Example 1 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method assignGroupMappingRoleOnce.
private boolean assignGroupMappingRoleOnce(String prefix, String groupMappingName, String roleName) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
byte[] oldGroupMappingMapValue = getCurrentGroupMappingMapBytes(prefix);
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, oldGroupMappingMapValue);
BasicAuthorizerGroupMapping groupMapping = groupMappingMap.get(groupMappingName);
if (groupMappingMap.get(groupMappingName) == null) {
throw new BasicSecurityDBResourceException("Group mapping [%s] does not exist.", groupMappingName);
}
if (groupMapping.getRoles().contains(roleName)) {
throw new BasicSecurityDBResourceException("Group mapping [%s] already has role [%s].", groupMappingName, roleName);
}
groupMapping.getRoles().add(roleName);
byte[] newGroupMapValue = BasicAuthUtils.serializeAuthorizerGroupMappingMap(objectMapper, groupMappingMap);
// Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
return tryUpdateGroupMappingAndRoleMap(prefix, groupMappingMap, oldGroupMappingMapValue, newGroupMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used :
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 2 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method setPermissionsOnce.
private boolean setPermissionsOnce(String prefix, String roleName, List<ResourceAction> permissions) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
roleMap.put(roleName, new BasicAuthorizerRole(roleName, BasicAuthorizerPermission.makePermissionList(permissions)));
byte[] newRoleMapValue = BasicAuthUtils.serializeAuthorizerRoleMap(objectMapper, roleMap);
return tryUpdateRoleMap(prefix, roleMap, oldRoleMapValue, newRoleMapValue);
}
Also used :
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 3 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method createRoleOnce.
private boolean createRoleOnce(String prefix, String roleName) {
byte[] oldValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldValue);
if (roleMap.get(roleName) != null) {
throw new BasicSecurityDBResourceException("Role [%s] already exists.", roleName);
} else {
roleMap.put(roleName, new BasicAuthorizerRole(roleName, null));
}
byte[] newValue = BasicAuthUtils.serializeAuthorizerRoleMap(objectMapper, roleMap);
return tryUpdateRoleMap(prefix, roleMap, oldValue, newValue);
}
Also used :
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 4 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method unassignUserRoleOnce.
private boolean unassignUserRoleOnce(String prefix, String userName, String roleName) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
byte[] oldUserMapValue = getCurrentUserMapBytes(prefix);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldUserMapValue);
BasicAuthorizerUser user = userMap.get(userName);
if (userMap.get(userName) == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
}
if (!user.getRoles().contains(roleName)) {
throw new BasicSecurityDBResourceException("User [%s] does not have role [%s].", userName, roleName);
}
user.getRoles().remove(roleName);
byte[] newUserMapValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
// Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
return tryUpdateUserAndRoleMap(prefix, userMap, oldUserMapValue, newUserMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used :
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 5 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method assignUserRoleOnce.
private boolean assignUserRoleOnce(String prefix, String userName, String roleName) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
byte[] oldUserMapValue = getCurrentUserMapBytes(prefix);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldUserMapValue);
BasicAuthorizerUser user = userMap.get(userName);
if (userMap.get(userName) == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
}
if (user.getRoles().contains(roleName)) {
throw new BasicSecurityDBResourceException("User [%s] already has role [%s].", userName, roleName);
}
user.getRoles().add(roleName);
byte[] newUserMapValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
// Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
return tryUpdateUserAndRoleMap(prefix, userMap, oldUserMapValue, newUserMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used :
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Aggregations
BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)28
Test (org.junit.Test)13
BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)11
BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)11
BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)10
HashMap (java.util.HashMap)7
Response (javax.ws.rs.core.Response)7
HashSet (java.util.HashSet)5
BasicAuthorizerRoleSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)4
Resource (org.apache.druid.server.security.Resource)4
ResourceAction (org.apache.druid.server.security.ResourceAction)4
BasicAuthorizerUserFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFull)3
BasicRoleBasedAuthorizer (org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)2
BasicAuthorizerResource (org.apache.druid.security.basic.authorization.endpoint.BasicAuthorizerResource)2
BasicAuthorizerGroupMappingFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingFull)2
BasicAuthorizerRoleFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleFull)2
BasicAuthorizerUserFullSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFullSimplifiedPermissions)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
Map (java.util.Map)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
