support password management policy (#19735)

1.support password expired policy 2.support password reuse policy 3.support connection retry policy 4. support user unlock stmt Approved by: @heni02, @daviszhen, @XuPeng-SH, @zhangxu19830126, @qingxinhome
matrixorigin · Nov 4, 2024 · d6bc964 · d6bc964
1 parent 5e4d063
commit d6bc964
Show file tree

Hide file tree

Showing 31 changed files with 2,055 additions and 178 deletions.
diff --git a/pkg/bootstrap/upgrade.go b/pkg/bootstrap/upgrade.go
@@ -20,6 +20,7 @@ import (
 	"github.com/matrixorigin/matrixone/pkg/bootstrap/versions/v1_2_2"
 	"github.com/matrixorigin/matrixone/pkg/bootstrap/versions/v1_2_3"
 	"github.com/matrixorigin/matrixone/pkg/bootstrap/versions/v2_0_0"
+	"github.com/matrixorigin/matrixone/pkg/bootstrap/versions/v2_0_1"
 )
 
 // initUpgrade all versions need create a upgrade handle in pkg/bootstrap/versions
@@ -32,6 +33,7 @@ func (s *service) initUpgrade() {
 	s.handles = append(s.handles, v1_2_2.Handler)
 	s.handles = append(s.handles, v1_2_3.Handler)
 	s.handles = append(s.handles, v2_0_0.Handler)
+	s.handles = append(s.handles, v2_0_1.Handler)
 }
 
 func (s *service) getFinalVersionHandle() VersionHandle {

diff --git a/pkg/bootstrap/versions/v2_0_1/clusetr_upgrade_list.go b/pkg/bootstrap/versions/v2_0_1/clusetr_upgrade_list.go
@@ -0,0 +1,19 @@
+// Copyright 2024 Matrix Origin
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v2_0_1
+
+import "github.com/matrixorigin/matrixone/pkg/bootstrap/versions"
+
+var clusterUpgEntries = []versions.UpgradeEntry{}
diff --git a/pkg/bootstrap/versions/v2_0_1/log.go b/pkg/bootstrap/versions/v2_0_1/log.go
@@ -0,0 +1,24 @@
+// Copyright 2024 Matrix Origin
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v2_0_1
+
+import (
+	"github.com/matrixorigin/matrixone/pkg/common/log"
+	"github.com/matrixorigin/matrixone/pkg/common/runtime"
+)
+
+func getLogger(sid string) *log.MOLogger {
+	return runtime.ServiceRuntime(sid).Logger()
+}
diff --git a/pkg/bootstrap/versions/v2_0_1/tenant_upgrade_list.go b/pkg/bootstrap/versions/v2_0_1/tenant_upgrade_list.go
@@ -0,0 +1,99 @@
+// Copyright 2024 Matrix Origin
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v2_0_1
+
+import (
+	"github.com/matrixorigin/matrixone/pkg/bootstrap/versions"
+	"github.com/matrixorigin/matrixone/pkg/catalog"
+	"github.com/matrixorigin/matrixone/pkg/util/executor"
+)
+
+var tenantUpgEntries = []versions.UpgradeEntry{
+	upg_mo_user_add_password_last_changed,
+	upg_mo_user_add_password_history,
+	upg_mo_user_add_login_attempts,
+	upg_mo_user_add_lock_time,
+}
+
+var upg_mo_user_add_password_last_changed = versions.UpgradeEntry{
+	Schema:    catalog.MO_CATALOG,
+	TableName: catalog.MO_USER,
+	UpgType:   versions.MODIFY_COLUMN,
+	UpgSql:    "alter table mo_catalog.mo_user add column password_last_changed timestamp default utc_timestamp",
+	CheckFunc: func(txn executor.TxnExecutor, accountId uint32) (bool, error) {
+		colInfo, err := versions.CheckTableColumn(txn, accountId, catalog.MO_CATALOG, catalog.MO_USER, "password_last_changed")
+		if err != nil {
+			return false, err
+		}
+
+		if colInfo.ColType == "TIMESTAMP" {
+			return true, nil
+		}
+		return false, nil
+	},
+}
+
+var upg_mo_user_add_password_history = versions.UpgradeEntry{
+	Schema:    catalog.MO_CATALOG,
+	TableName: catalog.MO_USER,
+	UpgType:   versions.MODIFY_COLUMN,
+	UpgSql:    "alter table mo_catalog.mo_user add column password_history text default '[]'",
+	CheckFunc: func(txn executor.TxnExecutor, accountId uint32) (bool, error) {
+		colInfo, err := versions.CheckTableColumn(txn, accountId, catalog.MO_CATALOG, catalog.MO_USER, "password_history")
+		if err != nil {
+			return false, err
+		}
+
+		if colInfo.ColType == "TEXT" {
+			return true, nil
+		}
+		return false, nil
+	},
+}
+
+var upg_mo_user_add_login_attempts = versions.UpgradeEntry{
+	Schema:    catalog.MO_CATALOG,
+	TableName: catalog.MO_USER,
+	UpgType:   versions.MODIFY_COLUMN,
+	UpgSql:    "alter table mo_catalog.mo_user add column login_attempts int unsigned default 0",
+	CheckFunc: func(txn executor.TxnExecutor, accountId uint32) (bool, error) {
+		colInfo, err := versions.CheckTableColumn(txn, accountId, catalog.MO_CATALOG, catalog.MO_USER, "login_attempts")
+		if err != nil {
+			return false, err
+		}
+
+		if colInfo.ColType == "INT UNSIGNED" {
+			return true, nil
+		}
+		return false, nil
+	},
+}
+
+var upg_mo_user_add_lock_time = versions.UpgradeEntry{
+	Schema:    catalog.MO_CATALOG,
+	TableName: catalog.MO_USER,
+	UpgType:   versions.MODIFY_COLUMN,
+	UpgSql:    "alter table mo_catalog.mo_user add column lock_time timestamp default utc_timestamp",
+	CheckFunc: func(txn executor.TxnExecutor, accountId uint32) (bool, error) {
+		colInfo, err := versions.CheckTableColumn(txn, accountId, catalog.MO_CATALOG, catalog.MO_USER, "lock_time")
+		if err != nil {
+			return false, err
+		}
+		if colInfo.ColType == "TIMESTAMP" {
+			return true, nil
+		}
+		return false, nil
+	},
+}
diff --git a/pkg/bootstrap/versions/v2_0_1/upgrade.go b/pkg/bootstrap/versions/v2_0_1/upgrade.go
@@ -0,0 +1,93 @@
+// Copyright 2024 Matrix Origin
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v2_0_1
+
+import (
+	"context"
+	"time"
+
+	"go.uber.org/zap"
+
+	"github.com/matrixorigin/matrixone/pkg/bootstrap/versions"
+	"github.com/matrixorigin/matrixone/pkg/catalog"
+	"github.com/matrixorigin/matrixone/pkg/common/moerr"
+	"github.com/matrixorigin/matrixone/pkg/util/executor"
+)
+
+var (
+	Handler = &versionHandle{
+		metadata: versions.Version{
+			Version:           "2.0.1",
+			MinUpgradeVersion: "2.0.0",
+			UpgradeCluster:    versions.Yes,
+			UpgradeTenant:     versions.Yes,
+			VersionOffset:     uint32(len(clusterUpgEntries) + len(tenantUpgEntries)),
+		},
+	}
+)
+
+type KekKey struct{}
+
+type versionHandle struct {
+	metadata versions.Version
+}
+
+func (v *versionHandle) Metadata() versions.Version {
+	return v.metadata
+}
+
+func (v *versionHandle) Prepare(
+	ctx context.Context,
+	txn executor.TxnExecutor,
+	final bool) error {
+	txn.Use(catalog.MO_CATALOG)
+	return nil
+}
+
+func (v *versionHandle) HandleTenantUpgrade(
+	ctx context.Context,
+	tenantID int32,
+	txn executor.TxnExecutor) error {
+
+	for _, upgEntry := range tenantUpgEntries {
+		start := time.Now()
+
+		err := upgEntry.Upgrade(txn, uint32(tenantID))
+		if err != nil {
+			getLogger(txn.Txn().TxnOptions().CN).Error("tenant upgrade entry execute error", zap.Error(err), zap.Int32("tenantId", tenantID), zap.String("version", v.Metadata().Version), zap.String("upgrade entry", upgEntry.String()))
+			return err
+		}
+
+		duration := time.Since(start)
+		getLogger(txn.Txn().TxnOptions().CN).Info("tenant upgrade entry complete",
+			zap.String("upgrade entry", upgEntry.String()),
+			zap.Int64("time cost(ms)", duration.Milliseconds()),
+			zap.Int32("tenantId", tenantID),
+			zap.String("toVersion", v.Metadata().Version))
+	}
+
+	return nil
+}
+
+func (v *versionHandle) HandleClusterUpgrade(
+	ctx context.Context,
+	txn executor.TxnExecutor) error {
+	// TODO: Implement this function
+	return nil
+}
+
+func (v *versionHandle) HandleCreateFrameworkDeps(txn executor.TxnExecutor) error {
+	return moerr.NewInternalErrorNoCtxf("Only v1.2.0 can initialize upgrade framework, current version is:%s", Handler.metadata.Version)
+}