mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-28 20:27:03 +00:00
98f5e49ea8
Integrates audit functionality into CQL statement processing to enable tracking of database operations. Key changes: - Add audit_info and statement_category to all CQL statements - Implement audit categories for different statement types: - DDL: Schema altering statements (CREATE/ALTER/DROP) - DML: Data manipulation (INSERT/UPDATE/DELETE/TRUNCATE/USE) - DCL: Access control (GRANT/REVOKE/CREATE ROLE) - QUERY: SELECT statements - ADMIN: Service level operations - Add audit inspection points in query processing: - Before statement execution - After access checks - After statement completion - On execution failures - Add password sanitization for role management statements - Mask plaintext passwords in audit logs - Handle both direct password parameters and options maps - Preserve query structure while hiding sensitive data - Modify prepared statement lifecycle to carry audit context - Pass audit info during statement preparation - Track audit info through statement execution - Support batch statement auditing This change enables comprehensive auditing of CQL operations while ensuring sensitive data is properly masked in audit logs.
108 lines
3.1 KiB
C++
108 lines
3.1 KiB
C++
/*
|
|
* Copyright (C) 2022-present ScyllaDB
|
|
*
|
|
* Modified by ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: (LicenseRef-ScyllaDB-Source-Available-1.0 and Apache-2.0)
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include "cql3/functions/function_name.hh"
|
|
#include "cql3/statements/raw/parsed_statement.hh"
|
|
#include "cql3/cf_name.hh"
|
|
|
|
#include <memory>
|
|
#include <optional>
|
|
#include <seastar/core/sstring.hh>
|
|
|
|
namespace cql3 {
|
|
|
|
namespace statements {
|
|
|
|
class prepared_statement;
|
|
|
|
namespace raw {
|
|
|
|
class describe_statement : public parsed_statement {
|
|
public:
|
|
enum class element_type {
|
|
keyspace,
|
|
type,
|
|
function,
|
|
aggregate,
|
|
table,
|
|
index,
|
|
view
|
|
};
|
|
|
|
private:
|
|
using internals = bool_class<class internals_tag>;
|
|
|
|
struct describe_cluster {};
|
|
struct describe_schema {
|
|
bool full_schema = false;
|
|
bool with_hashed_passwords = false;
|
|
};
|
|
struct describe_keyspace {
|
|
std::optional<sstring> keyspace;
|
|
bool only_keyspace;
|
|
};
|
|
struct describe_listing {
|
|
describe_statement::element_type element_type;
|
|
};
|
|
struct describe_element {
|
|
describe_statement::element_type element_type;
|
|
std::optional<sstring> keyspace;
|
|
sstring name;
|
|
};
|
|
struct describe_generic {
|
|
std::optional<sstring> keyspace;
|
|
sstring name;
|
|
};
|
|
using describe_config = std::variant<
|
|
describe_cluster,
|
|
describe_schema,
|
|
describe_keyspace,
|
|
describe_listing,
|
|
describe_element,
|
|
describe_generic
|
|
>;
|
|
|
|
private:
|
|
describe_config _config;
|
|
internals _with_internals = internals(false);
|
|
|
|
virtual audit::audit_info_ptr audit_info() const override;
|
|
virtual audit::statement_category category() const override;
|
|
public:
|
|
explicit describe_statement(describe_config config);
|
|
void with_internals_details(bool with_hashed_passwords);
|
|
|
|
virtual std::unique_ptr<prepared_statement> prepare(data_dictionary::database db, cql_stats& stats) override;
|
|
|
|
static std::unique_ptr<describe_statement> cluster();
|
|
static std::unique_ptr<describe_statement> schema(bool full);
|
|
static std::unique_ptr<describe_statement> keyspaces();
|
|
static std::unique_ptr<describe_statement> keyspace(std::optional<sstring> keyspace, bool only);
|
|
static std::unique_ptr<describe_statement> tables();
|
|
static std::unique_ptr<describe_statement> table(const cf_name& cf_name);
|
|
static std::unique_ptr<describe_statement> index(const cf_name& cf_name);
|
|
static std::unique_ptr<describe_statement> view(const cf_name& cf_name);
|
|
static std::unique_ptr<describe_statement> types();
|
|
static std::unique_ptr<describe_statement> type(const ut_name& ut_name);
|
|
static std::unique_ptr<describe_statement> functions();
|
|
static std::unique_ptr<describe_statement> function(const functions::function_name& fn_name);
|
|
static std::unique_ptr<describe_statement> aggregates();
|
|
static std::unique_ptr<describe_statement> aggregate(const functions::function_name& fn_name);
|
|
static std::unique_ptr<describe_statement> generic(std::optional<sstring> keyspace, const sstring& name);
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|