Refactor authority provider (#29555)

* Refactor CDCConnectionContext * Rename AllPermittedPrivileges * Refactor DatabasePrivilegeBuilder * Remove DatabasePrivilegeBuilder * Remove DatabasePrivilegeBuilder
apache · Dec 26, 2023 · 3685701 · 3685701
1 parent fed30b2
commit 3685701
Show file tree

Hide file tree

Showing 10 changed files with 68 additions and 126 deletions.
diff --git a/...ommon/src/main/java/org/apache/shardingsphere/infra/metadata/user/ShardingSphereUser.java b/...ommon/src/main/java/org/apache/shardingsphere/infra/metadata/user/ShardingSphereUser.java
@@ -33,6 +33,10 @@ public final class ShardingSphereUser {
 
     private final String authenticationMethodName;
 
+    public ShardingSphereUser(final String grantee) {
+        this(grantee.substring(0, grantee.indexOf('@')), "", grantee.substring(grantee.indexOf('@') + 1));
+    }
+
     public ShardingSphereUser(final String username, final String password, final String hostname) {
         this(username, password, hostname, "");
     }

diff --git a/...hardingsphere/authority/provider/database/DatabasePermittedAuthorityRegistryProvider.java b/...hardingsphere/authority/provider/database/DatabasePermittedAuthorityRegistryProvider.java
@@ -17,15 +17,24 @@
 
 package org.apache.shardingsphere.authority.provider.database;
 
+import com.google.common.base.Preconditions;
 import org.apache.shardingsphere.authority.model.AuthorityRegistry;
-import org.apache.shardingsphere.authority.provider.database.builder.DatabasePrivilegeBuilder;
+import org.apache.shardingsphere.authority.model.ShardingSpherePrivileges;
+import org.apache.shardingsphere.authority.provider.database.model.privilege.DatabasePermittedPrivileges;
 import org.apache.shardingsphere.authority.registry.UserPrivilegeMapAuthorityRegistry;
 import org.apache.shardingsphere.authority.spi.AuthorityRegistryProvider;
+import org.apache.shardingsphere.infra.metadata.user.Grantee;
 import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
 
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Properties;
+import java.util.stream.Collectors;
 
 /**
  * Database permitted authority registry provider.
@@ -43,7 +52,49 @@ public void init(final Properties props) {
 
     @Override
     public AuthorityRegistry build(final Collection<ShardingSphereUser> users) {
-        return new UserPrivilegeMapAuthorityRegistry(DatabasePrivilegeBuilder.build(users, props));
+        String userDatabaseMappings = props.getProperty(DatabasePermittedAuthorityRegistryProvider.PROP_USER_DATABASE_MAPPINGS, "");
+        checkDatabases(userDatabaseMappings);
+        return new UserPrivilegeMapAuthorityRegistry(buildPrivileges(users, convertUserDatabases(userDatabaseMappings)));
+    }
+
+    private void checkDatabases(final String userDatabaseMappings) {
+        Preconditions.checkArgument(!"".equals(userDatabaseMappings), "user-database-mappings configuration `%s` can not be null", userDatabaseMappings);
+        Arrays.stream(userDatabaseMappings.split(",")).forEach(each -> Preconditions.checkArgument(each.contains("@") && each.contains("="),
+                "user-database-mappings configuration `%s` is invalid, the configuration format should be like `username@hostname=database`", each));
+    }
+
+    private Map<ShardingSphereUser, ShardingSpherePrivileges> buildPrivileges(final Collection<ShardingSphereUser> users,
+                                                                              final Map<ShardingSphereUser, Collection<String>> userDatabaseMappings) {
+        return users.stream().collect(Collectors.toMap(each -> each, each -> new DatabasePermittedPrivileges(getUserDatabases(each, userDatabaseMappings))));
+    }
+
+    private Collection<String> getUserDatabases(final ShardingSphereUser user, final Map<ShardingSphereUser, Collection<String>> userDatabaseMappings) {
+        Collection<String> result = new HashSet<>();
+        for (Entry<ShardingSphereUser, Collection<String>> entry : userDatabaseMappings.entrySet()) {
+            boolean isAnyOtherHost = checkAnyOtherHost(entry.getKey().getGrantee(), user);
+            if (isAnyOtherHost || user.equals(entry.getKey())) {
+                result.addAll(entry.getValue());
+            }
+        }
+        return result;
+    }
+
+    private boolean checkAnyOtherHost(final Grantee grantee, final ShardingSphereUser user) {
+        return ("%".equals(grantee.getHostname())
+                || grantee.getHostname().equals(user.getGrantee().getHostname())) && grantee.getUsername().equals(user.getGrantee().getUsername());
+    }
+
+    private Map<ShardingSphereUser, Collection<String>> convertUserDatabases(final String userDatabaseMappings) {
+        String[] mappings = userDatabaseMappings.split(",");
+        Map<ShardingSphereUser, Collection<String>> result = new HashMap<>(mappings.length, 1F);
+        for (String each : mappings) {
+            String[] userDatabasePair = each.trim().split("=");
+            ShardingSphereUser user = new ShardingSphereUser(userDatabasePair[0]);
+            Collection<String> databases = result.getOrDefault(user, new HashSet<>());
+            databases.add(userDatabasePair[1]);
+            result.putIfAbsent(user, databases);
+        }
+        return result;
     }
 
     @Override

diff --git a/...g/apache/shardingsphere/authority/provider/database/builder/DatabasePrivilegeBuilder.java b/...g/apache/shardingsphere/authority/provider/database/builder/DatabasePrivilegeBuilder.java
diff --git a/...ardingsphere/authority/provider/database/model/privilege/DatabasePermittedPrivileges.java b/...ardingsphere/authority/provider/database/model/privilege/DatabasePermittedPrivileges.java
@@ -24,7 +24,6 @@
 import org.apache.shardingsphere.authority.provider.database.model.subject.DatabaseAccessSubject;
 
 import java.util.Collection;
-import java.util.Set;
 
 /**
  * Database permitted privileges.
@@ -34,7 +33,7 @@ public final class DatabasePermittedPrivileges implements ShardingSpherePrivileg
 
     private static final String KEY_SUPER = "*";
 
-    private final Set<String> databases;
+    private final Collection<String> databases;
 
     @Override
     public boolean hasPrivileges(final String database) {

diff --git a/...gesPermittedShardingSpherePrivileges.java → ...del/privilege/AllPermittedPrivileges.java b/...gesPermittedShardingSpherePrivileges.java → ...del/privilege/AllPermittedPrivileges.java
@@ -26,7 +26,7 @@
 /**
  * All permitted privileges.
  */
-public final class AllPrivilegesPermittedShardingSpherePrivileges implements ShardingSpherePrivileges {
+public final class AllPermittedPrivileges implements ShardingSpherePrivileges {
 
     @Override
     public boolean hasPrivileges(final String database) {

diff --git a/...main/java/org/apache/shardingsphere/authority/registry/AllPermittedAuthorityRegistry.java b/...main/java/org/apache/shardingsphere/authority/registry/AllPermittedAuthorityRegistry.java
@@ -19,7 +19,7 @@
 
 import org.apache.shardingsphere.authority.model.AuthorityRegistry;
 import org.apache.shardingsphere.authority.model.ShardingSpherePrivileges;
-import org.apache.shardingsphere.authority.provider.simple.model.privilege.AllPrivilegesPermittedShardingSpherePrivileges;
+import org.apache.shardingsphere.authority.provider.simple.model.privilege.AllPermittedPrivileges;
 import org.apache.shardingsphere.infra.metadata.user.Grantee;
 
 import java.util.Optional;
@@ -29,7 +29,7 @@
  */
 public final class AllPermittedAuthorityRegistry implements AuthorityRegistry {
 
-    private static final ShardingSpherePrivileges INSTANCE = new AllPrivilegesPermittedShardingSpherePrivileges();
+    private static final ShardingSpherePrivileges INSTANCE = new AllPermittedPrivileges();
 
     @Override
     public Optional<ShardingSpherePrivileges> findPrivileges(final Grantee grantee) {

diff --git a/...ermittedShardingSpherePrivilegesTest.java → ...privilege/AllPermittedPrivilegesTest.java b/...ermittedShardingSpherePrivilegesTest.java → ...privilege/AllPermittedPrivilegesTest.java
@@ -25,11 +25,11 @@
 
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
-class AllPrivilegesPermittedShardingSpherePrivilegesTest {
+class AllPermittedPrivilegesTest {
 
     @Test
     void assertFindPrivileges() {
-        ShardingSpherePrivileges actual = new AllPrivilegesPermittedShardingSpherePrivileges();
+        ShardingSpherePrivileges actual = new AllPermittedPrivileges();
         assertTrue(actual.hasPrivileges("testSchema"));
         assertTrue(actual.hasPrivileges(Collections.emptyList()));
         assertTrue(actual.hasPrivileges(new DatabaseAccessSubject("testSchema"), Collections.emptyList()));

diff --git a/...c/main/java/org/apache/shardingsphere/data/pipeline/cdc/context/CDCConnectionContext.java b/...c/main/java/org/apache/shardingsphere/data/pipeline/cdc/context/CDCConnectionContext.java
@@ -25,9 +25,9 @@
 /**
  * CDC connection context.
  */
+@RequiredArgsConstructor
 @Getter
 @Setter
-@RequiredArgsConstructor
 public final class CDCConnectionContext {
 
     private final ShardingSphereUser currentUser;

diff --git a/.../shardingsphere/proxy/backend/mysql/handler/admin/executor/ShowDatabasesExecutorTest.java b/.../shardingsphere/proxy/backend/mysql/handler/admin/executor/ShowDatabasesExecutorTest.java
@@ -17,7 +17,7 @@
 
 package org.apache.shardingsphere.proxy.backend.mysql.handler.admin.executor;
 
-import org.apache.shardingsphere.authority.provider.simple.model.privilege.AllPrivilegesPermittedShardingSpherePrivileges;
+import org.apache.shardingsphere.authority.provider.simple.model.privilege.AllPermittedPrivileges;
 import org.apache.shardingsphere.authority.rule.AuthorityRule;
 import org.apache.shardingsphere.infra.config.props.ConfigurationProperties;
 import org.apache.shardingsphere.infra.database.core.type.DatabaseType;
@@ -190,7 +190,7 @@ private ContextManager mockContextManager() {
 
     private AuthorityRule mockAuthorityRule() {
         AuthorityRule result = mock(AuthorityRule.class);
-        when(result.findPrivileges(new Grantee("root", ""))).thenReturn(Optional.of(new AllPrivilegesPermittedShardingSpherePrivileges()));
+        when(result.findPrivileges(new Grantee("root", ""))).thenReturn(Optional.of(new AllPermittedPrivileges()));
         return result;
     }
 

diff --git a/...che/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngineTest.java b/...che/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationEngineTest.java
@@ -23,7 +23,7 @@
 import io.netty.channel.ChannelPipeline;
 import io.netty.util.Attribute;
 import lombok.SneakyThrows;
-import org.apache.shardingsphere.authority.provider.simple.model.privilege.AllPrivilegesPermittedShardingSpherePrivileges;
+import org.apache.shardingsphere.authority.provider.simple.model.privilege.AllPermittedPrivileges;
 import org.apache.shardingsphere.authority.rule.AuthorityRule;
 import org.apache.shardingsphere.db.protocol.constant.CommonConstants;
 import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLCapabilityFlag;
@@ -170,7 +170,7 @@ void assertAuthenticationSwitchResponse() {
         AuthorityRule rule = mock(AuthorityRule.class);
         ShardingSphereUser user = new ShardingSphereUser("root", "", "127.0.0.1");
         when(rule.findUser(user.getGrantee())).thenReturn(Optional.of(user));
-        when(rule.findPrivileges(user.getGrantee())).thenReturn(Optional.of(new AllPrivilegesPermittedShardingSpherePrivileges()));
+        when(rule.findPrivileges(user.getGrantee())).thenReturn(Optional.of(new AllPermittedPrivileges()));
         when(rule.getAuthenticatorType(any())).thenReturn("");
         ContextManager contextManager = mockContextManager(rule);
         when(ProxyContext.getInstance().getContextManager()).thenReturn(contextManager);