Skip to content

Commit

Permalink
Merge branch 'main' of github.com:datastrato/graviton into issue_6570
Browse files Browse the repository at this point in the history
  • Loading branch information
@yuqi1129
yuqi1129 committed Feb 28, 2025
2 parents 3aa3a07 + 9f5f3ee commit afae301
Show file tree
Hide file tree
Showing 27 changed files with 1,543 additions and 1,460 deletions.
108 changes: 87 additions & 21 deletions core/src/main/java/org/apache/gravitino/authorization/AccessControlManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import org.apache.gravitino.Configs;
import org.apache.gravitino.EntityStore;
import org.apache.gravitino.MetadataObject;
import org.apache.gravitino.NameIdentifier;
import org.apache.gravitino.exceptions.GroupAlreadyExistsException;
import org.apache.gravitino.exceptions.IllegalRoleException;
import org.apache.gravitino.exceptions.NoSuchGroupException;
Expand All @@ -34,7 +35,10 @@
import org.apache.gravitino.exceptions.NoSuchUserException;
import org.apache.gravitino.exceptions.RoleAlreadyExistsException;
import org.apache.gravitino.exceptions.UserAlreadyExistsException;
import org.apache.gravitino.lock.LockType;
import org.apache.gravitino.lock.TreeLockUtils;
import org.apache.gravitino.storage.IdGenerator;
import org.apache.gravitino.utils.MetadataObjectUtil;

/**
* AccessControlManager is used for manage users, roles, grant information, this class is an
Expand All @@ -57,78 +61,120 @@ public AccessControlManager(EntityStore store, IdGenerator idGenerator, Config c
@Override
public User addUser(String metalake, String user)
throws UserAlreadyExistsException, NoSuchMetalakeException {
return userGroupManager.addUser(metalake, user);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofUserNamespace(metalake).levels()),
LockType.WRITE,
() -> userGroupManager.addUser(metalake, user));
}

@Override
public boolean removeUser(String metalake, String user) throws NoSuchMetalakeException {
return userGroupManager.removeUser(metalake, user);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofUserNamespace(metalake).levels()),
LockType.WRITE,
() -> userGroupManager.removeUser(metalake, user));
}

@Override
public User getUser(String metalake, String user)
throws NoSuchUserException, NoSuchMetalakeException {
return userGroupManager.getUser(metalake, user);
return TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofUser(metalake, user),
LockType.READ,
() -> userGroupManager.getUser(metalake, user));
}

@Override
public String[] listUserNames(String metalake) throws NoSuchMetalakeException {
return userGroupManager.listUserNames(metalake);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofUserNamespace(metalake).levels()),
LockType.READ,
() -> userGroupManager.listUserNames(metalake));
}

@Override
public User[] listUsers(String metalake) throws NoSuchMetalakeException {
return userGroupManager.listUsers(metalake);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofUserNamespace(metalake).levels()),
LockType.READ,
() -> userGroupManager.listUsers(metalake));
}

public Group addGroup(String metalake, String group)
throws GroupAlreadyExistsException, NoSuchMetalakeException {
return userGroupManager.addGroup(metalake, group);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofGroupNamespace(metalake).levels()),
LockType.WRITE,
() -> userGroupManager.addGroup(metalake, group));
}

@Override
public boolean removeGroup(String metalake, String group) throws NoSuchMetalakeException {
return userGroupManager.removeGroup(metalake, group);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofGroupNamespace(metalake).levels()),
LockType.WRITE,
() -> userGroupManager.removeGroup(metalake, group));
}

@Override
public Group getGroup(String metalake, String group)
throws NoSuchGroupException, NoSuchMetalakeException {
return userGroupManager.getGroup(metalake, group);
return TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofGroup(metalake, group),
LockType.READ,
() -> userGroupManager.getGroup(metalake, group));
}

@Override
public Group[] listGroups(String metalake) throws NoSuchMetalakeException {
return userGroupManager.listGroups(metalake);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofGroupNamespace(metalake).levels()),
LockType.READ,
() -> userGroupManager.listGroups(metalake));
}

@Override
public String[] listGroupNames(String metalake) throws NoSuchMetalakeException {
return userGroupManager.listGroupNames(metalake);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofGroupNamespace(metalake).levels()),
LockType.READ,
() -> userGroupManager.listGroupNames(metalake));
}

@Override
public User grantRolesToUser(String metalake, List<String> roles, String user)
throws NoSuchUserException, IllegalRoleException, NoSuchMetalakeException {
return permissionManager.grantRolesToUser(metalake, roles, user);
return TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofUser(metalake, user),
LockType.WRITE,
() -> permissionManager.grantRolesToUser(metalake, roles, user));
}

@Override
public Group grantRolesToGroup(String metalake, List<String> roles, String group)
throws NoSuchGroupException, IllegalRoleException, NoSuchMetalakeException {
return permissionManager.grantRolesToGroup(metalake, roles, group);
return TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofGroup(metalake, group),
LockType.WRITE,
() -> permissionManager.grantRolesToGroup(metalake, roles, group));
}

@Override
public Group revokeRolesFromGroup(String metalake, List<String> roles, String group)
throws NoSuchGroupException, IllegalRoleException, NoSuchMetalakeException {
return permissionManager.revokeRolesFromGroup(metalake, roles, group);
return TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofGroup(metalake, group),
LockType.WRITE,
() -> permissionManager.revokeRolesFromGroup(metalake, roles, group));
}

@Override
public User revokeRolesFromUser(String metalake, List<String> roles, String user)
throws NoSuchUserException, IllegalRoleException, NoSuchMetalakeException {
return permissionManager.revokeRolesFromUser(metalake, roles, user);
return TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofUser(metalake, user),
LockType.WRITE,
() -> permissionManager.revokeRolesFromUser(metalake, roles, user));
}

@Override
Expand All @@ -143,42 +189,62 @@ public Role createRole(
Map<String, String> properties,
List<SecurableObject> securableObjects)
throws RoleAlreadyExistsException, NoSuchMetalakeException {
return roleManager.createRole(metalake, role, properties, securableObjects);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofRoleNamespace(metalake).levels()),
LockType.WRITE,
() -> roleManager.createRole(metalake, role, properties, securableObjects));
}

@Override
public Role getRole(String metalake, String role)
throws NoSuchRoleException, NoSuchMetalakeException {
return roleManager.getRole(metalake, role);
return TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofRole(metalake, role),
LockType.READ,
() -> roleManager.getRole(metalake, role));
}

@Override
public boolean deleteRole(String metalake, String role) throws NoSuchMetalakeException {
return roleManager.deleteRole(metalake, role);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofRoleNamespace(metalake).levels()),
LockType.WRITE,
() -> roleManager.deleteRole(metalake, role));
}

@Override
public String[] listRoleNames(String metalake) throws NoSuchMetalakeException {
return roleManager.listRoleNames(metalake);
return TreeLockUtils.doWithTreeLock(
NameIdentifier.of(AuthorizationUtils.ofRoleNamespace(metalake).levels()),
LockType.READ,
() -> roleManager.listRoleNames(metalake));
}

@Override
public String[] listRoleNamesByObject(String metalake, MetadataObject object)
throws NoSuchMetalakeException, NoSuchMetadataObjectException {
return roleManager.listRoleNamesByObject(metalake, object);
NameIdentifier identifier = MetadataObjectUtil.toEntityIdent(metalake, object);
return TreeLockUtils.doWithTreeLock(
identifier, LockType.READ, () -> roleManager.listRoleNamesByObject(metalake, object));
}

@Override
public Role grantPrivilegeToRole(
String metalake, String role, MetadataObject object, Set<Privilege> privileges)
throws NoSuchRoleException, NoSuchMetalakeException {
return permissionManager.grantPrivilegesToRole(metalake, role, object, privileges);
return TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofRole(metalake, role),
LockType.WRITE,
() -> permissionManager.grantPrivilegesToRole(metalake, role, object, privileges));
}

@Override
public Role revokePrivilegesFromRole(
String metalake, String role, MetadataObject object, Set<Privilege> privileges)
throws NoSuchRoleException, NoSuchMetalakeException {
return permissionManager.revokePrivilegesFromRole(metalake, role, object, privileges);
return TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofRole(metalake, role),
LockType.WRITE,
() -> permissionManager.revokePrivilegesFromRole(metalake, role, object, privileges));
}
}
24 changes: 14 additions & 10 deletions core/src/main/java/org/apache/gravitino/authorization/OwnerManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,12 +60,12 @@ public OwnerManager(EntityStore store) {

public void setOwner(
String metalake, MetadataObject metadataObject, String ownerName, Owner.Type ownerType) {

NameIdentifier objectIdent = MetadataObjectUtil.toEntityIdent(metalake, metadataObject);
try {
Optional<Owner> originOwner = getOwner(metalake, metadataObject);

NameIdentifier objectIdent = MetadataObjectUtil.toEntityIdent(metalake, metadataObject);
OwnerImpl newOwner = new OwnerImpl();

if (ownerType == Owner.Type.USER) {
NameIdentifier ownerIdent = AuthorizationUtils.ofUser(metalake, ownerName);
TreeLockUtils.doWithTreeLock(
Expand Down Expand Up @@ -129,16 +129,20 @@ public void setOwner(
}

public Optional<Owner> getOwner(String metalake, MetadataObject metadataObject) {
NameIdentifier ident = MetadataObjectUtil.toEntityIdent(metalake, metadataObject);
OwnerImpl owner = new OwnerImpl();
try {
OwnerImpl owner = new OwnerImpl();
NameIdentifier ident = MetadataObjectUtil.toEntityIdent(metalake, metadataObject);
List<? extends Entity> entities =
store
.relationOperations()
.listEntitiesByRelation(
SupportsRelationOperations.Type.OWNER_REL,
ident,
MetadataObjectUtil.toEntityType(metadataObject));
TreeLockUtils.doWithTreeLock(
ident,
LockType.READ,
() ->
store
.relationOperations()
.listEntitiesByRelation(
SupportsRelationOperations.Type.OWNER_REL,
ident,
MetadataObjectUtil.toEntityType(metadataObject)));

if (entities.isEmpty()) {
return Optional.empty();
Expand Down
22 changes: 18 additions & 4 deletions core/src/main/java/org/apache/gravitino/authorization/PermissionManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@
import org.apache.gravitino.exceptions.NoSuchGroupException;
import org.apache.gravitino.exceptions.NoSuchRoleException;
import org.apache.gravitino.exceptions.NoSuchUserException;
import org.apache.gravitino.lock.LockType;
import org.apache.gravitino.lock.TreeLockUtils;
import org.apache.gravitino.meta.AuditInfo;
import org.apache.gravitino.meta.GroupEntity;
import org.apache.gravitino.meta.RoleEntity;
Expand Down Expand Up @@ -67,7 +69,10 @@ User grantRolesToUser(String metalake, List<String> roles, String user) {
try {
List<RoleEntity> roleEntitiesToGrant = Lists.newArrayList();
for (String role : roles) {
roleEntitiesToGrant.add(roleManager.getRole(metalake, role));
TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofRole(metalake, role),
LockType.READ,
() -> roleEntitiesToGrant.add(roleManager.getRole(metalake, role)));
}

User updatedUser =
Expand Down Expand Up @@ -153,7 +158,10 @@ Group grantRolesToGroup(String metalake, List<String> roles, String group) {
try {
List<RoleEntity> roleEntitiesToGrant = Lists.newArrayList();
for (String role : roles) {
roleEntitiesToGrant.add(roleManager.getRole(metalake, role));
TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofRole(metalake, role),
LockType.READ,
() -> roleEntitiesToGrant.add(roleManager.getRole(metalake, role)));
}

Group updatedGroup =
Expand Down Expand Up @@ -239,7 +247,10 @@ Group revokeRolesFromGroup(String metalake, List<String> roles, String group) {
try {
List<RoleEntity> roleEntitiesToRevoke = Lists.newArrayList();
for (String role : roles) {
roleEntitiesToRevoke.add(roleManager.getRole(metalake, role));
TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofRole(metalake, role),
LockType.READ,
() -> roleEntitiesToRevoke.add(roleManager.getRole(metalake, role)));
}

Group updatedGroup =
Expand Down Expand Up @@ -325,7 +336,10 @@ User revokeRolesFromUser(String metalake, List<String> roles, String user) {
try {
List<RoleEntity> roleEntitiesToRevoke = Lists.newArrayList();
for (String role : roles) {
roleEntitiesToRevoke.add(roleManager.getRole(metalake, role));
TreeLockUtils.doWithTreeLock(
AuthorizationUtils.ofRole(metalake, role),
LockType.READ,
() -> roleEntitiesToRevoke.add(roleManager.getRole(metalake, role)));
}

User updatedUser =
Expand Down
Loading

0 comments on commit afae301

Please sign in to comment.