Search in sources :

Example 1 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method tryFetchGroupMappingMapsFromCoordinator.

private GroupMappingAndRoleMap tryFetchGroupMappingMapsFromCoordinator(String prefix) throws Exception {
    Request req = druidLeaderClient.makeRequest(HttpMethod.GET, StringUtils.format("/druid-ext/basic-security/authorization/db/%s/cachedSerializedGroupMappingMap", prefix));
    BytesFullResponseHolder responseHolder = druidLeaderClient.go(req, new BytesFullResponseHandler());
    // running 0.17.0+ tries to access this endpoint on an older coordinator.
    if (responseHolder.getStatus().equals(HttpResponseStatus.NOT_FOUND)) {
        LOG.warn("cachedSerializedGroupMappingMap is not available from the coordinator, skipping fetch of group mappings for now.");
        return null;
    }
    byte[] groupRoleMapBytes = responseHolder.getContent();
    GroupMappingAndRoleMap groupMappingAndRoleMap = objectMapper.readValue(groupRoleMapBytes, BasicAuthUtils.AUTHORIZER_GROUP_MAPPING_AND_ROLE_MAP_TYPE_REFERENCE);
    if (groupMappingAndRoleMap != null && commonCacheConfig.getCacheDirectory() != null) {
        writeGroupMappingMapToDisk(prefix, groupRoleMapBytes);
    }
    return groupMappingAndRoleMap;
}
Also used : BytesFullResponseHolder(org.apache.druid.java.util.http.client.response.BytesFullResponseHolder) GroupMappingAndRoleMap(org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap) Request(org.apache.druid.java.util.http.client.Request) BytesFullResponseHandler(org.apache.druid.java.util.http.client.response.BytesFullResponseHandler)

Example 2 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method handleAuthorizerGroupMappingUpdate.

@Override
public void handleAuthorizerGroupMappingUpdate(String authorizerPrefix, byte[] serializedGroupMappingAndRoleMap) {
    LOG.debug("Received groupMappingMap cache update for authorizer [%s].", authorizerPrefix);
    Preconditions.checkState(lifecycleLock.awaitStarted(1, TimeUnit.MILLISECONDS));
    try {
        GroupMappingAndRoleMap groupMappingAndRoleMap = objectMapper.readValue(serializedGroupMappingAndRoleMap, BasicAuthUtils.AUTHORIZER_GROUP_MAPPING_AND_ROLE_MAP_TYPE_REFERENCE);
        cachedGroupMappingMaps.put(authorizerPrefix, groupMappingAndRoleMap.getGroupMappingMap());
        cachedGroupMappingRoleMaps.put(authorizerPrefix, groupMappingAndRoleMap.getRoleMap());
        if (commonCacheConfig.getCacheDirectory() != null) {
            writeGroupMappingMapToDisk(authorizerPrefix, serializedGroupMappingAndRoleMap);
        }
    } catch (Exception e) {
        LOG.makeAlert(e, "Could not deserialize groupMapping/role map received from coordinator.").emit();
    }
}
Also used : GroupMappingAndRoleMap(org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap) IOException(java.io.IOException)

Example 3 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method initUserMaps.

private void initUserMaps() {
    AuthorizerMapper authorizerMapper = injector.getInstance(AuthorizerMapper.class);
    if (authorizerMapper == null || authorizerMapper.getAuthorizerMap() == null) {
        return;
    }
    for (Map.Entry<String, Authorizer> entry : authorizerMapper.getAuthorizerMap().entrySet()) {
        Authorizer authorizer = entry.getValue();
        if (authorizer instanceof BasicRoleBasedAuthorizer) {
            String authorizerName = entry.getKey();
            authorizerPrefixes.add(authorizerName);
            UserAndRoleMap userAndRoleMap = fetchUserAndRoleMapFromCoordinator(authorizerName, true);
            if (userAndRoleMap != null) {
                cachedUserMaps.put(authorizerName, userAndRoleMap.getUserMap());
                cachedRoleMaps.put(authorizerName, userAndRoleMap.getRoleMap());
            }
            GroupMappingAndRoleMap groupMappingAndRoleMap = fetchGroupAndRoleMapFromCoordinator(authorizerName, true);
            if (groupMappingAndRoleMap != null) {
                cachedGroupMappingMaps.put(authorizerName, groupMappingAndRoleMap.getGroupMappingMap());
                cachedGroupMappingRoleMaps.put(authorizerName, groupMappingAndRoleMap.getRoleMap());
            }
        }
    }
}
Also used : UserAndRoleMap(org.apache.druid.security.basic.authorization.entity.UserAndRoleMap) GroupMappingAndRoleMap(org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap) BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer) Authorizer(org.apache.druid.server.security.Authorizer) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer) UserAndRoleMap(org.apache.druid.security.basic.authorization.entity.UserAndRoleMap) Map(java.util.Map) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) GroupMappingAndRoleMap(org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap)

Example 4 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method start.

@LifecycleStart
public void start() {
    if (!lifecycleLock.canStart()) {
        throw new ISE("can't start.");
    }
    LOG.info("Starting CoordinatorPollingBasicAuthorizerCacheManager.");
    try {
        initUserMaps();
        ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
            try {
                long randomDelay = ThreadLocalRandom.current().nextLong(0, commonCacheConfig.getMaxRandomDelay());
                LOG.debug("Inserting random polling delay of [%s] ms", randomDelay);
                Thread.sleep(randomDelay);
                LOG.debug("Scheduled userMap cache poll is running");
                for (String authorizerPrefix : authorizerPrefixes) {
                    UserAndRoleMap userAndRoleMap = fetchUserAndRoleMapFromCoordinator(authorizerPrefix, false);
                    if (userAndRoleMap != null) {
                        cachedUserMaps.put(authorizerPrefix, userAndRoleMap.getUserMap());
                        cachedRoleMaps.put(authorizerPrefix, userAndRoleMap.getRoleMap());
                    }
                }
                LOG.debug("Scheduled userMap cache poll is done");
            } catch (Throwable t) {
                LOG.makeAlert(t, "Error occured while polling for cachedUserMaps.").emit();
            }
        });
        ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
            try {
                long randomDelay = ThreadLocalRandom.current().nextLong(0, commonCacheConfig.getMaxRandomDelay());
                LOG.debug("Inserting random polling delay of [%s] ms", randomDelay);
                Thread.sleep(randomDelay);
                LOG.debug("Scheduled groupMappingMap cache poll is running");
                for (String authorizerPrefix : authorizerPrefixes) {
                    GroupMappingAndRoleMap groupMappingAndRoleMap = fetchGroupAndRoleMapFromCoordinator(authorizerPrefix, false);
                    if (groupMappingAndRoleMap != null) {
                        cachedGroupMappingMaps.put(authorizerPrefix, groupMappingAndRoleMap.getGroupMappingMap());
                        cachedGroupMappingRoleMaps.put(authorizerPrefix, groupMappingAndRoleMap.getRoleMap());
                    }
                }
                LOG.debug("Scheduled groupMappingMap cache poll is done");
            } catch (Throwable t) {
                LOG.makeAlert(t, "Error occured while polling for cachedGroupMappingMaps.").emit();
            }
        });
        lifecycleLock.started();
        LOG.info("Started CoordinatorPollingBasicAuthorizerCacheManager.");
    } finally {
        lifecycleLock.exitStart();
    }
}
Also used : UserAndRoleMap(org.apache.druid.security.basic.authorization.entity.UserAndRoleMap) GroupMappingAndRoleMap(org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap) ISE(org.apache.druid.java.util.common.ISE) Duration(org.joda.time.Duration) LifecycleStart(org.apache.druid.java.util.common.lifecycle.LifecycleStart)

Example 5 with GroupMappingAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method getCurrentGroupMappingAndRoleMapSerialized.

private byte[] getCurrentGroupMappingAndRoleMapSerialized(String prefix) throws IOException {
    BasicAuthorizerGroupMappingMapBundle groupMappingMapBundle = cachedGroupMappingMaps.get(prefix);
    BasicAuthorizerRoleMapBundle roleMapBundle = cachedRoleMaps.get(prefix);
    GroupMappingAndRoleMap groupMappingAndRoleMap = new GroupMappingAndRoleMap(groupMappingMapBundle == null ? null : groupMappingMapBundle.getGroupMappingMap(), roleMapBundle == null ? null : roleMapBundle.getRoleMap());
    return objectMapper.writeValueAsBytes(groupMappingAndRoleMap);
}
Also used : GroupMappingAndRoleMap(org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap) BasicAuthorizerGroupMappingMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingMapBundle) BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)

Aggregations

GroupMappingAndRoleMap (org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap)6 BasicRoleBasedAuthorizer (org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)2 UserAndRoleMap (org.apache.druid.security.basic.authorization.entity.UserAndRoleMap)2 IOException (java.io.IOException)1 Map (java.util.Map)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 ISE (org.apache.druid.java.util.common.ISE)1 LifecycleStart (org.apache.druid.java.util.common.lifecycle.LifecycleStart)1 Request (org.apache.druid.java.util.http.client.Request)1 BytesFullResponseHandler (org.apache.druid.java.util.http.client.response.BytesFullResponseHandler)1 BytesFullResponseHolder (org.apache.druid.java.util.http.client.response.BytesFullResponseHolder)1 BasicAuthorizerGroupMappingMapBundle (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingMapBundle)1 BasicAuthorizerRoleMapBundle (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)1 Authorizer (org.apache.druid.server.security.Authorizer)1 AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)1 Duration (org.joda.time.Duration)1