Example 1 with BasicAuthorizerRoleMapBundle
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method getCurrentUserAndRoleMapSerialized.
private byte[] getCurrentUserAndRoleMapSerialized(String prefix) throws IOException {
BasicAuthorizerUserMapBundle userMapBundle = cachedUserMaps.get(prefix);
BasicAuthorizerRoleMapBundle roleMapBundle = cachedRoleMaps.get(prefix);
UserAndRoleMap userAndRoleMap = new UserAndRoleMap(userMapBundle == null ? null : userMapBundle.getUserMap(), roleMapBundle == null ? null : roleMapBundle.getRoleMap());
return objectMapper.writeValueAsBytes(userAndRoleMap);
}
Also used :
UserAndRoleMap(org.apache.druid.security.basic.authorization.entity.UserAndRoleMap)
BasicAuthorizerUserMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle)
BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)
Example 2 with BasicAuthorizerRoleMapBundle
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method tryUpdateGroupMappingAndRoleMap.
private boolean tryUpdateGroupMappingAndRoleMap(String prefix, Map<String, BasicAuthorizerGroupMapping> groupMappingMap, byte[] oldGroupMappingMapValue, byte[] newGroupMappingMapValue, Map<String, BasicAuthorizerRole> roleMap, byte[] oldRoleMapValue, byte[] newRoleMapValue) {
try {
List<MetadataCASUpdate> updates = new ArrayList<>();
if (groupMappingMap != null && roleMap != null) {
updates.add(createMetadataCASUpdate(prefix, oldGroupMappingMapValue, newGroupMappingMapValue, GROUP_MAPPINGS));
updates.add(createMetadataCASUpdate(prefix, oldRoleMapValue, newRoleMapValue, ROLES));
}
boolean succeeded = connector.compareAndSwap(updates);
if (succeeded) {
cachedGroupMappingMaps.put(prefix, new BasicAuthorizerGroupMappingMapBundle(groupMappingMap, newGroupMappingMapValue));
cachedRoleMaps.put(prefix, new BasicAuthorizerRoleMapBundle(roleMap, newRoleMapValue));
byte[] serializedGroupMappingAndRoleMap = getCurrentGroupMappingAndRoleMapSerialized(prefix);
cacheNotifier.addUpdateGroupMapping(prefix, serializedGroupMappingAndRoleMap);
return true;
} else {
return false;
}
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
MetadataCASUpdate(org.apache.druid.metadata.MetadataCASUpdate)
ArrayList(java.util.ArrayList)
BasicAuthorizerGroupMappingMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingMapBundle)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
IOException(java.io.IOException)
BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)
Example 3 with BasicAuthorizerRoleMapBundle
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method tryUpdateRoleMap.
private boolean tryUpdateRoleMap(String prefix, Map<String, BasicAuthorizerRole> roleMap, byte[] oldRoleMapValue, byte[] newRoleMapValue) {
try {
List<MetadataCASUpdate> updates = new ArrayList<>();
if (roleMap != null) {
updates.add(createMetadataCASUpdate(prefix, oldRoleMapValue, newRoleMapValue, ROLES));
boolean succeeded = connector.compareAndSwap(updates);
if (succeeded) {
cachedRoleMaps.put(prefix, new BasicAuthorizerRoleMapBundle(roleMap, newRoleMapValue));
byte[] serializedUserAndRoleMap = getCurrentUserAndRoleMapSerialized(prefix);
cacheNotifier.addUpdateUser(prefix, serializedUserAndRoleMap);
byte[] serializedGroupMappingAndRoleMap = getCurrentGroupMappingAndRoleMapSerialized(prefix);
cacheNotifier.addUpdateGroupMapping(prefix, serializedGroupMappingAndRoleMap);
return true;
} else {
return false;
}
}
return false;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
MetadataCASUpdate(org.apache.druid.metadata.MetadataCASUpdate)
ArrayList(java.util.ArrayList)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
IOException(java.io.IOException)
BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)
Example 4 with BasicAuthorizerRoleMapBundle
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method tryUpdateUserAndRoleMap.
private boolean tryUpdateUserAndRoleMap(String prefix, Map<String, BasicAuthorizerUser> userMap, byte[] oldUserMapValue, byte[] newUserMapValue, Map<String, BasicAuthorizerRole> roleMap, byte[] oldRoleMapValue, byte[] newRoleMapValue) {
try {
List<MetadataCASUpdate> updates = new ArrayList<>();
if (userMap != null && roleMap != null) {
updates.add(createMetadataCASUpdate(prefix, oldUserMapValue, newUserMapValue, USERS));
updates.add(createMetadataCASUpdate(prefix, oldRoleMapValue, newRoleMapValue, ROLES));
boolean succeeded = connector.compareAndSwap(updates);
if (succeeded) {
cachedUserMaps.put(prefix, new BasicAuthorizerUserMapBundle(userMap, newUserMapValue));
cachedRoleMaps.put(prefix, new BasicAuthorizerRoleMapBundle(roleMap, newRoleMapValue));
byte[] serializedUserAndRoleMap = getCurrentUserAndRoleMapSerialized(prefix);
cacheNotifier.addUpdateUser(prefix, serializedUserAndRoleMap);
return true;
} else {
return false;
}
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return false;
}
Also used :
MetadataCASUpdate(org.apache.druid.metadata.MetadataCASUpdate)
BasicAuthorizerUserMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle)
ArrayList(java.util.ArrayList)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
IOException(java.io.IOException)
BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)
Example 5 with BasicAuthorizerRoleMapBundle
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method start.
@LifecycleStart
public void start() {
if (!lifecycleLock.canStart()) {
throw new ISE("can't start.");
}
if (authorizerMapper == null || authorizerMapper.getAuthorizerMap() == null) {
return;
}
try {
LOG.info("Starting CoordinatorBasicAuthorizerMetadataStorageUpdater");
BasicAuthUtils.maybeInitialize(() -> {
for (Map.Entry<String, Authorizer> entry : authorizerMapper.getAuthorizerMap().entrySet()) {
Authorizer authorizer = entry.getValue();
if (authorizer instanceof BasicRoleBasedAuthorizer) {
BasicRoleBasedAuthorizer basicRoleBasedAuthorizer = (BasicRoleBasedAuthorizer) authorizer;
BasicAuthDBConfig dbConfig = basicRoleBasedAuthorizer.getDbConfig();
String authorizerName = entry.getKey();
authorizerNames.add(authorizerName);
byte[] userMapBytes = getCurrentUserMapBytes(authorizerName);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, userMapBytes);
cachedUserMaps.put(authorizerName, new BasicAuthorizerUserMapBundle(userMap, userMapBytes));
byte[] groupMappingMapBytes = getCurrentGroupMappingMapBytes(authorizerName);
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, groupMappingMapBytes);
cachedGroupMappingMaps.put(authorizerName, new BasicAuthorizerGroupMappingMapBundle(groupMappingMap, groupMappingMapBytes));
byte[] roleMapBytes = getCurrentRoleMapBytes(authorizerName);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, roleMapBytes);
cachedRoleMaps.put(authorizerName, new BasicAuthorizerRoleMapBundle(roleMap, roleMapBytes));
initSuperUsersAndGroupMapping(authorizerName, userMap, roleMap, groupMappingMap, dbConfig.getInitialAdminUser(), dbConfig.getInitialAdminRole(), dbConfig.getInitialAdminGroupMapping());
}
}
return true;
});
ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
if (stopped) {
return ScheduledExecutors.Signal.STOP;
}
try {
LOG.debug("Scheduled db poll is running");
for (String authorizerName : authorizerNames) {
byte[] userMapBytes = getCurrentUserMapBytes(authorizerName);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, userMapBytes);
if (userMapBytes != null) {
synchronized (cachedUserMaps) {
cachedUserMaps.put(authorizerName, new BasicAuthorizerUserMapBundle(userMap, userMapBytes));
}
}
byte[] groupMappingMapBytes = getCurrentGroupMappingMapBytes(authorizerName);
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, groupMappingMapBytes);
if (groupMappingMapBytes != null) {
synchronized (cachedGroupMappingMaps) {
cachedGroupMappingMaps.put(authorizerName, new BasicAuthorizerGroupMappingMapBundle(groupMappingMap, groupMappingMapBytes));
}
}
byte[] roleMapBytes = getCurrentRoleMapBytes(authorizerName);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, roleMapBytes);
if (roleMapBytes != null) {
synchronized (cachedRoleMaps) {
cachedRoleMaps.put(authorizerName, new BasicAuthorizerRoleMapBundle(roleMap, roleMapBytes));
}
}
}
LOG.debug("Scheduled db poll is done");
} catch (Throwable t) {
LOG.makeAlert(t, "Error occured while polling for cachedUserMaps, cachedGroupMappingMaps, cachedRoleMaps.").emit();
}
return ScheduledExecutors.Signal.REPEAT;
});
lifecycleLock.started();
} finally {
lifecycleLock.exitStart();
}
}
Also used :
Duration(org.joda.time.Duration)
BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicAuthorizerUserMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle)
BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)
Authorizer(org.apache.druid.server.security.Authorizer)
BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)
BasicAuthorizerGroupMappingMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingMapBundle)
ISE(org.apache.druid.java.util.common.ISE)
BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
UserAndRoleMap(org.apache.druid.security.basic.authorization.entity.UserAndRoleMap)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
GroupMappingAndRoleMap(org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap)
BasicAuthDBConfig(org.apache.druid.security.basic.BasicAuthDBConfig)
LifecycleStart(org.apache.druid.java.util.common.lifecycle.LifecycleStart)
Aggregations
BasicAuthorizerRoleMapBundle (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)6
IOException (java.io.IOException)3
ArrayList (java.util.ArrayList)3
MetadataCASUpdate (org.apache.druid.metadata.MetadataCASUpdate)3
BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)3
BasicAuthorizerGroupMappingMapBundle (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingMapBundle)3
BasicAuthorizerUserMapBundle (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle)3
GroupMappingAndRoleMap (org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap)2
UserAndRoleMap (org.apache.druid.security.basic.authorization.entity.UserAndRoleMap)2
Map (java.util.Map)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
ISE (org.apache.druid.java.util.common.ISE)1
LifecycleStart (org.apache.druid.java.util.common.lifecycle.LifecycleStart)1
BasicAuthDBConfig (org.apache.druid.security.basic.BasicAuthDBConfig)1
BasicRoleBasedAuthorizer (org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)1
BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)1
BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)1
BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)1
Authorizer (org.apache.druid.server.security.Authorizer)1
Duration (org.joda.time.Duration)1
