Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature-wip](multi-catalog) support to switch catalog #10381

Merged
merged 1 commit into from
Jun 24, 2022
Merged

[feature-wip](multi-catalog) support to switch catalog #10381

merged 1 commit into from
Jun 24, 2022

Conversation

AshinGau
Copy link
Member

@AshinGau AshinGau commented Jun 23, 2022
edited
Loading

Usage:

set enable_multi_catalog = true in fe.conf to enable multi-catalog.

CREATE CATALOG

create hive catalog

MySQL [tpch1]> create catalog hive properties('type' = 'hms', 'hive.metastore.uris' = 'thrift://192.168.0.1:9083');
MySQL [tpch1]> show catalogs;
+-------------+----------+
| CatalogName | Type     |
+-------------+----------+
| hive        | hms      |
| __internal  | internal |
+-------------+----------+

SWITCH CATALOG

Required Privileges
If catalog does not exist, throw an exception.
The user with catalog-level's show_priv or any privilege of tables or databases within the catalog,
can switch to the catalog.

MySQL [tpch1]> show all grants;
+-----------------------------+----------+-------------------------------+--------------+----------------------------------------------------------------------------------------------------------------------------+------------+---------------+
| UserIdentity                | Password | GlobalPrivs                   | CatalogPrivs | DatabasePrivs                                                                                                              | TablePrivs | ResourcePrivs |
+-----------------------------+----------+-------------------------------+--------------+----------------------------------------------------------------------------------------------------------------------------+------------+---------------+
| 'root'@'%'                  | No       | Node_priv Admin_priv  (false) | NULL         | NULL                                                                                                                       | NULL       | NULL          |
| 'admin'@'%'                 | No       | Admin_priv  (false)           | NULL         | NULL                                                                                                                       | NULL       | NULL          |
| 'default_cluster:user1'@'%' | Yes      |  (false)                      | NULL         | __internal.default_cluster:information_schema: Select_priv  (false); __internal.default_cluster:tpch: Select_priv  (false) | NULL       | NULL          |
+-----------------------------+----------+-------------------------------+--------------+----------------------------------------------------------------------------------------------------------------------------+------------+---------------+

user1 can't switch to hive catalog.

MySQL [(none)]> switch __internal;
Query OK, 0 rows affected (0.00 sec)
MySQL [(none)]> switch hive;
ERROR 5087 (42000): errCode = 2, detailMessage = Access denied for user 'default_cluster:user1' to catalog 'hive'

Supported
Only grant stmt works now, a user can use two-segment-format 'db.tbl' to grant privileges within the catalog.

// root user
MySQL [tpch1]> switch hive;
grant create_priv on hive_tpch.* to 'user1'@'%';
grant create_priv on *.* to 'user1'@'%';
show all grants;
+-----------------------------+----------+-------------------------------+----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+---------------+
| UserIdentity                | Password | GlobalPrivs                   | CatalogPrivs               | DatabasePrivs                                                                                                                                                                    | TablePrivs | ResourcePrivs |
+-----------------------------+----------+-------------------------------+----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+---------------+
| 'root'@'%'                  | No       | Node_priv Admin_priv  (false) | NULL                       | NULL                                                                                                                                                                             | NULL       | NULL          |
| 'admin'@'%'                 | No       | Admin_priv  (false)           | NULL                       | NULL                                                                                                                                                                             | NULL       | NULL          |
| 'default_cluster:user1'@'%' | Yes      |  (false)                      | hive: Create_priv  (false) | __internal.default_cluster:information_schema: Select_priv  (false); __internal.default_cluster:tpch: Select_priv  (false); hive.default_cluster:hive_tpch: Create_priv  (false) | NULL       | NULL          |
+-----------------------------+----------+-------------------------------+----------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+---------------+

SHOW CATALOG(S)

Only the user with privileges the same as switch catalog can get information from show catalog(s)
root user: access to get all information about catalogs.

MySQL [(none)]> show catalogs;
+-------------+----------+
| CatalogName | Type     |
+-------------+----------+
| hive        | hms      |
| __internal  | internal |
| iceberg     | hms      |
+-------------+----------+
MySQL [(none)]> show catalog iceberg;
+-----------------------------+---------------------------+
| Key                         | Value                     |
+-----------------------------+---------------------------+
| iceberg.hive.metastore.uris | thrift://192.168.0.1:9083 |
| type                        | hms                       |
+-----------------------------+---------------------------+

user1: can only get the catalog information of '__internal' and 'hive'.

MySQL [(none)]> show catalogs;
+-------------+----------+
| CatalogName | Type     |
+-------------+----------+
| hive        | hms      |
| __internal  | internal |
+-------------+----------+
MySQL [(none)]> show catalog iceberg;
errCode = 2, detailMessage = Access denied for user 'default_cluster:user1' to catalog 'iceberg'

Checklist(Required)

  1. Does it affect the original behavior: (No)
  2. Has unit tests been added: (Yes)
  3. Has document been added or modified: (No)
  4. Does it need to update dependencies: (No)
  5. Are there any changes that cannot be rolled back: (No)

Further comments

If this is a relatively large or complex change, kick off the discussion at dev@doris.apache.org by explaining why you chose the solution you did and what alternatives you considered, etc...

@github-actions github-actions bot added the area/planner Issues or PRs related to the query planner label Jun 23, 2022
morningman
morningman approved these changes Jun 23, 2022
View reviewed changes
Copy link
Contributor

@morningman morningman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions github-actions bot added the approved Indicates a PR has been approved by one committer. label Jun 23, 2022
@github-actions
Copy link
Contributor

PR approved by at least one committer and no changes requested.

@github-actions
Copy link
Contributor

PR approved by anyone and no changes requested.

@morningman morningman added kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API api-review Categorizes an issue or PR as actively needing an API review. labels Jun 24, 2022
@morningman morningman merged commit 516f5b1 into apache:master Jun 24, 2022
@AshinGau AshinGau deleted the switch-catalog branch July 8, 2022 03:18
@xy720 xy720 mentioned this pull request Jul 26, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@morningman morningman morningman approved these changes

Assignees
No one assigned
Labels
api-review Categorizes an issue or PR as actively needing an API review. approved Indicates a PR has been approved by one committer. area/multi-catalog area/planner Issues or PRs related to the query planner kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AshinGau @morningman