OmniSciDB  ca0c39ec8f
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
SysCatalog.h
Go to the documentation of this file.
1 /*
2  * Copyright 2022 HEAVY.AI, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
28 #ifndef SYS_CATALOG_H
29 #define SYS_CATALOG_H
30 
31 #include <atomic>
32 #include <cstdint>
33 #include <ctime>
34 #include <limits>
35 #include <list>
36 #include <map>
37 #include <mutex>
38 #include <string>
39 #include <unordered_map>
40 #include <utility>
41 #include <vector>
42 
43 #include "tbb/concurrent_hash_map.h"
44 
45 #include "Grantee.h"
46 #include "ObjectRoleDescriptor.h"
47 #include "PkiServer.h"
48 
49 #include "Calcite/Calcite.h"
50 #include "DataMgr/DataMgr.h"
51 #include "LeafHostInfo.h"
54 #include "Shared/SysDefinitions.h"
57 
58 class Calcite;
59 
60 extern std::string g_base_path;
61 
62 namespace Catalog_Namespace {
63 
64 /*
65  * @type UserMetadata
66  * @brief metadata for a db user
67  */
68 struct UserMetadata {
69  UserMetadata(int32_t u,
70  const std::string& n,
71  const std::string& p,
72  bool s,
73  int32_t d,
74  bool l,
75  bool t)
76  : userId(u)
77  , userName(n)
78  , passwd_hash(p)
79  , isSuper(s)
80  , defaultDbId(d)
81  , can_login(l)
82  , is_temporary(t) {}
84  UserMetadata(UserMetadata const& user_meta)
85  : UserMetadata(user_meta.userId,
86  user_meta.userName,
87  user_meta.passwd_hash,
88  user_meta.isSuper.load(),
89  user_meta.defaultDbId,
90  user_meta.can_login,
91  user_meta.is_temporary) {}
92  UserMetadata& operator=(UserMetadata const& user_meta) {
93  if (this != &user_meta) {
94  userId = user_meta.userId;
95  userName = user_meta.userName;
96  passwd_hash = user_meta.passwd_hash;
97  isSuper.store(user_meta.isSuper.load());
98  defaultDbId = user_meta.defaultDbId;
99  can_login = user_meta.can_login;
100  is_temporary = user_meta.is_temporary;
101  }
102  return *this;
103  }
104  int32_t userId;
105  std::string userName;
106  std::string passwd_hash;
107  std::atomic<bool> isSuper{false};
108  int32_t defaultDbId{-1};
109  bool can_login{true};
110  bool is_temporary{false};
111 
112  // Return a string that is safe to log for the username based on --log-user-id.
113  std::string userLoggable() const;
114 };
115 
117  std::optional<std::string> passwd;
118  std::optional<bool> is_super;
119  std::optional<std::string> default_db;
120  std::optional<bool> can_login;
121 
122  bool wouldChange(UserMetadata const& user_meta) const;
123  std::string toString(bool hide_password = true) const;
124 };
125 
126 /*
127  * @type DBMetadata
128  * @brief metadata for a database
129  */
130 struct DBMetadata {
131  DBMetadata() : dbId(0), dbOwner(0) {}
132  int32_t dbId;
133  std::string dbName;
134  int32_t dbOwner;
135 };
136 
137 /*
138  * @type DBSummary
139  * @brief summary info for a database
140  */
141 struct DBSummary {
142  std::string dbName;
143  std::string dbOwnerName;
144 };
145 using DBSummaryList = std::list<DBSummary>;
146 
148  public:
149  CommonFileOperations(std::string const& base_path) : base_path_(base_path) {}
150 
151  inline void removeCatalogByFullPath(std::string const& full_path);
152  inline void removeCatalogByName(std::string const& name);
153  inline auto duplicateAndRenameCatalog(std::string const& current_name,
154  std::string const& new_name);
155  inline auto assembleCatalogName(std::string const& name);
156 
157  private:
158  std::string const& base_path_;
159 };
160 
161 /*
162  * @type SysCatalog
163  * @brief class for the system-wide catalog, currently containing user and database
164  * metadata
165  */
167  public:
168  void init(const std::string& basePath,
169  std::shared_ptr<Data_Namespace::DataMgr> dataMgr,
170  const AuthMetadata& authMetadata,
171  std::shared_ptr<Calcite> calcite,
172  bool is_new_db,
173  bool aggregator,
174  const std::vector<LeafHostInfo>& string_dict_hosts);
175 
181  std::shared_ptr<Catalog> login(std::string& db,
182  std::string& username,
183  const std::string& password,
184  UserMetadata& user_meta,
185  bool check_password = true);
186  std::shared_ptr<Catalog> switchDatabase(std::string& dbname,
187  const std::string& username);
188  UserMetadata createUser(std::string const& name,
189  UserAlterations alts,
190  bool is_temporary);
191  void dropUser(const std::string& name);
192  // TODO(Misiu): This method is needed only by tests and should otherwise be private and
193  // accessed via friendship.
194  void dropUserUnchecked(const std::string& name, const UserMetadata& user);
195  UserMetadata alterUser(std::string const& name, UserAlterations alts);
196  void renameUser(std::string const& old_name, std::string const& new_name);
197  void createDatabase(const std::string& dbname, int owner);
198  void renameDatabase(std::string const& old_name, std::string const& new_name);
199  void changeDatabaseOwner(std::string const& dbname, const std::string& new_owner);
200  void dropDatabase(const DBMetadata& db);
201  std::optional<UserMetadata> getUser(std::string const& uname) {
202  if (UserMetadata user; getMetadataForUser(uname, user)) {
203  return user;
204  }
205  return {};
206  }
207  std::optional<UserMetadata> getUser(int32_t const uid) {
208  if (UserMetadata user; getMetadataForUserById(uid, user)) {
209  return user;
210  }
211  return {};
212  }
213  std::optional<DBMetadata> getDB(std::string const& dbname) {
214  if (DBMetadata db; getMetadataForDB(dbname, db)) {
215  return db;
216  }
217  return {};
218  }
219  std::optional<DBMetadata> getDB(int32_t const dbid) {
220  if (DBMetadata db; getMetadataForDBById(dbid, db)) {
221  return db;
222  }
223  return {};
224  }
225  bool getMetadataForUser(const std::string& name, UserMetadata& user);
226  bool getMetadataForUserById(const int32_t idIn, UserMetadata& user);
227  bool checkPasswordForUser(const std::string& passwd,
228  std::string& name,
229  UserMetadata& user);
230  bool getMetadataForDB(const std::string& name, DBMetadata& db);
231  bool getMetadataForDBById(const int32_t idIn, DBMetadata& db);
233  Calcite& getCalciteMgr() const { return *calciteMgr_; }
234  const std::string& getCatalogBasePath() const { return basePath_; }
236  std::list<DBMetadata> getAllDBMetadata();
237  std::list<UserMetadata> getAllUserMetadata();
241  std::list<UserMetadata> getAllUserMetadata(const int64_t dbId);
243  void createDBObject(const UserMetadata& user,
244  const std::string& objectName,
246  const Catalog_Namespace::Catalog& catalog,
247  int32_t objectId = -1);
257  void renameDBObject(const std::string& objectName,
258  const std::string& newName,
260  int32_t objectId,
261  const Catalog_Namespace::Catalog& catalog);
262  void grantDBObjectPrivileges(const std::string& grantee,
263  const DBObject& object,
264  const Catalog_Namespace::Catalog& catalog);
265  void grantDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
266  const std::vector<DBObject>& objects,
267  const Catalog_Namespace::Catalog& catalog);
268  void revokeDBObjectPrivileges(const std::string& grantee,
269  const DBObject& object,
270  const Catalog_Namespace::Catalog& catalog);
271  void revokeDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
272  const std::vector<DBObject>& objects,
273  const Catalog_Namespace::Catalog& catalog);
274  void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog* catalog);
276  void revokeDBObjectPrivilegesFromAllBatch(std::vector<DBObject>& objects,
277  Catalog* catalog);
278  void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector<DBObject>& objects,
279  Catalog* catalog);
280  void getDBObjectPrivileges(const std::string& granteeName,
281  DBObject& object,
282  const Catalog_Namespace::Catalog& catalog) const;
283  bool verifyDBObjectOwnership(const UserMetadata& user,
284  DBObject object,
285  const Catalog_Namespace::Catalog& catalog);
295  void changeDBObjectOwnership(const UserMetadata& new_owner,
296  const UserMetadata& previous_owner,
297  DBObject object,
298  const Catalog_Namespace::Catalog& catalog,
299  bool revoke_privileges = true);
300  void createRole(const std::string& roleName,
301  const bool user_private_role,
302  const bool is_temporary = false);
303  void dropRole(const std::string& roleName, const bool is_temporary = false);
304  void grantRoleBatch(const std::vector<std::string>& roles,
305  const std::vector<std::string>& grantees);
306  void grantRole(const std::string& role,
307  const std::string& grantee,
308  const bool is_temporary = false);
309  void revokeRoleBatch(const std::vector<std::string>& roles,
310  const std::vector<std::string>& grantees);
311  void revokeRole(const std::string& role,
312  const std::string& grantee,
313  const bool is_temporary = false);
314  // check if the user has any permissions on all the given objects
315  bool hasAnyPrivileges(const UserMetadata& user, std::vector<DBObject>& privObjects);
316  // check if the user has the requested permissions on all the given objects
317  bool checkPrivileges(const UserMetadata& user,
318  const std::vector<DBObject>& privObjects) const;
319  bool checkPrivileges(const std::string& userName,
320  const std::vector<DBObject>& privObjects) const;
321  Grantee* getGrantee(const std::string& name) const;
322  Role* getRoleGrantee(const std::string& name) const;
323  User* getUserGrantee(const std::string& name) const;
324  std::vector<ObjectRoleDescriptor*> getMetadataForObject(int32_t dbId,
325  int32_t dbType,
326  int32_t objectId) const;
327  std::vector<ObjectRoleDescriptor> getMetadataForAllObjects() const;
328  bool isRoleGrantedToGrantee(const std::string& granteeName,
329  const std::string& roleName,
330  bool only_direct) const;
331  std::vector<std::string> getRoles(const std::string& user_name, bool effective = true);
332  std::vector<std::string> getRoles(bool include_user_private_role,
333  bool is_super,
334  const std::string& user_name,
335  bool ignore_deleted_user = false);
336  std::vector<std::string> getRoles(const std::string& userName, const int32_t dbId);
337  // Get all roles that have been created, even roles that have not been assigned to other
338  // users or roles.
339  std::set<std::string> getCreatedRoles() const;
340  bool isAggregator() const { return aggregator_; }
341  static SysCatalog& instance() {
343  if (!instance_) {
344  instance_.reset(new SysCatalog());
345  }
346  return *instance_;
347  }
348 
349  static void destroy() {
351  instance_.reset();
353  }
354 
355  void populateRoleDbObjects(const std::vector<DBObject>& objects);
356  std::string name() const { return shared::kSystemCatalogName; }
359  void syncUserWithRemoteProvider(const std::string& user_name,
360  std::vector<std::string> idp_roles,
361  UserAlterations alts);
362  std::unordered_map<std::string, std::vector<std::string>> getGranteesOfSharedDashboards(
363  const std::vector<std::string>& dashboard_ids);
364  void check_for_session_encryption(const std::string& pki_cert, std::string& session);
365  std::vector<Catalog*> getCatalogsForAllDbs();
366 
367  std::shared_ptr<Catalog> getCatalog(const std::string& dbName);
368  std::shared_ptr<Catalog> getCatalog(const int32_t db_id);
369  std::shared_ptr<Catalog> getCatalog(const DBMetadata& curDB, bool is_new_db);
370 
371  void removeCatalog(const std::string& dbName);
372 
373  virtual ~SysCatalog();
374 
385  const std::map<int32_t, std::vector<DBObject>>& old_owner_db_objects,
386  int32_t new_owner_id,
387  const Catalog_Namespace::Catalog& catalog);
388 
389  bool hasExecutedMigration(const std::string& migration_name) const;
390 
391  private:
392  using GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>;
394  std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>;
395 
396  SysCatalog();
397 
398  void initDB();
399  void buildMaps(bool is_new_db = false);
400  void buildMapsUnlocked(bool is_new_db = false);
401  void buildRoleMapUnlocked();
407  void createRoles();
408  void fixRolesMigration();
409  void addAdminUserRole();
410  void migratePrivileges();
411  void migratePrivileged_old();
412  void updateUserSchema();
417  void loginImpl(std::string& username,
418  const std::string& password,
419  UserMetadata& user_meta);
420  bool checkPasswordForUserImpl(const std::string& passwd,
421  std::string& name,
422  UserMetadata& user);
423 
424  struct UpdateQuery {
425  std::string query;
426  std::vector<std::string> text_params;
427  };
428  using UpdateQueries = std::list<UpdateQuery>;
429  void runUpdateQueriesAndChangeOwnership(const UserMetadata& new_owner,
430  const UserMetadata& previous_owner,
431  DBObject object,
432  const Catalog_Namespace::Catalog& catalog,
433  const UpdateQueries& update_queries,
434  bool revoke_privileges = true);
435 
436  // Here go functions not wrapped into transactions (necessary for nested calls)
437  void grantDefaultPrivilegesToRole_unsafe(const std::string& name, bool issuper);
438  void createRole_unsafe(const std::string& roleName,
439  const bool userPrivateRole,
440  const bool is_temporary);
441  void dropRole_unsafe(const std::string& roleName, const bool is_temporary);
442  void grantRoleBatch_unsafe(const std::vector<std::string>& roles,
443  const std::vector<std::string>& grantees);
444  void grantRole_unsafe(const std::string& roleName,
445  const std::string& granteeName,
446  const bool is_temporary);
447  void revokeRoleBatch_unsafe(const std::vector<std::string>& roles,
448  const std::vector<std::string>& grantees);
449  void revokeRole_unsafe(const std::string& roleName,
450  const std::string& granteeName,
451  const bool is_temporary);
452  void updateObjectDescriptorMap(const std::string& roleName,
453  DBObject& object,
454  bool roleType,
456  void deleteObjectDescriptorMap(const std::string& roleName);
457  void deleteObjectDescriptorMap(const std::string& roleName,
458  DBObject& object,
460  void grantDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
461  const std::vector<DBObject>& objects,
462  const Catalog_Namespace::Catalog& catalog);
463  void grantDBObjectPrivileges_unsafe(const std::string& granteeName,
464  const DBObject object,
465  const Catalog_Namespace::Catalog& catalog);
466  void revokeDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
467  const std::vector<DBObject>& objects,
468  const Catalog_Namespace::Catalog& catalog);
469  void revokeDBObjectPrivileges_unsafe(const std::string& granteeName,
470  DBObject object,
471  const Catalog_Namespace::Catalog& catalog);
472  void grantAllOnDatabase_unsafe(const std::string& roleName,
473  DBObject& object,
474  const Catalog_Namespace::Catalog& catalog);
475  void revokeAllOnDatabase_unsafe(const std::string& roleName,
476  int32_t dbId,
477  Grantee* grantee);
478  bool isDashboardSystemRole(const std::string& roleName) const;
479  void updateUserRoleName(const std::string& roleName, const std::string& newName);
480  void getMetadataWithDefaultDB(std::string& dbname,
481  const std::string& username,
483  UserMetadata& user_meta);
489  bool allowLocalLogin() const;
490 
491  template <typename F, typename... Args>
492  void execInTransaction(F&& f, Args&&... args);
493 
495  void recordExecutedMigration(const std::string& migration_name) const;
496  bool hasVersionHistoryTable() const;
497  void createVersionHistoryTable() const;
498 
499  std::string basePath_;
502  std::unique_ptr<SqliteConnector> sqliteConnector_;
503 
504  std::shared_ptr<Data_Namespace::DataMgr> dataMgr_;
505  std::unique_ptr<PkiServer> pki_server_;
507  std::shared_ptr<Calcite> calciteMgr_;
508  std::vector<LeafHostInfo> string_dict_hosts_;
511 
512  // contains a map of all the catalog within this system
513  // it is lazy loaded
514  // std::map<std::string, std::shared_ptr<Catalog>> cat_map_;
515  using dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>;
517 
518  static std::mutex instance_mutex_;
519  static std::unique_ptr<SysCatalog> instance_;
520 
521  public:
522  mutable std::unique_ptr<heavyai::DistributedSharedMutex> dcatalogMutex_;
523  mutable std::unique_ptr<heavyai::DistributedSharedMutex> dsqliteMutex_;
524  mutable std::mutex sqliteMutex_;
526  mutable std::atomic<std::thread::id> thread_holding_sqlite_lock;
527  mutable std::atomic<std::thread::id> thread_holding_write_lock;
528  static thread_local bool thread_holds_read_lock;
529  // used by catalog when initially creating a catalog instance
530  std::shared_ptr<Catalog> dummyCatalog_;
531  std::unordered_map<std::string, std::shared_ptr<UserMetadata>> temporary_users_by_name_;
532  std::unordered_map<int32_t, std::shared_ptr<UserMetadata>> temporary_users_by_id_;
534 };
535 
536 } // namespace Catalog_Namespace
537 
538 #endif // SYS_CATALOG_H
std::optional< std::string > passwd
Definition: SysCatalog.h:117
std::optional< DBMetadata > getDB(std::string const &dbname)
Definition: SysCatalog.h:213
std::multimap< std::string, std::unique_ptr< ObjectRoleDescriptor >> ObjectRoleDescriptorMap
Definition: SysCatalog.h:394
void recordExecutedMigration(const std::string &migration_name) const
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
void buildMaps(bool is_new_db=false)
Definition: SysCatalog.cpp:208
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void dropUserUnchecked(const std::string &name, const UserMetadata &user)
std::vector< Catalog * > getCatalogsForAllDbs()
void dropUser(const std::string &name)
std::string cat(Ts &&...args)
auto duplicateAndRenameCatalog(std::string const &current_name, std::string const &new_name)
Definition: SysCatalog.cpp:144
SqliteConnector * getSqliteConnector()
Definition: SysCatalog.h:235
std::optional< std::string > default_db
Definition: SysCatalog.h:119
class for a per-database catalog. also includes metadata for the current database and the current use...
Definition: Catalog.h:132
void changeDBObjectOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)
DBObjectType
Definition: DBObject.h:40
std::set< std::string > getCreatedRoles() const
void grantRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
void revokeRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
std::optional< UserMetadata > getUser(std::string const &uname)
Definition: SysCatalog.h:201
UserMetadata(UserMetadata const &user_meta)
Definition: SysCatalog.h:84
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog *catalog)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
void removeCatalog(const std::string &dbName)
std::string name() const
Definition: SysCatalog.h:356
static std::unique_ptr< SysCatalog > instance_
Definition: SysCatalog.h:519
std::atomic< std::thread::id > thread_holding_sqlite_lock
Definition: SysCatalog.h:526
UserMetadata & operator=(UserMetadata const &user_meta)
Definition: SysCatalog.h:92
void createRole(const std::string &roleName, const bool user_private_role, const bool is_temporary=false)
const std::string kSystemCatalogName
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:501
void changeDatabaseOwner(std::string const &dbname, const std::string &new_owner)
Definition: Grantee.h:75
Grantee * getGrantee(const std::string &name) const
void dropDatabase(const DBMetadata &db)
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
Definition: SysCatalog.cpp:889
Definition: Grantee.h:81
std::vector< ObjectRoleDescriptor > getMetadataForAllObjects() const
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
void reassignObjectOwners(const std::map< int32_t, std::vector< DBObject >> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)
std::string toString(bool hide_password=true) const
std::list< UpdateQuery > UpdateQueries
Definition: SysCatalog.h:428
void init(const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
Definition: SysCatalog.cpp:161
std::optional< bool > is_super
Definition: SysCatalog.h:118
void createDBObject(const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
constexpr double f
Definition: Utm.h:31
std::vector< std::string > text_params
Definition: SysCatalog.h:426
void getDBObjectPrivileges(const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
bool hasVersionHistoryTable() const
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void grantRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:505
void revokeDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
const AuthMetadata * authMetadata_
Definition: SysCatalog.h:506
static std::mutex instance_mutex_
Definition: SysCatalog.h:518
void grantRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
Data_Namespace::DataMgr & getDataMgr() const
Definition: SysCatalog.h:232
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
void renameDBObject(const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)
static SysCatalog & instance()
Definition: SysCatalog.h:341
auto assembleCatalogName(std::string const &name)
Definition: SysCatalog.cpp:132
bool wouldChange(UserMetadata const &user_meta) const
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::string g_base_path
Definition: SysCatalog.cpp:62
const std::string & getCatalogBasePath() const
Definition: SysCatalog.h:234
tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >> dbid_to_cat_map
Definition: SysCatalog.h:515
heavyai::shared_mutex sharedMutex_
Definition: SysCatalog.h:525
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:531
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)
std::shared_ptr< Catalog > login(std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
Definition: SysCatalog.cpp:863
void revokeRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
void revokeRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:504
UserMetadata createUser(std::string const &name, UserAlterations alts, bool is_temporary)
Definition: SysCatalog.cpp:927
std::unique_lock< T > unique_lock
DBSummaryList getDatabaseListForUser(const UserMetadata &user)
std::shared_ptr< Catalog > switchDatabase(std::string &dbname, const std::string &username)
Definition: SysCatalog.cpp:897
Role * getRoleGrantee(const std::string &name) const
std::optional< UserMetadata > getUser(int32_t const uid)
Definition: SysCatalog.h:207
void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector< DBObject > &objects, Catalog *catalog)
User * getUserGrantee(const std::string &name) const
void grantDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void grantDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:502
CommonFileOperations(std::string const &base_path)
Definition: SysCatalog.h:149
void updateUserRoleName(const std::string &roleName, const std::string &newName)
std::list< UserMetadata > getAllUserMetadata()
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)
const int32_t kTempUserIdRange
void dropRole_unsafe(const std::string &roleName, const bool is_temporary)
std::unique_ptr< heavyai::DistributedSharedMutex > dsqliteMutex_
Definition: SysCatalog.h:523
void check_for_session_encryption(const std::string &pki_cert, std::string &session)
Definition: SysCatalog.cpp:919
void renameUser(std::string const &old_name, std::string const &new_name)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
bool hasAnyPrivileges(const UserMetadata &user, std::vector< DBObject > &privObjects)
void deleteObjectDescriptorMap(const std::string &roleName)
void removeCatalogByName(std::string const &name)
Definition: SysCatalog.cpp:140
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
std::unordered_map< int32_t, std::shared_ptr< UserMetadata > > temporary_users_by_id_
Definition: SysCatalog.h:532
void syncUserWithRemoteProvider(const std::string &user_name, std::vector< std::string > idp_roles, UserAlterations alts)
void dropRole(const std::string &roleName, const bool is_temporary=false)
void createVersionHistoryTable() const
std::list< DBMetadata > getAllDBMetadata()
void renameDatabase(std::string const &old_name, std::string const &new_name)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
void buildMapsUnlocked(bool is_new_db=false)
Definition: SysCatalog.cpp:215
bool verifyDBObjectOwnership(const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:508
std::optional< bool > can_login
Definition: SysCatalog.h:120
std::unique_ptr< heavyai::DistributedSharedMutex > dcatalogMutex_
Definition: SysCatalog.h:522
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:507
std::unordered_map< std::string, std::vector< std::string > > getGranteesOfSharedDashboards(const std::vector< std::string > &dashboard_ids)
void runUpdateQueriesAndChangeOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, const UpdateQueries &update_queries, bool revoke_privileges=true)
std::list< DBSummary > DBSummaryList
Definition: SysCatalog.h:145
void populateRoleDbObjects(const std::vector< DBObject > &objects)
static thread_local bool thread_holds_read_lock
Definition: SysCatalog.h:528
void grantDefaultPrivilegesToRole_unsafe(const std::string &name, bool issuper)
std::optional< DBMetadata > getDB(int32_t const dbid)
Definition: SysCatalog.h:219
Calcite & getCalciteMgr() const
Definition: SysCatalog.h:233
bool isDashboardSystemRole(const std::string &roleName) const
string name
Definition: setup.in.py:72
constexpr double n
Definition: Utm.h:38
std::shared_timed_mutex shared_mutex
bool hasExecutedMigration(const std::string &migration_name) const
std::map< std::string, std::unique_ptr< Grantee >> GranteeMap
Definition: SysCatalog.h:392
std::string userLoggable() const
Definition: SysCatalog.cpp:128
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
void createDatabase(const std::string &dbname, int owner)
UserMetadata alterUser(std::string const &name, UserAlterations alts)
std::shared_ptr< Catalog > dummyCatalog_
Definition: SysCatalog.h:530
void removeCatalogByFullPath(std::string const &full_path)
Definition: SysCatalog.cpp:136
std::vector< ObjectRoleDescriptor * > getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
std::vector< std::string > getRoles(const std::string &user_name, bool effective=true)
std::atomic< bool > isSuper
Definition: SysCatalog.h:107
bool getMetadataForDB(const std::string &name, DBMetadata &db)
void revokeDBObjectPrivilegesFromAllBatch(std::vector< DBObject > &objects, Catalog *catalog)
UserMetadata(int32_t u, const std::string &n, const std::string &p, bool s, int32_t d, bool l, bool t)
Definition: SysCatalog.h:69
std::atomic< std::thread::id > thread_holding_write_lock
Definition: SysCatalog.h:527