feat(query): Support create password policy

databendlabs · Dec 14, 2023 · 443a32f · 443a32f
1 parent 457baeb
commit 443a32f
Show file tree

Hide file tree

Showing 38 changed files with 2,088 additions and 4 deletions.
diff --git a/src/common/exception/src/exception_code.rs b/src/common/exception/src/exception_code.rs
@@ -225,6 +225,9 @@ build_exceptions! {
     NetworkPolicyAlreadyExists(2208),
     IllegalNetworkPolicy(2209),
     NetworkPolicyIsUsedByUser(2210),
+    UnknownPasswordPolicy(2211),
+    PasswordPolicyAlreadyExists(2212),
+    IllegalPasswordPolicy(2213),
 
     // Meta api error codes.
     DatabaseAlreadyExists(2301),

diff --git a/src/meta/app/src/principal/mod.rs b/src/meta/app/src/principal/mod.rs
@@ -18,6 +18,7 @@ mod connection;
 mod file_format;
 mod network_policy;
 mod ownership_info;
+mod password_policy;
 mod principal_identity;
 mod role_info;
 mod user_auth;
@@ -35,6 +36,7 @@ pub use connection::*;
 pub use file_format::*;
 pub use network_policy::NetworkPolicy;
 pub use ownership_info::OwnershipInfo;
+pub use password_policy::PasswordPolicy;
 pub use principal_identity::PrincipalIdentity;
 pub use role_info::RoleInfo;
 pub use role_info::RoleInfoSerdeError;

diff --git a/src/meta/app/src/principal/password_policy.rs b/src/meta/app/src/principal/password_policy.rs
@@ -0,0 +1,35 @@
+// Copyright 2021 Datafuse Labs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use chrono::DateTime;
+use chrono::Utc;
+
+#[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq, Default)]
+pub struct PasswordPolicy {
+    pub name: String,
+    pub min_length: u64,
+    pub max_length: u64,
+    pub min_upper_case_chars: u64,
+    pub min_lower_case_chars: u64,
+    pub min_numeric_chars: u64,
+    pub min_special_chars: u64,
+    pub min_age_days: u64,
+    pub max_age_days: u64,
+    pub max_retries: u64,
+    pub lockout_time_mins: u64,
+    pub history: u64,
+    pub comment: String,
+    pub create_on: DateTime<Utc>,
+    pub update_on: Option<DateTime<Utc>>,
+}
diff --git a/src/meta/proto-conv/src/user_from_to_protobuf_impl.rs b/src/meta/proto-conv/src/user_from_to_protobuf_impl.rs
@@ -389,3 +389,59 @@ impl FromToProto for mt::principal::NetworkPolicy {
         })
     }
 }
+
+impl FromToProto for mt::principal::PasswordPolicy {
+    type PB = pb::PasswordPolicy;
+    fn get_pb_ver(p: &Self::PB) -> u64 {
+        p.ver
+    }
+    fn from_pb(p: pb::PasswordPolicy) -> Result<Self, Incompatible>
+    where Self: Sized {
+        reader_check_msg(p.ver, p.min_reader_ver)?;
+        Ok(mt::principal::PasswordPolicy {
+            name: p.name.clone(),
+            min_length: p.min_length,
+            max_length: p.max_length,
+            min_upper_case_chars: p.min_upper_case_chars,
+            min_lower_case_chars: p.min_lower_case_chars,
+            min_numeric_chars: p.min_numeric_chars,
+            min_special_chars: p.min_special_chars,
+            min_age_days: p.min_age_days,
+            max_age_days: p.max_age_days,
+            max_retries: p.max_retries,
+            lockout_time_mins: p.lockout_time_mins,
+            history: p.history,
+            comment: p.comment,
+            create_on: DateTime::<Utc>::from_pb(p.create_on)?,
+            update_on: match p.update_on {
+                Some(t) => Some(DateTime::<Utc>::from_pb(t)?),
+                None => None,
+            },
+        })
+    }
+
+    fn to_pb(&self) -> Result<pb::PasswordPolicy, Incompatible> {
+        Ok(pb::PasswordPolicy {
+            ver: VER,
+            min_reader_ver: MIN_READER_VER,
+            name: self.name.clone(),
+            min_length: self.min_length,
+            max_length: self.max_length,
+            min_upper_case_chars: self.min_upper_case_chars,
+            min_lower_case_chars: self.min_lower_case_chars,
+            min_numeric_chars: self.min_numeric_chars,
+            min_special_chars: self.min_special_chars,
+            min_age_days: self.min_age_days,
+            max_age_days: self.max_age_days,
+            max_retries: self.max_retries,
+            lockout_time_mins: self.lockout_time_mins,
+            history: self.history,
+            comment: self.comment.clone(),
+            create_on: self.create_on.to_pb()?,
+            update_on: match &self.update_on {
+                Some(t) => Some(t.to_pb()?),
+                None => None,
+            },
+        })
+    }
+}
diff --git a/src/meta/proto-conv/src/util.rs b/src/meta/proto-conv/src/util.rs
@@ -95,6 +95,7 @@ const META_CHANGE_LOG: &[(u64, &str)] = &[
     (63, "2023-10-30: Add: connection.proto"),
     (64, "2023-11-16: Add: user.proto/NDJsonFileFormatParams add field `missing_field_as` and `null_field_as`", ),
     (65, "2023-11-16: Retype: use Datetime<Utc> instead of u64 to in lvt.time", ),
+    (66, "2023-12-13: Add: user.proto/PasswordPolicy", ),
     // Dear developer:
     //      If you're gonna add a new metadata version, you'll have to add a test for it.
     //      You could just copy an existing test file(e.g., `../tests/it/v024_table_meta.rs`)

diff --git a/src/meta/protos/proto/user.proto b/src/meta/protos/proto/user.proto
@@ -139,3 +139,24 @@ message NetworkPolicy {
   string create_on = 5;
   optional string update_on = 6;
 }
+
+message PasswordPolicy {
+  uint64 ver = 100;
+  uint64 min_reader_ver = 101;
+
+  string name = 1;
+  uint64 min_length = 2;
+  uint64 max_length = 3;
+  uint64 min_upper_case_chars = 4;
+  uint64 min_lower_case_chars = 5;
+  uint64 min_numeric_chars = 6;
+  uint64 min_special_chars = 7;
+  uint64 min_age_days = 8;
+  uint64 max_age_days = 9;
+  uint64 max_retries = 10;
+  uint64 lockout_time_mins = 11;
+  uint64 history = 12;
+  string comment = 13;
+  string create_on = 14;
+  optional string update_on = 15;
+}
diff --git a/src/query/ast/src/ast/format/ast_format.rs b/src/query/ast/src/ast/format/ast_format.rs
@@ -2578,6 +2578,52 @@ impl<'ast> Visitor<'ast> for AstFormatVisitor {
         self.children.push(node);
     }
 
+    fn visit_create_password_policy(&mut self, stmt: &'ast CreatePasswordPolicyStmt) {
+        let ctx = AstFormatContext::new(format!("PasswordPolicyName {}", stmt.name));
+        let child = FormatTreeNode::new(ctx);
+
+        let name = "CreatePasswordPolicy".to_string();
+        let format_ctx = AstFormatContext::with_children(name, 1);
+        let node = FormatTreeNode::with_children(format_ctx, vec![child]);
+        self.children.push(node);
+    }
+
+    fn visit_alter_password_policy(&mut self, stmt: &'ast AlterPasswordPolicyStmt) {
+        let ctx = AstFormatContext::new(format!("PasswordPolicyName {}", stmt.name));
+        let child = FormatTreeNode::new(ctx);
+
+        let name = "AlterPasswordPolicy".to_string();
+        let format_ctx = AstFormatContext::with_children(name, 1);
+        let node = FormatTreeNode::with_children(format_ctx, vec![child]);
+        self.children.push(node);
+    }
+
+    fn visit_drop_password_policy(&mut self, stmt: &'ast DropPasswordPolicyStmt) {
+        let ctx = AstFormatContext::new(format!("PasswordPolicyName {}", stmt.name));
+        let child = FormatTreeNode::new(ctx);
+
+        let name = "DropPasswordPolicy".to_string();
+        let format_ctx = AstFormatContext::with_children(name, 1);
+        let node = FormatTreeNode::with_children(format_ctx, vec![child]);
+        self.children.push(node);
+    }
+
+    fn visit_desc_password_policy(&mut self, stmt: &'ast DescPasswordPolicyStmt) {
+        let ctx = AstFormatContext::new(format!("PasswordPolicyName {}", stmt.name));
+        let child = FormatTreeNode::new(ctx);
+
+        let name = "DescPasswordPolicy".to_string();
+        let format_ctx = AstFormatContext::with_children(name, 1);
+        let node = FormatTreeNode::with_children(format_ctx, vec![child]);
+        self.children.push(node);
+    }
+
+    fn visit_show_password_policies(&mut self) {
+        let ctx = AstFormatContext::new("ShowPasswordPolicies".to_string());
+        let node = FormatTreeNode::new(ctx);
+        self.children.push(node);
+    }
+
     fn visit_with(&mut self, with: &'ast With) {
         let mut children = Vec::with_capacity(with.ctes.len());
         for cte in with.ctes.iter() {

diff --git a/src/query/ast/src/ast/statements/mod.rs b/src/query/ast/src/ast/statements/mod.rs
@@ -28,6 +28,7 @@ mod kill;
 mod lock;
 mod merge_into;
 mod network_policy;
+mod password_policy;
 mod pipe;
 mod presign;
 mod replace;
@@ -61,6 +62,7 @@ pub use kill::*;
 pub use lock::*;
 pub use merge_into::*;
 pub use network_policy::*;
+pub use password_policy::*;
 pub use pipe::*;
 pub use presign::*;
 pub use replace::*;