Search in sources :

Example 1 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method createUserOnce.

private boolean createUserOnce(String prefix, String userName) {
    byte[] oldValue = getCurrentUserMapBytes(prefix);
    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldValue);
    if (userMap.get(userName) != null) {
        throw new BasicSecurityDBResourceException("User [%s] already exists.", userName);
    } else {
        userMap.put(userName, new BasicAuthorizerUser(userName, null));
    }
    byte[] newValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
    return tryUpdateUserMap(prefix, userMap, oldValue, newValue);
}
Also used : BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)

Example 2 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method unassignUserRoleOnce.

private boolean unassignUserRoleOnce(String prefix, String userName, String roleName) {
    byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
    Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
    if (roleMap.get(roleName) == null) {
        throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
    }
    byte[] oldUserMapValue = getCurrentUserMapBytes(prefix);
    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldUserMapValue);
    BasicAuthorizerUser user = userMap.get(userName);
    if (userMap.get(userName) == null) {
        throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
    }
    if (!user.getRoles().contains(roleName)) {
        throw new BasicSecurityDBResourceException("User [%s] does not have role [%s].", userName, roleName);
    }
    user.getRoles().remove(roleName);
    byte[] newUserMapValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
    // Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
    return tryUpdateUserAndRoleMap(prefix, userMap, oldUserMapValue, newUserMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used : BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)

Example 3 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method assignUserRoleOnce.

private boolean assignUserRoleOnce(String prefix, String userName, String roleName) {
    byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
    Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
    if (roleMap.get(roleName) == null) {
        throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
    }
    byte[] oldUserMapValue = getCurrentUserMapBytes(prefix);
    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldUserMapValue);
    BasicAuthorizerUser user = userMap.get(userName);
    if (userMap.get(userName) == null) {
        throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
    }
    if (user.getRoles().contains(roleName)) {
        throw new BasicSecurityDBResourceException("User [%s] already has role [%s].", userName, roleName);
    }
    user.getRoles().add(roleName);
    byte[] newUserMapValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
    // Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
    return tryUpdateUserAndRoleMap(prefix, userMap, oldUserMapValue, newUserMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used : BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)

Example 4 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class CoordinatorBasicAuthorizerResourceHandler method getUserFull.

private Response getUserFull(String authorizerName, String userName, boolean simplifyPermissions) {
    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
    try {
        BasicAuthorizerUser user = userMap.get(userName);
        if (user == null) {
            throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
        }
        Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
        if (simplifyPermissions) {
            Set<BasicAuthorizerRoleSimplifiedPermissions> roles = getRolesForUserWithSimplifiedPermissions(user, roleMap);
            BasicAuthorizerUserFullSimplifiedPermissions fullUser = new BasicAuthorizerUserFullSimplifiedPermissions(userName, roles);
            return Response.ok(fullUser).build();
        } else {
            Set<BasicAuthorizerRole> roles = getRolesForUser(user, roleMap);
            BasicAuthorizerUserFull fullUser = new BasicAuthorizerUserFull(userName, roles);
            return Response.ok(fullUser).build();
        }
    } catch (BasicSecurityDBResourceException e) {
        return makeResponseForBasicSecurityDBResourceException(e);
    }
}
Also used : BasicAuthorizerUserFullSimplifiedPermissions(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFullSimplifiedPermissions) BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthorizerRoleSimplifiedPermissions(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) BasicAuthorizerUserFull(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFull) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)

Example 5 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class CoordinatorBasicAuthorizerResourceHandler method getAllUsers.

@Override
public Response getAllUsers(String authorizerName) {
    final BasicRoleBasedAuthorizer authorizer = authorizerMap.get(authorizerName);
    if (authorizer == null) {
        return makeResponseForAuthorizerNotFound(authorizerName);
    }
    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
    return Response.ok(userMap.keySet()).build();
}
Also used : BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)

Aggregations

BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)17 BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)12 Test (org.junit.Test)7 BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)6 BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)5 HashMap (java.util.HashMap)4 HashSet (java.util.HashSet)3 Response (javax.ws.rs.core.Response)3 Map (java.util.Map)2 IAE (org.apache.druid.java.util.common.IAE)2 BasicRoleBasedAuthorizer (org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)2 BasicAuthorizerRoleSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)2 JacksonInject (com.fasterxml.jackson.annotation.JacksonInject)1 JsonCreator (com.fasterxml.jackson.annotation.JsonCreator)1 JsonProperty (com.fasterxml.jackson.annotation.JsonProperty)1 JsonTypeName (com.fasterxml.jackson.annotation.JsonTypeName)1 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Arrays (java.util.Arrays)1 Locale (java.util.Locale)1 Optional (java.util.Optional)1