use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.
the class CoordinatorPollingBasicAuthorizerCacheManager method tryFetchGroupMappingMapsFromCoordinator.
private GroupMappingAndRoleMap tryFetchGroupMappingMapsFromCoordinator(String prefix) throws Exception {
Request req = druidLeaderClient.makeRequest(HttpMethod.GET, StringUtils.format("/druid-ext/basic-security/authorization/db/%s/cachedSerializedGroupMappingMap", prefix));
BytesFullResponseHolder responseHolder = druidLeaderClient.go(req, new BytesFullResponseHandler());
// running 0.17.0+ tries to access this endpoint on an older coordinator.
if (responseHolder.getStatus().equals(HttpResponseStatus.NOT_FOUND)) {
LOG.warn("cachedSerializedGroupMappingMap is not available from the coordinator, skipping fetch of group mappings for now.");
return null;
}
byte[] groupRoleMapBytes = responseHolder.getContent();
GroupMappingAndRoleMap groupMappingAndRoleMap = objectMapper.readValue(groupRoleMapBytes, BasicAuthUtils.AUTHORIZER_GROUP_MAPPING_AND_ROLE_MAP_TYPE_REFERENCE);
if (groupMappingAndRoleMap != null && commonCacheConfig.getCacheDirectory() != null) {
writeGroupMappingMapToDisk(prefix, groupRoleMapBytes);
}
return groupMappingAndRoleMap;
}
use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.
the class CoordinatorPollingBasicAuthorizerCacheManager method handleAuthorizerGroupMappingUpdate.
@Override
public void handleAuthorizerGroupMappingUpdate(String authorizerPrefix, byte[] serializedGroupMappingAndRoleMap) {
LOG.debug("Received groupMappingMap cache update for authorizer [%s].", authorizerPrefix);
Preconditions.checkState(lifecycleLock.awaitStarted(1, TimeUnit.MILLISECONDS));
try {
GroupMappingAndRoleMap groupMappingAndRoleMap = objectMapper.readValue(serializedGroupMappingAndRoleMap, BasicAuthUtils.AUTHORIZER_GROUP_MAPPING_AND_ROLE_MAP_TYPE_REFERENCE);
cachedGroupMappingMaps.put(authorizerPrefix, groupMappingAndRoleMap.getGroupMappingMap());
cachedGroupMappingRoleMaps.put(authorizerPrefix, groupMappingAndRoleMap.getRoleMap());
if (commonCacheConfig.getCacheDirectory() != null) {
writeGroupMappingMapToDisk(authorizerPrefix, serializedGroupMappingAndRoleMap);
}
} catch (Exception e) {
LOG.makeAlert(e, "Could not deserialize groupMapping/role map received from coordinator.").emit();
}
}
use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.
the class CoordinatorPollingBasicAuthorizerCacheManager method initUserMaps.
private void initUserMaps() {
AuthorizerMapper authorizerMapper = injector.getInstance(AuthorizerMapper.class);
if (authorizerMapper == null || authorizerMapper.getAuthorizerMap() == null) {
return;
}
for (Map.Entry<String, Authorizer> entry : authorizerMapper.getAuthorizerMap().entrySet()) {
Authorizer authorizer = entry.getValue();
if (authorizer instanceof BasicRoleBasedAuthorizer) {
String authorizerName = entry.getKey();
authorizerPrefixes.add(authorizerName);
UserAndRoleMap userAndRoleMap = fetchUserAndRoleMapFromCoordinator(authorizerName, true);
if (userAndRoleMap != null) {
cachedUserMaps.put(authorizerName, userAndRoleMap.getUserMap());
cachedRoleMaps.put(authorizerName, userAndRoleMap.getRoleMap());
}
GroupMappingAndRoleMap groupMappingAndRoleMap = fetchGroupAndRoleMapFromCoordinator(authorizerName, true);
if (groupMappingAndRoleMap != null) {
cachedGroupMappingMaps.put(authorizerName, groupMappingAndRoleMap.getGroupMappingMap());
cachedGroupMappingRoleMaps.put(authorizerName, groupMappingAndRoleMap.getRoleMap());
}
}
}
}
use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.
the class CoordinatorPollingBasicAuthorizerCacheManager method start.
@LifecycleStart
public void start() {
if (!lifecycleLock.canStart()) {
throw new ISE("can't start.");
}
LOG.info("Starting CoordinatorPollingBasicAuthorizerCacheManager.");
try {
initUserMaps();
ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
try {
long randomDelay = ThreadLocalRandom.current().nextLong(0, commonCacheConfig.getMaxRandomDelay());
LOG.debug("Inserting random polling delay of [%s] ms", randomDelay);
Thread.sleep(randomDelay);
LOG.debug("Scheduled userMap cache poll is running");
for (String authorizerPrefix : authorizerPrefixes) {
UserAndRoleMap userAndRoleMap = fetchUserAndRoleMapFromCoordinator(authorizerPrefix, false);
if (userAndRoleMap != null) {
cachedUserMaps.put(authorizerPrefix, userAndRoleMap.getUserMap());
cachedRoleMaps.put(authorizerPrefix, userAndRoleMap.getRoleMap());
}
}
LOG.debug("Scheduled userMap cache poll is done");
} catch (Throwable t) {
LOG.makeAlert(t, "Error occured while polling for cachedUserMaps.").emit();
}
});
ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
try {
long randomDelay = ThreadLocalRandom.current().nextLong(0, commonCacheConfig.getMaxRandomDelay());
LOG.debug("Inserting random polling delay of [%s] ms", randomDelay);
Thread.sleep(randomDelay);
LOG.debug("Scheduled groupMappingMap cache poll is running");
for (String authorizerPrefix : authorizerPrefixes) {
GroupMappingAndRoleMap groupMappingAndRoleMap = fetchGroupAndRoleMapFromCoordinator(authorizerPrefix, false);
if (groupMappingAndRoleMap != null) {
cachedGroupMappingMaps.put(authorizerPrefix, groupMappingAndRoleMap.getGroupMappingMap());
cachedGroupMappingRoleMaps.put(authorizerPrefix, groupMappingAndRoleMap.getRoleMap());
}
}
LOG.debug("Scheduled groupMappingMap cache poll is done");
} catch (Throwable t) {
LOG.makeAlert(t, "Error occured while polling for cachedGroupMappingMaps.").emit();
}
});
lifecycleLock.started();
LOG.info("Started CoordinatorPollingBasicAuthorizerCacheManager.");
} finally {
lifecycleLock.exitStart();
}
}
use of org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method getCurrentGroupMappingAndRoleMapSerialized.
private byte[] getCurrentGroupMappingAndRoleMapSerialized(String prefix) throws IOException {
BasicAuthorizerGroupMappingMapBundle groupMappingMapBundle = cachedGroupMappingMaps.get(prefix);
BasicAuthorizerRoleMapBundle roleMapBundle = cachedRoleMaps.get(prefix);
GroupMappingAndRoleMap groupMappingAndRoleMap = new GroupMappingAndRoleMap(groupMappingMapBundle == null ? null : groupMappingMapBundle.getGroupMappingMap(), roleMapBundle == null ? null : roleMapBundle.getRoleMap());
return objectMapper.writeValueAsBytes(groupMappingAndRoleMap);
}
Aggregations