OmniSciDB  72c90bc290
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
SysCatalog.h
Go to the documentation of this file.
1 /*
2  * Copyright 2022 HEAVY.AI, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
28 #ifndef SYS_CATALOG_H
29 #define SYS_CATALOG_H
30 
31 #include <atomic>
32 #include <cstdint>
33 #include <ctime>
34 #include <limits>
35 #include <list>
36 #include <map>
37 #include <mutex>
38 #include <string>
39 #include <unordered_map>
40 #include <utility>
41 #include <vector>
42 
43 #include "tbb/concurrent_hash_map.h"
44 
45 #include "Calcite/Calcite.h"
46 #include "DataMgr/DataMgr.h"
47 #include "Grantee.h"
48 #include "LeafHostInfo.h"
51 #include "ObjectRoleDescriptor.h"
52 #include "PkiServer.h"
53 #include "Shared/DbObjectKeys.h"
54 #include "Shared/SysDefinitions.h"
57 
58 class Calcite;
59 
60 extern std::string g_base_path;
61 
62 namespace Catalog_Namespace {
63 
64 /*
65  * @type UserMetadata
66  * @brief metadata for a db user
67  */
68 struct UserMetadata {
69  UserMetadata(int32_t u,
70  const std::string& n,
71  const std::string& p,
72  bool s,
73  int32_t d,
74  bool l,
75  bool t)
76  : userId(u)
77  , userName(n)
78  , passwd_hash(p)
79  , isSuper(s)
80  , defaultDbId(d)
81  , can_login(l)
82  , is_temporary(t) {}
84  UserMetadata(UserMetadata const& user_meta)
85  : UserMetadata(user_meta.userId,
86  user_meta.userName,
87  user_meta.passwd_hash,
88  user_meta.isSuper.load(),
89  user_meta.defaultDbId,
90  user_meta.can_login,
91  user_meta.is_temporary) {}
92  UserMetadata& operator=(UserMetadata const& user_meta) {
93  if (this != &user_meta) {
94  userId = user_meta.userId;
95  userName = user_meta.userName;
96  passwd_hash = user_meta.passwd_hash;
97  isSuper.store(user_meta.isSuper.load());
98  defaultDbId = user_meta.defaultDbId;
99  can_login = user_meta.can_login;
100  is_temporary = user_meta.is_temporary;
101  }
102  return *this;
103  }
104  int32_t userId{-1};
105  std::string userName;
106  std::string passwd_hash;
107  std::atomic<bool> isSuper{false};
108  int32_t defaultDbId{-1};
109  bool can_login{true};
110  bool is_temporary{false};
111 
112  // Return a string that is safe to log for the username based on --log-user-id.
113  std::string userLoggable() const;
114 };
115 
117  std::optional<std::string> passwd;
118  std::optional<bool> is_super;
119  std::optional<std::string> default_db;
120  std::optional<bool> can_login;
121 
122  bool wouldChange(UserMetadata const& user_meta) const;
123  std::string toString(bool hide_password = true) const;
124 };
125 
126 /*
127  * @type DBMetadata
128  * @brief metadata for a database
129  */
130 struct DBMetadata {
131  DBMetadata() : dbId(0), dbOwner(0) {}
132  int32_t dbId;
133  std::string dbName;
134  int32_t dbOwner;
135 };
136 
137 /*
138  * @type DBSummary
139  * @brief summary info for a database
140  */
141 struct DBSummary {
142  std::string dbName;
143  std::string dbOwnerName;
144 };
145 using DBSummaryList = std::list<DBSummary>;
146 
148  public:
149  CommonFileOperations(std::string const& base_path) : base_path_(base_path) {}
150 
151  inline void removeCatalogByFullPath(std::string const& full_path);
152  inline void removeCatalogByName(std::string const& name);
153  inline auto duplicateAndRenameCatalog(std::string const& current_name,
154  std::string const& new_name);
155  inline auto assembleCatalogName(std::string const& name);
156 
157  private:
158  std::string const& base_path_;
159 };
160 
161 /*
162  * @type SysCatalog
163  * @brief class for the system-wide catalog, currently containing user and database
164  * metadata
165  */
167  public:
168  void init(const std::string& basePath,
169  std::shared_ptr<Data_Namespace::DataMgr> dataMgr,
170  const AuthMetadata& authMetadata,
171  std::shared_ptr<Calcite> calcite,
172  bool is_new_db,
173  bool aggregator,
174  const std::vector<LeafHostInfo>& string_dict_hosts);
175 
176  bool isInitialized() const;
177 
183  std::shared_ptr<Catalog> login(std::string& db,
184  std::string& username,
185  const std::string& password,
186  UserMetadata& user_meta,
187  bool check_password = true);
188  std::shared_ptr<Catalog> switchDatabase(std::string& dbname,
189  const std::string& username);
190  UserMetadata createUser(std::string const& name,
191  UserAlterations alts,
192  bool is_temporary);
193  void dropUser(const std::string& name, bool if_exists = false);
194  // TODO(Misiu): This method is needed only by tests and should otherwise be private and
195  // accessed via friendship.
196  void dropUserUnchecked(const std::string& name, const UserMetadata& user);
197  UserMetadata alterUser(std::string const& name, UserAlterations alts);
198  void renameUser(std::string const& old_name, std::string const& new_name);
199  void createDatabase(const std::string& dbname, int owner);
200  void renameDatabase(std::string const& old_name, std::string const& new_name);
201  void changeDatabaseOwner(std::string const& dbname, const std::string& new_owner);
202  void dropDatabase(const DBMetadata& db);
203  std::optional<UserMetadata> getUser(std::string const& uname) {
204  if (UserMetadata user; getMetadataForUser(uname, user)) {
205  return user;
206  }
207  return {};
208  }
209  std::optional<UserMetadata> getUser(int32_t const uid) {
210  if (UserMetadata user; getMetadataForUserById(uid, user)) {
211  return user;
212  }
213  return {};
214  }
215  std::optional<DBMetadata> getDB(std::string const& dbname) {
216  if (DBMetadata db; getMetadataForDB(dbname, db)) {
217  return db;
218  }
219  return {};
220  }
221  std::optional<DBMetadata> getDB(int32_t const dbid) {
222  if (DBMetadata db; getMetadataForDBById(dbid, db)) {
223  return db;
224  }
225  return {};
226  }
227  bool getMetadataForUser(const std::string& name, UserMetadata& user);
228  bool getMetadataForUserById(const int32_t idIn, UserMetadata& user);
229  bool checkPasswordForUser(const std::string& passwd,
230  std::string& name,
231  UserMetadata& user);
232  bool getMetadataForDB(const std::string& name, DBMetadata& db);
233  bool getMetadataForDBById(const int32_t idIn, DBMetadata& db);
235  Calcite& getCalciteMgr() const { return *calciteMgr_; }
236  const std::string& getCatalogBasePath() const { return basePath_; }
238  std::list<DBMetadata> getAllDBMetadata();
239  std::list<UserMetadata> getAllUserMetadata();
243  std::list<UserMetadata> getAllUserMetadata(const int64_t dbId);
245  void createDBObject(const UserMetadata& user,
246  const std::string& objectName,
248  const Catalog_Namespace::Catalog& catalog,
249  int32_t objectId = -1);
259  void renameDBObject(const std::string& objectName,
260  const std::string& newName,
262  int32_t objectId,
263  const Catalog_Namespace::Catalog& catalog);
264  void grantDBObjectPrivileges(const std::string& grantee,
265  const DBObject& object,
266  const Catalog_Namespace::Catalog& catalog);
267  void grantDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
268  const std::vector<DBObject>& objects,
269  const Catalog_Namespace::Catalog& catalog);
270  void revokeDBObjectPrivileges(const std::string& grantee,
271  const DBObject& object,
272  const Catalog_Namespace::Catalog& catalog);
273  void revokeDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
274  const std::vector<DBObject>& objects,
275  const Catalog_Namespace::Catalog& catalog);
276  void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog* catalog);
278  void revokeDBObjectPrivilegesFromAllBatch(std::vector<DBObject>& objects,
279  Catalog* catalog);
280  void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector<DBObject>& objects,
281  Catalog* catalog);
282  void getDBObjectPrivileges(const std::string& granteeName,
283  DBObject& object,
284  const Catalog_Namespace::Catalog& catalog) const;
285  bool verifyDBObjectOwnership(const UserMetadata& user,
286  DBObject object,
287  const Catalog_Namespace::Catalog& catalog);
297  void changeDBObjectOwnership(const UserMetadata& new_owner,
298  const UserMetadata& previous_owner,
299  DBObject object,
300  const Catalog_Namespace::Catalog& catalog,
301  bool revoke_privileges = true);
302  void createRole(const std::string& roleName,
303  const bool user_private_role,
304  const bool is_temporary = false);
305  void dropRole(const std::string& roleName, const bool is_temporary = false);
306  void grantRoleBatch(const std::vector<std::string>& roles,
307  const std::vector<std::string>& grantees);
308  void grantRole(const std::string& role,
309  const std::string& grantee,
310  const bool is_temporary = false);
311  void revokeRoleBatch(const std::vector<std::string>& roles,
312  const std::vector<std::string>& grantees);
313  void revokeRole(const std::string& role,
314  const std::string& grantee,
315  const bool is_temporary = false);
316  // check if the user has any permissions on all the given objects
317  bool hasAnyPrivileges(const UserMetadata& user, std::vector<DBObject>& privObjects);
318  // check if the user has the requested permissions on all the given objects
319  bool checkPrivileges(const UserMetadata& user,
320  const std::vector<DBObject>& privObjects) const;
321  bool checkPrivileges(const std::string& userName,
322  const std::vector<DBObject>& privObjects) const;
323  Grantee* getGrantee(const std::string& name) const;
324  Role* getRoleGrantee(const std::string& name) const;
325  User* getUserGrantee(const std::string& name) const;
326  std::vector<ObjectRoleDescriptor*> getMetadataForObject(int32_t dbId,
327  int32_t dbType,
328  int32_t objectId) const;
329  std::vector<ObjectRoleDescriptor> getMetadataForAllObjects() const;
330  bool isRoleGrantedToGrantee(const std::string& granteeName,
331  const std::string& roleName,
332  bool only_direct) const;
333  std::vector<std::string> getRoles(const std::string& user_name, bool effective = true);
334  std::vector<std::string> getRoles(bool include_user_private_role,
335  bool is_super,
336  const std::string& user_name,
337  bool ignore_deleted_user = false);
338  std::vector<std::string> getRoles(const std::string& userName, const int32_t dbId);
339  // Get all roles that have been created, even roles that have not been assigned to other
340  // users or roles.
341  std::set<std::string> getCreatedRoles() const;
342  bool isAggregator() const { return aggregator_; }
343  static SysCatalog& instance() {
345  if (!instance_) {
346  instance_.reset(new SysCatalog());
347  }
348  return *instance_;
349  }
350 
351  static void destroy() {
353  instance_.reset();
355  }
356 
357  void populateRoleDbObjects(const std::vector<DBObject>& objects);
358  std::string name() const { return shared::kSystemCatalogName; }
361  void syncUserWithRemoteProvider(const std::string& user_name,
362  std::vector<std::string> idp_roles,
363  UserAlterations alts);
364  std::unordered_map<std::string, std::vector<std::string>> getGranteesOfSharedDashboards(
365  const std::vector<std::string>& dashboard_ids);
366  void check_for_session_encryption(const std::string& pki_cert, std::string& session);
367  std::vector<Catalog*> getCatalogsForAllDbs();
368 
369  std::shared_ptr<Catalog> getDummyCatalog() { return dummyCatalog_; }
370 
371  std::shared_ptr<Catalog> getCatalog(const std::string& dbName);
372  std::shared_ptr<Catalog> getCatalog(const int32_t db_id);
373  std::shared_ptr<Catalog> getCatalog(const DBMetadata& curDB, bool is_new_db);
374 
375  void removeCatalog(const std::string& dbName);
376 
377  virtual ~SysCatalog();
378 
389  const std::map<int32_t, std::vector<DBObject>>& old_owner_db_objects,
390  int32_t new_owner_id,
391  const Catalog_Namespace::Catalog& catalog);
392 
393  bool hasExecutedMigration(const std::string& migration_name) const;
395 
396  private:
397  using GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>;
399  std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>;
400 
401  SysCatalog();
402 
403  void initDB();
404  void buildMaps(bool is_new_db = false);
405  void buildMapsUnlocked(bool is_new_db = false);
406  void buildRoleMapUnlocked();
412  void createRoles();
413  void fixRolesMigration();
414  void addAdminUserRole();
415  void migratePrivileges();
416  void migratePrivileged_old();
417  void updateUserSchema();
422  void loginImpl(std::string& username,
423  const std::string& password,
424  UserMetadata& user_meta);
425  bool checkPasswordForUserImpl(const std::string& passwd,
426  std::string& name,
427  UserMetadata& user);
428 
430 
431  struct UpdateQuery {
432  std::string query;
433  std::vector<std::string> text_params;
434  };
435  using UpdateQueries = std::list<UpdateQuery>;
436  void runUpdateQueriesAndChangeOwnership(const UserMetadata& new_owner,
437  const UserMetadata& previous_owner,
438  DBObject object,
439  const Catalog_Namespace::Catalog& catalog,
440  const UpdateQueries& update_queries,
441  bool revoke_privileges = true);
442 
443  // Here go functions not wrapped into transactions (necessary for nested calls)
444  void grantDefaultPrivilegesToRole_unsafe(const std::string& name, bool issuper);
445  void createRole_unsafe(const std::string& roleName,
446  const bool userPrivateRole,
447  const bool is_temporary);
448  void dropRole_unsafe(const std::string& roleName, const bool is_temporary);
449  void grantRoleBatch_unsafe(const std::vector<std::string>& roles,
450  const std::vector<std::string>& grantees);
451  void grantRole_unsafe(const std::string& roleName,
452  const std::string& granteeName,
453  const bool is_temporary);
454  void revokeRoleBatch_unsafe(const std::vector<std::string>& roles,
455  const std::vector<std::string>& grantees);
456  void revokeRole_unsafe(const std::string& roleName,
457  const std::string& granteeName,
458  const bool is_temporary);
459  void updateObjectDescriptorMap(const std::string& roleName,
460  DBObject& object,
461  bool roleType,
463  void deleteObjectDescriptorMap(const std::string& roleName);
464  void deleteObjectDescriptorMap(const std::string& roleName,
465  DBObject& object,
467  void grantDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
468  const std::vector<DBObject>& objects,
469  const Catalog_Namespace::Catalog& catalog);
470  void grantDBObjectPrivileges_unsafe(const std::string& granteeName,
471  const DBObject object,
472  const Catalog_Namespace::Catalog& catalog);
473  void revokeDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
474  const std::vector<DBObject>& objects,
475  const Catalog_Namespace::Catalog& catalog);
476  void revokeDBObjectPrivileges_unsafe(const std::string& granteeName,
477  DBObject object,
478  const Catalog_Namespace::Catalog& catalog);
479  void grantAllOnDatabase_unsafe(const std::string& roleName,
480  DBObject& object,
481  const Catalog_Namespace::Catalog& catalog);
482  void revokeAllOnDatabase_unsafe(const std::string& roleName,
483  int32_t dbId,
484  Grantee* grantee);
485  bool isDashboardSystemRole(const std::string& roleName) const;
486  void updateUserRoleName(const std::string& roleName, const std::string& newName);
487  void getMetadataWithDefaultDB(std::string& dbname,
488  const std::string& username,
490  UserMetadata& user_meta);
496  bool allowLocalLogin() const;
497 
498  template <typename F, typename... Args>
499  void execInTransaction(F&& f, Args&&... args);
500 
502  void recordExecutedMigration(const std::string& migration_name) const;
503  bool hasVersionHistoryTable() const;
504  void createVersionHistoryTable() const;
505 
506  std::string basePath_;
509  std::unique_ptr<SqliteConnector> sqliteConnector_;
510 
511  std::shared_ptr<Data_Namespace::DataMgr> dataMgr_;
512  std::unique_ptr<PkiServer> pki_server_;
514  std::shared_ptr<Calcite> calciteMgr_;
515  std::vector<LeafHostInfo> string_dict_hosts_;
518 
519  // contains a map of all the catalog within this system
520  // it is lazy loaded
521  // std::map<std::string, std::shared_ptr<Catalog>> cat_map_;
522  using dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>;
524 
525  static std::mutex instance_mutex_;
526  static std::unique_ptr<SysCatalog> instance_;
527 
528  // Flag used to indicate whether this SysCatalog instance has been initialized. This is
529  // currently used in tests to ensure that QueryRunner and DBHandlerTestFixture are not
530  // re-initializing SysCatalog.
531  bool is_initialized_{false};
532 
533  public:
534  mutable std::unique_ptr<heavyai::DistributedSharedMutex> dcatalogMutex_;
535  mutable std::unique_ptr<heavyai::DistributedSharedMutex> dsqliteMutex_;
536  mutable std::mutex sqliteMutex_;
538  mutable std::atomic<std::thread::id> thread_holding_sqlite_lock;
539  mutable std::atomic<std::thread::id> thread_holding_write_lock;
540  static thread_local bool thread_holds_read_lock;
541  // used by catalog when initially creating a catalog instance
542  std::shared_ptr<Catalog> dummyCatalog_;
543  std::unordered_map<std::string, std::shared_ptr<UserMetadata>> temporary_users_by_name_;
544  std::unordered_map<int32_t, std::shared_ptr<UserMetadata>> temporary_users_by_id_;
546 };
547 
548 const TableDescriptor* get_metadata_for_table(const ::shared::TableKey& table_key,
549  bool populate_fragmenter = true);
550 
552 } // namespace Catalog_Namespace
553 
554 #endif // SYS_CATALOG_H
std::optional< std::string > passwd
Definition: SysCatalog.h:117
std::optional< DBMetadata > getDB(std::string const &dbname)
Definition: SysCatalog.h:215
std::multimap< std::string, std::unique_ptr< ObjectRoleDescriptor >> ObjectRoleDescriptorMap
Definition: SysCatalog.h:399
void recordExecutedMigration(const std::string &migration_name) const
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
void buildMaps(bool is_new_db=false)
Definition: SysCatalog.cpp:243
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
std::tuple< int, std::string > ColumnKey
Definition: Types.h:37
void dropUserUnchecked(const std::string &name, const UserMetadata &user)
std::vector< Catalog * > getCatalogsForAllDbs()
std::string cat(Ts &&...args)
auto duplicateAndRenameCatalog(std::string const &current_name, std::string const &new_name)
Definition: SysCatalog.cpp:174
SqliteConnector * getSqliteConnector()
Definition: SysCatalog.h:237
std::optional< std::string > default_db
Definition: SysCatalog.h:119
class for a per-database catalog. also includes metadata for the current database and the current use...
Definition: Catalog.h:143
void changeDBObjectOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)
DBObjectType
Definition: DBObject.h:40
std::set< std::string > getCreatedRoles() const
void grantRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
void revokeRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
void load(Archive &ar, ExplainedQueryHint &query_hint, const unsigned int version)
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
std::optional< UserMetadata > getUser(std::string const &uname)
Definition: SysCatalog.h:203
UserMetadata(UserMetadata const &user_meta)
Definition: SysCatalog.h:84
void checkDuplicateCaseInsensitiveDbNames() const
Definition: SysCatalog.cpp:900
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog *catalog)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
void removeCatalog(const std::string &dbName)
std::string name() const
Definition: SysCatalog.h:358
static std::unique_ptr< SysCatalog > instance_
Definition: SysCatalog.h:526
std::atomic< std::thread::id > thread_holding_sqlite_lock
Definition: SysCatalog.h:538
void checkDropRenderGroupColumnsMigration() const
UserMetadata & operator=(UserMetadata const &user_meta)
Definition: SysCatalog.h:92
void createRole(const std::string &roleName, const bool user_private_role, const bool is_temporary=false)
const TableDescriptor * get_metadata_for_table(const ::shared::TableKey &table_key, bool populate_fragmenter)
const std::string kSystemCatalogName
std::shared_ptr< Catalog > getDummyCatalog()
Definition: SysCatalog.h:369
const ColumnDescriptor * get_metadata_for_column(const ::shared::ColumnKey &column_key)
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:508
void changeDatabaseOwner(std::string const &dbname, const std::string &new_owner)
Definition: Grantee.h:75
Grantee * getGrantee(const std::string &name) const
void dropDatabase(const DBMetadata &db)
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
Definition: SysCatalog.cpp:949
Definition: Grantee.h:81
std::vector< ObjectRoleDescriptor > getMetadataForAllObjects() const
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
void reassignObjectOwners(const std::map< int32_t, std::vector< DBObject >> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)
std::string toString(bool hide_password=true) const
std::list< UpdateQuery > UpdateQueries
Definition: SysCatalog.h:435
void init(const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
Definition: SysCatalog.cpp:191
std::optional< bool > is_super
Definition: SysCatalog.h:118
void createDBObject(const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
void dropUser(const std::string &name, bool if_exists=false)
std::vector< std::string > text_params
Definition: SysCatalog.h:433
void getDBObjectPrivileges(const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
bool hasVersionHistoryTable() const
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void grantRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:512
void revokeDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
const AuthMetadata * authMetadata_
Definition: SysCatalog.h:513
static std::mutex instance_mutex_
Definition: SysCatalog.h:525
void grantRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
Data_Namespace::DataMgr & getDataMgr() const
Definition: SysCatalog.h:234
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
void renameDBObject(const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)
static SysCatalog & instance()
Definition: SysCatalog.h:343
auto assembleCatalogName(std::string const &name)
Definition: SysCatalog.cpp:162
bool wouldChange(UserMetadata const &user_meta) const
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::string g_base_path
Definition: SysCatalog.cpp:62
const std::string & getCatalogBasePath() const
Definition: SysCatalog.h:236
tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >> dbid_to_cat_map
Definition: SysCatalog.h:522
heavyai::shared_mutex sharedMutex_
Definition: SysCatalog.h:537
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:543
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)
std::shared_ptr< Catalog > login(std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
Definition: SysCatalog.cpp:923
void revokeRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
void revokeRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:511
UserMetadata createUser(std::string const &name, UserAlterations alts, bool is_temporary)
Definition: SysCatalog.cpp:987
std::unique_lock< T > unique_lock
DBSummaryList getDatabaseListForUser(const UserMetadata &user)
std::shared_ptr< Catalog > switchDatabase(std::string &dbname, const std::string &username)
Definition: SysCatalog.cpp:957
Role * getRoleGrantee(const std::string &name) const
std::optional< UserMetadata > getUser(int32_t const uid)
Definition: SysCatalog.h:209
void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector< DBObject > &objects, Catalog *catalog)
User * getUserGrantee(const std::string &name) const
void grantDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void grantDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
specifies the content in-memory of a row in the column metadata table
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:509
CommonFileOperations(std::string const &base_path)
Definition: SysCatalog.h:149
void updateUserRoleName(const std::string &roleName, const std::string &newName)
std::list< UserMetadata > getAllUserMetadata()
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)
const int32_t kTempUserIdRange
void dropRole_unsafe(const std::string &roleName, const bool is_temporary)
std::unique_ptr< heavyai::DistributedSharedMutex > dsqliteMutex_
Definition: SysCatalog.h:535
void check_for_session_encryption(const std::string &pki_cert, std::string &session)
Definition: SysCatalog.cpp:979
void renameUser(std::string const &old_name, std::string const &new_name)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
bool hasAnyPrivileges(const UserMetadata &user, std::vector< DBObject > &privObjects)
void deleteObjectDescriptorMap(const std::string &roleName)
void removeCatalogByName(std::string const &name)
Definition: SysCatalog.cpp:170
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
std::unordered_map< int32_t, std::shared_ptr< UserMetadata > > temporary_users_by_id_
Definition: SysCatalog.h:544
void syncUserWithRemoteProvider(const std::string &user_name, std::vector< std::string > idp_roles, UserAlterations alts)
void dropRole(const std::string &roleName, const bool is_temporary=false)
void createVersionHistoryTable() const
std::list< DBMetadata > getAllDBMetadata()
void renameDatabase(std::string const &old_name, std::string const &new_name)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
void buildMapsUnlocked(bool is_new_db=false)
Definition: SysCatalog.cpp:250
torch::Tensor f(torch::Tensor x, torch::Tensor W_target, torch::Tensor b_target)
bool verifyDBObjectOwnership(const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:515
std::optional< bool > can_login
Definition: SysCatalog.h:120
std::unique_ptr< heavyai::DistributedSharedMutex > dcatalogMutex_
Definition: SysCatalog.h:534
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:514
std::unordered_map< std::string, std::vector< std::string > > getGranteesOfSharedDashboards(const std::vector< std::string > &dashboard_ids)
void runUpdateQueriesAndChangeOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, const UpdateQueries &update_queries, bool revoke_privileges=true)
std::list< DBSummary > DBSummaryList
Definition: SysCatalog.h:145
void populateRoleDbObjects(const std::vector< DBObject > &objects)
static thread_local bool thread_holds_read_lock
Definition: SysCatalog.h:540
void grantDefaultPrivilegesToRole_unsafe(const std::string &name, bool issuper)
std::optional< DBMetadata > getDB(int32_t const dbid)
Definition: SysCatalog.h:221
Calcite & getCalciteMgr() const
Definition: SysCatalog.h:235
bool isDashboardSystemRole(const std::string &roleName) const
string name
Definition: setup.in.py:72
constexpr double n
Definition: Utm.h:38
std::shared_timed_mutex shared_mutex
bool hasExecutedMigration(const std::string &migration_name) const
std::map< std::string, std::unique_ptr< Grantee >> GranteeMap
Definition: SysCatalog.h:397
std::string userLoggable() const
Definition: SysCatalog.cpp:158
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
void createDatabase(const std::string &dbname, int owner)
UserMetadata alterUser(std::string const &name, UserAlterations alts)
std::shared_ptr< Catalog > dummyCatalog_
Definition: SysCatalog.h:542
void removeCatalogByFullPath(std::string const &full_path)
Definition: SysCatalog.cpp:166
std::vector< ObjectRoleDescriptor * > getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
std::vector< std::string > getRoles(const std::string &user_name, bool effective=true)
std::atomic< bool > isSuper
Definition: SysCatalog.h:107
bool getMetadataForDB(const std::string &name, DBMetadata &db)
void revokeDBObjectPrivilegesFromAllBatch(std::vector< DBObject > &objects, Catalog *catalog)
UserMetadata(int32_t u, const std::string &n, const std::string &p, bool s, int32_t d, bool l, bool t)
Definition: SysCatalog.h:69
std::atomic< std::thread::id > thread_holding_write_lock
Definition: SysCatalog.h:539