0
点赞
收藏
分享

微信扫一扫

dremio NamespaceService 简单说明一

成义随笔 2023-01-08 阅读 19

此处主要说明社区版dremio namspaceservice 包含的一个能力,我们如果自己扩展下就可以实现简单的部分权限管理

参加定义类图

如下如可以看出namspaceservice 提供的能力

dremio NamespaceService 简单说明一_java

 

 

一个额外的能力

  • 接口定义

 

interface Factory {

/**

* Return a namespace service for a given user. Note that this is for usernames

* and users only, if roles are to be supported, use #get(NamespaceIdentity) instead.

*

* @param userName a valid user name

* @return a namespace service instance

* @throws NullPointerException if {@code userName} is null

* @throws IllegalArgumentException if {@code userName} is invalid

*/

NamespaceService get(String userName);

//  如果我们希望包含基于角色的控制就可以实现此,实际上就是属于用户的namespace,这样就可以控制用户能力的显示了,可以任务是一个namespace 的子集

NamespaceService get(NamespaceIdentity identity);

}

官方的实现

因为默认我们使用的社区版是不启动权限能力的,所以实现比较简单,每个用户获取的都是所有的

NamespaceService 权限部分的使用

实际上是通过查询上下文解决的,主要在CatalogImpl中,基于NamespaceService 创建属于用户的Namespace服务

CatalogImpl(

MetadataRequestOptions options,

PluginRetriever pluginRetriever,

CatalogServiceImpl.SourceModifier sourceModifier,

OptionManager optionManager,

NamespaceService systemNamespaceService,

NamespaceService.Factory namespaceFactory,

Orphanage orphanage,

DatasetListingService datasetListingService,

ViewCreatorFactory viewCreatorFactory,

IdentityResolver identityResolver,

VersionContextResolverImpl versionContextResolverImpl) {

this.options = options;

this.pluginRetriever = pluginRetriever;

this.sourceModifier = sourceModifier;

this.userName = options.getSchemaConfig().getUserName();

 

this.optionManager = optionManager;

this.systemNamespaceService = systemNamespaceService;

this.namespaceFactory = namespaceFactory;

this.orphanage = orphanage;

this.datasetListingService = datasetListingService;

this.viewCreatorFactory = viewCreatorFactory;

this.identityResolver = identityResolver;

 

final CatalogIdentity identity = options.getSchemaConfig().getAuthContext().getSubject();

// 用户的Namespace服务

this.userNamespaceService = namespaceFactory.get(identityResolver.toNamespaceIdentity(identity));

 

this.versionContextResolverImpl = versionContextResolverImpl;

this.datasets = new DatasetManager(pluginRetriever, userNamespaceService, optionManager, userName,

identityResolver, versionContextResolverImpl);

this.iscDelegate = new InformationSchemaCatalogImpl(userNamespaceService, pluginRetriever);

 

this.selectedSources = ConcurrentHashMap.newKeySet();

this.crossSourceSelectDisable = optionManager.getOption(CatalogOptions.DISABLE_CROSS_SOURCE_SELECT);

}

identityResolver.toNamespaceIdentity解析处理

private class CatalogIdentityResolver implements IdentityResolver {

@Override

public CatalogIdentity getOwner(List<String> path) throws NamespaceException {

NamespaceKey key = new NamespaceKey(path);

if (systemNamespace.getEntityByPath(key).getType() == NameSpaceContainer.Type.DATASET) {

final DatasetConfig dataset = systemNamespace.getDataset(key);

return dataset.getType() != DatasetType.VIRTUAL_DATASET ? null : new CatalogUser(dataset.getOwner());

}

return null;

}

 

@Override

public NamespaceIdentity toNamespaceIdentity(CatalogIdentity identity) {

if (identity instanceof CatalogUser) {

if (identity.getName().equals(SystemUser.SYSTEM_USERNAME)) {

return new NamespaceUser(() -> SystemUser.SYSTEM_USER);

}

 

try {

final User user = context.get().getUserService().getUser(identity.getName());

return new NamespaceUser(() -> user);

} catch (UserNotFoundException ignored) {

}

}

 

return null;

}

}

dremio 社区版实现的NamespaceService

从以下可以看出,实际上是没有控制的,所以都是全部数据

public static final class Factory implements NamespaceService.Factory {

private final LegacyKVStoreProvider kvStoreProvider;

 

@Inject

public Factory(LegacyKVStoreProvider kvStoreProvider) {

this.kvStoreProvider = kvStoreProvider;

}

 

@Override

public NamespaceService get(String userName) {

Preconditions.checkNotNull(userName, "requires userName"); // per method contract

return new NamespaceServiceImpl(kvStoreProvider);

}

 

@Override

public NamespaceService get(NamespaceIdentity identity) {

Preconditions.checkNotNull(identity, "requires identity"); // per method contract

return new NamespaceServiceImpl(kvStoreProvider);

}

}

说明

以上是一个简单的介绍,大家可以自己扩展下,实现一个简单的权限能力

参考资料

services/namespace/src/main/java/com/dremio/service/namespace/NamespaceService.java
services/namespace/src/main/java/com/dremio/service/namespace/NamespaceServiceImpl.java
sabot/kernel/src/main/java/com/dremio/exec/catalog/CatalogImpl.java

举报

相关推荐

0 条评论