此处主要说明社区版dremio namspaceservice 包含的一个能力,我们如果自己扩展下就可以实现简单的部分权限管理
参加定义类图
如下如可以看出namspaceservice 提供的能力 
一个额外的能力
- 接口定义
interface Factory {
/**
* Return a namespace service for a given user. Note that this is for usernames
* and users only, if roles are to be supported, use #get(NamespaceIdentity) instead.
*
* @param userName a valid user name
* @return a namespace service instance
* @throws NullPointerException if {@code userName} is null
* @throws IllegalArgumentException if {@code userName} is invalid
*/
NamespaceService get(String userName);
// 如果我们希望包含基于角色的控制就可以实现此,实际上就是属于用户的namespace,这样就可以控制用户能力的显示了,可以任务是一个namespace 的子集
NamespaceService get(NamespaceIdentity identity);
}
官方的实现
因为默认我们使用的社区版是不启动权限能力的,所以实现比较简单,每个用户获取的都是所有的
NamespaceService 权限部分的使用
实际上是通过查询上下文解决的,主要在CatalogImpl中,基于NamespaceService 创建属于用户的Namespace服务
CatalogImpl(
MetadataRequestOptions options,
PluginRetriever pluginRetriever,
CatalogServiceImpl.SourceModifier sourceModifier,
OptionManager optionManager,
NamespaceService systemNamespaceService,
NamespaceService.Factory namespaceFactory,
Orphanage orphanage,
DatasetListingService datasetListingService,
ViewCreatorFactory viewCreatorFactory,
IdentityResolver identityResolver,
VersionContextResolverImpl versionContextResolverImpl) {
this.options = options;
this.pluginRetriever = pluginRetriever;
this.sourceModifier = sourceModifier;
this.userName = options.getSchemaConfig().getUserName();
this.optionManager = optionManager;
this.systemNamespaceService = systemNamespaceService;
this.namespaceFactory = namespaceFactory;
this.orphanage = orphanage;
this.datasetListingService = datasetListingService;
this.viewCreatorFactory = viewCreatorFactory;
this.identityResolver = identityResolver;
final CatalogIdentity identity = options.getSchemaConfig().getAuthContext().getSubject();
// 用户的Namespace服务
this.userNamespaceService = namespaceFactory.get(identityResolver.toNamespaceIdentity(identity));
this.versionContextResolverImpl = versionContextResolverImpl;
this.datasets = new DatasetManager(pluginRetriever, userNamespaceService, optionManager, userName,
identityResolver, versionContextResolverImpl);
this.iscDelegate = new InformationSchemaCatalogImpl(userNamespaceService, pluginRetriever);
this.selectedSources = ConcurrentHashMap.newKeySet();
this.crossSourceSelectDisable = optionManager.getOption(CatalogOptions.DISABLE_CROSS_SOURCE_SELECT);
}
identityResolver.toNamespaceIdentity解析处理
private class CatalogIdentityResolver implements IdentityResolver {
@Override
public CatalogIdentity getOwner(List<String> path) throws NamespaceException {
NamespaceKey key = new NamespaceKey(path);
if (systemNamespace.getEntityByPath(key).getType() == NameSpaceContainer.Type.DATASET) {
final DatasetConfig dataset = systemNamespace.getDataset(key);
return dataset.getType() != DatasetType.VIRTUAL_DATASET ? null : new CatalogUser(dataset.getOwner());
}
return null;
}
@Override
public NamespaceIdentity toNamespaceIdentity(CatalogIdentity identity) {
if (identity instanceof CatalogUser) {
if (identity.getName().equals(SystemUser.SYSTEM_USERNAME)) {
return new NamespaceUser(() -> SystemUser.SYSTEM_USER);
}
try {
final User user = context.get().getUserService().getUser(identity.getName());
return new NamespaceUser(() -> user);
} catch (UserNotFoundException ignored) {
}
}
return null;
}
}
dremio 社区版实现的NamespaceService
从以下可以看出,实际上是没有控制的,所以都是全部数据
public static final class Factory implements NamespaceService.Factory {
private final LegacyKVStoreProvider kvStoreProvider;
@Inject
public Factory(LegacyKVStoreProvider kvStoreProvider) {
this.kvStoreProvider = kvStoreProvider;
}
@Override
public NamespaceService get(String userName) {
Preconditions.checkNotNull(userName, "requires userName"); // per method contract
return new NamespaceServiceImpl(kvStoreProvider);
}
@Override
public NamespaceService get(NamespaceIdentity identity) {
Preconditions.checkNotNull(identity, "requires identity"); // per method contract
return new NamespaceServiceImpl(kvStoreProvider);
}
}
说明
以上是一个简单的介绍,大家可以自己扩展下,实现一个简单的权限能力
参考资料
services/namespace/src/main/java/com/dremio/service/namespace/NamespaceService.java
services/namespace/src/main/java/com/dremio/service/namespace/NamespaceServiceImpl.java
sabot/kernel/src/main/java/com/dremio/exec/catalog/CatalogImpl.java