New feature: Privileges for Proxy (apache#9274)

* New feature: Privileges for Proxy * javadoc
wang7x · Feb 2, 2021 · c4ffe96 · c4ffe96
1 parent 05337dc
commit c4ffe96
Show file tree

Hide file tree

Showing 40 changed files with 572 additions and 131 deletions.
diff --git a/...ava/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContexts.java b/...ava/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContexts.java
@@ -19,7 +19,7 @@
 
 import com.google.common.collect.Maps;
 import com.google.common.eventbus.Subscribe;
-import org.apache.shardingsphere.governance.core.event.model.auth.AuthenticationChangedEvent;
+import org.apache.shardingsphere.governance.core.event.model.auth.UserRuleChangedEvent;
 import org.apache.shardingsphere.governance.core.event.model.datasource.DataSourceChangeCompletedEvent;
 import org.apache.shardingsphere.governance.core.event.model.datasource.DataSourceChangedEvent;
 import org.apache.shardingsphere.governance.core.event.model.lock.UnlockEvent;
@@ -34,6 +34,9 @@
 import org.apache.shardingsphere.governance.core.registry.event.PrimaryStateChangedEvent;
 import org.apache.shardingsphere.governance.core.registry.schema.GovernanceSchema;
 import org.apache.shardingsphere.infra.auth.Authentication;
+import org.apache.shardingsphere.infra.auth.ShardingSphereUser;
+import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
+import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
 import org.apache.shardingsphere.infra.config.RuleConfiguration;
 import org.apache.shardingsphere.infra.config.datasource.DataSourceConfiguration;
 import org.apache.shardingsphere.infra.config.datasource.DataSourceConverter;
@@ -62,6 +65,7 @@
 import java.util.LinkedList;
 import java.util.Map;
 import java.util.Map.Entry;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 /**
@@ -199,8 +203,11 @@ public synchronized void renew(final PropertiesChangedEvent event) {
      * @param event authentication changed event
      */
     @Subscribe
-    public synchronized void renew(final AuthenticationChangedEvent event) {
-        metaDataContexts = new StandardMetaDataContexts(metaDataContexts.getMetaDataMap(), metaDataContexts.getExecutorEngine(), event.getAuthentication(), metaDataContexts.getProps());
+    public synchronized void renew(final UserRuleChangedEvent event) {
+        Collection<ShardingSphereUser> users = event.getUsers();
+        DefaultAuthentication authentication = new DefaultAuthentication(getNewUsers(users));
+        authentication.getAuthentication().putAll(getModifiedUsers(users));
+        metaDataContexts = new StandardMetaDataContexts(metaDataContexts.getMetaDataMap(), metaDataContexts.getExecutorEngine(), authentication, metaDataContexts.getProps());
     }
 
     /**
@@ -295,7 +302,7 @@ private ShardingSphereMetaData createAddedMetaData(final MetaDataPersistedEvent
                 governanceFacade.getConfigCenter().loadDataSourceConfigurations(schemaName)));
         MetaDataContextsBuilder metaDataContextsBuilder = new MetaDataContextsBuilder(dataSourcesMap, 
                 Collections.singletonMap(schemaName, governanceFacade.getConfigCenter().loadRuleConfigurations(schemaName)), 
-                metaDataContexts.getAuthentication(), metaDataContexts.getProps().getProps());
+                metaDataContexts.getAuthentication().getAuthentication().keySet(), metaDataContexts.getProps().getProps());
         return metaDataContextsBuilder.build().getMetaDataMap().get(schemaName);
     }
 
@@ -314,7 +321,7 @@ private ShardingSphereMetaData getChangedMetaData(final ShardingSphereMetaData o
 
     private ShardingSphereMetaData getChangedMetaData(final ShardingSphereMetaData oldMetaData, final Collection<RuleConfiguration> ruleConfigs) throws SQLException {
         MetaDataContextsBuilder builder = new MetaDataContextsBuilder(Collections.singletonMap(oldMetaData.getName(), oldMetaData.getResource().getDataSources()),
-                Collections.singletonMap(oldMetaData.getName(), ruleConfigs), metaDataContexts.getAuthentication(), metaDataContexts.getProps().getProps());
+                Collections.singletonMap(oldMetaData.getName(), ruleConfigs), metaDataContexts.getAuthentication().getAuthentication().keySet(), metaDataContexts.getProps().getProps());
         return builder.build().getMetaDataMap().values().iterator().next();
     }
 
@@ -325,8 +332,8 @@ private ShardingSphereMetaData getChangedMetaData(final ShardingSphereMetaData o
         oldMetaData.getResource().close(modifiedDataSources.keySet());
         Map<String, Map<String, DataSource>> dataSourcesMap = Collections.singletonMap(oldMetaData.getName(), 
                 getNewDataSources(oldMetaData.getResource().getDataSources(), getAddedDataSources(oldMetaData, newDataSourceConfigs), modifiedDataSources, deletedDataSources));
-        return new MetaDataContextsBuilder(dataSourcesMap, Collections.singletonMap(oldMetaData.getName(), oldMetaData.getRuleMetaData().getConfigurations()), metaDataContexts.getAuthentication(), 
-                metaDataContexts.getProps().getProps()).build().getMetaDataMap().get(oldMetaData.getName());
+        return new MetaDataContextsBuilder(dataSourcesMap, Collections.singletonMap(oldMetaData.getName(), oldMetaData.getRuleMetaData().getConfigurations()),
+                metaDataContexts.getAuthentication().getAuthentication().keySet(), metaDataContexts.getProps().getProps()).build().getMetaDataMap().get(oldMetaData.getName());
     }
 
     private Map<String, DataSource> getNewDataSources(final Map<String, DataSource> oldDataSources, 
@@ -368,4 +375,17 @@ private Map<String, Map<String, DataSource>> createDataSourcesMap(final Map<Stri
         }
         return result;
     }
+
+    private Collection<ShardingSphereUser> getNewUsers(final Collection<ShardingSphereUser> users) {
+        return users.stream().filter(each -> !metaDataContexts.getAuthentication().findUser(each.getGrantee()).isPresent()).collect(Collectors.toList());
+    }
+
+    private Map<ShardingSphereUser, ShardingSpherePrivilege> getModifiedUsers(final Collection<ShardingSphereUser> users) {
+        Map<ShardingSphereUser, ShardingSpherePrivilege> result = new LinkedHashMap<>();
+        for (Entry<ShardingSphereUser, ShardingSpherePrivilege> entry : metaDataContexts.getAuthentication().getAuthentication().entrySet()) {
+            Optional<ShardingSphereUser> modified = users.stream().filter(each -> each.getGrantee().equals(entry.getKey().getGrantee())).findFirst();
+            modified.ifPresent(shardingSphereUser -> result.put(shardingSphereUser, entry.getValue()));
+        }
+        return result;
+    }
 }
diff --git a/...org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContextsTest.java b/...org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContextsTest.java
@@ -18,7 +18,7 @@
 package org.apache.shardingsphere.governance.context.metadata;
 
 import org.apache.shardingsphere.governance.core.config.ConfigCenter;
-import org.apache.shardingsphere.governance.core.event.model.auth.AuthenticationChangedEvent;
+import org.apache.shardingsphere.governance.core.event.model.auth.UserRuleChangedEvent;
 import org.apache.shardingsphere.governance.core.event.model.datasource.DataSourceChangedEvent;
 import org.apache.shardingsphere.governance.core.event.model.metadata.MetaDataDeletedEvent;
 import org.apache.shardingsphere.governance.core.event.model.metadata.MetaDataPersistedEvent;
@@ -34,7 +34,6 @@
 import org.apache.shardingsphere.infra.config.properties.ConfigurationProperties;
 import org.apache.shardingsphere.infra.config.properties.ConfigurationPropertyKey;
 import org.apache.shardingsphere.infra.context.metadata.impl.StandardMetaDataContexts;
-import org.apache.shardingsphere.infra.database.type.DatabaseType;
 import org.apache.shardingsphere.infra.executor.kernel.ExecutorEngine;
 import org.apache.shardingsphere.infra.metadata.ShardingSphereMetaData;
 import org.apache.shardingsphere.infra.metadata.resource.ShardingSphereResource;
@@ -76,9 +75,6 @@ public final class GovernanceMetaDataContextsTest {
 
     private final ConfigurationProperties props = new ConfigurationProperties(new Properties());
 
-    @Mock
-    private DatabaseType databaseType;
-
     @Mock
     private GovernanceFacade governanceFacade;
 
@@ -169,9 +165,9 @@ public void assertPropertiesChanged() {
     @Test
     public void assertAuthenticationChanged() {
         DefaultAuthentication authentication = new DefaultAuthentication();
-        AuthenticationChangedEvent event = new AuthenticationChangedEvent(authentication);
+        UserRuleChangedEvent event = new UserRuleChangedEvent(authentication.getAuthentication().keySet());
         governanceMetaDataContexts.renew(event);
-        assertThat(governanceMetaDataContexts.getAuthentication(), is(authentication));
+        assertThat(governanceMetaDataContexts.getAuthentication().getAuthentication().size(), is(authentication.getAuthentication().size()));
     }
 
     @Test

diff --git a/...nce-core/src/main/java/org/apache/shardingsphere/governance/core/config/ConfigCenter.java b/...nce-core/src/main/java/org/apache/shardingsphere/governance/core/config/ConfigCenter.java
@@ -39,8 +39,8 @@
 import org.apache.shardingsphere.governance.core.yaml.swapper.DataSourceConfigurationYamlSwapper;
 import org.apache.shardingsphere.governance.core.yaml.swapper.SchemaYamlSwapper;
 import org.apache.shardingsphere.governance.repository.api.ConfigurationRepository;
-import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
-import org.apache.shardingsphere.infra.auth.builtin.yaml.swapper.AuthenticationYamlSwapper;
+import org.apache.shardingsphere.infra.auth.ShardingSphereUser;
+import org.apache.shardingsphere.infra.auth.builtin.yaml.swapper.UserRuleYamlSwapper;
 import org.apache.shardingsphere.infra.config.RuleConfiguration;
 import org.apache.shardingsphere.infra.config.datasource.DataSourceConfiguration;
 import org.apache.shardingsphere.infra.eventbus.ShardingSphereEventBus;
@@ -51,6 +51,7 @@
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
 import java.util.LinkedList;
@@ -98,12 +99,12 @@ public void persistConfigurations(final String schemaName, final Map<String, Dat
     /**
      * Persist global configuration.
      *
-     * @param authentication authentication
+     * @param users user
      * @param props properties
      * @param isOverwrite is overwrite config center's configuration
      */
-    public void persistGlobalConfiguration(final DefaultAuthentication authentication, final Properties props, final boolean isOverwrite) {
-        persistAuthentication(authentication, isOverwrite);
+    public void persistGlobalConfiguration(final Collection<ShardingSphereUser> users, final Properties props, final boolean isOverwrite) {
+        persistAuthentication(users, isOverwrite);
         persistProperties(props, isOverwrite);
     }
 
@@ -265,9 +266,10 @@ private YamlRootRuleConfigurations createYamlRootRuleConfigurations(final String
         return result;
     }
 
-    private void persistAuthentication(final DefaultAuthentication authentication, final boolean isOverwrite) {
-        if (null != authentication && (isOverwrite || !hasAuthentication())) {
-            repository.persist(node.getAuthenticationPath(), YamlEngine.marshal(new AuthenticationYamlSwapper().swapToYamlConfiguration(authentication)));
+    private void persistAuthentication(final Collection<ShardingSphereUser> users, final boolean isOverwrite) {
+        if (!users.isEmpty() && (isOverwrite || !hasAuthentication())) {
+            repository.persist(node.getAuthenticationPath(),
+                    YamlEngine.marshal(new UserRuleYamlSwapper().swapToYamlConfiguration(users)));
         }
     }
 
@@ -319,14 +321,14 @@ public Collection<RuleConfiguration> loadRuleConfigurations(final String schemaN
     }
 
     /**
-     * Load authentication.
+     * Load user rule.
      *
      * @return authentication
      */
-    public DefaultAuthentication loadAuthentication() {
+    public Collection<ShardingSphereUser> loadUserRule() {
         return hasAuthentication()
-                ? YamlConfigurationConverter.convertAuthentication(repository.get(node.getAuthenticationPath()))
-                : new DefaultAuthentication();
+                ? YamlConfigurationConverter.convertUserRule(repository.get(node.getAuthenticationPath()))
+                : Collections.emptyList();
     }
 
     /**

diff --git a/.../apache/shardingsphere/governance/core/config/listener/AuthenticationChangedListener.java b/.../apache/shardingsphere/governance/core/config/listener/AuthenticationChangedListener.java
@@ -20,11 +20,11 @@
 import org.apache.shardingsphere.governance.core.config.ConfigCenterNode;
 import org.apache.shardingsphere.governance.core.event.listener.PostGovernanceRepositoryEventListener;
 import org.apache.shardingsphere.governance.core.event.model.GovernanceEvent;
-import org.apache.shardingsphere.governance.core.event.model.auth.AuthenticationChangedEvent;
+import org.apache.shardingsphere.governance.core.event.model.auth.UserRuleChangedEvent;
 import org.apache.shardingsphere.governance.repository.api.ConfigurationRepository;
 import org.apache.shardingsphere.governance.repository.api.listener.DataChangedEvent;
-import org.apache.shardingsphere.infra.auth.builtin.yaml.config.YamlAuthenticationConfiguration;
-import org.apache.shardingsphere.infra.auth.builtin.yaml.swapper.AuthenticationYamlSwapper;
+import org.apache.shardingsphere.infra.auth.builtin.yaml.config.YamlUserRuleConfiguration;
+import org.apache.shardingsphere.infra.auth.builtin.yaml.swapper.UserRuleYamlSwapper;
 import org.apache.shardingsphere.infra.yaml.engine.YamlEngine;
 
 import java.util.Collections;
@@ -41,6 +41,6 @@ public AuthenticationChangedListener(final ConfigurationRepository configuration
 
     @Override
     protected Optional<GovernanceEvent> createEvent(final DataChangedEvent event) {
-        return Optional.of(new AuthenticationChangedEvent(new AuthenticationYamlSwapper().swapToObject(YamlEngine.unmarshal(event.getValue(), YamlAuthenticationConfiguration.class))));
+        return Optional.of(new UserRuleChangedEvent(new UserRuleYamlSwapper().swapToObject(YamlEngine.unmarshal(event.getValue(), YamlUserRuleConfiguration.class))));
     }
 }
diff --git a/...odel/auth/AuthenticationChangedEvent.java → ...vent/model/auth/UserRuleChangedEvent.java b/...odel/auth/AuthenticationChangedEvent.java → ...vent/model/auth/UserRuleChangedEvent.java
@@ -20,14 +20,16 @@
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import org.apache.shardingsphere.governance.core.event.model.GovernanceEvent;
-import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
+import org.apache.shardingsphere.infra.auth.ShardingSphereUser;
+
+import java.util.Collection;
 
 /**
- * Authentication changed event.
+ * User rule changed event.
  */
 @RequiredArgsConstructor
 @Getter
-public final class AuthenticationChangedEvent implements GovernanceEvent {
+public final class UserRuleChangedEvent implements GovernanceEvent {
 
-    private final DefaultAuthentication authentication;
+    private final Collection<ShardingSphereUser> users;
 }
diff --git a/...core/src/main/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacade.java b/...core/src/main/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacade.java
@@ -23,7 +23,7 @@
 import org.apache.shardingsphere.governance.core.facade.repository.GovernanceRepositoryFacade;
 import org.apache.shardingsphere.governance.core.registry.RegistryCenter;
 import org.apache.shardingsphere.governance.repository.api.config.GovernanceConfiguration;
-import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
+import org.apache.shardingsphere.infra.auth.ShardingSphereUser;
 import org.apache.shardingsphere.infra.config.RuleConfiguration;
 import org.apache.shardingsphere.infra.config.datasource.DataSourceConfiguration;
 
@@ -72,12 +72,12 @@ public void init(final GovernanceConfiguration config, final Collection<String>
      *
      * @param dataSourceConfigMap schema data source configuration map
      * @param schemaRuleMap schema rule map
-     * @param authentication authentication
+     * @param users users
      * @param props properties
      */
     public void onlineInstance(final Map<String, Map<String, DataSourceConfiguration>> dataSourceConfigMap,
-                               final Map<String, Collection<RuleConfiguration>> schemaRuleMap, final DefaultAuthentication authentication, final Properties props) {
-        configCenter.persistGlobalConfiguration(authentication, props, isOverwrite);
+                               final Map<String, Collection<RuleConfiguration>> schemaRuleMap, final Collection<ShardingSphereUser> users, final Properties props) {
+        configCenter.persistGlobalConfiguration(users, props, isOverwrite);
         for (Entry<String, Map<String, DataSourceConfiguration>> entry : dataSourceConfigMap.entrySet()) {
             configCenter.persistConfigurations(entry.getKey(), dataSourceConfigMap.get(entry.getKey()), schemaRuleMap.get(entry.getKey()), isOverwrite);
         }

diff --git a/...ava/org/apache/shardingsphere/governance/core/yaml/config/YamlConfigurationConverter.java b/...ava/org/apache/shardingsphere/governance/core/yaml/config/YamlConfigurationConverter.java
@@ -18,9 +18,9 @@
 package org.apache.shardingsphere.governance.core.yaml.config;
 
 import org.apache.shardingsphere.governance.core.yaml.swapper.DataSourceConfigurationYamlSwapper;
-import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
-import org.apache.shardingsphere.infra.auth.builtin.yaml.config.YamlAuthenticationConfiguration;
-import org.apache.shardingsphere.infra.auth.builtin.yaml.swapper.AuthenticationYamlSwapper;
+import org.apache.shardingsphere.infra.auth.ShardingSphereUser;
+import org.apache.shardingsphere.infra.auth.builtin.yaml.config.YamlUserRuleConfiguration;
+import org.apache.shardingsphere.infra.auth.builtin.yaml.swapper.UserRuleYamlSwapper;
 import org.apache.shardingsphere.infra.config.RuleConfiguration;
 import org.apache.shardingsphere.infra.config.datasource.DataSourceConfiguration;
 import org.apache.shardingsphere.infra.yaml.engine.YamlEngine;
@@ -62,13 +62,13 @@ public static Collection<RuleConfiguration> convertRuleConfigurations(final Stri
     }
 
     /**
-     * Convert authentication from YAML content.
+     * Convert user rule from YAML content.
      *
      * @param yamlContent YAML content
      * @return authentication
      */
-    public static DefaultAuthentication convertAuthentication(final String yamlContent) {
-        return new AuthenticationYamlSwapper().swapToObject(YamlEngine.unmarshal(yamlContent, YamlAuthenticationConfiguration.class));
+    public static Collection<ShardingSphereUser> convertUserRule(final String yamlContent) {
+        return new UserRuleYamlSwapper().swapToObject(YamlEngine.unmarshal(yamlContent, YamlUserRuleConfiguration.class));
     }
 
     /**