This patch adds the following events:
* create_database
* change_target_grade
* change_current_grade

sbroad needs to be updated to the version that supports newer
tarantool-module

sbroad support for new module version was merged here:
https://git.picodata.io/picodata/picodata/sbroad/-/merge_requests/355

Dmitry Rodionov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

It has been observed that on Fedora -export-dynamic triggers some
reincarnation of this bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=47390

TLDR: it treated leading -e as entrypoint argument so resulting binary
was completely broken, i e there was no main in it and entrypoint was
set to unrelated deregister_tm_clones. Big thanks to @gmoshkin for
finding the solution and to @funbringer for assistance with debugging

- Now we explicitly store the current & target vshard configuration in
  global storage

Follow-up for bfe08313

Also fix some docstrings

This patch changes the way audit records are formatted. Previously
we would format them as plain strings (we still do that in tlog),
now we use json to store all KV pairs including the message.

TODO: optimize string allocations using a stream formatter.

Example:

```
{
  "time": "2023-11-16T22:48:08.297+0300",
  "level": "WARN",
  "auth_type": "chap-sha1",
  "message": "created user `idris`",
  "title": "create_user",
  "pid": 66625,
  "cord_name": "main",
  "fiber_id": 111,
  "fiber_name": "raft_main_loop",
  "file": "src/storage.rs",
  "line": 2633
}
```

This is useful to avoid sorting during snapshot preparation and in
upcoming access control patch it simplifies the check whether a
particular space id belongs to system space id range.

This patch implements an `--audit` flag (disabled by default) which
gives user the ability to enable and configure the audit log. The
flag takes a string containing the mode and parameters needed to
initialize tarantool's logging machinery.

See the flag's documentation for more info.

Example:

```
picodata run --interactive --audit=/tmp/audit.log
```

Dmitry Ivanov authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

Implemented:

- features:
    * FFI wrappers for `say.{h,c}`
    * safe logger object on top of FFI definitions
    * unified tlog/audit definitions for formatting
    * fixed a needless allocation in tlog (new root per each line)

- events:
    * create_user
    * drop_user
    * create_role
    * drop_role
    * change_password
    * grant_privilege
    * revoke_privilege
    * create_table
    * drop_table
    * grant_role
    * revoke_role

Todo:

- features:
    * unique id generation
    * security subject (who executed the action)
    * audit configuration (via `pico.audit` function)

- well-defined events:
    * create_database (universe)
    * change_config
    * change_current_grade

- special events (local to each node):
    * auth_ok / auth_fail
    * access_denied (still not sure if we absolutely need that)
    * audit_rotate

- Unavailable (haven't been defined yet):
    * rename_user
    * create_procedure
    * drop_procedure

Example:

```
$ cat /tmp/audit.log
2023-11-10 12:07:19.457 [15735] main/103/interactive I> audit log is ready, title: initialize_audit
2023-11-10 12:07:19.457 [15735] main/103/interactive I> database is starting, title: startup
2023-11-10 12:07:19.818 [15741] main/103/interactive I> audit log is ready, title: initialize_audit
2023-11-10 12:07:19.818 [15741] main/103/interactive I> database is starting, title: startup
2023-11-10 12:07:34.910 [15741] main/111/raft_main_loop storage.rs:2809 W> created user `KEK`, auth_type: chap-sha1, title: create_user
2023-11-10 12:07:52.869 [15741] main/111/raft_main_loop storage.rs:2861 W> created role `mgr`, title: create_role
2023-11-10 12:07:55.602 [15741] main/111/raft_main_loop storage.rs:2861 W> created role `kek`, title: create_role
2023-11-10 12:07:57.594 [15741] main/111/raft_main_loop storage.rs:2906 W> granted role `mgr` to role `kek`, title: grant_role
2023-11-10 12:08:08.482 [15741] main/111/raft_main_loop storage.rs:2913 W> granted privilege execute on universe `` to role `kek`, title: grant_privilege
```

Kurdakov Alexander authored 1 year ago and Yaroslav Dynnikov committed 1 year ago

pico.whoami() returns new field tier

Transferred replication factor from Properties table to new Tier table

Instance and Replicaset belongs to tier via new field tier in _pico_instance and _pico_replicaset

New cli option init-cfg with path to configuration file in yaml format. For now contains only info about tiers.