godzie44 authored 11 months ago and Yaroslav Dynnikov committed 10 months ago

Plugin topology is a mapping plugin service to tiers.

Introduce new `pico.update_plugin_tiers` API.
This function may be used for control
where plugin services must be running and where not.

Plugin integration tests have also been refactored.

godzie44 authored 11 months ago and Yaroslav Dynnikov committed 11 months ago

Now for installation and enable plugin, there are two steps instead of one
(`pico.load_plugin` previously).
1. Install plugin (`pico.install_plugin`):
validate plugin, create system tables.
2. Enable plugin (`pico.enable_plugin`):
loads plugin into instances memory, call `on_start` callback.

Same for a plugin removing process (`pico.remove_plugin` previously):
1. Disable plugin (`pico.disable_plugin`): call `on_stop` callbacks, drop
plugin from instances.
2. Remove plugin (`pico.remove_plugin`):
remove plugin meta from system tables.

godzie44 authored 11 months ago and Yaroslav Dynnikov committed 11 months ago

Introduce a plugin system for picodata cluster.
Plugin system contains:
- `picoplugin` crate with plugin interfaces.
This crate exposes plugin interfaces for user implementation and API
that used by picodata to interact with plugin as with a code from dynamic library.
- Support for plugin work cycle in picodata instance work cycle.
Picodata instance interacts with running plugin by `PluginManager`
component.
Typically, plugins react to events that occur in instance or whole cluster.
- New lua API with plugin CRUD actions.
    - pico.create_plugin - load a new plugin into picodata cluster
    - pico.remove_plugin - remove plugin from picodata cluster
    - pico.update_plugin_config - update plugin service configuration

Make field 'auth' nullable

(cherry picked from commit 39f8885b)

Arseniy Volynets authored 1 year ago and Georgy Moshkin committed 1 year ago

- Add new DML op: Batch, which allows
using multiple dml operations in one
CAS request
- If request has too many dml operations,
the batch will be splitted into multiple
batches, so that each batch can be stored
in raft log

- add new ddl opcode for renaming procedure
- update sbroad submodule to get sql support
- syntax:

alter procedure "foo" rename to "bar" option(timeout=3)
alter procedure "foo"(int, int) rename to "bar"

Current commit introduces
- _pico_routine replicated table
- procedure creation with SQL API

Egor Ivkov authored 1 year ago and Егор Ивков committed 1 year ago

Panic happened in `on_access_denied` trigger. There was a switch to admin and back to user with `su`. Switch back to user panicked in SuGuard drop as user did not have session privilege.

Dmitry Rodionov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

Before this patch we've had ADMIN_ID in schema.rs and ADMIN_USER_ID
in lib.rs. This patch removes ADMIN_USER_ID in favor of ADMIN_ID

Dmitry Rodionov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

This patch adds initiator field to most of the events. Initiator is
added to members of Op enum which do not contain it already (e g owner
in CreateUser serves as initiator). To me it is reasonable to remove
as_user from CaS/ACL checks because it matches initiator. But I decided
not to do this just yet.

Additionally I've mande small cleanup to UserMetadata to avoid need for
intermediate step in decoding when we first fetch tuple and then decode
it into model struct.

Close https://git.picodata.io/picodata/picodata/picodata/-/issues/433

Dmitry Rodionov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

At the later stage I discovered that sbroad applies the same validation
rules during parsing of grant/revoke statements and even its own
Privilege enum that is a ~copy of our PrivilegeType. Unfortunately
at the moment there is no way to share code between picodata and sbroad
efficiently (now only tarantool-module is shared and it is not suitable
for such kind of things) so it still makes sense to have this in
picodata because this is the point where all APIs converge to the single
point (CaS). In the future all other ways of validation should be
removed. Aside from sbroad similar kind of validation is performed
independently on lua API side.

Note that in prior commit 45ba7392 we've
removed all privileges from role super. This patch removes privileges
from admin that do not match the model: namely all privileges on
universe except session and usage. With this patch it is no longer possible
to grant or revoke such privileges.

Dmitry Rodionov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

This allows future constructors to enforce invariants.
Additionally this commit removes redundant set_schema_version on Op by
passing schema version to corresponding Op constructors.

This change allows for creators of corresponding objects to consequently have all privileges on them.

The patch adds remaining access checks for cluster wide management
operations involving tables users and roles. Added checks closely follow
ones in vanilla tarantool. Basic scenario now works. See newly added
`test_create_space_smoke`.

There are some follow ups I'd like to address separately, namely:
- more tests for new ifs around box_access_check_ddl calls
  https://git.picodata.io/picodata/picodata/picodata/-/issues/420
- add tests for ownership semantics (these can be mostly ported from tarantool-module) blocked by
  https://git.picodata.io/picodata/picodata/picodata/-/issues/408
- port access.test and role.test from core (at some point later)
  https://git.picodata.io/picodata/picodata/picodata/-/issues/421
- Detect and prohibit circular role grants
  https://git.picodata.io/picodata/picodata/picodata/-/issues/415

Close #339