Examples with GroupMappingAndRoleMap org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap used on opensource projects

Example 1 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method tryFetchGroupMappingMapsFromCoordinator.

private GroupMappingAndRoleMap tryFetchGroupMappingMapsFromCoordinator(String prefix) throws Exception {
    Request req = druidLeaderClient.makeRequest(HttpMethod.GET, StringUtils.format("/druid-ext/basic-security/authorization/db/%s/cachedSerializedGroupMappingMap", prefix));
    BytesFullResponseHolder responseHolder = druidLeaderClient.go(req, new BytesFullResponseHandler());
    // running 0.17.0+ tries to access this endpoint on an older coordinator.
    if (responseHolder.getStatus().equals(HttpResponseStatus.NOT_FOUND)) {
        LOG.warn("cachedSerializedGroupMappingMap is not available from the coordinator, skipping fetch of group mappings for now.");
        return null;
    }
    byte[] groupRoleMapBytes = responseHolder.getContent();
    GroupMappingAndRoleMap groupMappingAndRoleMap = objectMapper.readValue(groupRoleMapBytes, BasicAuthUtils.AUTHORIZER_GROUP_MAPPING_AND_ROLE_MAP_TYPE_REFERENCE);
    if (groupMappingAndRoleMap != null && commonCacheConfig.getCacheDirectory() != null) {
        writeGroupMappingMapToDisk(prefix, groupRoleMapBytes);
    }
    return groupMappingAndRoleMap;
}

Example 2 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method handleAuthorizerGroupMappingUpdate.

@Override
public void handleAuthorizerGroupMappingUpdate(String authorizerPrefix, byte[] serializedGroupMappingAndRoleMap) {
    LOG.debug("Received groupMappingMap cache update for authorizer [%s].", authorizerPrefix);
    Preconditions.checkState(lifecycleLock.awaitStarted(1, TimeUnit.MILLISECONDS));
    try {
        GroupMappingAndRoleMap groupMappingAndRoleMap = objectMapper.readValue(serializedGroupMappingAndRoleMap, BasicAuthUtils.AUTHORIZER_GROUP_MAPPING_AND_ROLE_MAP_TYPE_REFERENCE);
        cachedGroupMappingMaps.put(authorizerPrefix, groupMappingAndRoleMap.getGroupMappingMap());
        cachedGroupMappingRoleMaps.put(authorizerPrefix, groupMappingAndRoleMap.getRoleMap());
        if (commonCacheConfig.getCacheDirectory() != null) {
            writeGroupMappingMapToDisk(authorizerPrefix, serializedGroupMappingAndRoleMap);
        }
    } catch (Exception e) {
        LOG.makeAlert(e, "Could not deserialize groupMapping/role map received from coordinator.").emit();
    }
}

Example 3 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method initUserMaps.

private void initUserMaps() {
    AuthorizerMapper authorizerMapper = injector.getInstance(AuthorizerMapper.class);
    if (authorizerMapper == null || authorizerMapper.getAuthorizerMap() == null) {
        return;
    }
    for (Map.Entry<String, Authorizer> entry : authorizerMapper.getAuthorizerMap().entrySet()) {
        Authorizer authorizer = entry.getValue();
        if (authorizer instanceof BasicRoleBasedAuthorizer) {
            String authorizerName = entry.getKey();
            authorizerPrefixes.add(authorizerName);
            UserAndRoleMap userAndRoleMap = fetchUserAndRoleMapFromCoordinator(authorizerName, true);
            if (userAndRoleMap != null) {
                cachedUserMaps.put(authorizerName, userAndRoleMap.getUserMap());
                cachedRoleMaps.put(authorizerName, userAndRoleMap.getRoleMap());
            }
            GroupMappingAndRoleMap groupMappingAndRoleMap = fetchGroupAndRoleMapFromCoordinator(authorizerName, true);
            if (groupMappingAndRoleMap != null) {
                cachedGroupMappingMaps.put(authorizerName, groupMappingAndRoleMap.getGroupMappingMap());
                cachedGroupMappingRoleMaps.put(authorizerName, groupMappingAndRoleMap.getRoleMap());
            }
        }
    }
}

Example 4 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method start.

@LifecycleStart
public void start() {
    if (!lifecycleLock.canStart()) {
        throw new ISE("can't start.");
    }
    LOG.info("Starting CoordinatorPollingBasicAuthorizerCacheManager.");
    try {
        initUserMaps();
        ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
            try {
                long randomDelay = ThreadLocalRandom.current().nextLong(0, commonCacheConfig.getMaxRandomDelay());
                LOG.debug("Inserting random polling delay of [%s] ms", randomDelay);
                Thread.sleep(randomDelay);
                LOG.debug("Scheduled userMap cache poll is running");
                for (String authorizerPrefix : authorizerPrefixes) {
                    UserAndRoleMap userAndRoleMap = fetchUserAndRoleMapFromCoordinator(authorizerPrefix, false);
                    if (userAndRoleMap != null) {
                        cachedUserMaps.put(authorizerPrefix, userAndRoleMap.getUserMap());
                        cachedRoleMaps.put(authorizerPrefix, userAndRoleMap.getRoleMap());
                    }
                }
                LOG.debug("Scheduled userMap cache poll is done");
            } catch (Throwable t) {
                LOG.makeAlert(t, "Error occured while polling for cachedUserMaps.").emit();
            }
        });
        ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
            try {
                long randomDelay = ThreadLocalRandom.current().nextLong(0, commonCacheConfig.getMaxRandomDelay());
                LOG.debug("Inserting random polling delay of [%s] ms", randomDelay);
                Thread.sleep(randomDelay);
                LOG.debug("Scheduled groupMappingMap cache poll is running");
                for (String authorizerPrefix : authorizerPrefixes) {
                    GroupMappingAndRoleMap groupMappingAndRoleMap = fetchGroupAndRoleMapFromCoordinator(authorizerPrefix, false);
                    if (groupMappingAndRoleMap != null) {
                        cachedGroupMappingMaps.put(authorizerPrefix, groupMappingAndRoleMap.getGroupMappingMap());
                        cachedGroupMappingRoleMaps.put(authorizerPrefix, groupMappingAndRoleMap.getRoleMap());
                    }
                }
                LOG.debug("Scheduled groupMappingMap cache poll is done");
            } catch (Throwable t) {
                LOG.makeAlert(t, "Error occured while polling for cachedGroupMappingMaps.").emit();
            }
        });
        lifecycleLock.started();
        LOG.info("Started CoordinatorPollingBasicAuthorizerCacheManager.");
    } finally {
        lifecycleLock.exitStart();
    }
}

Example 5 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method getCurrentGroupMappingAndRoleMapSerialized.

private byte[] getCurrentGroupMappingAndRoleMapSerialized(String prefix) throws IOException {
    BasicAuthorizerGroupMappingMapBundle groupMappingMapBundle = cachedGroupMappingMaps.get(prefix);
    BasicAuthorizerRoleMapBundle roleMapBundle = cachedRoleMaps.get(prefix);
    GroupMappingAndRoleMap groupMappingAndRoleMap = new GroupMappingAndRoleMap(groupMappingMapBundle == null ? null : groupMappingMapBundle.getGroupMappingMap(), roleMapBundle == null ? null : roleMapBundle.getRoleMap());
    return objectMapper.writeValueAsBytes(groupMappingAndRoleMap);
}