-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User manager for graph layer #1842
Conversation
Its better to use term Super Admin/User than GOD. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Great job, LGTM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job, 👍
src/parser/scanner.lex
Outdated
@@ -157,6 +153,15 @@ SNAPSHOT ([Ss][Nn][Aa][Pp][Ss][Hh][Oo][Tt]) | |||
SNAPSHOTS ([Ss][Nn][Aa][Pp][Ss][Hh][Oo][Tt][Ss]) | |||
FORCE ([Ff][Oo][Rr][Cc][Ee]) | |||
BIDIRECT ([Bb][Ii][Dd][Ii][Rr][Ee][Cc][Tt]) | |||
MAX_QUERIES_PER_HOUR ([Mm][Aa][Xx][_][Qq][Uu][Ee][Rr][Ii][Ee][Ss][_][Pp][Ee][Rr][_][Hh][Oo][Uu][Rr]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, we don't need them anymore.
src/parser/test/ScannerTest.cpp
Outdated
@@ -429,6 +421,26 @@ TEST(Scanner, Basic) { | |||
CHECK_SEMANTIC_TYPE("SNAPSHOTS", TokenType::KW_SNAPSHOTS), | |||
CHECK_SEMANTIC_TYPE("Snapshots", TokenType::KW_SNAPSHOTS), | |||
CHECK_SEMANTIC_TYPE("snapshots", TokenType::KW_SNAPSHOTS), | |||
CHECK_SEMANTIC_TYPE("MAX_QUERIES_PER_HOUR", TokenType::KW_MAX_QUERIES_PER_HOUR), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ditto
src/interface/common.thrift
Outdated
// encoded password | ||
4: optional string encoded_pwd, | ||
// The number of queries an account can issue per hour | ||
5: optional i32 max_queries_per_hour, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need them any more before we don't implement user's isolation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need them any more before we don't implement user's isolation.
Good suggest !
Yes , They are useless here if we don't implement user's isolation.
I also hesitated to add these options at that time. Now, let me delete them.
src/interface/common.thrift
Outdated
} | ||
|
||
struct UserItem { | ||
1: required string account; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have id for user?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have id for user?
I've removed user id . because we can using user name to keep the uniqueness for users.
src/interface/common.thrift
Outdated
|
||
struct RoleItem { | ||
1: string user, | ||
2: string space, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use spaceId
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
fixed.
return; | ||
} | ||
if (roleItem.get_role_type() == nebula::cpp2::RoleType::GOD) { | ||
spaceId = kDefaultSpaceId; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we support to grant a user to be GOD?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we support to grant a user to be GOD?
Only supported to grant a user to GOD in initialization phase.
We need to initialize a root user before the authority flag turn on.
if (!ret.ok()) { | ||
if (req.get_missing_ok()) { | ||
if (req.get_if_exists()) { | ||
handleErrorCode(cpp2::ErrorCode::SUCCEEDED); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please recheck "handleErrorCode", IIRC "onFinished" has been called inside?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please recheck "handleErrorCode", IIRC "onFinished" has been called inside?
emm... seems It's works well now, "onFinished" have not call "handleErrorCode" inside.
return Status::OK(); | ||
} | ||
|
||
void ChangePasswordExecutor::execute() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need "change password" Or just "resetPassword" ?
src/meta/MetaServiceUtils.cpp
Outdated
std::string MetaServiceUtils::replaceUserVal(const nebula::cpp2::UserItem& user, | ||
folly::StringPiece val) { | ||
nebula::cpp2::UserItem oldUser; | ||
apache::thrift::CompactSerializer::deserialize(val, oldUser); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not serialize the newUser and overwrite the old one directly
Refactored root user initialize logic. Now we have only one super user naming "root". |
@@ -43,7 +43,19 @@ void DropSpaceProcessor::process(const cpp2::DropSpaceReq& req) { | |||
deleteKeys.emplace_back(MetaServiceUtils::spaceKey(spaceId)); | |||
|
|||
// delete related role data. | |||
// TODO(boshengchen) delete related role data under the space | |||
auto rolePrefix = MetaServiceUtils::roleSpacePrefix(spaceId); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add some LOGs when deleting the users information.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add some LOGs when deleting the users information.
fixed.
@@ -145,26 +129,6 @@ struct HostItem { | |||
4: map<string, list<common.PartitionID>> (cpp.template = "std::unordered_map") all_parts, | |||
} | |||
|
|||
struct UserItem { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need it any more?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need it any more, currently we only have one item of password, we can storage it direct.
If there are new elements in the future, we can add this struct at that time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Totally LGTM
/** | ||
* Only leader part needed. | ||
*/ | ||
auto ret = kvstore->partLeader(nebula::meta::kDefaultSpaceId, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check the logic on real cluster
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check the logic on real cluster
Yes, I've simple tested two meta nodes on virtual machines.
I will do complete integration test at later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent!
LOG(ERROR) << "Create User Failed :" << user.get_account() << " have existed"; | ||
handleErrorCode(cpp2::ErrorCode::E_EXISTED); | ||
LOG(ERROR) << "Create User Failed : User " << account | ||
<< " have existed!"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
already existed.
* push filter down traverse rule * fix conflicts * fix tck * fix exists func Co-authored-by: jie.wang <38901892+jievince@users.noreply.github.com>
User manager for graph layer.