Examples with AuthContext - io.pravega.controller.server.security.auth.handler.AuthContext

Example 1 with AuthContext

use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.

the class ControllerServiceImpl method checkScopeExists.

@Override
public void checkScopeExists(ScopeInfo request, StreamObserver<Controller.ExistsResponse> responseObserver) {
    RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), CHECK_SCOPE_EXISTS, request.getScope());
    String scope = request.getScope();
    log.info(requestTag.getRequestId(), "checkScopeExists called for scope {}.", request);
    final AuthContext ctx;
    if (this.grpcAuthHelper.isAuthEnabled()) {
        ctx = AuthContext.current();
    } else {
        ctx = null;
    }
    Supplier<String> stringSupplier = () -> {
        String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofScope(scope), AuthHandler.Permissions.READ, ctx);
        log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScopes(), result);
        return result;
    };
    Function<String, CompletableFuture<Controller.ExistsResponse>> scopeFn = delegationToken -> controllerService.getScope(scope, requestTag.getRequestId()).handle((response, e) -> {
        boolean exists;
        if (e != null) {
            if (Exceptions.unwrap(e) instanceof StoreException.DataNotFoundException) {
                exists = false;
            } else {
                throw new CompletionException(e);
            }
        } else {
            exists = true;
        }
        return Controller.ExistsResponse.newBuilder().setExists(exists).build();
    });
    authenticateExecuteAndProcessResults(stringSupplier, scopeFn, responseObserver, requestTag);
}

Also used : StreamCut(io.pravega.controller.stream.api.grpc.v1.Controller.StreamCut) StreamConfig(io.pravega.controller.stream.api.grpc.v1.Controller.StreamConfig) AuthHandler(io.pravega.auth.AuthHandler) PingTxnRequest(io.pravega.controller.stream.api.grpc.v1.Controller.PingTxnRequest) DELETE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_STREAM) SegmentRanges(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentRanges) StreamAuthParams(io.pravega.controller.server.security.auth.StreamAuthParams) StoreException(io.pravega.controller.store.stream.StoreException) Pair(org.apache.commons.lang3.tuple.Pair) TRUNCATE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.TRUNCATE_STREAM) AuthContext(io.pravega.controller.server.security.auth.handler.AuthContext) AccessOperation(io.pravega.shared.security.auth.AccessOperation) KeyValueTableInfo(io.pravega.controller.stream.api.grpc.v1.Controller.KeyValueTableInfo) SubscriberStreamCut(io.pravega.controller.stream.api.grpc.v1.Controller.SubscriberStreamCut) LIST_SCOPES(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_SCOPES) Status(io.grpc.Status) LockFailedException(io.pravega.controller.store.task.LockFailedException) UPDATE_READER_GROUP(io.pravega.shared.controller.tracing.RPCTracingTags.UPDATE_READER_GROUP) UPDATE_TRUNCATION_STREAM_CUT(io.pravega.shared.controller.tracing.RPCTracingTags.UPDATE_TRUNCATION_STREAM_CUT) DeleteScopeStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteScopeStatus) GET_SEGMENTS_IMMEDIATELY_FOLLOWING(io.pravega.shared.controller.tracing.RPCTracingTags.GET_SEGMENTS_IMMEDIATELY_FOLLOWING) ReaderGroupInfo(io.pravega.controller.stream.api.grpc.v1.Controller.ReaderGroupInfo) AuthorizationResource(io.pravega.shared.security.auth.AuthorizationResource) REMOVE_WRITER(io.pravega.shared.controller.tracing.RPCTracingTags.REMOVE_WRITER) AuthorizationException(io.pravega.auth.AuthorizationException) NonNull(lombok.NonNull) GET_SEGMENTS_BETWEEN_STREAM_CUTS(io.pravega.shared.controller.tracing.RPCTracingTags.GET_SEGMENTS_BETWEEN_STREAM_CUTS) LIST_STREAMS_IN_SCOPE(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_STREAMS_IN_SCOPE) RequestTracker(io.pravega.common.tracing.RequestTracker) GET_STREAM_CONFIGURATION(io.pravega.shared.controller.tracing.RPCTracingTags.GET_STREAM_CONFIGURATION) GrpcAuthHelper(io.pravega.controller.server.security.auth.GrpcAuthHelper) SegmentId(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentId) CreateReaderGroupResponse(io.pravega.controller.stream.api.grpc.v1.Controller.CreateReaderGroupResponse) LIST_KEY_VALUE_TABLES(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_KEY_VALUE_TABLES) KeyValueTableConfig(io.pravega.controller.stream.api.grpc.v1.Controller.KeyValueTableConfig) Exceptions(io.pravega.common.Exceptions) ModelHelper.decode(io.pravega.client.control.impl.ModelHelper.decode) ServerRequest(io.pravega.controller.stream.api.grpc.v1.Controller.ServerRequest) ScopeInfo(io.pravega.controller.stream.api.grpc.v1.Controller.ScopeInfo) GET_KEY_VALUE_TABLE_CONFIGURATION(io.pravega.shared.controller.tracing.RPCTracingTags.GET_KEY_VALUE_TABLE_CONFIGURATION) IS_STREAMCUT_VALID(io.pravega.shared.controller.tracing.RPCTracingTags.IS_STREAMCUT_VALID) Supplier(java.util.function.Supplier) UpdateSubscriberStatus(io.pravega.controller.stream.api.grpc.v1.Controller.UpdateSubscriberStatus) ArrayList(java.util.ArrayList) Strings(com.google.common.base.Strings) NodeUri(io.pravega.controller.stream.api.grpc.v1.Controller.NodeUri) ReaderGroupConfiguration(io.pravega.controller.stream.api.grpc.v1.Controller.ReaderGroupConfiguration) StreamInfo(io.pravega.controller.stream.api.grpc.v1.Controller.StreamInfo) ControllerServiceGrpc(io.pravega.controller.stream.api.grpc.v1.ControllerServiceGrpc) SegmentLocation(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentsAtTime.SegmentLocation) Throwables(com.google.common.base.Throwables) AuthenticationException(io.pravega.auth.AuthenticationException) CREATE_TRANSACTION(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_TRANSACTION) LIST_STREAMS_IN_SCOPE_FOR_TAG(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_STREAMS_IN_SCOPE_FOR_TAG) TxnStatus(io.pravega.controller.stream.api.grpc.v1.Controller.TxnStatus) DeleteReaderGroupStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteReaderGroupStatus) SegmentsAtTime(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentsAtTime) CreateKeyValueTableStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateKeyValueTableStatus) GET_CURRENT_SEGMENTS(io.pravega.shared.controller.tracing.RPCTracingTags.GET_CURRENT_SEGMENTS) CHECK_TRANSACTION_STATE(io.pravega.shared.controller.tracing.RPCTracingTags.CHECK_TRANSACTION_STATE) CREATE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_STREAM) ServerResponse(io.pravega.controller.stream.api.grpc.v1.Controller.ServerResponse) BiFunction(java.util.function.BiFunction) LoggerFactory(org.slf4j.LoggerFactory) TimeoutException(java.util.concurrent.TimeoutException) GetSegmentsRequest(io.pravega.controller.stream.api.grpc.v1.Controller.GetSegmentsRequest) StreamObserver(io.grpc.stub.StreamObserver) TagLogger(io.pravega.common.tracing.TagLogger) CREATE_KEY_VALUE_TABLE(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_KEY_VALUE_TABLE) SubscribersResponse(io.pravega.controller.stream.api.grpc.v1.Controller.SubscribersResponse) Controller(io.pravega.controller.stream.api.grpc.v1.Controller) DELETE_KEY_VALUE_TABLE(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_KEY_VALUE_TABLE) CreateStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateStreamStatus) CHECK_SCOPE_EXISTS(io.pravega.shared.controller.tracing.RPCTracingTags.CHECK_SCOPE_EXISTS) LIST_SUBSCRIBERS(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_SUBSCRIBERS) ImmutableMap(com.google.common.collect.ImmutableMap) Predicate(java.util.function.Predicate) CHECK_STREAM_EXISTS(io.pravega.shared.controller.tracing.RPCTracingTags.CHECK_STREAM_EXISTS) CREATE_SCOPE(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_SCOPE) RequestTag(io.pravega.common.tracing.RequestTag) DelegationToken(io.pravega.controller.stream.api.grpc.v1.Controller.DelegationToken) CompletionException(java.util.concurrent.CompletionException) UUID(java.util.UUID) COMMIT_TRANSACTION(io.pravega.shared.controller.tracing.RPCTracingTags.COMMIT_TRANSACTION) Collectors(java.util.stream.Collectors) GET_SEGMENTS(io.pravega.shared.controller.tracing.RPCTracingTags.GET_SEGMENTS) GET_EPOCH_SEGMENTS(io.pravega.shared.controller.tracing.RPCTracingTags.GET_EPOCH_SEGMENTS) SEAL_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.SEAL_STREAM) List(java.util.List) ABORT_TRANSACTION(io.pravega.shared.controller.tracing.RPCTracingTags.ABORT_TRANSACTION) GET_URI(io.pravega.shared.controller.tracing.RPCTracingTags.GET_URI) Entry(java.util.Map.Entry) GetEpochSegmentsRequest(io.pravega.controller.stream.api.grpc.v1.Controller.GetEpochSegmentsRequest) DELETE_READER_GROUP(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_READER_GROUP) DELETE_SCOPE(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_SCOPE) PING_TRANSACTION(io.pravega.shared.controller.tracing.RPCTracingTags.PING_TRANSACTION) PingTxnStatus(io.pravega.controller.stream.api.grpc.v1.Controller.PingTxnStatus) DELETE_SCOPE_RECURSIVE(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_SCOPE_RECURSIVE) CreateScopeStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateScopeStatus) ScaleStatusRequest(io.pravega.controller.stream.api.grpc.v1.Controller.ScaleStatusRequest) ModelHelper(io.pravega.client.control.impl.ModelHelper) IS_SEGMENT_OPEN(io.pravega.shared.controller.tracing.RPCTracingTags.IS_SEGMENT_OPEN) ScaleStatusResponse(io.pravega.controller.stream.api.grpc.v1.Controller.ScaleStatusResponse) TxnState(io.pravega.controller.stream.api.grpc.v1.Controller.TxnState) CompletableFuture(java.util.concurrent.CompletableFuture) Function(java.util.function.Function) SuccessorResponse(io.pravega.controller.stream.api.grpc.v1.Controller.SuccessorResponse) GET_OR_REFRESH_DELEGATION_TOKEN_FOR(io.pravega.shared.controller.tracing.RPCTracingTags.GET_OR_REFRESH_DELEGATION_TOKEN_FOR) ScaleRequest(io.pravega.controller.stream.api.grpc.v1.Controller.ScaleRequest) DeleteKVTableStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteKVTableStatus) CreateTxnRequest(io.pravega.controller.stream.api.grpc.v1.Controller.CreateTxnRequest) GET_CURRENT_SEGMENTS_KEY_VALUE_TABLE(io.pravega.shared.controller.tracing.RPCTracingTags.GET_CURRENT_SEGMENTS_KEY_VALUE_TABLE) DeleteStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteStreamStatus) NOTE_TIMESTAMP_FROM_WRITER(io.pravega.shared.controller.tracing.RPCTracingTags.NOTE_TIMESTAMP_FROM_WRITER) CHECK_SCALE(io.pravega.shared.controller.tracing.RPCTracingTags.CHECK_SCALE) UPDATE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.UPDATE_STREAM) CREATE_READER_GROUP(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_READER_GROUP) ScaleResponse(io.pravega.controller.stream.api.grpc.v1.Controller.ScaleResponse) AuthorizationResourceImpl(io.pravega.shared.security.auth.AuthorizationResourceImpl) SCALE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.SCALE_STREAM) ControllerService(io.pravega.controller.server.ControllerService) UpdateReaderGroupResponse(io.pravega.controller.stream.api.grpc.v1.Controller.UpdateReaderGroupResponse) NameUtils(io.pravega.shared.NameUtils) GET_READER_GROUP_CONFIG(io.pravega.shared.controller.tracing.RPCTracingTags.GET_READER_GROUP_CONFIG) ImmutablePair(org.apache.commons.lang3.tuple.ImmutablePair) UpdateStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.UpdateStreamStatus) VisibleForTesting(com.google.common.annotations.VisibleForTesting) TxnRequest(io.pravega.controller.stream.api.grpc.v1.Controller.TxnRequest) AllArgsConstructor(lombok.AllArgsConstructor) ReaderGroupConfigResponse(io.pravega.controller.stream.api.grpc.v1.Controller.ReaderGroupConfigResponse) SegmentValidityResponse(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentValidityResponse) CompletableFuture(java.util.concurrent.CompletableFuture) CompletionException(java.util.concurrent.CompletionException) AuthContext(io.pravega.controller.server.security.auth.handler.AuthContext) RequestTag(io.pravega.common.tracing.RequestTag) Controller(io.pravega.controller.stream.api.grpc.v1.Controller)

Example 2 with AuthContext

use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.

the class ControllerServiceImpl method listStreamsInScopeForTag.

@Override
public void listStreamsInScopeForTag(Controller.StreamsInScopeWithTagRequest request, StreamObserver<Controller.StreamsInScopeResponse> responseObserver) {
    String scopeName = request.getScope().getScope();
    String tag = request.getTag();
    RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), LIST_STREAMS_IN_SCOPE_FOR_TAG, scopeName);
    log.info(requestTag.getRequestId(), "{} called for scope {} and tags {}", LIST_STREAMS_IN_SCOPE_FOR_TAG, scopeName, tag);
    final AuthContext ctx = this.grpcAuthHelper.isAuthEnabled() ? AuthContext.current() : null;
    Function<String, CompletableFuture<Controller.StreamsInScopeResponse>> streamsFn = delegationToken -> listWithFilter(request.getContinuationToken().getToken(), pageLimit, (x, y) -> controllerService.listStreamsForTag(scopeName, tag, x, requestTag.getRequestId()), x -> grpcAuthHelper.isAuthorized(authorizationResource.ofStreamInScope(scopeName, x), AuthHandler.Permissions.READ, ctx), x -> StreamInfo.newBuilder().setScope(scopeName).setStream(x).build(), requestTag.getRequestId()).handle((response, ex) -> {
        if (ex != null) {
            if (Exceptions.unwrap(ex) instanceof StoreException.DataNotFoundException) {
                return Controller.StreamsInScopeResponse.newBuilder().setStatus(Controller.StreamsInScopeResponse.Status.SCOPE_NOT_FOUND).build();
            } else {
                throw new CompletionException(ex);
            }
        } else {
            return Controller.StreamsInScopeResponse.newBuilder().addAllStreams(response.getKey()).setContinuationToken(Controller.ContinuationToken.newBuilder().setToken(response.getValue()).build()).setStatus(Controller.StreamsInScopeResponse.Status.SUCCESS).build();
        }
    });
    authenticateExecuteAndProcessResults(() -> {
        String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofScope(scopeName), AuthHandler.Permissions.READ, ctx);
        log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScope(scopeName), result);
        return result;
    }, streamsFn, responseObserver, requestTag);
}

Example 3 with AuthContext

use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.

the class ControllerServiceImpl method listScopes.

@Override
public void listScopes(Controller.ScopesRequest request, StreamObserver<Controller.ScopesResponse> responseObserver) {
    RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), LIST_SCOPES);
    log.info(requestTag.getRequestId(), "listScope called.");
    final AuthContext ctx;
    if (this.grpcAuthHelper.isAuthEnabled()) {
        ctx = AuthContext.current();
    } else {
        ctx = null;
    }
    Supplier<String> stringSupplier = () -> {
        String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofScopes(), AuthHandler.Permissions.READ, ctx);
        log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScopes(), result);
        return result;
    };
    Function<String, CompletableFuture<Controller.ScopesResponse>> scopesFn = delegationToken -> listWithFilter(request.getContinuationToken().getToken(), pageLimit, (x, y) -> controllerService.listScopes(x, y, requestTag.getRequestId()), x -> grpcAuthHelper.isAuthorized(authorizationResource.ofScope(x), AuthHandler.Permissions.READ, ctx), x -> x, requestTag.getRequestId()).thenApply(response -> Controller.ScopesResponse.newBuilder().addAllScopes(response.getKey()).setContinuationToken(Controller.ContinuationToken.newBuilder().setToken(response.getValue()).build()).build());
    authenticateExecuteAndProcessResults(stringSupplier, scopesFn, responseObserver, requestTag);
}

Also used : StreamCut(io.pravega.controller.stream.api.grpc.v1.Controller.StreamCut) StreamConfig(io.pravega.controller.stream.api.grpc.v1.Controller.StreamConfig) AuthHandler(io.pravega.auth.AuthHandler) PingTxnRequest(io.pravega.controller.stream.api.grpc.v1.Controller.PingTxnRequest) DELETE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_STREAM) SegmentRanges(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentRanges) StreamAuthParams(io.pravega.controller.server.security.auth.StreamAuthParams) StoreException(io.pravega.controller.store.stream.StoreException) Pair(org.apache.commons.lang3.tuple.Pair) TRUNCATE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.TRUNCATE_STREAM) AuthContext(io.pravega.controller.server.security.auth.handler.AuthContext) AccessOperation(io.pravega.shared.security.auth.AccessOperation) KeyValueTableInfo(io.pravega.controller.stream.api.grpc.v1.Controller.KeyValueTableInfo) SubscriberStreamCut(io.pravega.controller.stream.api.grpc.v1.Controller.SubscriberStreamCut) LIST_SCOPES(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_SCOPES) Status(io.grpc.Status) LockFailedException(io.pravega.controller.store.task.LockFailedException) UPDATE_READER_GROUP(io.pravega.shared.controller.tracing.RPCTracingTags.UPDATE_READER_GROUP) UPDATE_TRUNCATION_STREAM_CUT(io.pravega.shared.controller.tracing.RPCTracingTags.UPDATE_TRUNCATION_STREAM_CUT) DeleteScopeStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteScopeStatus) GET_SEGMENTS_IMMEDIATELY_FOLLOWING(io.pravega.shared.controller.tracing.RPCTracingTags.GET_SEGMENTS_IMMEDIATELY_FOLLOWING) ReaderGroupInfo(io.pravega.controller.stream.api.grpc.v1.Controller.ReaderGroupInfo) AuthorizationResource(io.pravega.shared.security.auth.AuthorizationResource) REMOVE_WRITER(io.pravega.shared.controller.tracing.RPCTracingTags.REMOVE_WRITER) AuthorizationException(io.pravega.auth.AuthorizationException) NonNull(lombok.NonNull) GET_SEGMENTS_BETWEEN_STREAM_CUTS(io.pravega.shared.controller.tracing.RPCTracingTags.GET_SEGMENTS_BETWEEN_STREAM_CUTS) LIST_STREAMS_IN_SCOPE(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_STREAMS_IN_SCOPE) RequestTracker(io.pravega.common.tracing.RequestTracker) GET_STREAM_CONFIGURATION(io.pravega.shared.controller.tracing.RPCTracingTags.GET_STREAM_CONFIGURATION) GrpcAuthHelper(io.pravega.controller.server.security.auth.GrpcAuthHelper) SegmentId(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentId) CreateReaderGroupResponse(io.pravega.controller.stream.api.grpc.v1.Controller.CreateReaderGroupResponse) LIST_KEY_VALUE_TABLES(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_KEY_VALUE_TABLES) KeyValueTableConfig(io.pravega.controller.stream.api.grpc.v1.Controller.KeyValueTableConfig) Exceptions(io.pravega.common.Exceptions) ModelHelper.decode(io.pravega.client.control.impl.ModelHelper.decode) ServerRequest(io.pravega.controller.stream.api.grpc.v1.Controller.ServerRequest) ScopeInfo(io.pravega.controller.stream.api.grpc.v1.Controller.ScopeInfo) GET_KEY_VALUE_TABLE_CONFIGURATION(io.pravega.shared.controller.tracing.RPCTracingTags.GET_KEY_VALUE_TABLE_CONFIGURATION) IS_STREAMCUT_VALID(io.pravega.shared.controller.tracing.RPCTracingTags.IS_STREAMCUT_VALID) Supplier(java.util.function.Supplier) UpdateSubscriberStatus(io.pravega.controller.stream.api.grpc.v1.Controller.UpdateSubscriberStatus) ArrayList(java.util.ArrayList) Strings(com.google.common.base.Strings) NodeUri(io.pravega.controller.stream.api.grpc.v1.Controller.NodeUri) ReaderGroupConfiguration(io.pravega.controller.stream.api.grpc.v1.Controller.ReaderGroupConfiguration) StreamInfo(io.pravega.controller.stream.api.grpc.v1.Controller.StreamInfo) ControllerServiceGrpc(io.pravega.controller.stream.api.grpc.v1.ControllerServiceGrpc) SegmentLocation(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentsAtTime.SegmentLocation) Throwables(com.google.common.base.Throwables) AuthenticationException(io.pravega.auth.AuthenticationException) CREATE_TRANSACTION(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_TRANSACTION) LIST_STREAMS_IN_SCOPE_FOR_TAG(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_STREAMS_IN_SCOPE_FOR_TAG) TxnStatus(io.pravega.controller.stream.api.grpc.v1.Controller.TxnStatus) DeleteReaderGroupStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteReaderGroupStatus) SegmentsAtTime(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentsAtTime) CreateKeyValueTableStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateKeyValueTableStatus) GET_CURRENT_SEGMENTS(io.pravega.shared.controller.tracing.RPCTracingTags.GET_CURRENT_SEGMENTS) CHECK_TRANSACTION_STATE(io.pravega.shared.controller.tracing.RPCTracingTags.CHECK_TRANSACTION_STATE) CREATE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_STREAM) ServerResponse(io.pravega.controller.stream.api.grpc.v1.Controller.ServerResponse) BiFunction(java.util.function.BiFunction) LoggerFactory(org.slf4j.LoggerFactory) TimeoutException(java.util.concurrent.TimeoutException) GetSegmentsRequest(io.pravega.controller.stream.api.grpc.v1.Controller.GetSegmentsRequest) StreamObserver(io.grpc.stub.StreamObserver) TagLogger(io.pravega.common.tracing.TagLogger) CREATE_KEY_VALUE_TABLE(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_KEY_VALUE_TABLE) SubscribersResponse(io.pravega.controller.stream.api.grpc.v1.Controller.SubscribersResponse) Controller(io.pravega.controller.stream.api.grpc.v1.Controller) DELETE_KEY_VALUE_TABLE(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_KEY_VALUE_TABLE) CreateStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateStreamStatus) CHECK_SCOPE_EXISTS(io.pravega.shared.controller.tracing.RPCTracingTags.CHECK_SCOPE_EXISTS) LIST_SUBSCRIBERS(io.pravega.shared.controller.tracing.RPCTracingTags.LIST_SUBSCRIBERS) ImmutableMap(com.google.common.collect.ImmutableMap) Predicate(java.util.function.Predicate) CHECK_STREAM_EXISTS(io.pravega.shared.controller.tracing.RPCTracingTags.CHECK_STREAM_EXISTS) CREATE_SCOPE(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_SCOPE) RequestTag(io.pravega.common.tracing.RequestTag) DelegationToken(io.pravega.controller.stream.api.grpc.v1.Controller.DelegationToken) CompletionException(java.util.concurrent.CompletionException) UUID(java.util.UUID) COMMIT_TRANSACTION(io.pravega.shared.controller.tracing.RPCTracingTags.COMMIT_TRANSACTION) Collectors(java.util.stream.Collectors) GET_SEGMENTS(io.pravega.shared.controller.tracing.RPCTracingTags.GET_SEGMENTS) GET_EPOCH_SEGMENTS(io.pravega.shared.controller.tracing.RPCTracingTags.GET_EPOCH_SEGMENTS) SEAL_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.SEAL_STREAM) List(java.util.List) ABORT_TRANSACTION(io.pravega.shared.controller.tracing.RPCTracingTags.ABORT_TRANSACTION) GET_URI(io.pravega.shared.controller.tracing.RPCTracingTags.GET_URI) Entry(java.util.Map.Entry) GetEpochSegmentsRequest(io.pravega.controller.stream.api.grpc.v1.Controller.GetEpochSegmentsRequest) DELETE_READER_GROUP(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_READER_GROUP) DELETE_SCOPE(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_SCOPE) PING_TRANSACTION(io.pravega.shared.controller.tracing.RPCTracingTags.PING_TRANSACTION) PingTxnStatus(io.pravega.controller.stream.api.grpc.v1.Controller.PingTxnStatus) DELETE_SCOPE_RECURSIVE(io.pravega.shared.controller.tracing.RPCTracingTags.DELETE_SCOPE_RECURSIVE) CreateScopeStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateScopeStatus) ScaleStatusRequest(io.pravega.controller.stream.api.grpc.v1.Controller.ScaleStatusRequest) ModelHelper(io.pravega.client.control.impl.ModelHelper) IS_SEGMENT_OPEN(io.pravega.shared.controller.tracing.RPCTracingTags.IS_SEGMENT_OPEN) ScaleStatusResponse(io.pravega.controller.stream.api.grpc.v1.Controller.ScaleStatusResponse) TxnState(io.pravega.controller.stream.api.grpc.v1.Controller.TxnState) CompletableFuture(java.util.concurrent.CompletableFuture) Function(java.util.function.Function) SuccessorResponse(io.pravega.controller.stream.api.grpc.v1.Controller.SuccessorResponse) GET_OR_REFRESH_DELEGATION_TOKEN_FOR(io.pravega.shared.controller.tracing.RPCTracingTags.GET_OR_REFRESH_DELEGATION_TOKEN_FOR) ScaleRequest(io.pravega.controller.stream.api.grpc.v1.Controller.ScaleRequest) DeleteKVTableStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteKVTableStatus) CreateTxnRequest(io.pravega.controller.stream.api.grpc.v1.Controller.CreateTxnRequest) GET_CURRENT_SEGMENTS_KEY_VALUE_TABLE(io.pravega.shared.controller.tracing.RPCTracingTags.GET_CURRENT_SEGMENTS_KEY_VALUE_TABLE) DeleteStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteStreamStatus) NOTE_TIMESTAMP_FROM_WRITER(io.pravega.shared.controller.tracing.RPCTracingTags.NOTE_TIMESTAMP_FROM_WRITER) CHECK_SCALE(io.pravega.shared.controller.tracing.RPCTracingTags.CHECK_SCALE) UPDATE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.UPDATE_STREAM) CREATE_READER_GROUP(io.pravega.shared.controller.tracing.RPCTracingTags.CREATE_READER_GROUP) ScaleResponse(io.pravega.controller.stream.api.grpc.v1.Controller.ScaleResponse) AuthorizationResourceImpl(io.pravega.shared.security.auth.AuthorizationResourceImpl) SCALE_STREAM(io.pravega.shared.controller.tracing.RPCTracingTags.SCALE_STREAM) ControllerService(io.pravega.controller.server.ControllerService) UpdateReaderGroupResponse(io.pravega.controller.stream.api.grpc.v1.Controller.UpdateReaderGroupResponse) NameUtils(io.pravega.shared.NameUtils) GET_READER_GROUP_CONFIG(io.pravega.shared.controller.tracing.RPCTracingTags.GET_READER_GROUP_CONFIG) ImmutablePair(org.apache.commons.lang3.tuple.ImmutablePair) UpdateStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.UpdateStreamStatus) VisibleForTesting(com.google.common.annotations.VisibleForTesting) TxnRequest(io.pravega.controller.stream.api.grpc.v1.Controller.TxnRequest) AllArgsConstructor(lombok.AllArgsConstructor) ReaderGroupConfigResponse(io.pravega.controller.stream.api.grpc.v1.Controller.ReaderGroupConfigResponse) SegmentValidityResponse(io.pravega.controller.stream.api.grpc.v1.Controller.SegmentValidityResponse) CompletableFuture(java.util.concurrent.CompletableFuture) AuthContext(io.pravega.controller.server.security.auth.handler.AuthContext) RequestTag(io.pravega.common.tracing.RequestTag) Controller(io.pravega.controller.stream.api.grpc.v1.Controller)

Example 4 with AuthContext

use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.

the class ControllerServiceImpl method listKeyValueTablesInScope.

@Override
public void listKeyValueTablesInScope(Controller.KVTablesInScopeRequest request, StreamObserver<Controller.KVTablesInScopeResponse> responseObserver) {
    String scopeName = request.getScope().getScope();
    RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), LIST_KEY_VALUE_TABLES, scopeName);
    log.info(requestTag.getRequestId(), "listKeyValueTables called for scope {}.", scopeName);
    final AuthContext ctx = this.grpcAuthHelper.isAuthEnabled() ? AuthContext.current() : null;
    Function<String, CompletableFuture<Controller.KVTablesInScopeResponse>> streamsFn = delegationToken -> listWithFilter(request.getContinuationToken().getToken(), pageLimit, (x, y) -> controllerService.listKeyValueTables(scopeName, x, y, requestTag.getRequestId()), x -> grpcAuthHelper.isAuthorized(authorizationResource.ofKeyValueTableInScope(scopeName, x), AuthHandler.Permissions.READ, ctx), x -> KeyValueTableInfo.newBuilder().setScope(scopeName).setKvtName(x).build(), requestTag.getRequestId()).handle((response, ex) -> {
        if (ex != null) {
            if (Exceptions.unwrap(ex) instanceof StoreException.DataNotFoundException) {
                return Controller.KVTablesInScopeResponse.newBuilder().setStatus(Controller.KVTablesInScopeResponse.Status.SCOPE_NOT_FOUND).build();
            } else {
                throw new CompletionException(ex);
            }
        } else {
            return Controller.KVTablesInScopeResponse.newBuilder().addAllKvtables(response.getKey()).setContinuationToken(Controller.ContinuationToken.newBuilder().setToken(response.getValue()).build()).setStatus(Controller.KVTablesInScopeResponse.Status.SUCCESS).build();
        }
    });
    authenticateExecuteAndProcessResults(() -> {
        String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofScope(scopeName), AuthHandler.Permissions.READ, ctx);
        log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScope(scopeName), result);
        return result;
    }, streamsFn, responseObserver, requestTag);
}

Example 5 with AuthContext

use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.

the class ControllerServiceImpl method checkStreamExists.

@Override
public void checkStreamExists(StreamInfo request, StreamObserver<Controller.ExistsResponse> responseObserver) {
    RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), CHECK_STREAM_EXISTS);
    String scope = request.getScope();
    String stream = request.getStream();
    log.info(requestTag.getRequestId(), "checkStream exists called for {}/{}.", scope, stream);
    final AuthContext ctx;
    if (this.grpcAuthHelper.isAuthEnabled()) {
        ctx = AuthContext.current();
    } else {
        ctx = null;
    }
    Supplier<String> stringSupplier = () -> {
        String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofStreamInScope(scope, stream), AuthHandler.Permissions.READ, ctx);
        log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScopes(), result);
        return result;
    };
    Function<String, CompletableFuture<Controller.ExistsResponse>> streamFn = delegationToken -> controllerService.getStream(scope, stream, requestTag.getRequestId()).handle((response, e) -> {
        boolean exists;
        if (e != null) {
            if (Exceptions.unwrap(e) instanceof StoreException.DataNotFoundException) {
                exists = false;
            } else {
                throw new CompletionException(e);
            }
        } else {
            exists = true;
        }
        return Controller.ExistsResponse.newBuilder().setExists(exists).build();
    });
    authenticateExecuteAndProcessResults(stringSupplier, streamFn, responseObserver, requestTag);
}

Aggregations

VisibleForTesting (com.google.common.annotations.VisibleForTesting)7 Strings (com.google.common.base.Strings)7 Throwables (com.google.common.base.Throwables)7 ImmutableMap (com.google.common.collect.ImmutableMap)7 Status (io.grpc.Status)7 StreamObserver (io.grpc.stub.StreamObserver)7 AuthHandler (io.pravega.auth.AuthHandler)7 AuthenticationException (io.pravega.auth.AuthenticationException)7 AuthorizationException (io.pravega.auth.AuthorizationException)7 ModelHelper (io.pravega.client.control.impl.ModelHelper)7 ModelHelper.decode (io.pravega.client.control.impl.ModelHelper.decode)7 Exceptions (io.pravega.common.Exceptions)7 RequestTag (io.pravega.common.tracing.RequestTag)7 RequestTracker (io.pravega.common.tracing.RequestTracker)7 TagLogger (io.pravega.common.tracing.TagLogger)7 ControllerService (io.pravega.controller.server.ControllerService)7 GrpcAuthHelper (io.pravega.controller.server.security.auth.GrpcAuthHelper)7 StreamAuthParams (io.pravega.controller.server.security.auth.StreamAuthParams)7 AuthContext (io.pravega.controller.server.security.auth.handler.AuthContext)7 StoreException (io.pravega.controller.store.stream.StoreException)7