Beispiel #1
  * @param Account $account
 protected function grantPrivileges(Account $account)
     $conn = $this->connect();
     if ($account->getType() == 'write') {
         $conn->exec("GRANT ALL ON `{$account->getDatabase()}`.* TO '{$account->getUser()}';");
     } else {
         $conn->exec("GRANT SELECT ON `{$account->getDatabase()}`.* TO '{$account->getUser()}';");
     $conn->exec("FLUSH PRIVILEGES;");
  * @param Account $account
  * @param Connection $conn
  * @param $tokenInfo
  * @param $buckets
  * @throws DBALException
 protected function grantPermissionsTry(Account $account, Connection $conn, $tokenInfo, $buckets)
     $userName = $account->getUser();
     $allowedBuckets = array();
     if ($account->getType() == 'transformations' || $account->getType() == 'sandbox' || $account->getType() == 'luckyguess') {
         foreach ($buckets as $bucket) {
             if ((substr($bucket["id"], 0, 3) == 'in.' || substr($bucket["id"], 0, 4) == 'out.') && $bucket["backend"] == 'redshift' && in_array($bucket["id"], array_keys($tokenInfo["bucketPermissions"]))) {
                 $allowedBuckets[] = strtolower($bucket["id"]);
     // Set custom permissions
     if (count($allowedBuckets) > 0) {
         // Tables
         $query = "\n                SELECT TRIM(schemaname) AS schema, TRIM(tablename) AS table\n                FROM pg_tables\n                WHERE TRIM(schemaname) IN ('" . join("', '", $allowedBuckets) . "');\n            ";
         $tablesInRs = $conn->fetchAll($query);
         $schemaNames = array();
         if (count($tablesInRs)) {
             $tableIds = array();
             foreach ($tablesInRs as $tableInRs) {
                 if (substr($tableInRs["table"], 0, 6) != '__temp') {
                     $tableIds[] = '"' . strtolower($tableInRs["schema"]) . '"."' . strtolower($tableInRs["table"]) . '"';
                     $schemaNames[] = '"' . strtolower($tableInRs["schema"]) . '"';
             $query = "\n                    GRANT SELECT\n                    ON " . join(', ', $tableIds) . "\n                    TO {$userName};\n                ";
         // Views
         $query = "\n                SELECT TRIM(schemaname) AS schema, TRIM(viewname) AS view\n                FROM pg_views\n                WHERE TRIM(schemaname) IN ('" . join("', '", $allowedBuckets) . "');\n            ";
         $viewsInRs = $conn->fetchAll($query);
         if (count($viewsInRs)) {
             $viewIds = array();
             foreach ($viewsInRs as $viewInRs) {
                 $viewIds[] = '"' . strtolower($viewInRs["schema"]) . '"."' . strtolower($viewInRs["view"]) . '"';
                 $schemaNames[] = '"' . strtolower($viewInRs["schema"]) . '"';
             $query = "\n                    GRANT SELECT\n                    ON " . join(', ', $viewIds) . "\n                    TO {$userName};\n                ";
         // Schemas
         if (count($schemaNames)) {
             $schemaNames = array_unique($schemaNames);
             $query = "\n                    GRANT USAGE\n                    ON SCHEMA " . join(', ', $schemaNames) . "\n                    TO {$userName};\n                ";
     // system tables
     if ($account->getType() == "transformations") {
         $query = "\n   \t\t\t\tGRANT SELECT\n   \t\t\t\tON SVV_TABLE_INFO\n   \t\t\t\tTO {$account->getUser()};\n   \t\t\t";
     // Grant access to its own schema
     if ($account->getType() == 'read') {
         $conn->exec("GRANT USAGE ON SCHEMA \"{$account->getSchema()}\" TO \"{$account->getUser()}\";");
         $conn->exec("GRANT SELECT ON ALL TABLES IN SCHEMA \"{$account->getSchema()}\" TO \"{$account->getUser()}\";");
     } else {
         $conn->exec("GRANT ALL ON SCHEMA \"{$account->getSchema()}\" TO \"{$account->getUser()}\";");
Beispiel #3
  * Create and start a new docker sandbox.
  * @param Account $account
  * @throws Exception
 public function addAccount(Account $account)
     /** @var Account\Docker $account */
     $ecsClient = $this->getEcsClient();
     $ec2Client = $this->getEc2Client();
     $imageName = $this->getDockerImageByType($account->getType());
     $selectedPort = random_int(self::MIN_PORT, self::MAX_PORT);
     // Start the container
     try {
         $taskDefinition = $this->getTaskDefinition($this->getTaskName($account), $imageName, $selectedPort, $this->getContainerPortByType($account->getType()));
         $res = $ecsClient->registerTaskDefinition($taskDefinition)->toArray();
         $taskId = $res['taskDefinition']['family'] . ':' . $res['taskDefinition']['revision'];
         $res = $ecsClient->runTask($this->getRunTaskDefinition($taskId, $imageName, $account->getToken(), $this->exportConfig, $this->script, $account, $this->runId))->toArray();
         $taskArn = $res['tasks'][0]['taskArn'];
     } catch (EcsException $e) {
         $this->logException(Logger::ERROR, $e->getMessage(), $e);
         throw $e;
     } catch (Exception $e) {
         $this->logException(Logger::ERROR, $e->getMessage(), $e);
         throw $e;
     // Wait for the task to start
     $attempt = 0;
     do {
         sleep(min(pow(2, $attempt), self::MAX_WAIT_DELAY));
         $res = $ecsClient->describeTasks(['cluster' => $this->getCluster(), 'tasks' => [$taskArn]])->toArray();
     } while ($res['tasks'][0]['lastStatus'] == 'PENDING');
     if ($res['tasks'][0]['lastStatus'] != 'RUNNING') {
         throw new Exception("ECS task did not start successfully. " . !empty($res['tasks'][0]['stoppedReason']) ? $res['tasks'][0]['stoppedReason'] : '');
     // Determine container EC2 instance ID
     $taskContainerArn = $res['tasks'][0]['containerInstanceArn'];
     $result = $ecsClient->describeContainerInstances(['containerInstances' => [$taskContainerArn], 'cluster' => $this->getCluster()])->toArray();
     // Get DNS name of EC2 instance
     $ec2InstanceId = $result['containerInstances'][0]['ec2InstanceId'];
     $result = $ec2Client->describeInstances(['InstanceIds' => [$ec2InstanceId]])->toArray();
     $dns = $result['Reservations'][0]['Instances'][0]['PublicDnsName'];