(F&& f, Args&&... args);
333 
334  std::string basePath_;
337  std::unique_ptr<SqliteConnector> sqliteConnector_;
338 
339  std::shared_ptr<Data_Namespace::DataMgr> dataMgr_;
340  std::unique_ptr<LdapServer> ldap_server_;
341  std::unique_ptr<RestServer> rest_server_;
343  std::shared_ptr<Calcite> calciteMgr_;
344  std::vector<LeafHostInfo> string_dict_hosts_;
347 
348  public:
349  mutable std::mutex sqliteMutex_;
351  mutable std::atomic<std::thread::id> thread_holding_sqlite_lock;
352  mutable std::atomic<std::thread::id> thread_holding_write_lock;
353  static thread_local bool thread_holds_read_lock;
354 };
355 
356 } // namespace Catalog_Namespace
357 
358 #endif // SYS_CATALOG_H
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
std::unique_ptr< LdapServer > ldap_server_
Definition: SysCatalog.h:340
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
std::unique_ptr< RestServer > rest_server_
Definition: SysCatalog.h:341
bool isDashboardSystemRole(const std::string &roleName)
void dropUser(const std::string &name)
Definition: SysCatalog.cpp:774
auto duplicateAndRenameCatalog(std::string const &current_name, std::string const &new_name)
Definition: SysCatalog.cpp:90
SqliteConnector * getSqliteConnector()
Definition: SysCatalog.h:178
class for a per-database catalog. also includes metadata for the current database and the current use...
Definition: Catalog.h:81
DBObjectType
Definition: DBObject.h:42
void revokeDashboardSystemRole(const std::string roleName, const std::vector< std::string > grantees)
void dropRole(const std::string &roleName)
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
UserMetadata(UserMetadata const &user_meta)
Definition: SysCatalog.h:76
void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog *catalog)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::string name() const
Definition: SysCatalog.h:248
std::atomic< std::thread::id > thread_holding_sqlite_lock
Definition: SysCatalog.h:351
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:336
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:57
Definition: Grantee.h:70
void createRole_unsafe(const std::string &roleName, const bool &userPrivateRole=false)
Grantee * getGrantee(const std::string &name) const
void dropDatabase(const DBMetadata &db)
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
Definition: SysCatalog.cpp:698
Definition: Grantee.h:76
void alterUser(const int32_t userid, const std::string *passwd, bool *issuper, const std::string *dbname)
Definition: SysCatalog.cpp:811
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
void init(const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
Definition: SysCatalog.cpp:107
void createDBObject(const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName)
void getDBObjectPrivileges(const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void grantRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void revokeDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
const AuthMetadata * authMetadata_
Definition: SysCatalog.h:342
void createRole(const std::string &roleName, const bool &userPrivateRole=false)
void grantRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
Data_Namespace::DataMgr & getDataMgr() const
Definition: SysCatalog.h:175
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
void createUser(const std::string &name, const std::string &passwd, bool issuper, const std::string &dbname)
Definition: SysCatalog.cpp:728
static SysCatalog & instance()
Definition: SysCatalog.h:242
auto assembleCatalogName(std::string const &name)
Definition: SysCatalog.cpp:78
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:58
std::shared_timed_mutex mapd_shared_mutex
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)
std::shared_ptr< Catalog > login(std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
Definition: SysCatalog.cpp:669
void revokeRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void revokeRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:339
DBSummaryList getDatabaseListForUser(const UserMetadata &user)
std::shared_ptr< Catalog > switchDatabase(std::string &dbname, const std::string &username)
Definition: SysCatalog.cpp:706
Role * getRoleGrantee(const std::string &name) const
std::map< std::string, Grantee * > GranteeMap
Definition: SysCatalog.h:258
mapd_shared_mutex sharedMutex_
Definition: SysCatalog.h:350
User * getUserGrantee(const std::string &name) const
void grantDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void grantDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:337
CommonFileOperations(std::string const &base_path)
Definition: SysCatalog.h:112
void updateUserRoleName(const std::string &roleName, const std::string &newName)
Definition: SysCatalog.cpp:878
std::list< UserMetadata > getAllUserMetadata()
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)
void renameUser(std::string const &old_name, std::string const &new_name)
Definition: SysCatalog.cpp:890
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName)
void getMetadataWithDefault(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
bool hasAnyPrivileges(const UserMetadata &user, std::vector< DBObject > &privObjects)
void deleteObjectDescriptorMap(const std::string &roleName)
void removeCatalogByName(std::string const &name)
Definition: SysCatalog.cpp:86
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:59
const std::string OMNISCI_ROOT_PASSWD_DEFAULT
Definition: SysCatalog.h:62
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
void grantRole(const std::string &role, const std::string &grantee)
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:60
std::list< DBMetadata > getAllDBMetadata()
void renameDatabase(std::string const &old_name, std::string const &new_name)
Definition: SysCatalog.cpp:923
const std::string & getBasePath() const
Definition: SysCatalog.h:177
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
bool verifyDBObjectOwnership(const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
const std::string OMNISCI_ROOT_USER_ID_STR
Definition: SysCatalog.h:61
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:344
bool g_enable_watchdog false
Definition: Execute.cpp:71
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:343
std::unordered_map< std::string, std::vector< std::string > > getGranteesOfSharedDashboards(const std::vector< std::string > &dashboard_ids)
std::list< DBSummary > DBSummaryList
Definition: SysCatalog.h:108
void populateRoleDbObjects(const std::vector< DBObject > &objects)
static thread_local bool thread_holds_read_lock
Definition: SysCatalog.h:353
void grantDefaultPrivilegesToRole_unsafe(const std::string &name, bool issuper)
void revokeRole(const std::string &role, const std::string &grantee)
Calcite & getCalciteMgr() const
Definition: SysCatalog.h:176
std::multimap< std::string, ObjectRoleDescriptor * > ObjectRoleDescriptorMap
Definition: SysCatalog.h:259
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
void createDatabase(const std::string &dbname, int owner)
Definition: SysCatalog.cpp:967
void syncUserWithRemoteProvider(const std::string &user_name, const std::vector< std::string > &roles, bool *issuper)
void removeCatalogByFullPath(std::string const &full_path)
Definition: SysCatalog.cpp:82
std::vector< ObjectRoleDescriptor * > getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
UserMetadata(int32_t u, const std::string &n, const std::string &p, bool s, int32_t d)
Definition: SysCatalog.h:73
std::atomic< bool > isSuper
Definition: SysCatalog.h:85
bool getMetadataForDB(const std::string &name, DBMetadata &db)
void dropRole_unsafe(const std::string &roleName)
std::vector< std::string > getRoles(bool userPrivateRole, bool isSuper, const std::string &userName)
std::atomic< std::thread::id > thread_holding_write_lock
Definition: SysCatalog.h:352