Search in sources :

Example 1 with BasicAuthorizerUserMapBundle

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method getCurrentUserAndRoleMapSerialized.

private byte[] getCurrentUserAndRoleMapSerialized(String prefix) throws IOException {
    BasicAuthorizerUserMapBundle userMapBundle = cachedUserMaps.get(prefix);
    BasicAuthorizerRoleMapBundle roleMapBundle = cachedRoleMaps.get(prefix);
    UserAndRoleMap userAndRoleMap = new UserAndRoleMap(userMapBundle == null ? null : userMapBundle.getUserMap(), roleMapBundle == null ? null : roleMapBundle.getRoleMap());
    return objectMapper.writeValueAsBytes(userAndRoleMap);
}
Also used : UserAndRoleMap(org.apache.druid.security.basic.authorization.entity.UserAndRoleMap) BasicAuthorizerUserMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle) BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)

Example 2 with BasicAuthorizerUserMapBundle

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method tryUpdateUserAndRoleMap.

private boolean tryUpdateUserAndRoleMap(String prefix, Map<String, BasicAuthorizerUser> userMap, byte[] oldUserMapValue, byte[] newUserMapValue, Map<String, BasicAuthorizerRole> roleMap, byte[] oldRoleMapValue, byte[] newRoleMapValue) {
    try {
        List<MetadataCASUpdate> updates = new ArrayList<>();
        if (userMap != null && roleMap != null) {
            updates.add(createMetadataCASUpdate(prefix, oldUserMapValue, newUserMapValue, USERS));
            updates.add(createMetadataCASUpdate(prefix, oldRoleMapValue, newRoleMapValue, ROLES));
            boolean succeeded = connector.compareAndSwap(updates);
            if (succeeded) {
                cachedUserMaps.put(prefix, new BasicAuthorizerUserMapBundle(userMap, newUserMapValue));
                cachedRoleMaps.put(prefix, new BasicAuthorizerRoleMapBundle(roleMap, newRoleMapValue));
                byte[] serializedUserAndRoleMap = getCurrentUserAndRoleMapSerialized(prefix);
                cacheNotifier.addUpdateUser(prefix, serializedUserAndRoleMap);
                return true;
            } else {
                return false;
            }
        }
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    return false;
}
Also used : MetadataCASUpdate(org.apache.druid.metadata.MetadataCASUpdate) BasicAuthorizerUserMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle) ArrayList(java.util.ArrayList) BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) IOException(java.io.IOException) BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)

Example 3 with BasicAuthorizerUserMapBundle

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method tryUpdateUserMap.

private boolean tryUpdateUserMap(String prefix, Map<String, BasicAuthorizerUser> userMap, byte[] oldUserMapValue, byte[] newUserMapValue) {
    try {
        List<MetadataCASUpdate> updates = new ArrayList<>();
        if (userMap != null) {
            updates.add(createMetadataCASUpdate(prefix, oldUserMapValue, newUserMapValue, USERS));
            boolean succeeded = connector.compareAndSwap(updates);
            if (succeeded) {
                cachedUserMaps.put(prefix, new BasicAuthorizerUserMapBundle(userMap, newUserMapValue));
                byte[] serializedUserAndRoleMap = getCurrentUserAndRoleMapSerialized(prefix);
                cacheNotifier.addUpdateUser(prefix, serializedUserAndRoleMap);
                return true;
            } else {
                return false;
            }
        }
        return false;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : MetadataCASUpdate(org.apache.druid.metadata.MetadataCASUpdate) BasicAuthorizerUserMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle) ArrayList(java.util.ArrayList) BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) IOException(java.io.IOException)

Example 4 with BasicAuthorizerUserMapBundle

use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method start.

@LifecycleStart
public void start() {
    if (!lifecycleLock.canStart()) {
        throw new ISE("can't start.");
    }
    if (authorizerMapper == null || authorizerMapper.getAuthorizerMap() == null) {
        return;
    }
    try {
        LOG.info("Starting CoordinatorBasicAuthorizerMetadataStorageUpdater");
        BasicAuthUtils.maybeInitialize(() -> {
            for (Map.Entry<String, Authorizer> entry : authorizerMapper.getAuthorizerMap().entrySet()) {
                Authorizer authorizer = entry.getValue();
                if (authorizer instanceof BasicRoleBasedAuthorizer) {
                    BasicRoleBasedAuthorizer basicRoleBasedAuthorizer = (BasicRoleBasedAuthorizer) authorizer;
                    BasicAuthDBConfig dbConfig = basicRoleBasedAuthorizer.getDbConfig();
                    String authorizerName = entry.getKey();
                    authorizerNames.add(authorizerName);
                    byte[] userMapBytes = getCurrentUserMapBytes(authorizerName);
                    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, userMapBytes);
                    cachedUserMaps.put(authorizerName, new BasicAuthorizerUserMapBundle(userMap, userMapBytes));
                    byte[] groupMappingMapBytes = getCurrentGroupMappingMapBytes(authorizerName);
                    Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, groupMappingMapBytes);
                    cachedGroupMappingMaps.put(authorizerName, new BasicAuthorizerGroupMappingMapBundle(groupMappingMap, groupMappingMapBytes));
                    byte[] roleMapBytes = getCurrentRoleMapBytes(authorizerName);
                    Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, roleMapBytes);
                    cachedRoleMaps.put(authorizerName, new BasicAuthorizerRoleMapBundle(roleMap, roleMapBytes));
                    initSuperUsersAndGroupMapping(authorizerName, userMap, roleMap, groupMappingMap, dbConfig.getInitialAdminUser(), dbConfig.getInitialAdminRole(), dbConfig.getInitialAdminGroupMapping());
                }
            }
            return true;
        });
        ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
            if (stopped) {
                return ScheduledExecutors.Signal.STOP;
            }
            try {
                LOG.debug("Scheduled db poll is running");
                for (String authorizerName : authorizerNames) {
                    byte[] userMapBytes = getCurrentUserMapBytes(authorizerName);
                    Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, userMapBytes);
                    if (userMapBytes != null) {
                        synchronized (cachedUserMaps) {
                            cachedUserMaps.put(authorizerName, new BasicAuthorizerUserMapBundle(userMap, userMapBytes));
                        }
                    }
                    byte[] groupMappingMapBytes = getCurrentGroupMappingMapBytes(authorizerName);
                    Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, groupMappingMapBytes);
                    if (groupMappingMapBytes != null) {
                        synchronized (cachedGroupMappingMaps) {
                            cachedGroupMappingMaps.put(authorizerName, new BasicAuthorizerGroupMappingMapBundle(groupMappingMap, groupMappingMapBytes));
                        }
                    }
                    byte[] roleMapBytes = getCurrentRoleMapBytes(authorizerName);
                    Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, roleMapBytes);
                    if (roleMapBytes != null) {
                        synchronized (cachedRoleMaps) {
                            cachedRoleMaps.put(authorizerName, new BasicAuthorizerRoleMapBundle(roleMap, roleMapBytes));
                        }
                    }
                }
                LOG.debug("Scheduled db poll is done");
            } catch (Throwable t) {
                LOG.makeAlert(t, "Error occured while polling for cachedUserMaps, cachedGroupMappingMaps, cachedRoleMaps.").emit();
            }
            return ScheduledExecutors.Signal.REPEAT;
        });
        lifecycleLock.started();
    } finally {
        lifecycleLock.exitStart();
    }
}
Also used : Duration(org.joda.time.Duration) BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle) BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping) BasicAuthorizerUserMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle) BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser) Authorizer(org.apache.druid.server.security.Authorizer) BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer) BasicAuthorizerGroupMappingMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingMapBundle) ISE(org.apache.druid.java.util.common.ISE) BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole) UserAndRoleMap(org.apache.druid.security.basic.authorization.entity.UserAndRoleMap) Map(java.util.Map) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) GroupMappingAndRoleMap(org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap) BasicAuthDBConfig(org.apache.druid.security.basic.BasicAuthDBConfig) LifecycleStart(org.apache.druid.java.util.common.lifecycle.LifecycleStart)

Aggregations

BasicAuthorizerUserMapBundle (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle)4 BasicAuthorizerRoleMapBundle (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)3 IOException (java.io.IOException)2 ArrayList (java.util.ArrayList)2 MetadataCASUpdate (org.apache.druid.metadata.MetadataCASUpdate)2 BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)2 UserAndRoleMap (org.apache.druid.security.basic.authorization.entity.UserAndRoleMap)2 Map (java.util.Map)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 ISE (org.apache.druid.java.util.common.ISE)1 LifecycleStart (org.apache.druid.java.util.common.lifecycle.LifecycleStart)1 BasicAuthDBConfig (org.apache.druid.security.basic.BasicAuthDBConfig)1 BasicRoleBasedAuthorizer (org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)1 BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)1 BasicAuthorizerGroupMappingMapBundle (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingMapBundle)1 BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)1 BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)1 GroupMappingAndRoleMap (org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap)1 Authorizer (org.apache.druid.server.security.Authorizer)1 Duration (org.joda.time.Duration)1