Search in sources :

Example 6 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class CoordinatorBasicAuthorizerResourceTest method testCreateDeleteUser.

@Test
public void testCreateDeleteUser() {
    Response response = resource.createUser(req, AUTHORIZER_NAME, "druid");
    Assert.assertEquals(200, response.getStatus());
    response = resource.getUser(req, AUTHORIZER_NAME, "druid", null, null);
    Assert.assertEquals(200, response.getStatus());
    BasicAuthorizerUser expectedUser = new BasicAuthorizerUser("druid", ImmutableSet.of());
    Assert.assertEquals(expectedUser, response.getEntity());
    response = resource.deleteUser(req, AUTHORIZER_NAME, "druid");
    Assert.assertEquals(200, response.getStatus());
    response = resource.deleteUser(req, AUTHORIZER_NAME, "druid");
    Assert.assertEquals(400, response.getStatus());
    Assert.assertEquals(errorMapWithMsg("User [druid] does not exist."), response.getEntity());
    response = resource.getUser(req, AUTHORIZER_NAME, "druid", null, null);
    Assert.assertEquals(400, response.getStatus());
    Assert.assertEquals(errorMapWithMsg("User [druid] does not exist."), response.getEntity());
}
Also used : Response(javax.ws.rs.core.Response) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) Test(org.junit.Test)

Example 7 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdaterTest method testSetRolePermissions.

// role and permission tests
@Test
public void testSetRolePermissions() {
    updater.createUser(AUTHORIZER_NAME, "druid");
    updater.createRole(AUTHORIZER_NAME, "druidRole");
    updater.assignUserRole(AUTHORIZER_NAME, "druid", "druidRole");
    List<ResourceAction> permsToAdd = ImmutableList.of(new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE));
    updater.setPermissions(AUTHORIZER_NAME, "druidRole", permsToAdd);
    Map<String, BasicAuthorizerUser> expectedUserMap = new HashMap<>(BASE_USER_MAP);
    expectedUserMap.put("druid", new BasicAuthorizerUser("druid", ImmutableSet.of("druidRole")));
    Map<String, BasicAuthorizerRole> expectedRoleMap = new HashMap<>(BASE_ROLE_MAP);
    expectedRoleMap.put("druidRole", new BasicAuthorizerRole("druidRole", BasicAuthorizerPermission.makePermissionList(permsToAdd)));
    Map<String, BasicAuthorizerUser> actualUserMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, updater.getCurrentUserMapBytes(AUTHORIZER_NAME));
    Map<String, BasicAuthorizerRole> actualRoleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, updater.getCurrentRoleMapBytes(AUTHORIZER_NAME));
    Assert.assertEquals(expectedUserMap, actualUserMap);
    Assert.assertEquals(expectedRoleMap, actualRoleMap);
    updater.setPermissions(AUTHORIZER_NAME, "druidRole", null);
    expectedRoleMap.put("druidRole", new BasicAuthorizerRole("druidRole", null));
    actualRoleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, updater.getCurrentRoleMapBytes(AUTHORIZER_NAME));
    Assert.assertEquals(expectedUserMap, actualUserMap);
    Assert.assertEquals(expectedRoleMap, actualRoleMap);
}
Also used : BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) HashMap(java.util.HashMap) Resource(org.apache.druid.server.security.Resource) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole) ResourceAction(org.apache.druid.server.security.ResourceAction) Test(org.junit.Test)

Example 8 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdaterTest method testUnassignInvalidRoleAssignmentToUserFails.

@Test
public void testUnassignInvalidRoleAssignmentToUserFails() {
    expectedException.expect(BasicSecurityDBResourceException.class);
    expectedException.expectMessage("User [druid] does not have role [druidRole].");
    updater.createUser(AUTHORIZER_NAME, "druid");
    updater.createRole(AUTHORIZER_NAME, "druidRole");
    Map<String, BasicAuthorizerUser> expectedUserMap = new HashMap<>(BASE_USER_MAP);
    expectedUserMap.put("druid", new BasicAuthorizerUser("druid", ImmutableSet.of()));
    Map<String, BasicAuthorizerRole> expectedRoleMap = new HashMap<>(BASE_ROLE_MAP);
    expectedRoleMap.put("druidRole", new BasicAuthorizerRole("druidRole", ImmutableList.of()));
    Map<String, BasicAuthorizerUser> actualUserMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, updater.getCurrentUserMapBytes(AUTHORIZER_NAME));
    Map<String, BasicAuthorizerRole> actualRoleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, updater.getCurrentRoleMapBytes(AUTHORIZER_NAME));
    Assert.assertEquals(expectedUserMap, actualUserMap);
    Assert.assertEquals(expectedRoleMap, actualRoleMap);
    updater.unassignUserRole(AUTHORIZER_NAME, "druid", "druidRole");
}
Also used : BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) HashMap(java.util.HashMap) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole) Test(org.junit.Test)

Example 9 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class MetadataStoreRoleProvider method getRoles.

@Override
public Set<String> getRoles(String authorizerPrefix, AuthenticationResult authenticationResult) {
    Set<String> roleNames = new HashSet<>();
    Map<String, BasicAuthorizerUser> userMap = cacheManager.getUserMap(authorizerPrefix);
    if (userMap == null) {
        throw new IAE("Could not load userMap for authorizer [%s]", authorizerPrefix);
    }
    BasicAuthorizerUser user = userMap.get(authenticationResult.getIdentity());
    if (user != null) {
        roleNames.addAll(user.getRoles());
    }
    return roleNames;
}
Also used : BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) IAE(org.apache.druid.java.util.common.IAE) HashSet(java.util.HashSet)

Example 10 with BasicAuthorizerUser

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.

the class CoordinatorBasicAuthorizerResourceTest method testUserRoleAssignment.

@Test
public void testUserRoleAssignment() {
    Response response = resource.createRole(req, AUTHORIZER_NAME, "druidRole");
    Assert.assertEquals(200, response.getStatus());
    response = resource.createUser(req, AUTHORIZER_NAME, "druid");
    Assert.assertEquals(200, response.getStatus());
    response = resource.assignRoleToUser(req, AUTHORIZER_NAME, "druid", "druidRole");
    Assert.assertEquals(200, response.getStatus());
    response = resource.getUser(req, AUTHORIZER_NAME, "druid", null, null);
    Assert.assertEquals(200, response.getStatus());
    BasicAuthorizerUser expectedUser = new BasicAuthorizerUser("druid", ImmutableSet.of("druidRole"));
    Assert.assertEquals(expectedUser, response.getEntity());
    response = resource.getRole(req, AUTHORIZER_NAME, "druidRole", null, null);
    Assert.assertEquals(200, response.getStatus());
    BasicAuthorizerRole expectedRole = new BasicAuthorizerRole("druidRole", ImmutableList.of());
    Assert.assertEquals(expectedRole, response.getEntity());
    response = resource.unassignRoleFromUser(req, AUTHORIZER_NAME, "druid", "druidRole");
    Assert.assertEquals(200, response.getStatus());
    response = resource.getUser(req, AUTHORIZER_NAME, "druid", null, null);
    Assert.assertEquals(200, response.getStatus());
    expectedUser = new BasicAuthorizerUser("druid", ImmutableSet.of());
    Assert.assertEquals(expectedUser, response.getEntity());
    response = resource.getRole(req, AUTHORIZER_NAME, "druidRole", null, null);
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(expectedRole, response.getEntity());
}
Also used : Response(javax.ws.rs.core.Response) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole) Test(org.junit.Test)

Aggregations

BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)17 BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)12 Test (org.junit.Test)7 BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)6 BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)5 HashMap (java.util.HashMap)4 HashSet (java.util.HashSet)3 Response (javax.ws.rs.core.Response)3 Map (java.util.Map)2 IAE (org.apache.druid.java.util.common.IAE)2 BasicRoleBasedAuthorizer (org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)2 BasicAuthorizerRoleSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)2 JacksonInject (com.fasterxml.jackson.annotation.JacksonInject)1 JsonCreator (com.fasterxml.jackson.annotation.JsonCreator)1 JsonProperty (com.fasterxml.jackson.annotation.JsonProperty)1 JsonTypeName (com.fasterxml.jackson.annotation.JsonTypeName)1 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Arrays (java.util.Arrays)1 Locale (java.util.Locale)1 Optional (java.util.Optional)1