BREAKING CHANGE: "name" index in the _pico_index has changed:
previously it guarantees uniqueness for a pair of (space_id,
index_name). Now index name must be unique among the cluster.
So, all the global indexes for _pico tables were renamed.

BREAKING CHANGE: _pico_index structure has changed.

The reason for refactoring is the request for the cluster wide
indexes with all possible options. The old structure didn't allow
us to support them all.

godzie44 authored 11 months ago and Yaroslav Dynnikov committed 11 months ago

Introduce a plugin system for picodata cluster.
Plugin system contains:
- `picoplugin` crate with plugin interfaces.
This crate exposes plugin interfaces for user implementation and API
that used by picodata to interact with plugin as with a code from dynamic library.
- Support for plugin work cycle in picodata instance work cycle.
Picodata instance interacts with running plugin by `PluginManager`
component.
Typically, plugins react to events that occur in instance or whole cluster.
- New lua API with plugin CRUD actions.
    - pico.create_plugin - load a new plugin into picodata cluster
    - pico.remove_plugin - remove plugin from picodata cluster
    - pico.update_plugin_config - update plugin service configuration

Make field 'auth' nullable

- Update sbroad submodule to commit with
grant/revoke procedure support
- Use existing mechanisms for grant/revoke
ACL opcodes for grant/revoke procedure
implementation
- Add integration tests
- Valid combinations:

all procedures: grant/revoke create/execute/drop
specific procedure: grant/revoke execute/drop

- Syntax:

grant create procedure to alice option(timeout=3)
grant execute procedure on "spam"(int) to "alex"
grant drop procedure on foo to bob
revoke drop procedure on foo from bob

- add new ddl opcode for renaming procedure
- update sbroad submodule to get sql support
- syntax:

alter procedure "foo" rename to "bar" option(timeout=3)
alter procedure "foo"(int, int) rename to "bar"

Maksim Kaitmazian authored 1 year ago and Denis Smirnov committed 1 year ago

Without this commit creation of a function for non-admin users fail with
`AccessDenied: Read access to space \'_pico_routine\' is denied` error.

Current commit introduces
- _pico_routine replicated table
- procedure creation with SQL API

Egor Ivkov authored 1 year ago and Егор Ивков committed 1 year ago

Panic happened in `on_access_denied` trigger. There was a switch to admin and back to user with `su`. Switch back to user panicked in SuGuard drop as user did not have session privilege.

Dmitry Rodionov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

Before this patch we've had ADMIN_ID in schema.rs and ADMIN_USER_ID
in lib.rs. This patch removes ADMIN_USER_ID in favor of ADMIN_ID

Dmitry Rodionov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

At the later stage I discovered that sbroad applies the same validation
rules during parsing of grant/revoke statements and even its own
Privilege enum that is a ~copy of our PrivilegeType. Unfortunately
at the moment there is no way to share code between picodata and sbroad
efficiently (now only tarantool-module is shared and it is not suitable
for such kind of things) so it still makes sense to have this in
picodata because this is the point where all APIs converge to the single
point (CaS). In the future all other ways of validation should be
removed. Aside from sbroad similar kind of validation is performed
independently on lua API side.

Note that in prior commit 45ba7392 we've
removed all privileges from role super. This patch removes privileges
from admin that do not match the model: namely all privileges on
universe except session and usage. With this patch it is no longer possible
to grant or revoke such privileges.

Dmitry Rodionov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

This allows future constructors to enforce invariants.
Additionally this commit removes redundant set_schema_version on Op by
passing schema version to corresponding Op constructors.

This change allows for creators of corresponding objects to consequently have all privileges on them.

Rename space object type to table