use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.
the class BuiltInDbmsProcedures method killQueryTransaction.
private QueryTerminationResult killQueryTransaction(QueryId queryId, KernelTransactionHandle handle, NamedDatabaseId databaseId) {
Optional<ExecutingQuery> query = handle.executingQuery();
ExecutingQuery executingQuery = query.orElseThrow(() -> new IllegalStateException("Query should exist since we filtered based on query ids"));
String username = executingQuery.username();
var action = new AdminActionOnResource(TERMINATE_TRANSACTION, new DatabaseScope(databaseId.name()), new UserSegment(username));
if (isSelfOrAllows(username, action)) {
if (handle.isClosing()) {
return new QueryFailedTerminationResult(queryId, username, "Unable to kill queries when underlying transaction is closing.");
}
handle.markForTermination(Status.Transaction.Terminated);
return new QueryTerminationResult(queryId, username, "Query found");
} else {
throw kernelTransaction.securityAuthorizationHandler().logAndGetAuthorizationException(securityContext, format("Not allowed to terminate %s run by user %s.", queryId, username));
}
}
use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.
the class BuiltInDbmsProcedures method listTransactions.
@SystemProcedure
@Description("List all transactions currently executing at this instance that are visible to the user.")
@Procedure(name = "dbms.listTransactions", mode = DBMS)
public Stream<TransactionStatusResult> listTransactions() throws InvalidArgumentsException {
ZoneId zoneId = getConfiguredTimeZone();
List<TransactionStatusResult> result = new ArrayList<>();
for (DatabaseContext databaseContext : getDatabaseManager().registeredDatabases().values()) {
if (databaseContext.database().isStarted()) {
DatabaseScope dbScope = new DatabaseScope(databaseContext.database().getNamedDatabaseId().name());
Map<KernelTransactionHandle, Optional<QuerySnapshot>> handleQuerySnapshotsMap = new HashMap<>();
for (KernelTransactionHandle tx : getExecutingTransactions(databaseContext)) {
String username = tx.subject().username();
var action = new AdminActionOnResource(SHOW_TRANSACTION, dbScope, new UserSegment(username));
if (isSelfOrAllows(username, action)) {
handleQuerySnapshotsMap.put(tx, tx.executingQuery().map(ExecutingQuery::snapshot));
}
}
TransactionDependenciesResolver transactionBlockerResolvers = new TransactionDependenciesResolver(handleQuerySnapshotsMap);
for (KernelTransactionHandle tx : handleQuerySnapshotsMap.keySet()) {
result.add(new TransactionStatusResult(databaseContext.databaseFacade().databaseName(), tx, transactionBlockerResolvers, handleQuerySnapshotsMap, zoneId));
}
}
}
return result.stream();
}
use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.
the class BuiltInDbmsProcedures method listQueries.
@SystemProcedure
@Description("List all queries currently executing at this instance that are visible to the user.")
@Procedure(name = "dbms.listQueries", mode = DBMS)
public Stream<QueryStatusResult> listQueries() throws InvalidArgumentsException {
ZoneId zoneId = getConfiguredTimeZone();
List<QueryStatusResult> result = new ArrayList<>();
for (FabricTransaction tx : getFabricTransactions()) {
for (ExecutingQuery query : getActiveFabricQueries(tx)) {
String username = query.username();
var action = new AdminActionOnResource(SHOW_TRANSACTION, ALL, new UserSegment(username));
if (isSelfOrAllows(username, action)) {
result.add(new QueryStatusResult(query, (InternalTransaction) transaction, zoneId, "none"));
}
}
}
for (DatabaseContext databaseContext : getDatabaseManager().registeredDatabases().values()) {
if (databaseContext.database().isStarted()) {
DatabaseScope dbScope = new DatabaseScope(databaseContext.database().getNamedDatabaseId().name());
for (KernelTransactionHandle tx : getExecutingTransactions(databaseContext)) {
if (tx.executingQuery().isPresent()) {
ExecutingQuery query = tx.executingQuery().get();
// Include both the executing query and any previous queries (parent queries of nested query) in the result.
while (query != null) {
String username = query.username();
var action = new AdminActionOnResource(SHOW_TRANSACTION, dbScope, new UserSegment(username));
if (isSelfOrAllows(username, action)) {
result.add(new QueryStatusResult(query, (InternalTransaction) transaction, zoneId, databaseContext.databaseFacade().databaseName()));
}
query = query.getPreviousQuery();
}
}
}
}
}
return result.stream();
}
use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.
the class BuiltInDbmsProcedures method killTransactions.
@SystemProcedure
@Description("Kill transactions with provided ids.")
@Procedure(name = "dbms.killTransactions", mode = DBMS)
public Stream<TransactionMarkForTerminationResult> killTransactions(@Name("ids") List<String> transactionIds) throws InvalidArgumentsException {
requireNonNull(transactionIds);
log.warn("User %s trying to kill transactions: %s.", securityContext.subject().username(), transactionIds.toString());
DatabaseManager<DatabaseContext> databaseManager = getDatabaseManager();
DatabaseIdRepository databaseIdRepository = databaseManager.databaseIdRepository();
Map<NamedDatabaseId, Set<TransactionId>> byDatabase = new HashMap<>();
for (String idText : transactionIds) {
TransactionId id = TransactionId.parse(idText);
Optional<NamedDatabaseId> namedDatabaseId = databaseIdRepository.getByName(id.database());
namedDatabaseId.ifPresent(databaseId -> byDatabase.computeIfAbsent(databaseId, ignore -> new HashSet<>()).add(id));
}
Map<String, KernelTransactionHandle> handles = new HashMap<>(transactionIds.size());
for (Map.Entry<NamedDatabaseId, Set<TransactionId>> entry : byDatabase.entrySet()) {
NamedDatabaseId databaseId = entry.getKey();
var dbScope = new DatabaseScope(databaseId.name());
Optional<DatabaseContext> maybeDatabaseContext = databaseManager.getDatabaseContext(databaseId);
if (maybeDatabaseContext.isPresent()) {
Set<TransactionId> txIds = entry.getValue();
DatabaseContext databaseContext = maybeDatabaseContext.get();
for (KernelTransactionHandle tx : getExecutingTransactions(databaseContext)) {
String username = tx.subject().username();
var action = new AdminActionOnResource(TERMINATE_TRANSACTION, dbScope, new UserSegment(username));
if (!isSelfOrAllows(username, action)) {
continue;
}
TransactionId txIdRepresentation = new TransactionId(databaseId.name(), tx.getUserTransactionId());
if (txIds.contains(txIdRepresentation)) {
handles.put(txIdRepresentation.toString(), tx);
}
}
}
}
return transactionIds.stream().map(id -> terminateTransaction(handles, id));
}
Aggregations