Search in sources :

Example 6 with BasicSecurityDBResourceException

use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method createUserOnce.

private boolean createUserOnce(String prefix, String userName) {
    byte[] oldValue = getCurrentUserMapBytes(prefix);
    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldValue);
    if (userMap.get(userName) != null) {
        throw new BasicSecurityDBResourceException("User [%s] already exists.", userName);
    } else {
        userMap.put(userName, new BasicAuthorizerUser(userName, null));
    }
    byte[] newValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
    return tryUpdateUserMap(prefix, userMap, oldValue, newValue);
}
Also used : BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)

Example 7 with BasicSecurityDBResourceException

use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method createRoleOnce.

private boolean createRoleOnce(String prefix, String roleName) {
    byte[] oldValue = getCurrentRoleMapBytes(prefix);
    Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldValue);
    if (roleMap.get(roleName) != null) {
        throw new BasicSecurityDBResourceException("Role [%s] already exists.", roleName);
    } else {
        roleMap.put(roleName, new BasicAuthorizerRole(roleName, null));
    }
    byte[] newValue = BasicAuthUtils.serializeAuthorizerRoleMap(objectMapper, roleMap);
    return tryUpdateRoleMap(prefix, roleMap, oldValue, newValue);
}
Also used : BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)

Example 8 with BasicSecurityDBResourceException

use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method unassignUserRoleOnce.

private boolean unassignUserRoleOnce(String prefix, String userName, String roleName) {
    byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
    Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
    if (roleMap.get(roleName) == null) {
        throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
    }
    byte[] oldUserMapValue = getCurrentUserMapBytes(prefix);
    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldUserMapValue);
    BasicAuthorizerUser user = userMap.get(userName);
    if (userMap.get(userName) == null) {
        throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
    }
    if (!user.getRoles().contains(roleName)) {
        throw new BasicSecurityDBResourceException("User [%s] does not have role [%s].", userName, roleName);
    }
    user.getRoles().remove(roleName);
    byte[] newUserMapValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
    // Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
    return tryUpdateUserAndRoleMap(prefix, userMap, oldUserMapValue, newUserMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used : BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)

Example 9 with BasicSecurityDBResourceException

use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method assignUserRoleOnce.

private boolean assignUserRoleOnce(String prefix, String userName, String roleName) {
    byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
    Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
    if (roleMap.get(roleName) == null) {
        throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
    }
    byte[] oldUserMapValue = getCurrentUserMapBytes(prefix);
    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldUserMapValue);
    BasicAuthorizerUser user = userMap.get(userName);
    if (userMap.get(userName) == null) {
        throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
    }
    if (user.getRoles().contains(roleName)) {
        throw new BasicSecurityDBResourceException("User [%s] already has role [%s].", userName, roleName);
    }
    user.getRoles().add(roleName);
    byte[] newUserMapValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
    // Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
    return tryUpdateUserAndRoleMap(prefix, userMap, oldUserMapValue, newUserMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used : BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)

Example 10 with BasicSecurityDBResourceException

use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method unassignGroupMappingRoleOnce.

private boolean unassignGroupMappingRoleOnce(String prefix, String groupMappingName, String roleName) {
    byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
    Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
    if (roleMap.get(roleName) == null) {
        throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
    }
    byte[] oldGroupMappingMapValue = getCurrentGroupMappingMapBytes(prefix);
    Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, oldGroupMappingMapValue);
    BasicAuthorizerGroupMapping groupMapping = groupMappingMap.get(groupMappingName);
    if (groupMappingMap.get(groupMappingName) == null) {
        throw new BasicSecurityDBResourceException("Group mapping [%s] does not exist.", groupMappingName);
    }
    if (!groupMapping.getRoles().contains(roleName)) {
        throw new BasicSecurityDBResourceException("Group mapping [%s] does not have role [%s].", groupMappingName, roleName);
    }
    groupMapping.getRoles().remove(roleName);
    byte[] newGroupMapValue = BasicAuthUtils.serializeAuthorizerGroupMappingMap(objectMapper, groupMappingMap);
    // Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
    return tryUpdateGroupMappingAndRoleMap(prefix, groupMappingMap, oldGroupMappingMapValue, newGroupMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used : BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping) BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)

Aggregations

BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)14 BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)10 BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)6 BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)5 BasicAuthenticatorUser (org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)3 HashSet (java.util.HashSet)2 BasicAuthorizerRoleSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)2 BasicHTTPAuthenticator (org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)1 BasicAuthorizerGroupMappingFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingFull)1 BasicAuthorizerRoleFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleFull)1 BasicAuthorizerUserFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFull)1 BasicAuthorizerUserFullSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFullSimplifiedPermissions)1