tristaZero commented on a change in pull request #9796:
URL: https://github.com/apache/shardingsphere/pull/9796#discussion_r600301740
##########
File path:
shardingsphere-governance/shardingsphere-governance-core/src/main/java/org/apache/shardingsphere/governance/core/registry/RegistryCenter.java
##########
@@ -190,6 +191,13 @@ private void persistAuthentication(final
Collection<ShardingSphereUser> users, f
YamlEngine.marshal(new
UserRuleYamlSwapper().swapToYamlConfiguration(users)));
}
}
+
+ private void persistChangedAuthentication(final
Collection<ShardingSphereUser> users, final boolean isOverwrite) {
+ if (!users.isEmpty() && (isOverwrite || !hasAuthentication())) {
Review comment:
`!hasAuthentication()` is needed for `persistChangedAuthentication`?
##########
File path:
shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/refresher/type/GrantStatementAuthRefresher.java
##########
@@ -29,5 +36,10 @@
@Override
public void refresh(final Authentication authentication, final
SQLStatement sqlStatement, final ShardingSphereMetaData metaData) {
+ if (sqlStatement instanceof MySQLGrantStatement) {
Review comment:
Not just about `MySQLGrantStatement`, it still needs to consider other
`GrantStatement`.
##########
File path:
shardingsphere-governance/shardingsphere-governance-context/src/main/java/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContexts.java
##########
@@ -214,6 +219,37 @@ public synchronized void renew(final UserRuleChangedEvent
event) {
metaDataContexts = new
StandardMetaDataContexts(metaDataContexts.getMetaDataMap(),
metaDataContexts.getExecutorEngine(), authentication,
metaDataContexts.getProps());
}
+ /**
+ * Renew privilege.
+ *
+ * @param event privilege changed event
+ */
+ @Subscribe
+ public synchronized void renew(final PrivilegeChangedEvent event) {
+ Collection<ShardingSphereUser> users = event.getUsers();
+ Optional<PrivilegeLoader> loader =
PrivilegeLoaderEngine.findPrivilegeLoader(metaDataContexts.getDefaultMetaData().getResource().getDatabaseType());
+ int maxConnectionsSizePerQuery =
metaDataContexts.getProps().getValue(ConfigurationPropertyKey.MAX_CONNECTIONS_SIZE_PER_QUERY);
+ if (!loader.isPresent()) {
+ return;
+ }
+ Map<ShardingSphereUser, ShardingSpherePrivilege> result = new
LinkedHashMap<>();
+ for (ShardingSphereMetaData each :
metaDataContexts.getMetaDataMap().values()) {
+ Map<ShardingSphereUser, Collection<ShardingSpherePrivilege>>
privileges = PrivilegeBuilder
+ .build(each.getResource().getAllInstanceDataSources(),
users, loader.get(), maxConnectionsSizePerQuery);
+ result.putAll(PrivilegeMerger.merge(privileges, each.getName(),
each.getRuleMetaData().getRules()));
+ }
+ for (Entry<ShardingSphereUser, ShardingSpherePrivilege> each :
result.entrySet()) {
+ Optional<ShardingSphereUser> user =
metaDataContexts.getAuthentication().getAuthentication().keySet().stream().filter(t
-> t.getGrantee().equals(t.getGrantee())).findFirst();
+ if (user.isPresent() && null == result.get(each.getKey())) {
+
metaDataContexts.getAuthentication().getAuthentication().remove(user.get());
+ } else if (user.isPresent() && null != result.get(each.getKey())) {
+
metaDataContexts.getAuthentication().getAuthentication().put(user.get(),
each.getValue());
+ } else if (!user.isPresent() && null != result.get(each.getKey()))
{
Review comment:
If user is not present, it is supposed to throw exception.
##########
File path:
shardingsphere-governance/shardingsphere-governance-core/src/main/java/org/apache/shardingsphere/governance/core/registry/RegistryCenterNode.java
##########
@@ -252,6 +254,15 @@ public String getAuthenticationPath() {
return getFullPath(AUTHENTICATION_NODE);
}
+ /**
+ * Get authenticationnodes path.
+ *
+ * @return authenticationnodes path
+ */
+ public String getAuthenticationNodesPath() {
Review comment:
How about we rename it as `privilegeNodesPath`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
