Commit d1ce8901 authored by Stanley Clark's avatar Stanley Clark
Browse files

Update

parent cedf7263
......@@ -17,19 +17,17 @@ git submodule update --init
cp experiments/.env.example experiments/.env
cp pg-cuckoo/PgCuckoo/config-blank.ini pg-cuckoo/PgCuckoo/config.ini
# Build and launch services
docker-compose up -d
# Build and create containers
docker-compose up --no-start
# Next, let's set up the database for a scale factor 1 TPC-DS dataset:
docker-compose start postgres
docker-compose exec postgres /home/app/postgres/gen_tpcds.sh 1
docker-compose exec postgres /home/app/postgres/populate_db.sh tpcds1
# Now, let's build the Java project:
docker-compose run builder mvn initialize
docker-compose run builder mvn package
# We are now able to run the compiled files using a dedicated java container:
docker-compose run optimiser
# Now, let's build and run the Maven project:
docker-compose start builder
docker-compose start optimiser
```
The `postgres` container hosts a PostgreSQL 10 database with PgCuckoo extensions installed.
......@@ -40,12 +38,6 @@ a different volume location.
Finally, the `optimiser` image includes Java and Haskell dependencies required to run the package
generated by the `builder`.
To run a Maven project after making changes and having performed the initial setup, the following commands are enough:
```shell
docker-compose run builder mvn package
docker-compose run optimiser
```
To stop the docker containers running, you can use `docker-compose down` to completely remove the services, from your system.
Alternatively, use `docker-compose stop` and `docker-compose start` to stop and start the containers while leaving stored information intact.
......@@ -54,7 +46,6 @@ Alternatively, use `docker-compose stop` and `docker-compose start` to stop and
A quick overview of the contents of each of the directories in this project:
- [analysis](analysis) - the R code for the analysis of the experimental results
- [builder](builder) - the Docker file for the Maven project builder container
- [comparison](comparison) - the scripts for the execution of queries on both IBM DB2 and Oracle DB
- [experiments](experiments) - the Java code for the SAQP optimiser
- [pg-cuckoo](pg-cuckoo) - a submodule of the pg-cuckoo repo, allowing to run PostgreSQL plans directly
......
FROM maven:latest
WORKDIR /usr/src/app
\ No newline at end of file
CREATE OR REPLACE MASK cc_closed_date_sk_COL_MASK ON call_center FOR
COLUMN cc_closed_date_sk RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR false
......@@ -7,28 +9,28 @@ ALTER TABLE call_center ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK cp_catalog_page_number_COL_MASK ON catalog_page FOR
COLUMN cp_catalog_page_number RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (13 < catalog_page.cp_catalog_page_number) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (13 < cp_catalog_page_number) AND employee.e_name = SYSTEM_USER)
) THEN cp_catalog_page_number
ELSE NULL END ENABLE;
ALTER TABLE catalog_page ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK cr_fee_COL_MASK ON catalog_returns FOR
COLUMN cr_fee RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (0 <= catalog_returns.cr_reason_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (0 <= cr_reason_sk) AND employee.e_name = SYSTEM_USER)
) THEN cr_fee
ELSE NULL END ENABLE;
ALTER TABLE catalog_returns ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK cs_net_profit_COL_MASK ON catalog_sales FOR
COLUMN cs_net_profit RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (0 > catalog_sales.cs_net_profit AND 'sales' = employee.e_role) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (0 > cs_net_profit AND 'sales' = employee.e_role) AND employee.e_name = SYSTEM_USER)
) THEN cs_net_profit
ELSE NULL END ENABLE;
ALTER TABLE catalog_sales ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK c_first_name_COL_MASK ON customer FOR
COLUMN c_first_name RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (customer.c_birth_year = employee.e_year) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (c_birth_year = employee.e_year) AND employee.e_name = SYSTEM_USER)
) THEN c_first_name
ELSE NULL END ENABLE;
ALTER TABLE customer ACTIVATE COLUMN ACCESS CONTROL;
......@@ -42,7 +44,7 @@ ALTER TABLE customer_demographics ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK hd_vehicle_count_COL_MASK ON household_demographics FOR
COLUMN hd_vehicle_count RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM income_band, employee WHERE (110000 < income_band.ib_upper_bound AND household_demographics.hd_income_band_sk = income_band.ib_income_band_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM income_band, employee WHERE (110000 < income_band.ib_upper_bound AND hd_income_band_sk = income_band.ib_income_band_sk) AND employee.e_name = SYSTEM_USER)
) THEN hd_vehicle_count
ELSE NULL END ENABLE;
ALTER TABLE household_demographics ACTIVATE COLUMN ACCESS CONTROL;
......@@ -56,14 +58,14 @@ ALTER TABLE income_band ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK inv_quantity_on_hand_COL_MASK ON inventory FOR
COLUMN inv_quantity_on_hand RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM warehouse, employee WHERE (warehouse.w_warehouse_sk = inventory.inv_warehouse_sk AND 'United States' = warehouse.w_country) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM warehouse, employee WHERE (warehouse.w_warehouse_sk = inv_warehouse_sk AND 'United States' = warehouse.w_country) AND employee.e_name = SYSTEM_USER)
) THEN inv_quantity_on_hand
ELSE NULL END ENABLE;
ALTER TABLE inventory ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK i_brand_id_COL_MASK ON item FOR
COLUMN i_brand_id RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (1000000 = item.i_brand_id) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (1000000 = i_brand_id) AND employee.e_name = SYSTEM_USER)
) THEN i_brand_id
ELSE NULL END ENABLE;
ALTER TABLE item ACTIVATE COLUMN ACCESS CONTROL;
......@@ -77,14 +79,14 @@ ALTER TABLE reason ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK sr_fee_COL_MASK ON store_returns FOR
COLUMN sr_fee RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (0 <= store_returns.sr_reason_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (0 <= sr_reason_sk) AND employee.e_name = SYSTEM_USER)
) THEN sr_fee
ELSE NULL END ENABLE;
ALTER TABLE store_returns ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK ss_quantity_COL_MASK ON store_sales FOR
COLUMN ss_quantity RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (13 < store_sales.ss_quantity) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (13 < ss_quantity) AND employee.e_name = SYSTEM_USER)
) THEN ss_quantity
ELSE NULL END ENABLE;
ALTER TABLE store_sales ACTIVATE COLUMN ACCESS CONTROL;
......@@ -98,20 +100,20 @@ ALTER TABLE web_page ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK wr_fee_COL_MASK ON web_returns FOR
COLUMN wr_fee RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (0 <= web_returns.wr_reason_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (0 <= wr_reason_sk) AND employee.e_name = SYSTEM_USER)
) THEN wr_fee
ELSE NULL END ENABLE;
ALTER TABLE web_returns ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK ws_coupon_amt_COL_MASK ON web_sales FOR
COLUMN ws_coupon_amt RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM income_band, customer, household_demographics, employee WHERE (1000 < web_sales.ws_net_paid AND 80001 <= income_band.ib_lower_bound AND web_sales.ws_ship_customer_sk = customer.c_customer_sk AND customer.c_current_hdemo_sk = household_demographics.hd_demo_sk AND household_demographics.hd_income_band_sk = income_band.ib_income_band_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM income_band, customer, household_demographics, employee WHERE (1000 < ws_net_paid AND 80001 <= income_band.ib_lower_bound AND ws_ship_customer_sk = customer.c_customer_sk AND customer.c_current_hdemo_sk = household_demographics.hd_demo_sk AND household_demographics.hd_income_band_sk = income_band.ib_income_band_sk) AND employee.e_name = SYSTEM_USER)
) THEN ws_coupon_amt
ELSE NULL END ENABLE;
ALTER TABLE web_sales ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE PERMISSION call_center_ROW_ACCESS ON call_center FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM date_dim, employee WHERE (employee.e_role = 'sales' OR (date_dim.d_date_sk = call_center.cc_open_date_sk AND 1997 > call_center.cc_open_date_sk)) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM date_dim, employee WHERE (employee.e_role = 'sales' OR (date_dim.d_date_sk = cc_open_date_sk AND 1997 > cc_open_date_sk)) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE call_center ACTIVATE ROW ACCESS CONTROL;
......@@ -121,17 +123,17 @@ ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE catalog_page ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION catalog_returns_ROW_ACCESS ON catalog_returns FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM customer, household_demographics, income_band, employee WHERE ((catalog_returns.cr_refunded_customer_sk = customer.c_customer_sk AND customer.c_current_hdemo_sk = household_demographics.hd_demo_sk) AND ((household_demographics.hd_income_band_sk = income_band.ib_income_band_sk AND income_band.ib_lower_bound = 0) OR (household_demographics.hd_buy_potential = '0-500'))) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM customer, household_demographics, income_band, employee WHERE ((cr_refunded_customer_sk = customer.c_customer_sk AND customer.c_current_hdemo_sk = household_demographics.hd_demo_sk) AND ((household_demographics.hd_income_band_sk = income_band.ib_income_band_sk AND income_band.ib_lower_bound = 0) OR (household_demographics.hd_buy_potential = '0-500'))) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE catalog_returns ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION catalog_sales_ROW_ACCESS ON catalog_sales FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM customer, household_demographics, income_band, employee WHERE ((catalog_sales.cs_ship_customer_sk = customer.c_customer_sk AND customer.c_current_hdemo_sk = household_demographics.hd_demo_sk) AND ((household_demographics.hd_income_band_sk = income_band.ib_income_band_sk AND income_band.ib_lower_bound = 0) OR (household_demographics.hd_buy_potential = '0-500'))) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM customer, household_demographics, income_band, employee WHERE ((cs_ship_customer_sk = customer.c_customer_sk AND customer.c_current_hdemo_sk = household_demographics.hd_demo_sk) AND ((household_demographics.hd_income_band_sk = income_band.ib_income_band_sk AND income_band.ib_lower_bound = 0) OR (household_demographics.hd_buy_potential = '0-500'))) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE catalog_sales ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION customer_ROW_ACCESS ON customer FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM customer_address, employee WHERE (customer.c_current_addr_sk = customer_address.ca_address_sk AND customer.c_birth_country = customer_address.ca_country) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM customer_address, employee WHERE (c_current_addr_sk = customer_address.ca_address_sk AND c_birth_country = customer_address.ca_country) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE customer ACTIVATE ROW ACCESS CONTROL;
......@@ -171,17 +173,17 @@ ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE income_band ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION inventory_ROW_ACCESS ON inventory FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM warehouse, employee WHERE (inventory.inv_warehouse_sk = warehouse.w_warehouse_sk AND 300000 >= warehouse.w_warehouse_sq_ft) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM warehouse, employee WHERE (inv_warehouse_sk = warehouse.w_warehouse_sk AND 300000 >= warehouse.w_warehouse_sq_ft) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE inventory ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION item_ROW_ACCESS ON item FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM store_returns, employee WHERE (store_returns.sr_item_sk = item.i_item_sk AND employee.e_store_sk = store_returns.sr_store_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM store_returns, employee WHERE (store_returns.sr_item_sk = i_item_sk AND employee.e_store_sk = store_returns.sr_store_sk) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE item ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION promotion_ROW_ACCESS ON promotion FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM store_sales, employee WHERE (store_sales.ss_promo_sk = promotion.p_promo_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM store_sales, employee WHERE (store_sales.ss_promo_sk = p_promo_sk) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE promotion ACTIVATE ROW ACCESS CONTROL;
......@@ -196,17 +198,17 @@ ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE ship_mode ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION store_ROW_ACCESS ON store FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (0 > store.s_closed_date_sk OR 'manager' = employee.e_role) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (0 > s_closed_date_sk OR 'manager' = employee.e_role) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE store ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION store_returns_ROW_ACCESS ON store_returns FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (store_returns.sr_store_sk = employee.e_store_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (sr_store_sk = employee.e_store_sk) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE store_returns ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION store_sales_ROW_ACCESS ON store_sales FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (store_sales.ss_store_sk = employee.e_store_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (ss_store_sk = employee.e_store_sk) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE store_sales ACTIVATE ROW ACCESS CONTROL;
......@@ -221,21 +223,21 @@ ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE warehouse ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION web_page_ROW_ACCESS ON web_page FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (0 < web_page.wp_customer_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (0 < wp_customer_sk) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE web_page ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION web_returns_ROW_ACCESS ON web_returns FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM date_dim, employee WHERE (date_dim.d_year > employee.e_year AND web_returns.wr_returned_date_sk = date_dim.d_date_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM date_dim, employee WHERE (date_dim.d_year > employee.e_year AND wr_returned_date_sk = date_dim.d_date_sk) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE web_returns ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION web_sales_ROW_ACCESS ON web_sales FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM date_dim, employee WHERE (date_dim.d_year > employee.e_year AND web_sales.ws_sold_date_sk = date_dim.d_date_sk) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM date_dim, employee WHERE (date_dim.d_year > employee.e_year AND ws_sold_date_sk = date_dim.d_date_sk) AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE web_sales ACTIVATE ROW ACCESS CONTROL;
CREATE OR REPLACE PERMISSION web_site_ROW_ACCESS ON web_site FOR ROWS WHERE
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (web_site.web_country = 'United States') AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR EXISTS (SELECT 1 FROM employee WHERE (web_country = 'United States') AND employee.e_name = SYSTEM_USER)
ENFORCED FOR ALL ACCESS ENABLE;
ALTER TABLE web_site ACTIVATE ROW ACCESS CONTROL;
\ No newline at end of file
......@@ -3,16 +3,16 @@
. /home/oracle/.bashrc;
## Create TPC-DS schema and users
#echo @sql/users.sql | sqlplus sys/Oradoc_db1@ORCLCDB as sysdba
#echo @sql/clean.sql | sqlplus admin1/admin1@ORCLCDB
#echo @sql/employee.sql | sqlplus admin1/admin1@ORCLCDB
#echo @sql/tpcds.sql | sqlplus admin1/admin1@ORCLCDB
#
## Import generated data to instance
#for tableScript in ctl/*.ctl
#do
# sqlldr admin1/admin1@ORCLCDB control="$tableScript" log="log/$(basename "$tableScript" .ctl).log" direct=true
#done
echo @sql/users.sql | sqlplus sys/Oradoc_db1@ORCLCDB as sysdba
echo @sql/clean.sql | sqlplus admin1/admin1@ORCLCDB
echo @sql/employee.sql | sqlplus admin1/admin1@ORCLCDB
echo @sql/tpcds.sql | sqlplus admin1/admin1@ORCLCDB
# Import generated data to instance
for tableScript in ctl/*.ctl
do
sqlldr admin1/admin1@ORCLCDB control="$tableScript" log="log/$(basename "$tableScript" .ctl).log" direct=true
done
# Attach policies
echo @sql/policies.sql | sqlplus admin1/admin1@ORCLCDB
......@@ -345,19 +345,19 @@ BEGIN
END IF;
END;
/
-- BEGIN
-- DBMS_RLS.ADD_POLICY(
-- object_schema => 'admin1',
-- object_name => 'item',
-- policy_name => 'item_i_brand_id_CELL_ACCESS_policy',
-- function_schema => 'admin1',
-- policy_function => 'item_i_brand_id_CELL_ACCESS',
-- statement_types => 'select',
-- sec_relevant_cols => 'i_brand_id',
-- sec_relevant_cols_opt => dbms_rls.all_rows
-- );
-- END;
-- /
BEGIN
DBMS_RLS.ADD_POLICY(
object_schema => 'admin1',
object_name => 'item',
policy_name => 'item_i_brand_id_CELL_ACCESS_policy',
function_schema => 'admin1',
policy_function => 'item_i_brand_id_CELL_ACCESS',
statement_types => 'select',
sec_relevant_cols => 'i_brand_id',
sec_relevant_cols_opt => dbms_rls.all_rows
);
END;
/
CREATE OR REPLACE FUNCTION reason_r_reason_desc_CELL_ACCESS(
......@@ -1018,14 +1018,14 @@ END;
/
CREATE OR REPLACE FUNCTION item_ROW_ACCESS1(
CREATE OR REPLACE FUNCTION item_ROW_ACCESS(
schema_var IN VARCHAR2,
table_var IN VARCHAR2)
RETURN VARCHAR2
AS
return_val VARCHAR2 (400);
BEGIN
return_val := 'SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''ADMIN1'' OR EXISTS (SELECT 1 FROM store_returns WHERE store_returns.sr_item_sk = i_item_sk AND 1= store_returns.sr_store_sk)';
return_val := '((SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''ADMIN1'') OR (EXISTS (SELECT 1 FROM store_returns, employee WHERE (store_returns.sr_item_sk = i_item_sk AND employee.e_store_sk = store_returns.sr_store_sk) AND (employee.e_name = SYS_CONTEXT(''USERENV'', ''SESSION_USER'')))))';
RETURN return_val;
END;
/
......@@ -1039,14 +1039,13 @@ BEGIN
END IF;
END;
/
BEGIN
DBMS_RLS.ADD_POLICY(
object_schema => 'admin1',
object_name => 'item',
policy_name => 'item_ROW_ACCESS_policy1',
policy_name => 'item_ROW_ACCESS_policy',
function_schema => 'admin1',
policy_function => 'item_ROW_ACCESS1',
policy_function => 'item_ROW_ACCESS',
statement_types => 'select'
);
END;
......
......@@ -17,14 +17,13 @@ services:
POSTGRES_PASSWORD: ubuntu
POSTGRES_DB: ubuntu
builder:
image: stanrogo/saqp-builder:latest
image: maven:latest
container_name: builder
build:
context: .
dockerfile: builder/Dockerfile
volumes:
- MavenM2:/root/.m2
- ./experiments:/usr/src/app
working_dir: /usr/src/app
command: mvn package
optimiser:
image: stanrogo/saqp-optimiser:latest
container_name: optimiser
......
......@@ -64,36 +64,24 @@
</plugin>
<!-- Install local jars to the global maven repo -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>2.5.2</version>
<groupId>com.googlecode.addjars-maven-plugin</groupId>
<artifactId>addjars-maven-plugin</artifactId>
<version>1.0.5</version>
<executions>
<execution>
<id>z3</id>
<phase>initialize</phase>
<goals>
<goal>install-file</goal>
</goals>
<configuration>
<groupId>com.stanrogo</groupId>
<artifactId>z3</artifactId>
<version>4.4.1</version>
<packaging>jar</packaging>
<file>src/main/resources/xacml-smt/lib/z3-4.4.1.jar</file>
</configuration>
</execution>
<execution>
<id>xacmlsmt</id>
<phase>initialize</phase>
<goals>
<goal>install-file</goal>
<goal>add-jars</goal>
</goals>
<configuration>
<groupId>com.stanrogo</groupId>
<artifactId>xacmlsmt</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<file>src/main/resources/xacml-smt/bin/XACMLSMT.jar</file>
<resources>
<resource>
<directory>src/main/resources/xacml-smt</directory>
<includes>
<include>**/z3-4.4.1.jar</include>
<include>**/XACMLSMT.jar</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
......
FROM maven:latest AS build
COPY src /home/app/src
COPY pom.xml /home/app
RUN mvn -f /home/app/pom.xml clean package
FROM openjdk:latest
COPY --from=build /home/app/target/ /home/app/target/
COPY policies.csv /home/app/policies.csv
ENTRYPOINT ["java","-jar","/home/app/target/policy-gen-1.0.0.jar"]
# policy-gen
To build and run the project:
```shell
docker build -t policy-gen .
docker run --rm -it -v "$(pwd)/../comparison":/home/comparison policy-gen:latest
```
......@@ -25,7 +25,38 @@
<target>14</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>3.2.4</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<archive>
<manifest>
<addClasspath>true</addClasspath>
<mainClass>PolicyGen</mainClass>
</manifest>
</archive>
</configuration>
</plugin>
</plugins>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
</build>
<dependencies>
......
import java.io.IOException;
import java.util.List;
import net.sf.jsqlparser.JSQLParserException;
......@@ -48,9 +47,4 @@ public class DB2Policies extends PolicyParser {
negative + "EXISTS (SELECT 1 FROM " + String.join(", ", tableList) + " WHERE (" +
policy + ") AND employee.e_name = SYSTEM_USER)";
}
public static void main(String[] args) throws IOException, JSQLParserException {
DB2Policies db2Policies = new DB2Policies("../../../comparison/ibm/sql/policies.sql");
db2Policies.parse();
}
}
import java.io.IOException;
import java.util.List;
import net.sf.jsqlparser.JSQLParserException;
......@@ -94,11 +93,5 @@ public class OraclePolicies extends PolicyParser {
" WHERE (" + policy.replaceAll("'", "''") +
") AND (employee.e_name = SYS_CONTEXT(''USERENV'', ''SESSION_USER''))))";
}
public static void main(String[] args) throws IOException, JSQLParserException {
OraclePolicies oraclePolicies =
new OraclePolicies("../../../comparison/oracle/sql/policies.sql");
oraclePolicies.parse();
}
}
import java.io.IOException;
import net.sf.jsqlparser.JSQLParserException;
public class PolicyGen {
public static void main(String[] args) throws IOException, JSQLParserException {
String ibmPolicyFile = "../comparison/ibm/sql/policies.sql";
String oraclePolicyFile = "../comparison/oracle/sql/policies.sql";
DB2Policies db2Policies = new DB2Policies(ibmPolicyFile);
OraclePolicies oraclePolicies = new OraclePolicies(oraclePolicyFile);
db2Policies.parse();
oraclePolicies.parse();
}
}
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import net.sf.jsqlparser.JSQLParserException;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
......@@ -22,9 +22,11 @@ abstract public class PolicyParser {
}
void parse() throws IOException, JSQLParserException {
URL loc = PolicyParser.class.getProtectionDomain().getCodeSource().getLocation();
Properties props = new Properties();
props.load(this.getClass().getResourceAsStream("project.properties"));
String policyDir = props.get("my.basedir") + "/policies.csv";
CSVFormat format = CSVFormat.RFC4180.withHeader().withDelimiter('|');
CSVParser parser = new CSVParser(new FileReader(loc.getPath() + "../../policies.csv"), format);
CSVParser parser = new CSVParser(new FileReader(policyDir), format);
List<String> policies = new ArrayList<>();
policies.add(buildPreamble());
......@@ -44,8 +46,9 @@ abstract public class PolicyParser {
}
void writeSQL(List<String> policies) throws IOException {
URL loc = PolicyParser.class.getProtectionDomain().getCodeSource().getLocation();
String fileName = loc.getPath() + writePath;
Properties props = new Properties();
props.load(this.getClass().getResourceAsStream("project.properties"));
String fileName = props.get("my.basedir") + "/" + writePath;
File myObj = new File(fileName);
if ((myObj.delete() && myObj.createNewFile()) || myObj.createNewFile()) {
FileWriter myWriter = new FileWriter(fileName);
......
my.basedir=${project.basedir}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment