use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method getCurrentUserAndRoleMapSerialized.
private byte[] getCurrentUserAndRoleMapSerialized(String prefix) throws IOException {
BasicAuthorizerUserMapBundle userMapBundle = cachedUserMaps.get(prefix);
BasicAuthorizerRoleMapBundle roleMapBundle = cachedRoleMaps.get(prefix);
UserAndRoleMap userAndRoleMap = new UserAndRoleMap(userMapBundle == null ? null : userMapBundle.getUserMap(), roleMapBundle == null ? null : roleMapBundle.getRoleMap());
return objectMapper.writeValueAsBytes(userAndRoleMap);
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method tryUpdateUserAndRoleMap.
private boolean tryUpdateUserAndRoleMap(String prefix, Map<String, BasicAuthorizerUser> userMap, byte[] oldUserMapValue, byte[] newUserMapValue, Map<String, BasicAuthorizerRole> roleMap, byte[] oldRoleMapValue, byte[] newRoleMapValue) {
try {
List<MetadataCASUpdate> updates = new ArrayList<>();
if (userMap != null && roleMap != null) {
updates.add(createMetadataCASUpdate(prefix, oldUserMapValue, newUserMapValue, USERS));
updates.add(createMetadataCASUpdate(prefix, oldRoleMapValue, newRoleMapValue, ROLES));
boolean succeeded = connector.compareAndSwap(updates);
if (succeeded) {
cachedUserMaps.put(prefix, new BasicAuthorizerUserMapBundle(userMap, newUserMapValue));
cachedRoleMaps.put(prefix, new BasicAuthorizerRoleMapBundle(roleMap, newRoleMapValue));
byte[] serializedUserAndRoleMap = getCurrentUserAndRoleMapSerialized(prefix);
cacheNotifier.addUpdateUser(prefix, serializedUserAndRoleMap);
return true;
} else {
return false;
}
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return false;
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method tryUpdateUserMap.
private boolean tryUpdateUserMap(String prefix, Map<String, BasicAuthorizerUser> userMap, byte[] oldUserMapValue, byte[] newUserMapValue) {
try {
List<MetadataCASUpdate> updates = new ArrayList<>();
if (userMap != null) {
updates.add(createMetadataCASUpdate(prefix, oldUserMapValue, newUserMapValue, USERS));
boolean succeeded = connector.compareAndSwap(updates);
if (succeeded) {
cachedUserMaps.put(prefix, new BasicAuthorizerUserMapBundle(userMap, newUserMapValue));
byte[] serializedUserAndRoleMap = getCurrentUserAndRoleMapSerialized(prefix);
cacheNotifier.addUpdateUser(prefix, serializedUserAndRoleMap);
return true;
} else {
return false;
}
}
return false;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method start.
@LifecycleStart
public void start() {
if (!lifecycleLock.canStart()) {
throw new ISE("can't start.");
}
if (authorizerMapper == null || authorizerMapper.getAuthorizerMap() == null) {
return;
}
try {
LOG.info("Starting CoordinatorBasicAuthorizerMetadataStorageUpdater");
BasicAuthUtils.maybeInitialize(() -> {
for (Map.Entry<String, Authorizer> entry : authorizerMapper.getAuthorizerMap().entrySet()) {
Authorizer authorizer = entry.getValue();
if (authorizer instanceof BasicRoleBasedAuthorizer) {
BasicRoleBasedAuthorizer basicRoleBasedAuthorizer = (BasicRoleBasedAuthorizer) authorizer;
BasicAuthDBConfig dbConfig = basicRoleBasedAuthorizer.getDbConfig();
String authorizerName = entry.getKey();
authorizerNames.add(authorizerName);
byte[] userMapBytes = getCurrentUserMapBytes(authorizerName);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, userMapBytes);
cachedUserMaps.put(authorizerName, new BasicAuthorizerUserMapBundle(userMap, userMapBytes));
byte[] groupMappingMapBytes = getCurrentGroupMappingMapBytes(authorizerName);
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, groupMappingMapBytes);
cachedGroupMappingMaps.put(authorizerName, new BasicAuthorizerGroupMappingMapBundle(groupMappingMap, groupMappingMapBytes));
byte[] roleMapBytes = getCurrentRoleMapBytes(authorizerName);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, roleMapBytes);
cachedRoleMaps.put(authorizerName, new BasicAuthorizerRoleMapBundle(roleMap, roleMapBytes));
initSuperUsersAndGroupMapping(authorizerName, userMap, roleMap, groupMappingMap, dbConfig.getInitialAdminUser(), dbConfig.getInitialAdminRole(), dbConfig.getInitialAdminGroupMapping());
}
}
return true;
});
ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
if (stopped) {
return ScheduledExecutors.Signal.STOP;
}
try {
LOG.debug("Scheduled db poll is running");
for (String authorizerName : authorizerNames) {
byte[] userMapBytes = getCurrentUserMapBytes(authorizerName);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, userMapBytes);
if (userMapBytes != null) {
synchronized (cachedUserMaps) {
cachedUserMaps.put(authorizerName, new BasicAuthorizerUserMapBundle(userMap, userMapBytes));
}
}
byte[] groupMappingMapBytes = getCurrentGroupMappingMapBytes(authorizerName);
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, groupMappingMapBytes);
if (groupMappingMapBytes != null) {
synchronized (cachedGroupMappingMaps) {
cachedGroupMappingMaps.put(authorizerName, new BasicAuthorizerGroupMappingMapBundle(groupMappingMap, groupMappingMapBytes));
}
}
byte[] roleMapBytes = getCurrentRoleMapBytes(authorizerName);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, roleMapBytes);
if (roleMapBytes != null) {
synchronized (cachedRoleMaps) {
cachedRoleMaps.put(authorizerName, new BasicAuthorizerRoleMapBundle(roleMap, roleMapBytes));
}
}
}
LOG.debug("Scheduled db poll is done");
} catch (Throwable t) {
LOG.makeAlert(t, "Error occured while polling for cachedUserMaps, cachedGroupMappingMaps, cachedRoleMaps.").emit();
}
return ScheduledExecutors.Signal.REPEAT;
});
lifecycleLock.started();
} finally {
lifecycleLock.exitStart();
}
}
Aggregations