use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getUserFull.
private Response getUserFull(String authorizerName, String userName, boolean simplifyPermissions) {
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
try {
BasicAuthorizerUser user = userMap.get(userName);
if (user == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
}
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
if (simplifyPermissions) {
Set<BasicAuthorizerRoleSimplifiedPermissions> roles = getRolesForUserWithSimplifiedPermissions(user, roleMap);
BasicAuthorizerUserFullSimplifiedPermissions fullUser = new BasicAuthorizerUserFullSimplifiedPermissions(userName, roles);
return Response.ok(fullUser).build();
} else {
Set<BasicAuthorizerRole> roles = getRolesForUser(user, roleMap);
BasicAuthorizerUserFull fullUser = new BasicAuthorizerUserFull(userName, roles);
return Response.ok(fullUser).build();
}
} catch (BasicSecurityDBResourceException e) {
return makeResponseForBasicSecurityDBResourceException(e);
}
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getRolesForUserWithSimplifiedPermissions.
private Set<BasicAuthorizerRoleSimplifiedPermissions> getRolesForUserWithSimplifiedPermissions(BasicAuthorizerUser user, Map<String, BasicAuthorizerRole> roleMap) {
Set<BasicAuthorizerRoleSimplifiedPermissions> roles = new HashSet<>();
for (String roleName : user.getRoles()) {
BasicAuthorizerRole role = roleMap.get(roleName);
if (role == null) {
log.error("User [%s] had role [%s], but role object was not found.", user.getName(), roleName);
} else {
BasicAuthorizerRoleSimplifiedPermissions roleWithSimplifiedPermissions = new BasicAuthorizerRoleSimplifiedPermissions(role.getName(), null, BasicAuthorizerRoleSimplifiedPermissions.convertPermissions(role.getPermissions()));
roles.add(roleWithSimplifiedPermissions);
}
}
return roles;
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceTest method testUsersGroupMappingsRolesAndPerms.
@Test
public void testUsersGroupMappingsRolesAndPerms() {
Response response = resource.createUser(req, AUTHORIZER_NAME, "druid");
Assert.assertEquals(200, response.getStatus());
response = resource.createUser(req, AUTHORIZER_NAME, "druid2");
Assert.assertEquals(200, response.getStatus());
response = resource.createGroupMapping(req, AUTHORIZER_NAME, "druidGroupMapping", new BasicAuthorizerGroupMapping("druidGroupMapping", "", new HashSet<>()));
Assert.assertEquals(200, response.getStatus());
response = resource.createGroupMapping(req, AUTHORIZER_NAME, "druid2GroupMapping", new BasicAuthorizerGroupMapping("druid2GroupMapping", "", new HashSet<>()));
Assert.assertEquals(200, response.getStatus());
response = resource.createRole(req, AUTHORIZER_NAME, "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.createRole(req, AUTHORIZER_NAME, "druidRole2");
Assert.assertEquals(200, response.getStatus());
List<ResourceAction> perms = ImmutableList.of(new ResourceAction(new Resource("A", ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource("B", ResourceType.DATASOURCE), Action.WRITE), new ResourceAction(new Resource("C", ResourceType.CONFIG), Action.WRITE));
List<ResourceAction> perms2 = ImmutableList.of(new ResourceAction(new Resource("D", ResourceType.STATE), Action.READ), new ResourceAction(new Resource("E", ResourceType.DATASOURCE), Action.WRITE), new ResourceAction(new Resource("F", ResourceType.CONFIG), Action.WRITE));
response = resource.setRolePermissions(req, AUTHORIZER_NAME, "druidRole", perms);
Assert.assertEquals(200, response.getStatus());
response = resource.setRolePermissions(req, AUTHORIZER_NAME, "druidRole2", perms2);
Assert.assertEquals(200, response.getStatus());
response = resource.assignRoleToUser(req, AUTHORIZER_NAME, "druid", "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.assignRoleToUser(req, AUTHORIZER_NAME, "druid", "druidRole2");
Assert.assertEquals(200, response.getStatus());
response = resource.assignRoleToUser(req, AUTHORIZER_NAME, "druid2", "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.assignRoleToUser(req, AUTHORIZER_NAME, "druid2", "druidRole2");
Assert.assertEquals(200, response.getStatus());
response = resource.assignRoleToGroupMapping(req, AUTHORIZER_NAME, "druidGroupMapping", "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.assignRoleToGroupMapping(req, AUTHORIZER_NAME, "druidGroupMapping", "druidRole2");
Assert.assertEquals(200, response.getStatus());
response = resource.assignRoleToGroupMapping(req, AUTHORIZER_NAME, "druid2GroupMapping", "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.assignRoleToGroupMapping(req, AUTHORIZER_NAME, "druid2GroupMapping", "druidRole2");
Assert.assertEquals(200, response.getStatus());
BasicAuthorizerRole expectedRole = new BasicAuthorizerRole("druidRole", BasicAuthorizerPermission.makePermissionList(perms));
BasicAuthorizerRole expectedRole2 = new BasicAuthorizerRole("druidRole2", BasicAuthorizerPermission.makePermissionList(perms2));
Set<BasicAuthorizerRole> expectedRoles = Sets.newHashSet(expectedRole, expectedRole2);
BasicAuthorizerUserFull expectedUserFull = new BasicAuthorizerUserFull("druid", expectedRoles);
response = resource.getUser(req, AUTHORIZER_NAME, "druid", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFull, response.getEntity());
BasicAuthorizerUserFullSimplifiedPermissions expectedUserFullSimplifiedPermissions = new BasicAuthorizerUserFullSimplifiedPermissions("druid", BasicAuthorizerRoleSimplifiedPermissions.convertRoles(expectedRoles));
response = resource.getUser(req, AUTHORIZER_NAME, "druid", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFullSimplifiedPermissions, response.getEntity());
BasicAuthorizerUserFull expectedUserFull2 = new BasicAuthorizerUserFull("druid2", expectedRoles);
response = resource.getUser(req, AUTHORIZER_NAME, "druid2", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFull2, response.getEntity());
BasicAuthorizerUserFullSimplifiedPermissions expectedUserFullSimplifiedPermissions2 = new BasicAuthorizerUserFullSimplifiedPermissions("druid2", BasicAuthorizerRoleSimplifiedPermissions.convertRoles(expectedRoles));
response = resource.getUser(req, AUTHORIZER_NAME, "druid2", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFullSimplifiedPermissions2, response.getEntity());
BasicAuthorizerGroupMappingFull expectedGroupMappingFull = new BasicAuthorizerGroupMappingFull("druidGroupMapping", "", expectedRoles);
response = resource.getGroupMapping(req, AUTHORIZER_NAME, "druidGroupMapping", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedGroupMappingFull, response.getEntity());
BasicAuthorizerGroupMappingFull expectedGroupMappingFull2 = new BasicAuthorizerGroupMappingFull("druid2GroupMapping", "", expectedRoles);
response = resource.getGroupMapping(req, AUTHORIZER_NAME, "druid2GroupMapping", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedGroupMappingFull2, response.getEntity());
Set<String> expectedUserSet = Sets.newHashSet("druid", "druid2");
Set<String> expectedGroupMappingSet = Sets.newHashSet("druidGroupMapping", "druid2GroupMapping");
BasicAuthorizerRoleFull expectedRoleFull = new BasicAuthorizerRoleFull("druidRole", expectedUserSet, expectedGroupMappingSet, BasicAuthorizerPermission.makePermissionList(perms));
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleFull, response.getEntity());
BasicAuthorizerRoleSimplifiedPermissions expectedRoleSimplifiedPerms = new BasicAuthorizerRoleSimplifiedPermissions("druidRole", expectedUserSet, perms);
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleSimplifiedPerms, response.getEntity());
expectedRoleSimplifiedPerms = new BasicAuthorizerRoleSimplifiedPermissions("druidRole", null, perms);
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole", null, "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleSimplifiedPerms, response.getEntity());
BasicAuthorizerRoleFull expectedRoleFull2 = new BasicAuthorizerRoleFull("druidRole2", expectedUserSet, expectedGroupMappingSet, BasicAuthorizerPermission.makePermissionList(perms2));
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole2", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleFull2, response.getEntity());
BasicAuthorizerRoleSimplifiedPermissions expectedRoleSimplifiedPerms2 = new BasicAuthorizerRoleSimplifiedPermissions("druidRole2", expectedUserSet, perms2);
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole2", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleSimplifiedPerms2, response.getEntity());
expectedRoleSimplifiedPerms2 = new BasicAuthorizerRoleSimplifiedPermissions("druidRole2", null, perms2);
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole2", null, "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleSimplifiedPerms2, response.getEntity());
perms = ImmutableList.of(new ResourceAction(new Resource("A", ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource("C", ResourceType.CONFIG), Action.WRITE));
perms2 = ImmutableList.of(new ResourceAction(new Resource("E", ResourceType.DATASOURCE), Action.WRITE));
response = resource.setRolePermissions(req, AUTHORIZER_NAME, "druidRole", perms);
Assert.assertEquals(200, response.getStatus());
response = resource.setRolePermissions(req, AUTHORIZER_NAME, "druidRole2", perms2);
Assert.assertEquals(200, response.getStatus());
expectedRole = new BasicAuthorizerRole("druidRole", BasicAuthorizerPermission.makePermissionList(perms));
expectedRole2 = new BasicAuthorizerRole("druidRole2", BasicAuthorizerPermission.makePermissionList(perms2));
expectedRoles = Sets.newHashSet(expectedRole, expectedRole2);
expectedUserFull = new BasicAuthorizerUserFull("druid", expectedRoles);
expectedUserFull2 = new BasicAuthorizerUserFull("druid2", expectedRoles);
expectedUserFullSimplifiedPermissions = new BasicAuthorizerUserFullSimplifiedPermissions("druid", BasicAuthorizerRoleSimplifiedPermissions.convertRoles(expectedRoles));
expectedUserFullSimplifiedPermissions2 = new BasicAuthorizerUserFullSimplifiedPermissions("druid2", BasicAuthorizerRoleSimplifiedPermissions.convertRoles(expectedRoles));
response = resource.getUser(req, AUTHORIZER_NAME, "druid", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFull, response.getEntity());
response = resource.getUser(req, AUTHORIZER_NAME, "druid", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFullSimplifiedPermissions, response.getEntity());
response = resource.getUser(req, AUTHORIZER_NAME, "druid2", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFull2, response.getEntity());
response = resource.getUser(req, AUTHORIZER_NAME, "druid2", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFullSimplifiedPermissions2, response.getEntity());
response = resource.unassignRoleFromUser(req, AUTHORIZER_NAME, "druid", "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.unassignRoleFromUser(req, AUTHORIZER_NAME, "druid2", "druidRole2");
Assert.assertEquals(200, response.getStatus());
response = resource.unassignRoleFromGroupMapping(req, AUTHORIZER_NAME, "druidGroupMapping", "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.unassignRoleFromGroupMapping(req, AUTHORIZER_NAME, "druid2GroupMapping", "druidRole2");
Assert.assertEquals(200, response.getStatus());
expectedUserFull = new BasicAuthorizerUserFull("druid", Sets.newHashSet(expectedRole2));
expectedUserFull2 = new BasicAuthorizerUserFull("druid2", Sets.newHashSet(expectedRole));
expectedRoleFull = new BasicAuthorizerRoleFull("druidRole", Sets.newHashSet("druid2"), Sets.newHashSet("druid2GroupMapping"), BasicAuthorizerPermission.makePermissionList(perms));
expectedRoleFull2 = new BasicAuthorizerRoleFull("druidRole2", Sets.newHashSet("druid"), Sets.newHashSet("druidGroupMapping"), BasicAuthorizerPermission.makePermissionList(perms2));
expectedUserFullSimplifiedPermissions = new BasicAuthorizerUserFullSimplifiedPermissions("druid", BasicAuthorizerRoleSimplifiedPermissions.convertRoles(expectedUserFull.getRoles()));
expectedUserFullSimplifiedPermissions2 = new BasicAuthorizerUserFullSimplifiedPermissions("druid2", BasicAuthorizerRoleSimplifiedPermissions.convertRoles(expectedUserFull2.getRoles()));
expectedRoleSimplifiedPerms = new BasicAuthorizerRoleSimplifiedPermissions(expectedRoleFull);
expectedRoleSimplifiedPerms2 = new BasicAuthorizerRoleSimplifiedPermissions(expectedRoleFull2);
response = resource.getUser(req, AUTHORIZER_NAME, "druid", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFull, response.getEntity());
response = resource.getUser(req, AUTHORIZER_NAME, "druid", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFullSimplifiedPermissions, response.getEntity());
response = resource.getUser(req, AUTHORIZER_NAME, "druid2", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFull2, response.getEntity());
response = resource.getUser(req, AUTHORIZER_NAME, "druid2", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedUserFullSimplifiedPermissions2, response.getEntity());
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleFull, response.getEntity());
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleSimplifiedPerms, response.getEntity());
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole2", "", null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleFull2, response.getEntity());
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole2", "", "");
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRoleSimplifiedPerms2, response.getEntity());
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getRoleFull.
private Response getRoleFull(String authorizerName, String roleName, boolean simplifyPermissions) {
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
try {
BasicAuthorizerRole role = roleMap.get(roleName);
if (role == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, storageUpdater.getCurrentGroupMappingMapBytes(authorizerName));
Set<String> users = new HashSet<>();
for (BasicAuthorizerUser user : userMap.values()) {
if (user.getRoles().contains(roleName)) {
users.add(user.getName());
}
}
Set<String> groupMappings = new HashSet<>();
for (BasicAuthorizerGroupMapping group : groupMappingMap.values()) {
if (group.getRoles().contains(roleName)) {
groupMappings.add(group.getName());
}
}
if (simplifyPermissions) {
return Response.ok(new BasicAuthorizerRoleSimplifiedPermissions(role, users)).build();
} else {
BasicAuthorizerRoleFull roleFull = new BasicAuthorizerRoleFull(roleName, users, groupMappings, role.getPermissions());
return Response.ok(roleFull).build();
}
} catch (BasicSecurityDBResourceException e) {
return makeResponseForBasicSecurityDBResourceException(e);
}
}
Aggregations