use std::collections::{BTreeMap, BTreeSet};
use std::sync::LazyLock;
use mz_repr::role_id::RoleId;
use mz_repr::user::ExternalUserMetadata;
use serde::Serialize;
pub const SYSTEM_USER_NAME: &str = "mz_system";
pub static SYSTEM_USER: LazyLock<User> = LazyLock::new(|| User {
name: SYSTEM_USER_NAME.into(),
external_metadata: None,
});
pub const SUPPORT_USER_NAME: &str = "mz_support";
pub static SUPPORT_USER: LazyLock<User> = LazyLock::new(|| User {
name: SUPPORT_USER_NAME.into(),
external_metadata: None,
});
pub const ANALYTICS_USER_NAME: &str = "mz_analytics";
pub static ANALYTICS_USER: LazyLock<User> = LazyLock::new(|| User {
name: ANALYTICS_USER_NAME.into(),
external_metadata: None,
});
pub static INTERNAL_USER_NAMES: LazyLock<BTreeSet<String>> = LazyLock::new(|| {
[&SYSTEM_USER, &SUPPORT_USER, &ANALYTICS_USER]
.into_iter()
.map(|user| user.name.clone())
.collect()
});
pub static INTERNAL_USER_NAME_TO_DEFAULT_CLUSTER: LazyLock<BTreeMap<String, String>> =
LazyLock::new(|| {
[
(&SYSTEM_USER, "mz_system"),
(&SUPPORT_USER, "mz_catalog_server"),
(&ANALYTICS_USER, "mz_analytics"),
]
.into_iter()
.map(|(user, cluster)| (user.name.clone(), cluster.to_string()))
.collect()
});
pub static HTTP_DEFAULT_USER: LazyLock<User> = LazyLock::new(|| User {
name: "anonymous_http_user".into(),
external_metadata: None,
});
#[derive(Debug, Clone, Serialize)]
pub struct User {
pub name: String,
pub external_metadata: Option<ExternalUserMetadata>,
}
impl From<&User> for mz_pgwire_common::UserMetadata {
fn from(user: &User) -> mz_pgwire_common::UserMetadata {
mz_pgwire_common::UserMetadata {
is_admin: user.is_external_admin(),
should_limit_connections: user.limit_max_connections(),
}
}
}
impl PartialEq for User {
fn eq(&self, other: &User) -> bool {
self.name == other.name
}
}
impl User {
pub fn is_internal(&self) -> bool {
INTERNAL_USER_NAMES.contains(&self.name)
}
pub fn is_external_admin(&self) -> bool {
self.external_metadata
.as_ref()
.map(|metadata| metadata.admin)
.clone()
.unwrap_or(false)
}
pub fn is_superuser(&self) -> bool {
matches!(self.kind(), UserKind::Superuser)
}
pub fn is_system_user(&self) -> bool {
self == &*SYSTEM_USER
}
pub fn limit_max_connections(&self) -> bool {
!self.is_internal()
}
pub fn kind(&self) -> UserKind {
if self.is_external_admin() || self.is_system_user() {
UserKind::Superuser
} else {
UserKind::Regular
}
}
}
#[derive(Debug, Copy, Clone)]
pub enum UserKind {
Regular,
Superuser,
}
pub const MZ_SYSTEM_ROLE_ID: RoleId = RoleId::System(1);
pub const MZ_SUPPORT_ROLE_ID: RoleId = RoleId::System(2);
pub const MZ_ANALYTICS_ROLE_ID: RoleId = RoleId::System(3);
pub const MZ_MONITOR_ROLE_ID: RoleId = RoleId::Predefined(1);
pub const MZ_MONITOR_REDACTED_ROLE_ID: RoleId = RoleId::Predefined(2);
#[derive(Debug, Clone)]
pub struct RoleMetadata {
pub authenticated_role: RoleId,
pub session_role: RoleId,
pub current_role: RoleId,
}
impl RoleMetadata {
pub fn new(id: RoleId) -> RoleMetadata {
RoleMetadata {
authenticated_role: id,
session_role: id,
current_role: id,
}
}
}