search

datafuselabs / databend

๐——๐—ฎ๐˜๐—ฎ, ๐—”๐—ป๐—ฎ๐—น๐˜†๐˜๐—ถ๐—ฐ๐˜€ & ๐—”๐—œ. Modern alternative to Snowflake. Cost-effective and simple for massive-scale analytics. https://databend.com
https://docs.databend.com
Other
7.31k stars 704 forks source link

feat(query): task support ownership #15458

Open TCeason opened 3 weeks ago

TCeason commented 3 weeks ago

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

Ownership cover Task Object

  1. Added Task to OwnershipObject, storing the task name (After confirmation that the task will not have a rename operation, storing the name is more appropriate)

  2. task. proto adds task_names. Added owner judgment in tasks/task_history_table.rs

  3. owenrship.proto added the OwnershipTaskObject

  4. user.proto added GrantTaskObject

  5. Add the global permission to CREATE TASK. drop/alter task requires the DROP/ALTER permission. Only the owner of a task can execute the show/desc/execute task command

  6. Delete showtasksinterpreter

  7. grant task ownership when a task is created and revoke task ownership when a task is dropped

  8. Add list_tasks_ownerships and only list __fd_object_owners//task-by-name/ prefix

  9. if user has global Super privilege, it can execute/drop/alter/create/show all tasks and tasks_history

Attention:

  1. The ddl operation of the task also retains the previous permission verification. That so long as has the Global level of super permissions can be to create a task/drop/execute/desc/show.

  2. Integration testing is somewhat difficult and has been tested manually in the dev environment. warehouse 'task_p'.

Tests

Type of change

This change isโ€‚Reviewable

drmingdrmer commented 3 weeks ago

If this pull request is ready for review, please mark it as Ready for review.

If it is not yet ready, I would prefer to be removed from the reviewer list to avoid being overwhelmed by notifications from pushes. ๐Ÿค”

TCeason commented 3 weeks ago

Reviewed 13 of 38 files at r1, 13 of 22 files at r3, all commit messages. Reviewable status: 26 of 40 files reviewed, 4 unresolved discussions (waiting on @TCeason and @ZhiHanZ)

src/meta/proto-conv/src/util.rs line 122 at r3 (raw file):

    (88, "2024-04-17: Add: SequenceMeta"),
    (89, "2024-04-19: Add: geometry_output_format settings"),
    (90, "2024-05-09: Add: GrantTaskObject"),

The name of the new message is OwnershipTaskObject?

Two

owenrship.proto added the OwnershipTaskObject

user.proto added GrantTaskObject

TCeason commented 2 weeks ago

This pr can be merged when this pr https://github.com/datafuselabs/databend/pull/15496 released.

github-actions[bot] commented 1 week ago

Docker Image for PR

note: this image tag is only available for internal use, please check the internal doc for more details.

TCeason commented 1 week ago

I generate some case and test this pr in cloud dev: warehouse 'task_p'.

So I think we can review this pr now. cc @flaneur2020 @ZhiHanZ