diff --git a/core/src/main/java/com/scalar/db/api/AuthAdmin.java b/core/src/main/java/com/scalar/db/api/AuthAdmin.java index debbfb7ac6..4cd2b2b29e 100644 --- a/core/src/main/java/com/scalar/db/api/AuthAdmin.java +++ b/core/src/main/java/com/scalar/db/api/AuthAdmin.java @@ -175,12 +175,280 @@ default Set getPrivileges(String username, String namespaceName) throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); } + /** + * Creates a role with the given role name. + * + * @param roleName the role name + * @throws IllegalArgumentException if the role already exists + * @throws ExecutionException if the operation fails + */ + default void createRole(String roleName) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Drops a role with the given role name. + * + * @param roleName the role name + * @throws IllegalArgumentException if the role does not exist + * @throws ExecutionException if the operation fails + */ + default void dropRole(String roleName) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves a list of {@link RoleDetail}s. + * + * @return a list of {@link RoleDetail}s + * @throws ExecutionException if the operation fails + */ + default List getRoles() throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves a list of {@link UserRoleDetail}s for the given user. + * + * @param username the username + * @return a list of {@link UserRoleDetail}s for the given user + * @throws ExecutionException if the operation fails + */ + default List getRolesForUser(String username) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Grants a role to a user. + * + * @param username the username + * @param roleName the role name + * @param withAdminOption if true, the user can grant the role to other users or roles + * @throws IllegalArgumentException if the user does not exist or the role does not exist + * @throws ExecutionException if the operation fails + */ + default void grantRoleToUser(String username, String roleName, boolean withAdminOption) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes a role from a user. + * + * @param username the username + * @param roleName the role name + * @throws IllegalArgumentException if the user does not exist or the role does not exist + * @throws ExecutionException if the operation fails + */ + default void revokeRoleFromUser(String username, String roleName) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes admin option from a user for a role. + * + * @param username the username + * @param roleName the role name + * @throws IllegalArgumentException if the user does not exist or the role does not exist + * @throws ExecutionException if the operation fails + */ + default void revokeAdminOptionFromUser(String username, String roleName) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves a list of {@link UserRole}s for the given role. + * + * @param roleName the role name + * @return a list of {@link UserRole}s for the given role + * @throws ExecutionException if the operation fails + */ + default List getUsersForRole(String roleName) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Grants a member role to a role. Users or roles that have the role will inherit all privileges + * from the member role. + * + * @param roleName the role name + * @param memberRoleName the member role name to be granted to the role + * @param withAdminOption if true, users or roles that have the role can grant the member role to + * other users or roles + * @throws IllegalArgumentException if the role does not exist or the member role does not exist + * @throws ExecutionException if the operation fails + */ + default void grantRoleToRole(String roleName, String memberRoleName, boolean withAdminOption) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes a role from another role. + * + * @param roleName the role name + * @param memberRoleName the member role name + * @throws IllegalArgumentException if the role does not exist or the member role does not exist + * @throws ExecutionException if the operation fails + */ + default void revokeRoleFromRole(String roleName, String memberRoleName) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes admin option from a role for another role. + * + * @param roleName the role name + * @param memberRoleName the member role name + * @throws IllegalArgumentException if the role does not exist or the member role does not exist + * @throws ExecutionException if the operation fails + */ + default void revokeAdminOptionFromRole(String roleName, String memberRoleName) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves privileges for the given role and namespace. + * + * @param roleName the role name + * @param namespaceName the namespace name + * @return a set of privileges for the given role and namespace + * @throws ExecutionException if the operation fails + */ + default Set getRolePrivileges(String roleName, String namespaceName) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Retrieves privileges for the given role, namespace, and table. + * + * @param roleName the role name + * @param namespaceName the namespace name + * @param tableName the table name + * @return a set of privileges for the given role, namespace, and table + * @throws ExecutionException if the operation fails + */ + default Set getRolePrivileges(String roleName, String namespaceName, String tableName) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Grants privileges to a role for all tables in the given namespace. + * + * @param roleName the role name + * @param namespaceName the namespace name + * @param privileges the privileges + * @throws IllegalArgumentException if the role does not exist or the namespace does not exist + * @throws ExecutionException if the operation fails + */ + default void grantPrivilegeToRole(String roleName, String namespaceName, Privilege... privileges) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Grants privileges to a role for the given table. + * + * @param roleName the role name + * @param namespaceName the namespace name of the table + * @param tableName the table name + * @param privileges the privileges + * @throws IllegalArgumentException if the role does not exist or the table does not exist + * @throws ExecutionException if the operation fails + */ + default void grantPrivilegeToRole( + String roleName, String namespaceName, String tableName, Privilege... privileges) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes privileges from a role for all tables in the given namespace. + * + * @param roleName the role name + * @param namespaceName the namespace name + * @param privileges the privileges + * @throws IllegalArgumentException if the role does not exist or the namespace does not exist + * @throws ExecutionException if the operation fails + */ + default void revokePrivilegeFromRole( + String roleName, String namespaceName, Privilege... privileges) throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** + * Revokes privileges from a role for the given table. + * + * @param roleName the role name + * @param namespaceName the namespace name of the table + * @param tableName the table name + * @param privileges the privileges + * @throws IllegalArgumentException if the role does not exist or the table does not exist + * @throws ExecutionException if the operation fails + */ + default void revokePrivilegeFromRole( + String roleName, String namespaceName, String tableName, Privilege... privileges) + throws ExecutionException { + throw new UnsupportedOperationException(CoreError.AUTH_NOT_ENABLED.buildMessage()); + } + + /** Represents a user. */ interface User { String getName(); boolean isSuperuser(); } + /** Represents a role. */ + interface Role { + String getName(); + } + + /** Represents a role with its hierarchy information. */ + interface RoleDetail { + Role getRole(); + + List getRoleHierarchies(); + } + + /** + * Represents a role detail for a specific user, including whether the user has admin option for + * this role. + */ + interface UserRoleDetail extends RoleDetail { + /** + * Returns whether the user has admin option for this role. This is distinct from the admin + * option in role hierarchies, which applies to role-to-role grants. + */ + boolean hasAdminOptionOnUser(); + } + + /** Represents a user-role assignment. */ + interface UserRole { + String getUsername(); + + String getRoleName(); + + boolean hasAdminOption(); + } + + /** Represents a role hierarchy (role-to-role assignment). */ + interface RoleHierarchy { + /** Returns the role name. */ + String getRoleName(); + + /** Returns the member role name granted to the role. */ + String getMemberRoleName(); + + /** Returns whether admin option is granted for this hierarchy. */ + boolean hasAdminOption(); + } + /** The user options. */ enum UserOption { /** If specified, the user is created as a superuser. */ diff --git a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java index 1447810cd5..c3fb55ae55 100644 --- a/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java +++ b/core/src/main/java/com/scalar/db/common/DecoratedDistributedTransactionAdmin.java @@ -383,6 +383,105 @@ public Set getPrivileges(String username, String namespaceName, Strin return distributedTransactionAdmin.getPrivileges(username, namespaceName, tableName); } + @Override + public void createRole(String roleName) throws ExecutionException { + distributedTransactionAdmin.createRole(roleName); + } + + @Override + public void dropRole(String roleName) throws ExecutionException { + distributedTransactionAdmin.dropRole(roleName); + } + + @Override + public List getRoles() throws ExecutionException { + return distributedTransactionAdmin.getRoles(); + } + + @Override + public List getRolesForUser(String username) throws ExecutionException { + return distributedTransactionAdmin.getRolesForUser(username); + } + + @Override + public void grantRoleToUser(String username, String roleName, boolean withAdminOption) + throws ExecutionException { + distributedTransactionAdmin.grantRoleToUser(username, roleName, withAdminOption); + } + + @Override + public void revokeRoleFromUser(String username, String roleName) throws ExecutionException { + distributedTransactionAdmin.revokeRoleFromUser(username, roleName); + } + + @Override + public void revokeAdminOptionFromUser(String username, String roleName) + throws ExecutionException { + distributedTransactionAdmin.revokeAdminOptionFromUser(username, roleName); + } + + @Override + public List getUsersForRole(String roleName) throws ExecutionException { + return distributedTransactionAdmin.getUsersForRole(roleName); + } + + @Override + public void grantRoleToRole(String roleName, String memberRoleName, boolean withAdminOption) + throws ExecutionException { + distributedTransactionAdmin.grantRoleToRole(roleName, memberRoleName, withAdminOption); + } + + @Override + public void revokeRoleFromRole(String roleName, String memberRoleName) throws ExecutionException { + distributedTransactionAdmin.revokeRoleFromRole(roleName, memberRoleName); + } + + @Override + public void revokeAdminOptionFromRole(String roleName, String memberRoleName) + throws ExecutionException { + distributedTransactionAdmin.revokeAdminOptionFromRole(roleName, memberRoleName); + } + + @Override + public Set getRolePrivileges(String roleName, String namespaceName) + throws ExecutionException { + return distributedTransactionAdmin.getRolePrivileges(roleName, namespaceName); + } + + @Override + public Set getRolePrivileges(String roleName, String namespaceName, String tableName) + throws ExecutionException { + return distributedTransactionAdmin.getRolePrivileges(roleName, namespaceName, tableName); + } + + @Override + public void grantPrivilegeToRole(String roleName, String namespaceName, Privilege... privileges) + throws ExecutionException { + distributedTransactionAdmin.grantPrivilegeToRole(roleName, namespaceName, privileges); + } + + @Override + public void grantPrivilegeToRole( + String roleName, String namespaceName, String tableName, Privilege... privileges) + throws ExecutionException { + distributedTransactionAdmin.grantPrivilegeToRole( + roleName, namespaceName, tableName, privileges); + } + + @Override + public void revokePrivilegeFromRole( + String roleName, String namespaceName, Privilege... privileges) throws ExecutionException { + distributedTransactionAdmin.revokePrivilegeFromRole(roleName, namespaceName, privileges); + } + + @Override + public void revokePrivilegeFromRole( + String roleName, String namespaceName, String tableName, Privilege... privileges) + throws ExecutionException { + distributedTransactionAdmin.revokePrivilegeFromRole( + roleName, namespaceName, tableName, privileges); + } + @Override public void createPolicy(String policyName, @Nullable String dataTagColumnName) throws ExecutionException {