Example 6 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method unassignGroupMappingRoleOnce.
private boolean unassignGroupMappingRoleOnce(String prefix, String groupMappingName, String roleName) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
byte[] oldGroupMappingMapValue = getCurrentGroupMappingMapBytes(prefix);
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, oldGroupMappingMapValue);
BasicAuthorizerGroupMapping groupMapping = groupMappingMap.get(groupMappingName);
if (groupMappingMap.get(groupMappingName) == null) {
throw new BasicSecurityDBResourceException("Group mapping [%s] does not exist.", groupMappingName);
}
if (!groupMapping.getRoles().contains(roleName)) {
throw new BasicSecurityDBResourceException("Group mapping [%s] does not have role [%s].", groupMappingName, roleName);
}
groupMapping.getRoles().remove(roleName);
byte[] newGroupMapValue = BasicAuthUtils.serializeAuthorizerGroupMappingMap(objectMapper, groupMappingMap);
// Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
return tryUpdateGroupMappingAndRoleMap(prefix, groupMappingMap, oldGroupMappingMapValue, newGroupMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used :
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 7 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getAllRoles.
@Override
public Response getAllRoles(String authorizerName) {
final BasicRoleBasedAuthorizer authorizer = authorizerMap.get(authorizerName);
if (authorizer == null) {
return makeResponseForAuthorizerNotFound(authorizerName);
}
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
return Response.ok(roleMap.keySet()).build();
}
Also used :
BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 8 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getGroupMappingFull.
private Response getGroupMappingFull(String authorizerName, String groupMappingName) {
Map<String, BasicAuthorizerGroupMapping> groupMappings = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, storageUpdater.getCurrentGroupMappingMapBytes(authorizerName));
try {
BasicAuthorizerGroupMapping groupMapping = groupMappings.get(groupMappingName);
if (groupMapping == null) {
throw new BasicSecurityDBResourceException("Group mapping [%s] does not exist.", groupMappingName);
}
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
Set<BasicAuthorizerRole> roles = new HashSet<>();
for (String roleName : groupMapping.getRoles()) {
BasicAuthorizerRole role = roleMap.get(roleName);
if (role == null) {
log.error("Group mapping [%s] had role [%s], but role was not found.", groupMappingName, roleName);
} else {
roles.add(role);
}
}
BasicAuthorizerGroupMappingFull fullGroup = new BasicAuthorizerGroupMappingFull(groupMapping.getName(), groupMapping.getGroupPattern(), roles);
return Response.ok(fullGroup).build();
} catch (BasicSecurityDBResourceException e) {
return makeResponseForBasicSecurityDBResourceException(e);
}
}
Also used :
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicAuthorizerGroupMappingFull(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingFull)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
HashSet(java.util.HashSet)
Example 9 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getUserFull.
private Response getUserFull(String authorizerName, String userName, boolean simplifyPermissions) {
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
try {
BasicAuthorizerUser user = userMap.get(userName);
if (user == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
}
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
if (simplifyPermissions) {
Set<BasicAuthorizerRoleSimplifiedPermissions> roles = getRolesForUserWithSimplifiedPermissions(user, roleMap);
BasicAuthorizerUserFullSimplifiedPermissions fullUser = new BasicAuthorizerUserFullSimplifiedPermissions(userName, roles);
return Response.ok(fullUser).build();
} else {
Set<BasicAuthorizerRole> roles = getRolesForUser(user, roleMap);
BasicAuthorizerUserFull fullUser = new BasicAuthorizerUserFull(userName, roles);
return Response.ok(fullUser).build();
}
} catch (BasicSecurityDBResourceException e) {
return makeResponseForBasicSecurityDBResourceException(e);
}
}
Also used :
BasicAuthorizerUserFullSimplifiedPermissions(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFullSimplifiedPermissions)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRoleSimplifiedPermissions(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)
BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)
BasicAuthorizerUserFull(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFull)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 10 with BasicAuthorizerRole
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getRolesForUserWithSimplifiedPermissions.
private Set<BasicAuthorizerRoleSimplifiedPermissions> getRolesForUserWithSimplifiedPermissions(BasicAuthorizerUser user, Map<String, BasicAuthorizerRole> roleMap) {
Set<BasicAuthorizerRoleSimplifiedPermissions> roles = new HashSet<>();
for (String roleName : user.getRoles()) {
BasicAuthorizerRole role = roleMap.get(roleName);
if (role == null) {
log.error("User [%s] had role [%s], but role object was not found.", user.getName(), roleName);
} else {
BasicAuthorizerRoleSimplifiedPermissions roleWithSimplifiedPermissions = new BasicAuthorizerRoleSimplifiedPermissions(role.getName(), null, BasicAuthorizerRoleSimplifiedPermissions.convertPermissions(role.getPermissions()));
roles.add(roleWithSimplifiedPermissions);
}
}
return roles;
}
Also used :
BasicAuthorizerRoleSimplifiedPermissions(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
HashSet(java.util.HashSet)
Aggregations
BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)28
Test (org.junit.Test)13
BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)11
BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)11
BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)10
HashMap (java.util.HashMap)7
Response (javax.ws.rs.core.Response)7
HashSet (java.util.HashSet)5
BasicAuthorizerRoleSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)4
Resource (org.apache.druid.server.security.Resource)4
ResourceAction (org.apache.druid.server.security.ResourceAction)4
BasicAuthorizerUserFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFull)3
BasicRoleBasedAuthorizer (org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)2
BasicAuthorizerResource (org.apache.druid.security.basic.authorization.endpoint.BasicAuthorizerResource)2
BasicAuthorizerGroupMappingFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingFull)2
BasicAuthorizerRoleFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleFull)2
BasicAuthorizerUserFullSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFullSimplifiedPermissions)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
Map (java.util.Map)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
