This is an automated email from the ASF dual-hosted git repository.
xiaoyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new be90e51 Add Authentication.getAllUsers() (#9840)
be90e51 is described below
commit be90e51ac593fb3d0dec149bed6effedf28fe89b
Author: Liang Zhang <[email protected]>
AuthorDate: Fri Mar 26 20:26:20 2021 +0800
Add Authentication.getAllUsers() (#9840)
* Refactor PostgreSQLAuthenticationHandler
* Refactor MySQLAuthenticationHandler
* Add Authentication.getAllUsers()
* Refactor GovernanceMetaDataContexts with auth
* Fix test case
---
.../metadata/GovernanceMetaDataContexts.java | 99 ++++++++++++----------
.../metadata/GovernanceMetaDataContextsTest.java | 4 +-
.../core/facade/GovernanceFacadeTest.java | 4 +-
.../core/registry/RegistryCenterTest.java | 47 +++++-----
.../infra/metadata/auth/Authentication.java | 7 ++
.../auth/builtin/DefaultAuthentication.java | 5 ++
.../type/CreateUserStatementAuthRefresher.java | 2 +-
.../yaml/swapper/UserRuleYamlSwapperTest.java | 2 +-
.../metadata/MetaDataContextsBuilderTest.java | 6 +-
.../mysql/auth/MySQLAuthenticationHandler.java | 11 +--
.../auth/PostgreSQLAuthenticationHandler.java | 9 +-
11 files changed, 107 insertions(+), 89 deletions(-)
diff --git
a/shardingsphere-governance/shardingsphere-governance-context/src/main/java/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContexts.java
b/shardingsphere-governance/shardingsphere-governance-context/src/main/java/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContexts.java
index 0aec091..1cab314 100644
---
a/shardingsphere-governance/shardingsphere-governance-context/src/main/java/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContexts.java
+++
b/shardingsphere-governance/shardingsphere-governance-context/src/main/java/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContexts.java
@@ -17,6 +17,7 @@
package org.apache.shardingsphere.governance.context.metadata;
+import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import com.google.common.eventbus.Subscribe;
import
org.apache.shardingsphere.governance.core.event.model.auth.PrivilegeChangedEvent;
@@ -211,8 +212,9 @@ public final class GovernanceMetaDataContexts implements
MetaDataContexts {
*/
@Subscribe
public synchronized void renew(final UserRuleChangedEvent event) {
- metaDataContexts = new
StandardMetaDataContexts(metaDataContexts.getMetaDataMap(),
metaDataContexts.getExecutorEngine(), createAuthentication(event.getUsers()),
metaDataContexts.getProps());
- reloadPrivilege(event.getUsers());
+ Authentication authentication = createAuthentication(event.getUsers());
+ reloadPrivilege(authentication, event.getUsers());
+ metaDataContexts = new
StandardMetaDataContexts(metaDataContexts.getMetaDataMap(),
metaDataContexts.getExecutorEngine(), authentication,
metaDataContexts.getProps());
}
/**
@@ -222,8 +224,7 @@ public final class GovernanceMetaDataContexts implements
MetaDataContexts {
*/
@Subscribe
public synchronized void renew(final PrivilegeChangedEvent event) {
- Collection<ShardingSphereUser> users = event.getUsers();
- reloadPrivilege(users);
+ reloadPrivilege(metaDataContexts.getAuthentication(),
event.getUsers());
}
/**
@@ -308,12 +309,6 @@ public final class GovernanceMetaDataContexts implements
MetaDataContexts {
}
}
- private DefaultAuthentication createAuthentication(final
Collection<ShardingSphereUser> users) {
- DefaultAuthentication result = new DefaultAuthentication();
- result.init(getNewUsers(users), getModifiedUsers(users));
- return result;
- }
-
private ShardingSphereMetaData buildMetaData(final MetaDataPersistedEvent
event) throws SQLException {
String schemaName = event.getSchemaName();
if
(!governanceFacade.getRegistryCenter().hasDataSourceConfiguration(schemaName)) {
@@ -322,11 +317,11 @@ public final class GovernanceMetaDataContexts implements
MetaDataContexts {
if
(!governanceFacade.getRegistryCenter().hasRuleConfiguration(schemaName)) {
governanceFacade.getRegistryCenter().persistRuleConfigurations(schemaName, new
LinkedList<>());
}
- Map<String, Map<String, DataSource>> dataSourcesMap =
createDataSourcesMap(Collections.singletonMap(schemaName,
+ Map<String, Map<String, DataSource>> dataSourcesMap =
createDataSourcesMap(Collections.singletonMap(schemaName,
governanceFacade.getRegistryCenter().loadDataSourceConfigurations(schemaName)));
- MetaDataContextsBuilder metaDataContextsBuilder = new
MetaDataContextsBuilder(dataSourcesMap,
- Collections.singletonMap(schemaName,
governanceFacade.getRegistryCenter().loadRuleConfigurations(schemaName)),
-
metaDataContexts.getAuthentication().getAuthentication().keySet(),
metaDataContexts.getProps().getProps());
+ MetaDataContextsBuilder metaDataContextsBuilder = new
MetaDataContextsBuilder(dataSourcesMap,
+ Collections.singletonMap(schemaName,
governanceFacade.getRegistryCenter().loadRuleConfigurations(schemaName)),
+ metaDataContexts.getAuthentication().getAllUsers(),
metaDataContexts.getProps().getProps());
return
metaDataContextsBuilder.build().getMetaDataMap().get(schemaName);
}
@@ -338,6 +333,49 @@ public final class GovernanceMetaDataContexts implements
MetaDataContexts {
return result;
}
+ private Authentication createAuthentication(final
Collection<ShardingSphereUser> users) {
+ Authentication result = new DefaultAuthentication();
+ result.init(getNewUsers(users), getModifiedUsers(users));
+ return result;
+ }
+
+ // TODO is it correct for new users with super privilege by default?
+ private Collection<ShardingSphereUser> getNewUsers(final
Collection<ShardingSphereUser> users) {
+ return users.stream().filter(each ->
!metaDataContexts.getAuthentication().findUser(each.getGrantee()).isPresent()).collect(Collectors.toList());
+ }
+
+ private Map<ShardingSphereUser, ShardingSpherePrivilege>
getModifiedUsers(final Collection<ShardingSphereUser> users) {
+ Map<ShardingSphereUser, ShardingSpherePrivilege> result = new
HashMap<>(users.size(), 1);
+ for (ShardingSphereUser each : users) {
+ Optional<ShardingSphereUser> user =
metaDataContexts.getAuthentication().findUser(each.getGrantee());
+ if (user.isPresent()) {
+ Optional<ShardingSpherePrivilege> privilege =
metaDataContexts.getAuthentication().findPrivilege(user.get().getGrantee());
+ privilege.ifPresent(optional -> result.put(user.get(),
optional));
+ }
+ }
+ return result;
+ }
+
+ private void reloadPrivilege(final Authentication authentication, final
Collection<ShardingSphereUser> users) {
+ Optional<PrivilegeLoader> loader =
PrivilegeLoaderEngine.findPrivilegeLoader(metaDataContexts.getMetaDataMap().values().iterator().next().getResource().getDatabaseType());
+ if (loader.isPresent()) {
+ Map<ShardingSphereUser, ShardingSpherePrivilege> privileges =
PrivilegeBuilder.build(metaDataContexts.getMetaDataMap().values(), users,
metaDataContexts.getProps());
+
authentication.getAuthentication().putAll(getPrivilegesWithPassword(authentication,
privileges));
+ }
+ }
+
+ private Map<ShardingSphereUser, ShardingSpherePrivilege>
getPrivilegesWithPassword(final Authentication authentication, final
Map<ShardingSphereUser, ShardingSpherePrivilege> privileges) {
+ Map<ShardingSphereUser, ShardingSpherePrivilege> result = new
HashMap<>(privileges.size(), 1);
+ for (Entry<ShardingSphereUser, ShardingSpherePrivilege> entry :
privileges.entrySet()) {
+ if (privileges.containsKey(entry.getKey())) {
+ Optional<ShardingSphereUser> user =
authentication.findUser(entry.getKey().getGrantee());
+ Preconditions.checkState(user.isPresent());
+ result.put(user.get(), entry.getValue());
+ }
+ }
+ return result;
+ }
+
private ShardingSphereMetaData getChangedMetaData(final
ShardingSphereMetaData oldMetaData, final ShardingSphereSchema schema, final
String schemaName) {
// TODO refresh table addressing mapper
return new ShardingSphereMetaData(schemaName,
oldMetaData.getResource(), oldMetaData.getRuleMetaData(), schema);
@@ -345,7 +383,7 @@ public final class GovernanceMetaDataContexts implements
MetaDataContexts {
private ShardingSphereMetaData getChangedMetaData(final
ShardingSphereMetaData oldMetaData, final Collection<RuleConfiguration>
ruleConfigs) throws SQLException {
MetaDataContextsBuilder builder = new
MetaDataContextsBuilder(Collections.singletonMap(oldMetaData.getName(),
oldMetaData.getResource().getDataSources()),
- Collections.singletonMap(oldMetaData.getName(), ruleConfigs),
metaDataContexts.getAuthentication().getAuthentication().keySet(),
metaDataContexts.getProps().getProps());
+ Collections.singletonMap(oldMetaData.getName(), ruleConfigs),
metaDataContexts.getAuthentication().getAllUsers(),
metaDataContexts.getProps().getProps());
return builder.build().getMetaDataMap().values().iterator().next();
}
@@ -357,7 +395,7 @@ public final class GovernanceMetaDataContexts implements
MetaDataContexts {
Map<String, Map<String, DataSource>> dataSourcesMap =
Collections.singletonMap(oldMetaData.getName(),
getNewDataSources(oldMetaData.getResource().getDataSources(),
getAddedDataSources(oldMetaData, newDataSourceConfigs), modifiedDataSources,
deletedDataSources));
return new MetaDataContextsBuilder(dataSourcesMap,
Collections.singletonMap(oldMetaData.getName(),
oldMetaData.getRuleMetaData().getConfigurations()),
-
metaDataContexts.getAuthentication().getAuthentication().keySet(),
metaDataContexts.getProps().getProps()).build().getMetaDataMap().get(oldMetaData.getName());
+ metaDataContexts.getAuthentication().getAllUsers(),
metaDataContexts.getProps().getProps()).build().getMetaDataMap().get(oldMetaData.getName());
}
private Map<String, DataSource> getNewDataSources(final Map<String,
DataSource> oldDataSources,
@@ -399,33 +437,4 @@ public final class GovernanceMetaDataContexts implements
MetaDataContexts {
}
return result;
}
-
- private Collection<ShardingSphereUser> getNewUsers(final
Collection<ShardingSphereUser> users) {
- return users.stream().filter(each ->
!metaDataContexts.getAuthentication().findUser(each.getGrantee()).isPresent()).collect(Collectors.toList());
- }
-
- private Map<ShardingSphereUser, ShardingSpherePrivilege>
getModifiedUsers(final Collection<ShardingSphereUser> users) {
- Map<ShardingSphereUser, ShardingSpherePrivilege> result = new
LinkedHashMap<>();
- for (Entry<ShardingSphereUser, ShardingSpherePrivilege> entry :
metaDataContexts.getAuthentication().getAuthentication().entrySet()) {
- Optional<ShardingSphereUser> modified = users.stream().filter(each
-> each.getGrantee().equals(entry.getKey().getGrantee())).findFirst();
- modified.ifPresent(shardingSphereUser ->
result.put(shardingSphereUser, entry.getValue()));
- }
- return result;
- }
-
- private void reloadPrivilege(final Collection<ShardingSphereUser> users) {
- Optional<PrivilegeLoader> loader =
PrivilegeLoaderEngine.findPrivilegeLoader(metaDataContexts.getMetaDataMap().values().iterator().next().getResource().getDatabaseType());
- if (!loader.isPresent()) {
- return;
- }
- Map<ShardingSphereUser, ShardingSpherePrivilege> result =
PrivilegeBuilder.build(metaDataContexts.getMetaDataMap().values(), users,
metaDataContexts.getProps());
- for (Entry<ShardingSphereUser, ShardingSpherePrivilege> entry :
result.entrySet()) {
- Optional<ShardingSphereUser> user =
metaDataContexts.getAuthentication().getAuthentication().keySet().stream().filter(t
-> t.getGrantee().equals(entry.getKey().getGrantee())).findFirst();
- if (user.isPresent() && null != result.get(entry.getKey())) {
-
metaDataContexts.getAuthentication().getAuthentication().put(user.get(),
entry.getValue());
- } else if (!user.isPresent() && null !=
result.get(entry.getKey())) {
-
metaDataContexts.getAuthentication().getAuthentication().put(entry.getKey(),
entry.getValue());
- }
- }
- }
}
diff --git
a/shardingsphere-governance/shardingsphere-governance-context/src/test/java/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContextsTest.java
b/shardingsphere-governance/shardingsphere-governance-context/src/test/java/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContextsTest.java
index 00d4eaa..b41bf8b 100644
---
a/shardingsphere-governance/shardingsphere-governance-context/src/test/java/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContextsTest.java
+++
b/shardingsphere-governance/shardingsphere-governance-context/src/test/java/org/apache/shardingsphere/governance/context/metadata/GovernanceMetaDataContextsTest.java
@@ -163,9 +163,9 @@ public final class GovernanceMetaDataContextsTest {
@Test
public void assertAuthenticationChanged() {
DefaultAuthentication authentication = new DefaultAuthentication();
- UserRuleChangedEvent event = new
UserRuleChangedEvent(authentication.getAuthentication().keySet());
+ UserRuleChangedEvent event = new
UserRuleChangedEvent(authentication.getAllUsers());
governanceMetaDataContexts.renew(event);
-
assertThat(governanceMetaDataContexts.getAuthentication().getAuthentication().size(),
is(authentication.getAuthentication().size()));
+
assertThat(governanceMetaDataContexts.getAuthentication().getAllUsers().size(),
is(authentication.getAuthentication().size()));
}
@Test
diff --git
a/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacadeTest.java
b/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacadeTest.java
index 1c603ba..3254b85 100644
---
a/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacadeTest.java
+++
b/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacadeTest.java
@@ -75,9 +75,9 @@ public final class GovernanceFacadeTest {
authentication.getAuthentication().put(user, new
ShardingSpherePrivilege());
Properties props = new Properties();
governanceFacade.onlineInstance(
- Collections.singletonMap("sharding_db", dataSourceConfigMap),
ruleConfigurationMap, authentication.getAuthentication().keySet(), props);
+ Collections.singletonMap("sharding_db", dataSourceConfigMap),
ruleConfigurationMap, authentication.getAllUsers(), props);
verify(registryCenter).persistConfigurations("sharding_db",
dataSourceConfigMap, ruleConfigurationMap.get("sharding_db"), false);
-
verify(registryCenter).persistGlobalConfiguration(authentication.getAuthentication().keySet(),
props, false);
+
verify(registryCenter).persistGlobalConfiguration(authentication.getAllUsers(),
props, false);
verify(registryCenter).persistInstanceOnline();
verify(registryCenter).persistDataNodes();
verify(listenerManager).init();
diff --git
a/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/registry/RegistryCenterTest.java
b/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/registry/RegistryCenterTest.java
index 6f60016..2735c9d 100644
---
a/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/registry/RegistryCenterTest.java
+++
b/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/registry/RegistryCenterTest.java
@@ -52,7 +52,6 @@ import
org.apache.shardingsphere.sharding.api.config.ShardingRuleConfiguration;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
-import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
@@ -175,8 +174,8 @@ public final class RegistryCenterTest {
public void
assertPersistConfigurationForShardingRuleWithoutAuthenticationAndIsNotOverwriteAndConfigurationIsExisted()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createRuleConfigurations(), false);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
- verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
+ verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
any());
}
@Test
@@ -197,15 +196,15 @@ public final class RegistryCenterTest {
public void
assertPersistConfigurationForShardingRuleWithoutAuthenticationAndIsNotOverwriteAndConfigurationIsNotExisted()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createRuleConfigurations(), false);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
- verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
+ verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
any());
}
@Test
public void
assertPersistConfigurationForShardingRuleWithoutAuthenticationAndIsOverwrite() {
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createRuleConfigurations(), true);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
verify(registryRepository,
times(0)).persist("/metadata/sharding_db/rule", readYAML(SHARDING_RULE_YAML));
}
@@ -213,23 +212,23 @@ public final class RegistryCenterTest {
public void
assertPersistConfigurationForReplicaQueryRuleWithoutAuthenticationAndIsNotOverwriteAndConfigurationIsExisted()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createReadWriteSplittingRuleConfiguration(),
false);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
- verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
+ verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
any());
}
@Test
public void
assertPersistConfigurationForReplicaQueryRuleWithoutAuthenticationAndIsNotOverwriteAndConfigurationIsNotExisted()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createReadWriteSplittingRuleConfiguration(),
false);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
- verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
+ verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
any());
}
@Test
public void
assertPersistConfigurationForReadWriteSplittingWithoutAuthenticationAndIsOverwrite()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createReadWriteSplittingRuleConfiguration(),
true);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
verify(registryRepository,
times(0)).persist("/metadata/sharding_db/rule",
readYAML(READ_WRITE_SPLITTING_RULE_YAML));
}
@@ -237,7 +236,7 @@ public final class RegistryCenterTest {
public void
assertPersistConfigurationForDatabaseDiscoveryRuleWithoutAuthenticationAndIsOverwrite()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createDatabaseDiscoveryRuleConfiguration(),
true);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
verify(registryRepository,
times(0)).persist("/metadata/sharding_db/rule",
readYAML(DB_DISCOVERY_RULE_YAML));
}
@@ -253,15 +252,15 @@ public final class RegistryCenterTest {
public void
assertPersistConfigurationForShardingRuleWithAuthenticationAndIsNotOverwriteAndConfigurationIsNotExisted()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createRuleConfigurations(), false);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
- verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
+ verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
any());
}
@Test
public void
assertPersistConfigurationForShardingRuleWithAuthenticationAndIsOverwrite() {
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createRuleConfigurations(), true);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
verify(registryRepository,
times(0)).persist("/metadata/sharding_db/rule", readYAML(SHARDING_RULE_YAML));
}
@@ -269,23 +268,23 @@ public final class RegistryCenterTest {
public void
assertPersistConfigurationForReplicaQueryRuleWithAuthenticationAndIsNotOverwriteAndConfigurationIsExisted()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createReadWriteSplittingRuleConfiguration(),
false);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
- verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
+ verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
any());
}
@Test
public void
assertPersistConfigurationForReadWriteSplittingRuleWithAuthenticationAndIsNotOverwriteAndConfigurationIsNotExisted()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createReadWriteSplittingRuleConfiguration(),
false);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
- verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
+ verify(registryRepository).persist(eq("/metadata/sharding_db/rule"),
any());
}
@Test
public void
assertPersistConfigurationForReadWriteSplittingRuleWithAuthenticationAndIsOverwrite()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createReadWriteSplittingRuleConfiguration(),
true);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
verify(registryRepository,
times(0)).persist("/metadata/sharding_db/rule",
readYAML(READ_WRITE_SPLITTING_RULE_YAML));
}
@@ -293,7 +292,7 @@ public final class RegistryCenterTest {
public void
assertPersistConfigurationForDatabaseDiscoveryRuleWithAuthenticationAndIsOverwrite()
{
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createDatabaseDiscoveryRuleConfiguration(),
true);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
verify(registryRepository,
times(0)).persist("/metadata/sharding_db/rule",
readYAML(DB_DISCOVERY_RULE_YAML));
}
@@ -301,7 +300,7 @@ public final class RegistryCenterTest {
public void assertPersistConfigurationForEncrypt() {
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createEncryptRuleConfiguration(), true);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
verify(registryRepository,
times(0)).persist("/metadata/sharding_db/rule", readYAML(ENCRYPT_RULE_YAML));
}
@@ -315,14 +314,14 @@ public final class RegistryCenterTest {
public void assertPersistConfigurationForShadow() {
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
registryCenter.persistConfigurations("sharding_db",
createDataSourceConfigurations(), createShadowRuleConfiguration(), true);
-
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
ArgumentMatchers.any());
+
verify(registryRepository).persist(eq("/metadata/sharding_db/datasource"),
any());
verify(registryRepository,
times(0)).persist("/metadata/sharding_db/rule", readYAML(SHADOW_RULE_YAML));
}
@Test
public void assertPersistGlobalConfiguration() {
RegistryCenter registryCenter = new RegistryCenter(registryRepository);
-
registryCenter.persistGlobalConfiguration(createAuthentication().getAuthentication().keySet(),
createProperties(), true);
+
registryCenter.persistGlobalConfiguration(createAuthentication().getAllUsers(),
createProperties(), true);
verify(registryRepository, times(0)).persist("/authentication",
readYAML(AUTHENTICATION_YAML));
verify(registryRepository).persist("/props", PROPS_YAML);
}
diff --git
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/Authentication.java
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/Authentication.java
index f2530ea..02f61c0 100644
---
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/Authentication.java
+++
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/Authentication.java
@@ -46,6 +46,13 @@ public interface Authentication {
Map<ShardingSphereUser, ShardingSpherePrivilege> getAuthentication();
/**
+ * Get all users.
+ *
+ * @return all users
+ */
+ Collection<ShardingSphereUser> getAllUsers();
+
+ /**
* Find user.
*
* @param grantee grantee
diff --git
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builtin/DefaultAuthentication.java
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builtin/DefaultAuthentication.java
index 348a190..159cc4e 100644
---
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builtin/DefaultAuthentication.java
+++
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builtin/DefaultAuthentication.java
@@ -51,6 +51,11 @@ public final class DefaultAuthentication implements
Authentication {
}
@Override
+ public Collection<ShardingSphereUser> getAllUsers() {
+ return authentication.keySet();
+ }
+
+ @Override
public Optional<ShardingSphereUser> findUser(final Grantee grantee) {
return authentication.keySet().stream().filter(each ->
each.getGrantee().equals(grantee)).findFirst();
}
diff --git
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/refresher/type/CreateUserStatementAuthRefresher.java
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/refresher/type/CreateUserStatementAuthRefresher.java
index b0fcc9b..97929a0 100644
---
a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/refresher/type/CreateUserStatementAuthRefresher.java
+++
b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/refresher/type/CreateUserStatementAuthRefresher.java
@@ -38,7 +38,7 @@ public final class CreateUserStatementAuthRefresher
implements AuthenticationRef
@Override
public void refresh(final Authentication authentication, final
SQLStatement sqlStatement, final ShardingSphereMetaData metaData) {
Collection<ShardingSphereUser> users =
generateUsers((CreateUserStatement) sqlStatement);
- users.addAll(authentication.getAuthentication().keySet());
+ users.addAll(authentication.getAllUsers());
ShardingSphereEventBus.getInstance().post(new CreateUserEvent(users));
}
diff --git
a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapperTest.java
b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapperTest.java
index d5cc037..007af86 100644
---
a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapperTest.java
+++
b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapperTest.java
@@ -42,7 +42,7 @@ public final class UserRuleYamlSwapperTest {
DefaultAuthentication authentication = new DefaultAuthentication();
authentication.getAuthentication().put(new ShardingSphereUser("user1",
"pwd1", "127.0.0.1"), new ShardingSpherePrivilege());
authentication.getAuthentication().put(new ShardingSphereUser("user2",
"pwd2", "127.0.0.2"), new ShardingSpherePrivilege());
- YamlUserRuleConfiguration actual = new
UserRuleYamlSwapper().swapToYamlConfiguration(authentication.getAuthentication().keySet());
+ YamlUserRuleConfiguration actual = new
UserRuleYamlSwapper().swapToYamlConfiguration(authentication.getAllUsers());
assertThat(actual.getUsers().size(), is(2));
assertThat(actual.getUsers().get("user1").getPassword(), is("pwd1"));
assertThat(actual.getUsers().get("user1").getHostname(),
is("127.0.0.1"));
diff --git
a/shardingsphere-infra/shardingsphere-infra-context/src/test/java/org/apache/shardingsphere/infra/context/metadata/MetaDataContextsBuilderTest.java
b/shardingsphere-infra/shardingsphere-infra-context/src/test/java/org/apache/shardingsphere/infra/context/metadata/MetaDataContextsBuilderTest.java
index 8d6deaf..86395d8 100644
---
a/shardingsphere-infra/shardingsphere-infra-context/src/test/java/org/apache/shardingsphere/infra/context/metadata/MetaDataContextsBuilderTest.java
+++
b/shardingsphere-infra/shardingsphere-infra-context/src/test/java/org/apache/shardingsphere/infra/context/metadata/MetaDataContextsBuilderTest.java
@@ -41,7 +41,7 @@ public final class MetaDataContextsBuilderTest {
public void assertBuildWithoutConfiguration() throws SQLException {
MetaDataContexts actual = new
MetaDataContextsBuilder(Collections.emptyMap(), Collections.emptyMap(),
null).build();
assertTrue(actual.getAllSchemaNames().isEmpty());
- assertTrue(actual.getAuthentication().getAuthentication().isEmpty());
+ assertTrue(actual.getAuthentication().getAllUsers().isEmpty());
assertTrue(actual.getProps().getProps().isEmpty());
}
@@ -53,7 +53,7 @@ public final class MetaDataContextsBuilderTest {
Collections.singletonMap("logic_db", Collections.emptyMap()),
Collections.singletonMap("logic_db", Collections.singleton(new
FixtureRuleConfiguration())), props).build();
assertRules(actual);
assertTrue(actual.getMetaData("logic_db").getResource().getDataSources().isEmpty());
- assertTrue(actual.getAuthentication().getAuthentication().isEmpty());
+ assertTrue(actual.getAuthentication().getAllUsers().isEmpty());
assertThat(actual.getProps().getProps().size(), is(1));
assertThat(actual.getProps().getValue(ConfigurationPropertyKey.EXECUTOR_SIZE),
is(1));
}
@@ -66,7 +66,7 @@ public final class MetaDataContextsBuilderTest {
Collections.singletonMap("logic_db", Collections.singleton(new
FixtureRuleConfiguration())), props).build();
assertRules(actual);
assertDataSources(actual);
- assertTrue(actual.getAuthentication().getAuthentication().isEmpty());
+ assertTrue(actual.getAuthentication().getAllUsers().isEmpty());
assertThat(actual.getProps().getProps().size(), is(1));
assertThat(actual.getProps().getValue(ConfigurationPropertyKey.EXECUTOR_SIZE),
is(1));
}
diff --git
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
index 511d430..476e891 100644
---
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
+++
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
@@ -46,19 +46,16 @@ public final class MySQLAuthenticationHandler {
* @param username username
* @param hostname hostname
* @param authResponse auth response
- * @param database database
+ * @param databaseName database name
* @return login success or failure
*/
- public Optional<MySQLServerErrorCode> login(final String username, final
String hostname, final byte[] authResponse, final String database) {
+ public Optional<MySQLServerErrorCode> login(final String username, final
String hostname, final byte[] authResponse, final String databaseName) {
Optional<ShardingSphereUser> user =
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findUser(new
Grantee(username, hostname));
if (!user.isPresent() || !isPasswordRight(user.get().getPassword(),
authResponse)) {
return Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR);
}
- ShardingSpherePrivilege privilege =
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().getAuthentication().get(user.get());
- if (null != privilege && privilege.hasPrivileges(database)) {
- return Optional.empty();
- }
- return Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
+ Optional<ShardingSpherePrivilege> privilege =
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(user.get().getGrantee());
+ return privilege.isPresent() &&
privilege.get().hasPrivileges(databaseName) ? Optional.empty() :
Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
}
private boolean isPasswordRight(final String password, final byte[]
authResponse) {
diff --git
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
index 9def831..4c49cb5 100644
---
a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
+++
b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
@@ -23,6 +23,7 @@ import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import
org.apache.shardingsphere.db.protocol.postgresql.constant.PostgreSQLErrorCode;
import
org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLPasswordMessagePacket;
+import
org.apache.shardingsphere.infra.metadata.auth.model.privilege.ShardingSpherePrivilege;
import org.apache.shardingsphere.infra.metadata.auth.model.user.Grantee;
import
org.apache.shardingsphere.infra.metadata.auth.model.user.ShardingSphereUser;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
@@ -56,11 +57,11 @@ public final class PostgreSQLAuthenticationHandler {
if (!expectedMd5Digest.equals(md5Digest)) {
return new
PostgreSQLLoginResult(PostgreSQLErrorCode.INVALID_PASSWORD,
String.format("password authentication failed for user \"%s\"", username));
}
+ Optional<ShardingSpherePrivilege> privilege =
ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(user.get().getGrantee());
// TODO : privilege.hasPrivileges(schema, xxx) (xxx means the
privileges needed here), rather than Collections.emptyList()
- if
(!ProxyContext.getInstance().getMetaDataContexts().getAuthentication().getAuthentication().get(user.get()).hasPrivileges(databaseName,
Collections.emptyList())) {
- return new
PostgreSQLLoginResult(PostgreSQLErrorCode.PRIVILEGE_NOT_GRANTED,
String.format("Access denied for user '%s' to database '%s'", username,
databaseName));
- }
- return new
PostgreSQLLoginResult(PostgreSQLErrorCode.SUCCESSFUL_COMPLETION, null);
+ return privilege.isPresent() &&
privilege.get().hasPrivileges(databaseName, Collections.emptyList())
+ ? new
PostgreSQLLoginResult(PostgreSQLErrorCode.SUCCESSFUL_COMPLETION, null)
+ : new
PostgreSQLLoginResult(PostgreSQLErrorCode.PRIVILEGE_NOT_GRANTED,
String.format("Access denied for user '%s' to database '%s'", username,
databaseName));
}
private static String md5Encode(final String username, final String
password, final byte[] md5Salt) {
