dremio NamespaceService 简单说明一

此处主要说明社区版dremio namspaceservice 包含的一个能力，我们如果自己扩展下就可以实现简单的部分权限管理

参加定义类图

如下如可以看出namspaceservice 提供的能力

 

 

一个额外的能力

• 接口定义

 

  interface Factory {

    /**

     * Return a namespace service for a given user. Note that this is for usernames

     * and users only, if roles are to be supported, use #get(NamespaceIdentity) instead.

     *

     * @param userName a valid user name

     * @return a namespace service instance

     * @throws NullPointerException if {@code userName} is null

     * @throws IllegalArgumentException if {@code userName} is invalid

     */

    NamespaceService get(String userName);

   //  如果我们希望包含基于角色的控制就可以实现此，实际上就是属于用户的namespace，这样就可以控制用户能力的显示了，可以任务是一个namespace 的子集

    NamespaceService get(NamespaceIdentity identity);

  }

官方的实现

因为默认我们使用的社区版是不启动权限能力的，所以实现比较简单，每个用户获取的都是所有的

NamespaceService 权限部分的使用

实际上是通过查询上下文解决的，主要在CatalogImpl中,基于NamespaceService 创建属于用户的Namespace服务

 CatalogImpl(

      MetadataRequestOptions options,

      PluginRetriever pluginRetriever,

      CatalogServiceImpl.SourceModifier sourceModifier,

      OptionManager optionManager,

      NamespaceService systemNamespaceService,

      NamespaceService.Factory namespaceFactory,

      Orphanage orphanage,

      DatasetListingService datasetListingService,

      ViewCreatorFactory viewCreatorFactory,

      IdentityResolver identityResolver,

      VersionContextResolverImpl versionContextResolverImpl) {

    this.options = options;

    this.pluginRetriever = pluginRetriever;

    this.sourceModifier = sourceModifier;

    this.userName = options.getSchemaConfig().getUserName();

 

    this.optionManager = optionManager;

    this.systemNamespaceService = systemNamespaceService;

    this.namespaceFactory = namespaceFactory;

    this.orphanage = orphanage;

    this.datasetListingService = datasetListingService;

    this.viewCreatorFactory = viewCreatorFactory;

    this.identityResolver = identityResolver;

 

    final CatalogIdentity identity = options.getSchemaConfig().getAuthContext().getSubject();

    // 用户的Namespace服务

    this.userNamespaceService = namespaceFactory.get(identityResolver.toNamespaceIdentity(identity));

 

    this.versionContextResolverImpl = versionContextResolverImpl;

    this.datasets = new DatasetManager(pluginRetriever, userNamespaceService, optionManager, userName,

        identityResolver, versionContextResolverImpl);

    this.iscDelegate = new InformationSchemaCatalogImpl(userNamespaceService, pluginRetriever);

 

    this.selectedSources = ConcurrentHashMap.newKeySet();

    this.crossSourceSelectDisable = optionManager.getOption(CatalogOptions.DISABLE_CROSS_SOURCE_SELECT);

  }

identityResolver.toNamespaceIdentity解析处理

private class CatalogIdentityResolver implements IdentityResolver {

    @Override

    public CatalogIdentity getOwner(List<String> path) throws NamespaceException {

      NamespaceKey key = new NamespaceKey(path);

      if (systemNamespace.getEntityByPath(key).getType() == NameSpaceContainer.Type.DATASET) {

        final DatasetConfig dataset = systemNamespace.getDataset(key);

        return dataset.getType() != DatasetType.VIRTUAL_DATASET ? null : new CatalogUser(dataset.getOwner());

      }

      return null;

    }

 

    @Override

    public NamespaceIdentity toNamespaceIdentity(CatalogIdentity identity) {

      if (identity instanceof CatalogUser) {

        if (identity.getName().equals(SystemUser.SYSTEM_USERNAME)) {

          return new NamespaceUser(() -> SystemUser.SYSTEM_USER);

        }

 

        try {

          final User user = context.get().getUserService().getUser(identity.getName());

          return new NamespaceUser(() -> user);

        } catch (UserNotFoundException ignored) {

        }

      }

 

      return null;

    }

  }

dremio 社区版实现的NamespaceService

从以下可以看出，实际上是没有控制的，所以都是全部数据

 public static final class Factory implements NamespaceService.Factory {

    private final LegacyKVStoreProvider kvStoreProvider;

 

    @Inject

    public Factory(LegacyKVStoreProvider kvStoreProvider) {

      this.kvStoreProvider = kvStoreProvider;

    }

 

    @Override

    public NamespaceService get(String userName) {

      Preconditions.checkNotNull(userName, "requires userName"); // per method contract

      return new NamespaceServiceImpl(kvStoreProvider);

    }

 

    @Override

    public NamespaceService get(NamespaceIdentity identity) {

      Preconditions.checkNotNull(identity, "requires identity"); // per method contract

      return new NamespaceServiceImpl(kvStoreProvider);

    }

  }

说明

以上是一个简单的介绍，大家可以自己扩展下，实现一个简单的权限能力

参考资料

services/namespace/src/main/java/com/dremio/service/namespace/NamespaceService.java
services/namespace/src/main/java/com/dremio/service/namespace/NamespaceServiceImpl.java
sabot/kernel/src/main/java/com/dremio/exec/catalog/CatalogImpl.java