This is an automated email from the ASF dual-hosted git repository. namelchev pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push: new 8d02951c005 IGNITE-17277 Added a user info to the sql queries view (#10124) 8d02951c005 is described below commit 8d02951c005b4fad319a99b49c09521f8abe9c96 Author: Nikita Amelchev <nsamelc...@gmail.com> AuthorDate: Fri Jul 1 18:10:00 2022 +0300 IGNITE-17277 Added a user info to the sql queries view (#10124) --- docs/_docs/monitoring-metrics/system-views.adoc | 16 +++-- .../ignite/jdbc/thin/JdbcThinMetadataSelfTest.java | 2 +- .../systemview/walker/SqlQueryViewWalker.java | 4 +- .../processors/query/GridRunningQueryInfo.java | 13 +++- .../processors/query/RunningQueryManager.java | 4 +- .../ignite/spi/systemview/view/SqlQueryView.java | 6 ++ .../processors/query/SqlSystemViewsSelfTest.java | 5 +- .../systemview/SystemViewSecurityTest.java | 77 ++++++++++++++++++++++ .../testsuites/IgniteStatisticsTestSuite.java | 4 +- 9 files changed, 117 insertions(+), 14 deletions(-) diff --git a/docs/_docs/monitoring-metrics/system-views.adoc b/docs/_docs/monitoring-metrics/system-views.adoc index 96d9cba182f..fd7b1cfa2f2 100644 --- a/docs/_docs/monitoring-metrics/system-views.adoc +++ b/docs/_docs/monitoring-metrics/system-views.adoc @@ -464,14 +464,16 @@ This view exposes information about currently running SQL queries. [{table_opts}] |=== -|NAME | TYPE | DESCRIPTION -|DURATION | long | Query execution duration +|NAME | TYPE | DESCRIPTION +|QUERY_ID | UUID | Query ID +|SQL | string | Query text +|ORIGIN_NODE_ID | UUID | Node that started query +|START_TIME | date | Query start time +|DURATION | long | Query execution duration +|INITIATOR_ID | string | User defined query initiator ID |LOCAL | boolean | True if local only -|ORIGIN_NODE_ID | UUID | Node that started query -|QUERY_ID | UUID | Query ID -|SCHEMA_NAME | string | Schema name -|SQL | string | Query text -|START_TIME | date | Query start time +|SCHEMA_NAME | string | Schema name +|SUBJECT_ID | UUID | The subject ID of the entity that initiated the query |=== == SQL_QUERIES_HISTORY diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinMetadataSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinMetadataSelfTest.java index 90519c44fcf..c9cf9bd225e 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinMetadataSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinMetadataSelfTest.java @@ -38,7 +38,6 @@ import java.util.LinkedHashMap; import java.util.Map; import java.util.Set; import java.util.TreeSet; - import org.apache.ignite.IgniteCache; import org.apache.ignite.cache.QueryEntity; import org.apache.ignite.cache.QueryIndex; @@ -775,6 +774,7 @@ public class JdbcThinMetadataSelfTest extends JdbcThinAbstractSelfTest { "SYS.SQL_QUERIES.DURATION.null.19", "SYS.SQL_QUERIES.ORIGIN_NODE_ID.null.2147483647", "SYS.SQL_QUERIES.INITIATOR_ID.null.2147483647", + "SYS.SQL_QUERIES.SUBJECT_ID.null.2147483647", "SYS.SCAN_QUERIES.START_TIME.null.19", "SYS.SCAN_QUERIES.TRANSFORMER.null.2147483647", "SYS.SCAN_QUERIES.LOCAL.null.1", diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/systemview/walker/SqlQueryViewWalker.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/systemview/walker/SqlQueryViewWalker.java index 1bfa4d96d36..216645608e1 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/systemview/walker/SqlQueryViewWalker.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/systemview/walker/SqlQueryViewWalker.java @@ -39,6 +39,7 @@ public class SqlQueryViewWalker implements SystemViewRowAttributeWalker<SqlQuery v.accept(5, "initiatorId", String.class); v.accept(6, "local", boolean.class); v.accept(7, "schemaName", String.class); + v.accept(8, "subjectId", UUID.class); } /** {@inheritDoc} */ @@ -51,10 +52,11 @@ public class SqlQueryViewWalker implements SystemViewRowAttributeWalker<SqlQuery v.accept(5, "initiatorId", String.class, row.initiatorId()); v.acceptBoolean(6, "local", row.local()); v.accept(7, "schemaName", String.class, row.schemaName()); + v.accept(8, "subjectId", UUID.class, row.subjectId()); } /** {@inheritDoc} */ @Override public int count() { - return 8; + return 9; } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/query/GridRunningQueryInfo.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/query/GridRunningQueryInfo.java index 2b219609ce5..bdc29e9f6ae 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/query/GridRunningQueryInfo.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/query/GridRunningQueryInfo.java @@ -65,6 +65,9 @@ public class GridRunningQueryInfo { /** Request ID. */ private long reqId; + /** Subject ID. */ + private final UUID subjId; + /** * Constructor. * @@ -77,6 +80,7 @@ public class GridRunningQueryInfo { * @param startTimeNanos Query start time in nanoseconds. * @param cancel Query cancel. * @param loc Local query flag. + * @param subjId Subject ID. */ public GridRunningQueryInfo( long id, @@ -88,7 +92,8 @@ public class GridRunningQueryInfo { long startTimeNanos, GridQueryCancel cancel, boolean loc, - String qryInitiatorId + String qryInitiatorId, + UUID subjId ) { this.id = id; this.nodeId = nodeId; @@ -101,6 +106,7 @@ public class GridRunningQueryInfo { this.loc = loc; this.span = MTC.span(); this.qryInitiatorId = qryInitiatorId; + this.subjId = subjId; } /** @@ -221,4 +227,9 @@ public class GridRunningQueryInfo { public void requestId(long reqId) { this.reqId = reqId; } + + /** @return Subject ID. */ + public UUID subjectId() { + return subjId; + } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/query/RunningQueryManager.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/query/RunningQueryManager.java index a4b40cdb929..11f1c8709df 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/query/RunningQueryManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/query/RunningQueryManager.java @@ -63,6 +63,7 @@ import org.jetbrains.annotations.Nullable; import static org.apache.ignite.internal.processors.cache.query.GridCacheQueryType.SQL; import static org.apache.ignite.internal.processors.cache.query.GridCacheQueryType.SQL_FIELDS; import static org.apache.ignite.internal.processors.metric.impl.MetricUtils.metricName; +import static org.apache.ignite.internal.processors.security.SecurityUtils.securitySubjectId; import static org.apache.ignite.internal.processors.tracing.SpanTags.ERROR; import static org.apache.ignite.internal.processors.tracing.SpanTags.SQL_QRY_ID; @@ -248,7 +249,8 @@ public class RunningQueryManager { ctx.performanceStatistics().enabled() ? System.nanoTime() : 0, cancel, loc, - qryInitiatorId + qryInitiatorId, + securitySubjectId(ctx) ); GridRunningQueryInfo preRun = runs.putIfAbsent(qryId, run); diff --git a/modules/core/src/main/java/org/apache/ignite/spi/systemview/view/SqlQueryView.java b/modules/core/src/main/java/org/apache/ignite/spi/systemview/view/SqlQueryView.java index e68d844506a..045efa9171e 100644 --- a/modules/core/src/main/java/org/apache/ignite/spi/systemview/view/SqlQueryView.java +++ b/modules/core/src/main/java/org/apache/ignite/spi/systemview/view/SqlQueryView.java @@ -22,6 +22,7 @@ import java.util.UUID; import org.apache.ignite.internal.managers.systemview.walker.Order; import org.apache.ignite.internal.processors.query.GridRunningQueryInfo; import org.apache.ignite.internal.util.typedef.internal.U; +import org.jetbrains.annotations.Nullable; /** * SQL query representation for a {@link SystemView}. @@ -82,4 +83,9 @@ public class SqlQueryView { public boolean local() { return qry.local(); } + + /** @return Subject ID. */ + @Nullable public UUID subjectId() { + return qry.subjectId(); + } } diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/query/SqlSystemViewsSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/query/SqlSystemViewsSelfTest.java index 8b2acad4b39..b18f82fd782 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/query/SqlSystemViewsSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/query/SqlSystemViewsSelfTest.java @@ -588,7 +588,7 @@ public class SqlSystemViewsSelfTest extends AbstractIndexingCommonTest { cache.put(100, "200"); - String sql = "SELECT SQL, QUERY_ID, SCHEMA_NAME, LOCAL, START_TIME, DURATION FROM " + + String sql = "SELECT SQL, QUERY_ID, SCHEMA_NAME, LOCAL, START_TIME, DURATION, SUBJECT_ID FROM " + systemSchemaName() + ".SQL_QUERIES"; FieldsQueryCursor notClosedFieldQryCursor = cache.query(new SqlFieldsQuery(sql).setLocal(true)); @@ -609,8 +609,9 @@ public class SqlSystemViewsSelfTest extends AbstractIndexingCommonTest { assertTrue(diffInMillis < 3000); assertEquals(sql, res0.get(0)); - assertEquals(sql, res1.get(0)); + assertNull(res0.get(6)); + assertNull(res1.get(6)); assertTrue((Boolean)res0.get(3)); diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/systemview/SystemViewSecurityTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/systemview/SystemViewSecurityTest.java new file mode 100644 index 00000000000..bcccd4837f0 --- /dev/null +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/systemview/SystemViewSecurityTest.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.systemview; + +import java.util.HashMap; +import java.util.Map; +import org.apache.ignite.Ignition; +import org.apache.ignite.cache.query.SqlFieldsQuery; +import org.apache.ignite.client.Config; +import org.apache.ignite.client.IgniteClient; +import org.apache.ignite.configuration.ClientConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; +import org.apache.ignite.spi.systemview.view.SqlQueryView; +import org.apache.ignite.spi.systemview.view.SystemView; +import org.junit.Test; + +import static org.apache.ignite.internal.processors.query.RunningQueryManager.SQL_QRY_VIEW; + +/** + * System view security test. + */ +public class SystemViewSecurityTest extends AbstractSecurityTest { + /** @throws Exception If failed. */ + @Test + public void testSqlQueryView() throws Exception { + IgniteEx srv = startGridAllowAll("srv"); + IgniteEx client = startClientAllowAll("client"); + + ClientConfiguration cfg = new ClientConfiguration() + .setAddresses(Config.SERVER) + .setUserName("thin-client"); + + try (IgniteClient thinClient = Ignition.startClient(cfg)) { + SqlFieldsQuery srvSql = new SqlFieldsQuery("SELECT * FROM (VALUES (1))"); + SqlFieldsQuery clientSql = new SqlFieldsQuery("SELECT * FROM (VALUES (1),(2))"); + SqlFieldsQuery thinClientSql = new SqlFieldsQuery("SELECT * FROM (VALUES (1),(2),(3))").setPageSize(1); + + srv.context().query().querySqlFields(srvSql, false).iterator().hasNext(); + client.compute().run(() -> client.context().query().querySqlFields(clientSql, false).iterator().hasNext()); + thinClient.query(thinClientSql).iterator().hasNext(); + + Map<String, Object> expLogins = new HashMap<>(); + + expLogins.put(srvSql.getSql(), srv.context().igniteInstanceName()); + expLogins.put(clientSql.getSql(), client.context().igniteInstanceName()); + expLogins.put(thinClientSql.getSql(), cfg.getUserName()); + + SystemView<SqlQueryView> views = srv.context().systemView().view(SQL_QRY_VIEW); + + assertEquals(expLogins.size(), views.size()); + + for (SqlQueryView view : views) { + Object login = srv.context().security().authenticatedSubject(view.subjectId()).login(); + + assertTrue(expLogins.remove(view.sql(), login)); + } + + assertTrue(expLogins.isEmpty()); + } + } +} diff --git a/modules/indexing/src/test/java/org/apache/ignite/testsuites/IgniteStatisticsTestSuite.java b/modules/indexing/src/test/java/org/apache/ignite/testsuites/IgniteStatisticsTestSuite.java index 17e8d72e9f0..ae00e0fc7e4 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/testsuites/IgniteStatisticsTestSuite.java +++ b/modules/indexing/src/test/java/org/apache/ignite/testsuites/IgniteStatisticsTestSuite.java @@ -51,6 +51,7 @@ import org.apache.ignite.internal.sql.SqlParserAnalyzeSelfTest; import org.apache.ignite.internal.sql.SqlParserDropStatisticsSelfTest; import org.apache.ignite.internal.sql.SqlParserRefreshStatisticsSelfTest; import org.apache.ignite.internal.systemview.JmxExporterSpiTest; +import org.apache.ignite.internal.systemview.SystemViewSecurityTest; import org.junit.runner.RunWith; import org.junit.runners.Suite; @@ -103,7 +104,8 @@ import org.junit.runners.Suite; StatisticsViewsInMemoryTest.class, StatisticsGlobalViewPersistenceTest.class, StatisticsGlobalViewInMemoryTest.class, - JmxExporterSpiTest.class + JmxExporterSpiTest.class, + SystemViewSecurityTest.class }) public class IgniteStatisticsTestSuite { }