feat: support uniq grant
This commit is contained in:
kailixu
parent
0feae4423d
commit
f76a61c777
|
|
@ -58,16 +58,15 @@ typedef enum {
|
||||||
TSDB_GRANT_BACKUP_RESTORE,
|
TSDB_GRANT_BACKUP_RESTORE,
|
||||||
} EGrantType;
|
} EGrantType;
|
||||||
|
|
||||||
int32_t grantCheck(EGrantType grant); // less
|
int32_t grantCheck(EGrantType grant);
|
||||||
int32_t grantCheckLE(EGrantType grant); // less or equal
|
int32_t grantCheckExpire(EGrantType grant);
|
||||||
char* tGetMachineId();
|
char* tGetMachineId();
|
||||||
#ifndef TD_UNIQ_GRANT
|
#ifdef TD_UNIQ_GRANT
|
||||||
int32_t grantAlterActiveCode(int32_t did, const char* old, const char* newer, char* out, int8_t type);
|
int32_t grantCheckLE(EGrantType grant);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
// #ifndef GRANTS_CFG
|
// #ifndef GRANTS_CFG
|
||||||
#ifdef TD_ENTERPRISE
|
#ifdef TD_ENTERPRISE
|
||||||
#ifdef TD_UNIQ_GRANT
|
|
||||||
#define GRANTS_SCHEMA \
|
#define GRANTS_SCHEMA \
|
||||||
static const SSysDbTableSchema grantsSchema[] = { \
|
static const SSysDbTableSchema grantsSchema[] = { \
|
||||||
{.name = "version", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "version", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
|
|
@ -80,38 +79,13 @@ int32_t grantAlterActiveCode(int32_t did, const char* old, const char* newer, ch
|
||||||
{.name = "cpu_cores", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "cpu_cores", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
#define GRANTS_SCHEMA \
|
|
||||||
static const SSysDbTableSchema grantsSchema[] = { \
|
|
||||||
{.name = "version", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "expire_time", .bytes = 19 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "expired", .bytes = 5 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "storage", .bytes = 21 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "timeseries", .bytes = 21 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "databases", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "users", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "accounts", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "dnodes", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "connections", .bytes = 11 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "streams", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "cpu_cores", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "speed", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "querytime", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "opc_da", .bytes = GRANTS_COL_MAX_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "opc_ua", .bytes = GRANTS_COL_MAX_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "pi", .bytes = GRANTS_COL_MAX_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "kafka", .bytes = GRANTS_COL_MAX_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "influxdb", .bytes = GRANTS_COL_MAX_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
{.name = "mqtt", .bytes = GRANTS_COL_MAX_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#else
|
|
||||||
#define GRANTS_SCHEMA \
|
#define GRANTS_SCHEMA \
|
||||||
static const SSysDbTableSchema grantsSchema[] = { \
|
static const SSysDbTableSchema grantsSchema[] = { \
|
||||||
{.name = "version", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "version", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
{.name = "expire_time", .bytes = 19 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "expire_time", .bytes = 19 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
{.name = "service_time", .bytes = 19 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "service_time", .bytes = 19 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
{.name = "expired", .bytes = 5 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "expired", .bytes = 5 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
{.name = "state", .bytes = 21 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "state", .bytes = 9 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
{.name = "timeseries", .bytes = 21 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "timeseries", .bytes = 21 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
{.name = "dnodes", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "dnodes", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
{.name = "cpu_cores", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
{.name = "cpu_cores", .bytes = 10 + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR}, \
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,14 @@
|
||||||
|
|
||||||
#ifndef _GRANT
|
#ifndef _GRANT
|
||||||
|
|
||||||
int32_t grantCheck(EGrantType grant) {return TSDB_CODE_SUCCESS;}
|
int32_t grantCheck(EGrantType grant) { return TSDB_CODE_SUCCESS; }
|
||||||
int32_t grantCheckLE(EGrantType grant) {return TSDB_CODE_SUCCESS;}
|
int32_t grantCheckExpire(EGrantType grant) { return TSDB_CODE_SUCCESS; }
|
||||||
|
|
||||||
|
#ifdef TD_UNIQ_GRANT
|
||||||
|
int32_t grantCheckLE(EGrantType grant) { return TSDB_CODE_SUCCESS; }
|
||||||
|
#endif
|
||||||
|
#else
|
||||||
|
#ifdef TD_UNIQ_GRANT
|
||||||
|
int32_t grantCheckExpire(EGrantType grant) { return TSDB_CODE_SUCCESS; }
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -36,10 +36,8 @@
|
||||||
int32_t mndGrantActionDelete(SSdb * pSdb, SGrantLogObj * pGrant);
|
int32_t mndGrantActionDelete(SSdb * pSdb, SGrantLogObj * pGrant);
|
||||||
int32_t mndGrantActionUpdate(SSdb * pSdb, SGrantLogObj * pOldGrant, SGrantLogObj * pNewGrant);
|
int32_t mndGrantActionUpdate(SSdb * pSdb, SGrantLogObj * pOldGrant, SGrantLogObj * pNewGrant);
|
||||||
|
|
||||||
#ifdef TD_UNIQ_GRANT
|
|
||||||
int32_t grantAlterActiveCode(SMnode * pMnode, SGrantLogObj * pObj, const char *oldActive, const char *newActive,
|
int32_t grantAlterActiveCode(SMnode * pMnode, SGrantLogObj * pObj, const char *oldActive, const char *newActive,
|
||||||
char **mergeActive);
|
char **mergeActive);
|
||||||
#endif
|
|
||||||
|
|
||||||
int32_t mndProcessConfigGrantReq(SMnode * pMnode, SRpcMsg * pReq, SMCfgClusterReq * pCfg);
|
int32_t mndProcessConfigGrantReq(SMnode * pMnode, SRpcMsg * pReq, SMCfgClusterReq * pCfg);
|
||||||
int32_t mndProcessUpdGrantLog(SMnode * pMnode, SRpcMsg * pReq, SArray * pMachines, SGrantState * pState);
|
int32_t mndProcessUpdGrantLog(SMnode * pMnode, SRpcMsg * pReq, SArray * pMachines, SGrantState * pState);
|
||||||
|
|
|
||||||
|
|
@ -107,7 +107,7 @@ static int32_t validateTopics(STrans *pTrans, const SArray *pTopicList, SMnode *
|
||||||
goto FAILED;
|
goto FAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((terrno = grantCheckLE(TSDB_GRANT_SUBSCRIPTION)) < 0) {
|
if ((terrno = grantCheckExpire(TSDB_GRANT_SUBSCRIPTION)) < 0) {
|
||||||
code = terrno;
|
code = terrno;
|
||||||
goto FAILED;
|
goto FAILED;
|
||||||
}
|
}
|
||||||
|
|
@ -241,7 +241,7 @@ static int32_t checkPrivilege(SMnode *pMnode, SMqConsumerObj *pConsumer, SMqHbR
|
||||||
STopicPrivilege *data = taosArrayReserve(rsp->topicPrivileges, 1);
|
STopicPrivilege *data = taosArrayReserve(rsp->topicPrivileges, 1);
|
||||||
strcpy(data->topic, topic);
|
strcpy(data->topic, topic);
|
||||||
if (mndCheckTopicPrivilege(pMnode, user, MND_OPER_SUBSCRIBE, pTopic) != 0 ||
|
if (mndCheckTopicPrivilege(pMnode, user, MND_OPER_SUBSCRIBE, pTopic) != 0 ||
|
||||||
grantCheckLE(TSDB_GRANT_SUBSCRIPTION) < 0) {
|
grantCheckExpire(TSDB_GRANT_SUBSCRIPTION) < 0) {
|
||||||
data->noPrivilege = 1;
|
data->noPrivilege = 1;
|
||||||
} else {
|
} else {
|
||||||
data->noPrivilege = 0;
|
data->noPrivilege = 0;
|
||||||
|
|
|
||||||
|
|
@ -141,7 +141,7 @@ static int32_t mndCreateDefaultDnode(SMnode *pMnode) {
|
||||||
memcpy(dnodeObj.machineId, machineId, TSDB_MACHINE_ID_LEN);
|
memcpy(dnodeObj.machineId, machineId, TSDB_MACHINE_ID_LEN);
|
||||||
taosMemoryFreeClear(machineId);
|
taosMemoryFreeClear(machineId);
|
||||||
} else {
|
} else {
|
||||||
#ifdef TD_UNIQ_GRANT
|
#ifdef TD_ENTERPRISE
|
||||||
terrno = TSDB_CODE_DNODE_NO_MACHINE_CODE;
|
terrno = TSDB_CODE_DNODE_NO_MACHINE_CODE;
|
||||||
goto _OVER;
|
goto _OVER;
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
|
|
@ -1616,7 +1616,7 @@ static int32_t mndProcessResumeStreamReq(SRpcMsg *pReq) {
|
||||||
SMnode *pMnode = pReq->info.node;
|
SMnode *pMnode = pReq->info.node;
|
||||||
SStreamObj *pStream = NULL;
|
SStreamObj *pStream = NULL;
|
||||||
|
|
||||||
if(grantCheckLE(TSDB_GRANT_STREAMS) < 0){
|
if(grantCheckExpire(TSDB_GRANT_STREAMS) < 0){
|
||||||
terrno = TSDB_CODE_GRANT_EXPIRED;
|
terrno = TSDB_CODE_GRANT_EXPIRED;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -225,7 +225,7 @@ int32_t mndProcessStreamHb(SRpcMsg *pReq) {
|
||||||
SArray *pFailedTasks = taosArrayInit(4, sizeof(SFailedCheckpointInfo));
|
SArray *pFailedTasks = taosArrayInit(4, sizeof(SFailedCheckpointInfo));
|
||||||
SArray *pOrphanTasks = taosArrayInit(3, sizeof(SOrphanTask));
|
SArray *pOrphanTasks = taosArrayInit(3, sizeof(SOrphanTask));
|
||||||
|
|
||||||
if(grantCheckLE(TSDB_GRANT_STREAMS) < 0){
|
if(grantCheckExpire(TSDB_GRANT_STREAMS) < 0){
|
||||||
if(suspendAllStreams(pMnode, &pReq->info) < 0){
|
if(suspendAllStreams(pMnode, &pReq->info) < 0){
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -450,10 +450,10 @@ TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_PAR_IVLD_ACTIVE, "Invalid active code")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_PAR_IVLD_KEY, "Invalid key to parse active code")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_PAR_IVLD_KEY, "Invalid key to parse active code")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_PAR_DEC_IVLD_KEY, "Invalid key to decode active code")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_PAR_DEC_IVLD_KEY, "Invalid key to decode active code")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_PAR_DEC_IVLD_KLEN, "Invalid klen to decode active code")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_PAR_DEC_IVLD_KLEN, "Invalid klen to decode active code")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_GEN_IVLD_KEY, "Invalid key to gen active code")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_GEN_IVLD_KEY, "Invalid key to generate active code")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_GEN_ACTIVE_LEN, "Exceeded active len to gen active code")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_GEN_ACTIVE_LEN, "Exceeded active len to generate active code")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_GEN_ENC_IVLD_KLEN, "Invalid klen to encode active code")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_GEN_ENC_IVLD_KLEN, "Invalid klen to encode active code")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_PAR_IVLD_DIST, "Invalid dist to parse active code")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_PAR_IVLD_DIST, "Invalid distribution time to parse active code")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_UNLICENSED_CLUSTER, "Illegal operation, the license is being used by an unlicensed cluster")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_UNLICENSED_CLUSTER, "Illegal operation, the license is being used by an unlicensed cluster")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_LACK_OF_BASIC, "Lack of basic functions in active code")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_LACK_OF_BASIC, "Lack of basic functions in active code")
|
||||||
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_OBJ_NOT_EXIST, "Grant object not exist")
|
TAOS_DEFINE_ERROR(TSDB_CODE_GRANT_OBJ_NOT_EXIST, "Grant object not exist")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue