use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.
the class ControllerServiceImpl method checkScopeExists.
@Override
public void checkScopeExists(ScopeInfo request, StreamObserver<Controller.ExistsResponse> responseObserver) {
RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), CHECK_SCOPE_EXISTS, request.getScope());
String scope = request.getScope();
log.info(requestTag.getRequestId(), "checkScopeExists called for scope {}.", request);
final AuthContext ctx;
if (this.grpcAuthHelper.isAuthEnabled()) {
ctx = AuthContext.current();
} else {
ctx = null;
}
Supplier<String> stringSupplier = () -> {
String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofScope(scope), AuthHandler.Permissions.READ, ctx);
log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScopes(), result);
return result;
};
Function<String, CompletableFuture<Controller.ExistsResponse>> scopeFn = delegationToken -> controllerService.getScope(scope, requestTag.getRequestId()).handle((response, e) -> {
boolean exists;
if (e != null) {
if (Exceptions.unwrap(e) instanceof StoreException.DataNotFoundException) {
exists = false;
} else {
throw new CompletionException(e);
}
} else {
exists = true;
}
return Controller.ExistsResponse.newBuilder().setExists(exists).build();
});
authenticateExecuteAndProcessResults(stringSupplier, scopeFn, responseObserver, requestTag);
}
use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.
the class ControllerServiceImpl method listStreamsInScopeForTag.
@Override
public void listStreamsInScopeForTag(Controller.StreamsInScopeWithTagRequest request, StreamObserver<Controller.StreamsInScopeResponse> responseObserver) {
String scopeName = request.getScope().getScope();
String tag = request.getTag();
RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), LIST_STREAMS_IN_SCOPE_FOR_TAG, scopeName);
log.info(requestTag.getRequestId(), "{} called for scope {} and tags {}", LIST_STREAMS_IN_SCOPE_FOR_TAG, scopeName, tag);
final AuthContext ctx = this.grpcAuthHelper.isAuthEnabled() ? AuthContext.current() : null;
Function<String, CompletableFuture<Controller.StreamsInScopeResponse>> streamsFn = delegationToken -> listWithFilter(request.getContinuationToken().getToken(), pageLimit, (x, y) -> controllerService.listStreamsForTag(scopeName, tag, x, requestTag.getRequestId()), x -> grpcAuthHelper.isAuthorized(authorizationResource.ofStreamInScope(scopeName, x), AuthHandler.Permissions.READ, ctx), x -> StreamInfo.newBuilder().setScope(scopeName).setStream(x).build(), requestTag.getRequestId()).handle((response, ex) -> {
if (ex != null) {
if (Exceptions.unwrap(ex) instanceof StoreException.DataNotFoundException) {
return Controller.StreamsInScopeResponse.newBuilder().setStatus(Controller.StreamsInScopeResponse.Status.SCOPE_NOT_FOUND).build();
} else {
throw new CompletionException(ex);
}
} else {
return Controller.StreamsInScopeResponse.newBuilder().addAllStreams(response.getKey()).setContinuationToken(Controller.ContinuationToken.newBuilder().setToken(response.getValue()).build()).setStatus(Controller.StreamsInScopeResponse.Status.SUCCESS).build();
}
});
authenticateExecuteAndProcessResults(() -> {
String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofScope(scopeName), AuthHandler.Permissions.READ, ctx);
log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScope(scopeName), result);
return result;
}, streamsFn, responseObserver, requestTag);
}
use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.
the class ControllerServiceImpl method listScopes.
@Override
public void listScopes(Controller.ScopesRequest request, StreamObserver<Controller.ScopesResponse> responseObserver) {
RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), LIST_SCOPES);
log.info(requestTag.getRequestId(), "listScope called.");
final AuthContext ctx;
if (this.grpcAuthHelper.isAuthEnabled()) {
ctx = AuthContext.current();
} else {
ctx = null;
}
Supplier<String> stringSupplier = () -> {
String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofScopes(), AuthHandler.Permissions.READ, ctx);
log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScopes(), result);
return result;
};
Function<String, CompletableFuture<Controller.ScopesResponse>> scopesFn = delegationToken -> listWithFilter(request.getContinuationToken().getToken(), pageLimit, (x, y) -> controllerService.listScopes(x, y, requestTag.getRequestId()), x -> grpcAuthHelper.isAuthorized(authorizationResource.ofScope(x), AuthHandler.Permissions.READ, ctx), x -> x, requestTag.getRequestId()).thenApply(response -> Controller.ScopesResponse.newBuilder().addAllScopes(response.getKey()).setContinuationToken(Controller.ContinuationToken.newBuilder().setToken(response.getValue()).build()).build());
authenticateExecuteAndProcessResults(stringSupplier, scopesFn, responseObserver, requestTag);
}
use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.
the class ControllerServiceImpl method listKeyValueTablesInScope.
@Override
public void listKeyValueTablesInScope(Controller.KVTablesInScopeRequest request, StreamObserver<Controller.KVTablesInScopeResponse> responseObserver) {
String scopeName = request.getScope().getScope();
RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), LIST_KEY_VALUE_TABLES, scopeName);
log.info(requestTag.getRequestId(), "listKeyValueTables called for scope {}.", scopeName);
final AuthContext ctx = this.grpcAuthHelper.isAuthEnabled() ? AuthContext.current() : null;
Function<String, CompletableFuture<Controller.KVTablesInScopeResponse>> streamsFn = delegationToken -> listWithFilter(request.getContinuationToken().getToken(), pageLimit, (x, y) -> controllerService.listKeyValueTables(scopeName, x, y, requestTag.getRequestId()), x -> grpcAuthHelper.isAuthorized(authorizationResource.ofKeyValueTableInScope(scopeName, x), AuthHandler.Permissions.READ, ctx), x -> KeyValueTableInfo.newBuilder().setScope(scopeName).setKvtName(x).build(), requestTag.getRequestId()).handle((response, ex) -> {
if (ex != null) {
if (Exceptions.unwrap(ex) instanceof StoreException.DataNotFoundException) {
return Controller.KVTablesInScopeResponse.newBuilder().setStatus(Controller.KVTablesInScopeResponse.Status.SCOPE_NOT_FOUND).build();
} else {
throw new CompletionException(ex);
}
} else {
return Controller.KVTablesInScopeResponse.newBuilder().addAllKvtables(response.getKey()).setContinuationToken(Controller.ContinuationToken.newBuilder().setToken(response.getValue()).build()).setStatus(Controller.KVTablesInScopeResponse.Status.SUCCESS).build();
}
});
authenticateExecuteAndProcessResults(() -> {
String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofScope(scopeName), AuthHandler.Permissions.READ, ctx);
log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScope(scopeName), result);
return result;
}, streamsFn, responseObserver, requestTag);
}
use of io.pravega.controller.server.security.auth.handler.AuthContext in project pravega by pravega.
the class ControllerServiceImpl method checkStreamExists.
@Override
public void checkStreamExists(StreamInfo request, StreamObserver<Controller.ExistsResponse> responseObserver) {
RequestTag requestTag = requestTracker.initializeAndTrackRequestTag(controllerService.nextRequestId(), CHECK_STREAM_EXISTS);
String scope = request.getScope();
String stream = request.getStream();
log.info(requestTag.getRequestId(), "checkStream exists called for {}/{}.", scope, stream);
final AuthContext ctx;
if (this.grpcAuthHelper.isAuthEnabled()) {
ctx = AuthContext.current();
} else {
ctx = null;
}
Supplier<String> stringSupplier = () -> {
String result = this.grpcAuthHelper.checkAuthorization(authorizationResource.ofStreamInScope(scope, stream), AuthHandler.Permissions.READ, ctx);
log.debug("Result of authorization for [{}] and READ permission is: [{}]", authorizationResource.ofScopes(), result);
return result;
};
Function<String, CompletableFuture<Controller.ExistsResponse>> streamFn = delegationToken -> controllerService.getStream(scope, stream, requestTag.getRequestId()).handle((response, e) -> {
boolean exists;
if (e != null) {
if (Exceptions.unwrap(e) instanceof StoreException.DataNotFoundException) {
exists = false;
} else {
throw new CompletionException(e);
}
} else {
exists = true;
}
return Controller.ExistsResponse.newBuilder().setExists(exists).build();
});
authenticateExecuteAndProcessResults(stringSupplier, streamFn, responseObserver, requestTag);
}
Aggregations