Enable identity logging on create/update paths (unitycatalog#483)

kriscon-db · web-flow · commit f884816d637e · 2024-09-13T16:39:54.000-04:00
**PR Checklist**

- [x] A description of the changes is added to the description of this
PR.
- [ ] If there is a related issue, make sure it is linked to this PR.
- [ ] If you've fixed a bug or added code that should be tested, add
tests!
- [ ] If you've added or modified a feature, documentation in `docs` is
updated

**Description of changes**

Enable identity tracking for all create and update paths for securables
in UC OSS
diff --git a/server/src/main/java/io/unitycatalog/server/persist/CatalogRepository.java b/server/src/main/java/io/unitycatalog/server/persist/CatalogRepository.java
@@ -9,6 +9,7 @@
 import io.unitycatalog.server.persist.utils.PagedListingHelper;
 import io.unitycatalog.server.persist.utils.RepositoryUtils;
 import io.unitycatalog.server.utils.Constants;
+import io.unitycatalog.server.utils.IdentityUtils;
 import io.unitycatalog.server.utils.ValidationUtils;
 import java.util.ArrayList;
 import java.util.Date;
@@ -37,12 +38,18 @@ public static CatalogRepository getInstance() {
 
   public CatalogInfo addCatalog(CreateCatalog createCatalog) {
     ValidationUtils.validateSqlObjectName(createCatalog.getName());
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
+    Long createTime = System.currentTimeMillis();
     CatalogInfo catalogInfo =
         new CatalogInfo()
             .id(java.util.UUID.randomUUID().toString())
             .comment(createCatalog.getComment())
             .name(createCatalog.getName())
-            .createdAt(System.currentTimeMillis())
+            .owner(callerId)
+            .createdAt(createTime)
+            .createdBy(callerId)
+            .updatedAt(createTime)
+            .updatedBy(callerId)
             .properties(createCatalog.getProperties());
 
     try (Session session = SESSION_FACTORY.openSession()) {
@@ -136,6 +143,7 @@ public CatalogInfo updateCatalog(String name, UpdateCatalog updateCatalog) {
     if (updateCatalog.getNewName() != null) {
       ValidationUtils.validateSqlObjectName(updateCatalog.getNewName());
     }
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
     // can make this just update once we have an identifier that is not the name
     try (Session session = SESSION_FACTORY.openSession()) {
       Transaction tx = session.beginTransaction();
@@ -171,6 +179,7 @@ && getCatalogDAO(session, updateCatalog.getNewName()) != null) {
               .forEach(session::persist);
         }
         catalogInfoDAO.setUpdatedAt(new Date());
+        catalogInfoDAO.setUpdatedBy(callerId);
         session.merge(catalogInfoDAO);
         tx.commit();
         CatalogInfo catalogInfo = catalogInfoDAO.toCatalogInfo();
diff --git a/server/src/main/java/io/unitycatalog/server/persist/FunctionRepository.java b/server/src/main/java/io/unitycatalog/server/persist/FunctionRepository.java
@@ -9,6 +9,7 @@
 import io.unitycatalog.server.persist.utils.PagedListingHelper;
 import io.unitycatalog.server.persist.utils.RepositoryUtils;
 import io.unitycatalog.server.utils.Constants;
+import io.unitycatalog.server.utils.IdentityUtils;
 import io.unitycatalog.server.utils.ValidationUtils;
 import java.util.ArrayList;
 import java.util.List;
@@ -38,6 +39,8 @@ public static FunctionRepository getInstance() {
   public FunctionInfo createFunction(CreateFunctionRequest createFunctionRequest) {
     ValidationUtils.validateSqlObjectName(createFunctionRequest.getFunctionInfo().getName());
     CreateFunction createFunction = createFunctionRequest.getFunctionInfo();
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
+    Long createTime = System.currentTimeMillis();
     FunctionInfo functionInfo =
         new FunctionInfo()
             .functionId(UUID.randomUUID().toString())
@@ -46,7 +49,11 @@ public FunctionInfo createFunction(CreateFunctionRequest createFunctionRequest)
             .schemaName(createFunction.getSchemaName())
             .comment(createFunction.getComment())
             .properties(createFunction.getProperties())
-            .createdAt(System.currentTimeMillis())
+            .owner(callerId)
+            .createdAt(createTime)
+            .createdBy(callerId)
+            .updatedAt(createTime)
+            .updatedBy(callerId)
             .dataType(createFunction.getDataType())
             .fullDataType(createFunction.getFullDataType())
             .inputParams(createFunction.getInputParams())
diff --git a/server/src/main/java/io/unitycatalog/server/persist/ModelRepository.java b/server/src/main/java/io/unitycatalog/server/persist/ModelRepository.java
@@ -11,6 +11,7 @@
 import io.unitycatalog.server.persist.utils.PagedListingHelper;
 import io.unitycatalog.server.persist.utils.RepositoryUtils;
 import io.unitycatalog.server.persist.utils.UriUtils;
+import io.unitycatalog.server.utils.IdentityUtils;
 import io.unitycatalog.server.utils.ValidationUtils;
 import java.util.*;
 import org.hibernate.Session;
@@ -208,15 +209,19 @@ public RegisteredModelInfo createRegisteredModel(CreateRegisteredModel createReg
     ValidationUtils.validateSqlObjectName(createRegisteredModel.getName());
     long createTime = System.currentTimeMillis();
     String modelId = UUID.randomUUID().toString();
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
     RegisteredModelInfo registeredModelInfo =
         new RegisteredModelInfo()
             .id(modelId)
             .name(createRegisteredModel.getName())
             .catalogName(createRegisteredModel.getCatalogName())
             .schemaName(createRegisteredModel.getSchemaName())
             .comment(createRegisteredModel.getComment())
+            .owner(callerId)
             .createdAt(createTime)
-            .updatedAt(createTime);
+            .createdBy(callerId)
+            .updatedAt(createTime)
+            .updatedBy(callerId);
     String fullName = getRegisteredModelFullName(registeredModelInfo);
     registeredModelInfo.setFullName(fullName);
     LOGGER.info("Creating Registered Model: " + fullName);
@@ -373,6 +378,7 @@ public RegisteredModelInfo updateRegisteredModel(UpdateRegisteredModel updateReg
     String fullName = updateRegisteredModel.getFullName();
     LOGGER.info("Updating Registered Model: " + fullName);
     RegisteredModelInfo registeredModelInfo;
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
 
     Transaction tx;
     try (Session session = SESSION_FACTORY.openSession()) {
@@ -409,6 +415,7 @@ public RegisteredModelInfo updateRegisteredModel(UpdateRegisteredModel updateReg
         }
         long updatedTime = System.currentTimeMillis();
         origRegisteredModelInfoDAO.setUpdatedAt(new Date(updatedTime));
+        origRegisteredModelInfoDAO.setUpdatedBy(callerId);
         session.persist(origRegisteredModelInfoDAO);
         registeredModelInfo = origRegisteredModelInfoDAO.toRegisteredModelInfo();
         registeredModelInfo.setCatalogName(catalogName);
@@ -524,6 +531,7 @@ public ModelVersionInfo getModelVersion(String fullName, long version) {
 
   public ModelVersionInfo createModelVersion(CreateModelVersion createModelVersion) {
     long createTime = System.currentTimeMillis();
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
     String modelVersionId = UUID.randomUUID().toString();
     String catalogName = createModelVersion.getCatalogName();
     String schemaName = createModelVersion.getSchemaName();
@@ -539,7 +547,9 @@ public ModelVersionInfo createModelVersion(CreateModelVersion createModelVersion
             .status(ModelVersionStatus.PENDING_REGISTRATION)
             .comment(createModelVersion.getComment())
             .createdAt(createTime)
-            .updatedAt(createTime);
+            .createdBy(callerId)
+            .updatedAt(createTime)
+            .updatedBy(callerId);
     String registeredModelFullName = getRegisteredModelFullName(catalogName, schemaName, modelName);
     LOGGER.info("Creating Registered Model: " + registeredModelFullName);
 
@@ -685,6 +695,7 @@ public ModelVersionInfo updateModelVersion(UpdateModelVersion updateModelVersion
     Long version = updateModelVersion.getVersion();
     LOGGER.info("Updating Model Version: " + fullName + "/" + version);
     ModelVersionInfo modelVersionInfo;
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
 
     Transaction tx;
     try (Session session = SESSION_FACTORY.openSession()) {
@@ -702,6 +713,7 @@ public ModelVersionInfo updateModelVersion(UpdateModelVersion updateModelVersion
         origModelVersionInfoDAO.setComment(updateModelVersion.getComment());
         long updatedTime = System.currentTimeMillis();
         origModelVersionInfoDAO.setUpdatedAt(new Date(updatedTime));
+        origModelVersionInfoDAO.setUpdatedBy(callerId);
         session.persist(origModelVersionInfoDAO);
         modelVersionInfo = origModelVersionInfoDAO.toModelVersionInfo();
         modelVersionInfo.setCatalogName(catalogName);
@@ -774,6 +786,7 @@ public ModelVersionInfo finalizeModelVersion(FinalizeModelVersion finalizeModelV
     Long version = finalizeModelVersion.getVersion();
     LOGGER.info("Finalize Model Version: " + fullName + "/" + version);
     ModelVersionInfo modelVersionInfo;
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
 
     Transaction tx;
     try (Session session = SESSION_FACTORY.openSession()) {
@@ -797,6 +810,7 @@ public ModelVersionInfo finalizeModelVersion(FinalizeModelVersion finalizeModelV
         origModelVersionInfoDAO.setStatus(ModelVersionStatus.READY.toString());
         long updatedTime = System.currentTimeMillis();
         origModelVersionInfoDAO.setUpdatedAt(new Date(updatedTime));
+        origModelVersionInfoDAO.setUpdatedBy(callerId);
         session.persist(origModelVersionInfoDAO);
         modelVersionInfo = origModelVersionInfoDAO.toModelVersionInfo();
         modelVersionInfo.setCatalogName(catalogName);
diff --git a/server/src/main/java/io/unitycatalog/server/persist/SchemaRepository.java b/server/src/main/java/io/unitycatalog/server/persist/SchemaRepository.java
@@ -10,6 +10,7 @@
 import io.unitycatalog.server.persist.utils.PagedListingHelper;
 import io.unitycatalog.server.persist.utils.RepositoryUtils;
 import io.unitycatalog.server.utils.Constants;
+import io.unitycatalog.server.utils.IdentityUtils;
 import io.unitycatalog.server.utils.ValidationUtils;
 import java.util.*;
 import org.hibernate.Session;
@@ -36,6 +37,7 @@ public static SchemaRepository getInstance() {
 
   public SchemaInfo createSchema(CreateSchema createSchema) {
     ValidationUtils.validateSqlObjectName(createSchema.getName());
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
     try (Session session = SESSION_FACTORY.openSession()) {
       Transaction tx = session.beginTransaction();
       try {
@@ -45,13 +47,18 @@ public SchemaInfo createSchema(CreateSchema createSchema) {
         }
         CatalogInfoDAO catalogDAO =
             CATALOG_REPOSITORY.getCatalogDAO(session, createSchema.getCatalogName());
+        Long createTime = System.currentTimeMillis();
         SchemaInfo schemaInfo =
             new SchemaInfo()
                 .schemaId(UUID.randomUUID().toString())
                 .name(createSchema.getName())
                 .catalogName(createSchema.getCatalogName())
                 .comment(createSchema.getComment())
-                .createdAt(System.currentTimeMillis())
+                .owner(callerId)
+                .createdAt(createTime)
+                .createdBy(callerId)
+                .updatedAt(createTime)
+                .updatedBy(callerId)
                 .properties(createSchema.getProperties());
         SchemaInfoDAO schemaInfoDAO = SchemaInfoDAO.from(schemaInfo);
         schemaInfoDAO.setCatalogId(catalogDAO.getId());
@@ -186,6 +193,7 @@ public SchemaInfo updateSchema(String fullName, UpdateSchema updateSchema) {
     if (updateSchema.getNewName() != null) {
       ValidationUtils.validateSqlObjectName(updateSchema.getNewName());
     }
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
     try (Session session = SESSION_FACTORY.openSession()) {
       Transaction tx = session.beginTransaction();
       try {
@@ -220,6 +228,7 @@ public SchemaInfo updateSchema(String fullName, UpdateSchema updateSchema) {
               .forEach(session::persist);
         }
         schemaInfoDAO.setUpdatedAt(new Date());
+        schemaInfoDAO.setUpdatedBy(callerId);
         session.merge(schemaInfoDAO);
         tx.commit();
         return convertFromDAO(session, schemaInfoDAO, fullName);
diff --git a/server/src/main/java/io/unitycatalog/server/persist/TableRepository.java b/server/src/main/java/io/unitycatalog/server/persist/TableRepository.java
@@ -11,6 +11,7 @@
 import io.unitycatalog.server.persist.utils.PagedListingHelper;
 import io.unitycatalog.server.persist.utils.RepositoryUtils;
 import io.unitycatalog.server.utils.Constants;
+import io.unitycatalog.server.utils.IdentityUtils;
 import io.unitycatalog.server.utils.ValidationUtils;
 import java.util.*;
 import java.util.stream.Collectors;
@@ -105,10 +106,12 @@ private TableInfoDAO findTable(
 
   public TableInfo createTable(CreateTable createTable) {
     ValidationUtils.validateSqlObjectName(createTable.getName());
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
     List<ColumnInfo> columnInfos =
         createTable.getColumns().stream()
             .map(c -> c.typeText(c.getTypeText().toLowerCase(Locale.ROOT)))
             .collect(Collectors.toList());
+    Long createTime = System.currentTimeMillis();
     TableInfo tableInfo =
         new TableInfo()
             .tableId(UUID.randomUUID().toString())
@@ -121,7 +124,11 @@ public TableInfo createTable(CreateTable createTable) {
             .storageLocation(FileUtils.convertRelativePathToURI(createTable.getStorageLocation()))
             .comment(createTable.getComment())
             .properties(createTable.getProperties())
-            .createdAt(System.currentTimeMillis());
+            .owner(callerId)
+            .createdAt(createTime)
+            .createdBy(callerId)
+            .updatedAt(createTime)
+            .updatedBy(callerId);
     String fullName = getTableFullName(tableInfo);
     LOGGER.debug("Creating table: " + fullName);
 
diff --git a/server/src/main/java/io/unitycatalog/server/persist/VolumeRepository.java b/server/src/main/java/io/unitycatalog/server/persist/VolumeRepository.java
@@ -7,6 +7,7 @@
 import io.unitycatalog.server.persist.dao.VolumeInfoDAO;
 import io.unitycatalog.server.persist.utils.FileUtils;
 import io.unitycatalog.server.persist.utils.HibernateUtils;
+import io.unitycatalog.server.utils.IdentityUtils;
 import io.unitycatalog.server.utils.ValidationUtils;
 import java.util.Date;
 import java.util.Optional;
@@ -40,14 +41,20 @@ public VolumeInfo createVolume(CreateVolumeRequestContent createVolumeRequest) {
             + createVolumeRequest.getSchemaName()
             + "."
             + createVolumeRequest.getName();
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
+    Long createTime = System.currentTimeMillis();
     VolumeInfo volumeInfo = new VolumeInfo();
     volumeInfo.setVolumeId(UUID.randomUUID().toString());
     volumeInfo.setCatalogName(createVolumeRequest.getCatalogName());
     volumeInfo.setSchemaName(createVolumeRequest.getSchemaName());
     volumeInfo.setName(createVolumeRequest.getName());
     volumeInfo.setComment(createVolumeRequest.getComment());
     volumeInfo.setFullName(volumeFullName);
-    volumeInfo.setCreatedAt(System.currentTimeMillis());
+    volumeInfo.setOwner(callerId);
+    volumeInfo.setCreatedAt(createTime);
+    volumeInfo.setCreatedBy(callerId);
+    volumeInfo.setUpdatedAt(createTime);
+    volumeInfo.setUpdatedBy(callerId);
     volumeInfo.setVolumeType(createVolumeRequest.getVolumeType());
     if (VolumeType.MANAGED.equals(createVolumeRequest.getVolumeType())) {
       throw new BaseException(
@@ -216,6 +223,7 @@ public VolumeInfo updateVolume(String name, UpdateVolumeRequestContent updateVol
     if (updateVolumeRequest.getNewName() != null) {
       ValidationUtils.validateSqlObjectName(updateVolumeRequest.getNewName());
     }
+    String callerId = IdentityUtils.findPrincipalEmailAddress();
     String[] namespace = name.split("\\.");
     String catalog = namespace[0], schema = namespace[1], volume = namespace[2];
     try (Session session = SESSION_FACTORY.openSession()) {
@@ -245,6 +253,7 @@ public VolumeInfo updateVolume(String name, UpdateVolumeRequestContent updateVol
           volumeInfo.setComment(updateVolumeRequest.getComment());
         }
         volumeInfo.setUpdatedAt(new Date());
+        volumeInfo.setUpdatedBy(callerId);
         session.merge(volumeInfo);
         tx.commit();
         LOGGER.info("Updated volume: {}", volumeInfo.getName());
diff --git a/server/src/main/java/io/unitycatalog/server/persist/dao/ModelVersionInfoDAO.java b/server/src/main/java/io/unitycatalog/server/persist/dao/ModelVersionInfoDAO.java
@@ -78,7 +78,7 @@ public static ModelVersionInfoDAO from(ModelVersionInfo modelVersionInfo) {
         .updatedAt(
             modelVersionInfo.getUpdatedAt() != null
                 ? new Date(modelVersionInfo.getUpdatedAt())
-                : new Date())
+                : null)
         .updatedBy(modelVersionInfo.getUpdatedBy())
         .url(modelVersionInfo.getStorageLocation())
         .build();
diff --git a/server/src/main/java/io/unitycatalog/server/persist/dao/RegisteredModelInfoDAO.java b/server/src/main/java/io/unitycatalog/server/persist/dao/RegisteredModelInfoDAO.java
@@ -63,7 +63,7 @@ public static RegisteredModelInfoDAO from(RegisteredModelInfo registeredModelInf
         .updatedAt(
             registeredModelInfo.getUpdatedAt() != null
                 ? new Date(registeredModelInfo.getUpdatedAt())
-                : new Date())
+                : null)
         .updatedBy(registeredModelInfo.getUpdatedBy())
         .url(registeredModelInfo.getStorageLocation())
         .build();
diff --git a/server/src/main/java/io/unitycatalog/server/persist/dao/VolumeInfoDAO.java b/server/src/main/java/io/unitycatalog/server/persist/dao/VolumeInfoDAO.java
@@ -57,7 +57,7 @@ public VolumeInfo toVolumeInfo() {
         .owner(owner)
         .createdAt(createdAt.getTime())
         .createdBy(createdBy)
-        .updatedAt(updatedAt.getTime())
+        .updatedAt(updatedAt != null ? updatedAt.getTime() : null)
         .updatedBy(updatedBy)
         .volumeType(VolumeType.valueOf(volumeType));
   }
@@ -75,8 +75,7 @@ public static VolumeInfoDAO from(VolumeInfo volumeInfo) {
         .createdAt(
             volumeInfo.getCreatedAt() != null ? new Date(volumeInfo.getCreatedAt()) : new Date())
         .createdBy(volumeInfo.getCreatedBy())
-        .updatedAt(
-            volumeInfo.getUpdatedAt() != null ? new Date(volumeInfo.getUpdatedAt()) : new Date())
+        .updatedAt(volumeInfo.getUpdatedAt() != null ? new Date(volumeInfo.getUpdatedAt()) : null)
         .updatedBy(volumeInfo.getUpdatedBy())
         .volumeType(volumeInfo.getVolumeType().getValue())
         .build();
diff --git a/server/src/main/java/io/unitycatalog/server/utils/IdentityUtils.java b/server/src/main/java/io/unitycatalog/server/utils/IdentityUtils.java
@@ -0,0 +1,22 @@
+package io.unitycatalog.server.utils;
+
+import com.auth0.jwt.interfaces.Claim;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import com.linecorp.armeria.server.ServiceRequestContext;
+import io.unitycatalog.server.security.JwtClaim;
+import io.unitycatalog.server.service.AuthDecorator;
+
+public class IdentityUtils {
+
+  public static String findPrincipalEmailAddress() {
+    ServiceRequestContext ctx = ServiceRequestContext.current();
+    DecodedJWT decodedJWT = ctx.attr(AuthDecorator.DECODED_JWT_ATTR);
+    // TODO: if/when authorization becomes mandatory, maybe just throw an exception here?
+    if (decodedJWT != null) {
+      Claim sub = decodedJWT.getClaim(JwtClaim.SUBJECT.key());
+      return sub.asString();
+    } else {
+      return null;
+    }
+  }
+}
