use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceTest method testCreateDeleteUser.
@Test
public void testCreateDeleteUser() {
Response response = resource.createUser(req, AUTHORIZER_NAME, "druid");
Assert.assertEquals(200, response.getStatus());
response = resource.getUser(req, AUTHORIZER_NAME, "druid", null, null);
Assert.assertEquals(200, response.getStatus());
BasicAuthorizerUser expectedUser = new BasicAuthorizerUser("druid", ImmutableSet.of());
Assert.assertEquals(expectedUser, response.getEntity());
response = resource.deleteUser(req, AUTHORIZER_NAME, "druid");
Assert.assertEquals(200, response.getStatus());
response = resource.deleteUser(req, AUTHORIZER_NAME, "druid");
Assert.assertEquals(400, response.getStatus());
Assert.assertEquals(errorMapWithMsg("User [druid] does not exist."), response.getEntity());
response = resource.getUser(req, AUTHORIZER_NAME, "druid", null, null);
Assert.assertEquals(400, response.getStatus());
Assert.assertEquals(errorMapWithMsg("User [druid] does not exist."), response.getEntity());
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdaterTest method testSetRolePermissions.
// role and permission tests
@Test
public void testSetRolePermissions() {
updater.createUser(AUTHORIZER_NAME, "druid");
updater.createRole(AUTHORIZER_NAME, "druidRole");
updater.assignUserRole(AUTHORIZER_NAME, "druid", "druidRole");
List<ResourceAction> permsToAdd = ImmutableList.of(new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE));
updater.setPermissions(AUTHORIZER_NAME, "druidRole", permsToAdd);
Map<String, BasicAuthorizerUser> expectedUserMap = new HashMap<>(BASE_USER_MAP);
expectedUserMap.put("druid", new BasicAuthorizerUser("druid", ImmutableSet.of("druidRole")));
Map<String, BasicAuthorizerRole> expectedRoleMap = new HashMap<>(BASE_ROLE_MAP);
expectedRoleMap.put("druidRole", new BasicAuthorizerRole("druidRole", BasicAuthorizerPermission.makePermissionList(permsToAdd)));
Map<String, BasicAuthorizerUser> actualUserMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, updater.getCurrentUserMapBytes(AUTHORIZER_NAME));
Map<String, BasicAuthorizerRole> actualRoleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, updater.getCurrentRoleMapBytes(AUTHORIZER_NAME));
Assert.assertEquals(expectedUserMap, actualUserMap);
Assert.assertEquals(expectedRoleMap, actualRoleMap);
updater.setPermissions(AUTHORIZER_NAME, "druidRole", null);
expectedRoleMap.put("druidRole", new BasicAuthorizerRole("druidRole", null));
actualRoleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, updater.getCurrentRoleMapBytes(AUTHORIZER_NAME));
Assert.assertEquals(expectedUserMap, actualUserMap);
Assert.assertEquals(expectedRoleMap, actualRoleMap);
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdaterTest method testUnassignInvalidRoleAssignmentToUserFails.
@Test
public void testUnassignInvalidRoleAssignmentToUserFails() {
expectedException.expect(BasicSecurityDBResourceException.class);
expectedException.expectMessage("User [druid] does not have role [druidRole].");
updater.createUser(AUTHORIZER_NAME, "druid");
updater.createRole(AUTHORIZER_NAME, "druidRole");
Map<String, BasicAuthorizerUser> expectedUserMap = new HashMap<>(BASE_USER_MAP);
expectedUserMap.put("druid", new BasicAuthorizerUser("druid", ImmutableSet.of()));
Map<String, BasicAuthorizerRole> expectedRoleMap = new HashMap<>(BASE_ROLE_MAP);
expectedRoleMap.put("druidRole", new BasicAuthorizerRole("druidRole", ImmutableList.of()));
Map<String, BasicAuthorizerUser> actualUserMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, updater.getCurrentUserMapBytes(AUTHORIZER_NAME));
Map<String, BasicAuthorizerRole> actualRoleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, updater.getCurrentRoleMapBytes(AUTHORIZER_NAME));
Assert.assertEquals(expectedUserMap, actualUserMap);
Assert.assertEquals(expectedRoleMap, actualRoleMap);
updater.unassignUserRole(AUTHORIZER_NAME, "druid", "druidRole");
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class MetadataStoreRoleProvider method getRoles.
@Override
public Set<String> getRoles(String authorizerPrefix, AuthenticationResult authenticationResult) {
Set<String> roleNames = new HashSet<>();
Map<String, BasicAuthorizerUser> userMap = cacheManager.getUserMap(authorizerPrefix);
if (userMap == null) {
throw new IAE("Could not load userMap for authorizer [%s]", authorizerPrefix);
}
BasicAuthorizerUser user = userMap.get(authenticationResult.getIdentity());
if (user != null) {
roleNames.addAll(user.getRoles());
}
return roleNames;
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceTest method testUserRoleAssignment.
@Test
public void testUserRoleAssignment() {
Response response = resource.createRole(req, AUTHORIZER_NAME, "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.createUser(req, AUTHORIZER_NAME, "druid");
Assert.assertEquals(200, response.getStatus());
response = resource.assignRoleToUser(req, AUTHORIZER_NAME, "druid", "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.getUser(req, AUTHORIZER_NAME, "druid", null, null);
Assert.assertEquals(200, response.getStatus());
BasicAuthorizerUser expectedUser = new BasicAuthorizerUser("druid", ImmutableSet.of("druidRole"));
Assert.assertEquals(expectedUser, response.getEntity());
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole", null, null);
Assert.assertEquals(200, response.getStatus());
BasicAuthorizerRole expectedRole = new BasicAuthorizerRole("druidRole", ImmutableList.of());
Assert.assertEquals(expectedRole, response.getEntity());
response = resource.unassignRoleFromUser(req, AUTHORIZER_NAME, "druid", "druidRole");
Assert.assertEquals(200, response.getStatus());
response = resource.getUser(req, AUTHORIZER_NAME, "druid", null, null);
Assert.assertEquals(200, response.getStatus());
expectedUser = new BasicAuthorizerUser("druid", ImmutableSet.of());
Assert.assertEquals(expectedUser, response.getEntity());
response = resource.getRole(req, AUTHORIZER_NAME, "druidRole", null, null);
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(expectedRole, response.getEntity());
}
Aggregations