Search in sources :

Example 1 with DatabaseScope

use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.

the class BuiltInDbmsProcedures method killQueryTransaction.

private QueryTerminationResult killQueryTransaction(QueryId queryId, KernelTransactionHandle handle, NamedDatabaseId databaseId) {
    Optional<ExecutingQuery> query = handle.executingQuery();
    ExecutingQuery executingQuery = query.orElseThrow(() -> new IllegalStateException("Query should exist since we filtered based on query ids"));
    String username = executingQuery.username();
    var action = new AdminActionOnResource(TERMINATE_TRANSACTION, new DatabaseScope(databaseId.name()), new UserSegment(username));
    if (isSelfOrAllows(username, action)) {
        if (handle.isClosing()) {
            return new QueryFailedTerminationResult(queryId, username, "Unable to kill queries when underlying transaction is closing.");
        }
        handle.markForTermination(Status.Transaction.Terminated);
        return new QueryTerminationResult(queryId, username, "Query found");
    } else {
        throw kernelTransaction.securityAuthorizationHandler().logAndGetAuthorizationException(securityContext, format("Not allowed to terminate %s run by user %s.", queryId, username));
    }
}
Also used : ExecutingQuery(org.neo4j.kernel.api.query.ExecutingQuery) AdminActionOnResource(org.neo4j.internal.kernel.api.security.AdminActionOnResource) DatabaseScope(org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope) UserSegment(org.neo4j.internal.kernel.api.security.UserSegment)

Example 2 with DatabaseScope

use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.

the class BuiltInDbmsProcedures method listTransactions.

@SystemProcedure
@Description("List all transactions currently executing at this instance that are visible to the user.")
@Procedure(name = "dbms.listTransactions", mode = DBMS)
public Stream<TransactionStatusResult> listTransactions() throws InvalidArgumentsException {
    ZoneId zoneId = getConfiguredTimeZone();
    List<TransactionStatusResult> result = new ArrayList<>();
    for (DatabaseContext databaseContext : getDatabaseManager().registeredDatabases().values()) {
        if (databaseContext.database().isStarted()) {
            DatabaseScope dbScope = new DatabaseScope(databaseContext.database().getNamedDatabaseId().name());
            Map<KernelTransactionHandle, Optional<QuerySnapshot>> handleQuerySnapshotsMap = new HashMap<>();
            for (KernelTransactionHandle tx : getExecutingTransactions(databaseContext)) {
                String username = tx.subject().username();
                var action = new AdminActionOnResource(SHOW_TRANSACTION, dbScope, new UserSegment(username));
                if (isSelfOrAllows(username, action)) {
                    handleQuerySnapshotsMap.put(tx, tx.executingQuery().map(ExecutingQuery::snapshot));
                }
            }
            TransactionDependenciesResolver transactionBlockerResolvers = new TransactionDependenciesResolver(handleQuerySnapshotsMap);
            for (KernelTransactionHandle tx : handleQuerySnapshotsMap.keySet()) {
                result.add(new TransactionStatusResult(databaseContext.databaseFacade().databaseName(), tx, transactionBlockerResolvers, handleQuerySnapshotsMap, zoneId));
            }
        }
    }
    return result.stream();
}
Also used : AdminActionOnResource(org.neo4j.internal.kernel.api.security.AdminActionOnResource) ZoneId(java.time.ZoneId) DatabaseScope(org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope) Optional(java.util.Optional) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) KernelTransactionHandle(org.neo4j.kernel.api.KernelTransactionHandle) DatabaseContext(org.neo4j.dbms.database.DatabaseContext) UserSegment(org.neo4j.internal.kernel.api.security.UserSegment) Description(org.neo4j.procedure.Description) SystemProcedure(org.neo4j.kernel.api.procedure.SystemProcedure) SystemProcedure(org.neo4j.kernel.api.procedure.SystemProcedure) Procedure(org.neo4j.procedure.Procedure)

Example 3 with DatabaseScope

use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.

the class BuiltInDbmsProcedures method listQueries.

@SystemProcedure
@Description("List all queries currently executing at this instance that are visible to the user.")
@Procedure(name = "dbms.listQueries", mode = DBMS)
public Stream<QueryStatusResult> listQueries() throws InvalidArgumentsException {
    ZoneId zoneId = getConfiguredTimeZone();
    List<QueryStatusResult> result = new ArrayList<>();
    for (FabricTransaction tx : getFabricTransactions()) {
        for (ExecutingQuery query : getActiveFabricQueries(tx)) {
            String username = query.username();
            var action = new AdminActionOnResource(SHOW_TRANSACTION, ALL, new UserSegment(username));
            if (isSelfOrAllows(username, action)) {
                result.add(new QueryStatusResult(query, (InternalTransaction) transaction, zoneId, "none"));
            }
        }
    }
    for (DatabaseContext databaseContext : getDatabaseManager().registeredDatabases().values()) {
        if (databaseContext.database().isStarted()) {
            DatabaseScope dbScope = new DatabaseScope(databaseContext.database().getNamedDatabaseId().name());
            for (KernelTransactionHandle tx : getExecutingTransactions(databaseContext)) {
                if (tx.executingQuery().isPresent()) {
                    ExecutingQuery query = tx.executingQuery().get();
                    // Include both the executing query and any previous queries (parent queries of nested query) in the result.
                    while (query != null) {
                        String username = query.username();
                        var action = new AdminActionOnResource(SHOW_TRANSACTION, dbScope, new UserSegment(username));
                        if (isSelfOrAllows(username, action)) {
                            result.add(new QueryStatusResult(query, (InternalTransaction) transaction, zoneId, databaseContext.databaseFacade().databaseName()));
                        }
                        query = query.getPreviousQuery();
                    }
                }
            }
        }
    }
    return result.stream();
}
Also used : AdminActionOnResource(org.neo4j.internal.kernel.api.security.AdminActionOnResource) ZoneId(java.time.ZoneId) DatabaseScope(org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope) ArrayList(java.util.ArrayList) FabricTransaction(org.neo4j.fabric.transaction.FabricTransaction) InternalTransaction(org.neo4j.kernel.impl.coreapi.InternalTransaction) KernelTransactionHandle(org.neo4j.kernel.api.KernelTransactionHandle) DatabaseContext(org.neo4j.dbms.database.DatabaseContext) ExecutingQuery(org.neo4j.kernel.api.query.ExecutingQuery) UserSegment(org.neo4j.internal.kernel.api.security.UserSegment) Description(org.neo4j.procedure.Description) SystemProcedure(org.neo4j.kernel.api.procedure.SystemProcedure) SystemProcedure(org.neo4j.kernel.api.procedure.SystemProcedure) Procedure(org.neo4j.procedure.Procedure)

Example 4 with DatabaseScope

use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.

the class BuiltInDbmsProcedures method killTransactions.

@SystemProcedure
@Description("Kill transactions with provided ids.")
@Procedure(name = "dbms.killTransactions", mode = DBMS)
public Stream<TransactionMarkForTerminationResult> killTransactions(@Name("ids") List<String> transactionIds) throws InvalidArgumentsException {
    requireNonNull(transactionIds);
    log.warn("User %s trying to kill transactions: %s.", securityContext.subject().username(), transactionIds.toString());
    DatabaseManager<DatabaseContext> databaseManager = getDatabaseManager();
    DatabaseIdRepository databaseIdRepository = databaseManager.databaseIdRepository();
    Map<NamedDatabaseId, Set<TransactionId>> byDatabase = new HashMap<>();
    for (String idText : transactionIds) {
        TransactionId id = TransactionId.parse(idText);
        Optional<NamedDatabaseId> namedDatabaseId = databaseIdRepository.getByName(id.database());
        namedDatabaseId.ifPresent(databaseId -> byDatabase.computeIfAbsent(databaseId, ignore -> new HashSet<>()).add(id));
    }
    Map<String, KernelTransactionHandle> handles = new HashMap<>(transactionIds.size());
    for (Map.Entry<NamedDatabaseId, Set<TransactionId>> entry : byDatabase.entrySet()) {
        NamedDatabaseId databaseId = entry.getKey();
        var dbScope = new DatabaseScope(databaseId.name());
        Optional<DatabaseContext> maybeDatabaseContext = databaseManager.getDatabaseContext(databaseId);
        if (maybeDatabaseContext.isPresent()) {
            Set<TransactionId> txIds = entry.getValue();
            DatabaseContext databaseContext = maybeDatabaseContext.get();
            for (KernelTransactionHandle tx : getExecutingTransactions(databaseContext)) {
                String username = tx.subject().username();
                var action = new AdminActionOnResource(TERMINATE_TRANSACTION, dbScope, new UserSegment(username));
                if (!isSelfOrAllows(username, action)) {
                    continue;
                }
                TransactionId txIdRepresentation = new TransactionId(databaseId.name(), tx.getUserTransactionId());
                if (txIds.contains(txIdRepresentation)) {
                    handles.put(txIdRepresentation.toString(), tx);
                }
            }
        }
    }
    return transactionIds.stream().map(id -> terminateTransaction(handles, id));
}
Also used : AdminActionOnResource(org.neo4j.internal.kernel.api.security.AdminActionOnResource) Set(java.util.Set) HashSet(java.util.HashSet) DatabaseScope(org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope) HashMap(java.util.HashMap) DatabaseIdRepository(org.neo4j.kernel.database.DatabaseIdRepository) KernelTransactionHandle(org.neo4j.kernel.api.KernelTransactionHandle) DatabaseContext(org.neo4j.dbms.database.DatabaseContext) UserSegment(org.neo4j.internal.kernel.api.security.UserSegment) NamedDatabaseId(org.neo4j.kernel.database.NamedDatabaseId) Map(java.util.Map) HashMap(java.util.HashMap) Description(org.neo4j.procedure.Description) SystemProcedure(org.neo4j.kernel.api.procedure.SystemProcedure) SystemProcedure(org.neo4j.kernel.api.procedure.SystemProcedure) Procedure(org.neo4j.procedure.Procedure)

Aggregations

AdminActionOnResource (org.neo4j.internal.kernel.api.security.AdminActionOnResource)4 DatabaseScope (org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope)4 UserSegment (org.neo4j.internal.kernel.api.security.UserSegment)4 DatabaseContext (org.neo4j.dbms.database.DatabaseContext)3 KernelTransactionHandle (org.neo4j.kernel.api.KernelTransactionHandle)3 SystemProcedure (org.neo4j.kernel.api.procedure.SystemProcedure)3 Description (org.neo4j.procedure.Description)3 Procedure (org.neo4j.procedure.Procedure)3 ZoneId (java.time.ZoneId)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 ExecutingQuery (org.neo4j.kernel.api.query.ExecutingQuery)2 HashSet (java.util.HashSet)1 Map (java.util.Map)1 Optional (java.util.Optional)1 Set (java.util.Set)1 FabricTransaction (org.neo4j.fabric.transaction.FabricTransaction)1 DatabaseIdRepository (org.neo4j.kernel.database.DatabaseIdRepository)1 NamedDatabaseId (org.neo4j.kernel.database.NamedDatabaseId)1 InternalTransaction (org.neo4j.kernel.impl.coreapi.InternalTransaction)1