Examples with ResourceAction org.apache.druid.server.security.ResourceAction used on opensource projects

Example 6 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class DruidPlannerResourceAnalyzeTest method testJoin.

@Test
public void testJoin() {
    final String sql = "SELECT COUNT(*) FROM foo INNER JOIN numfoo ON foo.dim1 = numfoo.dim1 WHERE numfoo.dim1 <> 'z'";
    Set<ResourceAction> requiredResources = analyzeResources(PLANNER_CONFIG_DEFAULT, sql, CalciteTests.REGULAR_USER_AUTH_RESULT);
    Assert.assertEquals(ImmutableSet.of(new ResourceAction(new Resource("foo", ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource("numfoo", ResourceType.DATASOURCE), Action.READ)), requiredResources);
}

Example 7 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class StateResourceFilter method filter.

@Override
public ContainerRequest filter(ContainerRequest request) {
    final ResourceAction resourceAction = new ResourceAction(Resource.STATE_RESOURCE, getAction(request));
    final Access authResult = AuthorizationUtils.authorizeResourceAction(getReq(), resourceAction, getAuthorizerMapper());
    if (!authResult.isAllowed()) {
        throw new ForbiddenException(authResult.toString());
    }
    return request;
}

Example 8 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class SqlResourceCollectorShuttle method visit.

@Override
public SqlNode visit(SqlIdentifier id) {
    // raw tables and views and such will have a IdentifierNamespace
    // since we are scoped to identifiers here, we should only pick up these
    SqlValidatorNamespace namespace = validator.getNamespace(id);
    if (namespace != null && namespace.isWrapperFor(IdentifierNamespace.class)) {
        SqlValidatorTable validatorTable = namespace.getTable();
        // this should not probably be null if the namespace was not null,
        if (validatorTable != null) {
            List<String> qualifiedNameParts = validatorTable.getQualifiedName();
            // 'schema'.'identifier'
            if (qualifiedNameParts.size() == 2) {
                final String schema = qualifiedNameParts.get(0);
                final String resourceName = qualifiedNameParts.get(1);
                final String resourceType = plannerContext.getSchemaResourceType(schema, resourceName);
                if (resourceType != null) {
                    resourceActions.add(new ResourceAction(new Resource(resourceName, resourceType), Action.READ));
                }
            } else if (qualifiedNameParts.size() > 2) {
                // Don't expect to see more than 2 names (catalog?).
                throw new ISE("Cannot analyze table idetifier %s", qualifiedNameParts);
            }
        }
    }
    return super.visit(id);
}

Example 9 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class DruidPlanner method validate.

/**
 * Validates a SQL query and populates {@link PlannerContext#getResourceActions()}.
 *
 * @return set of {@link Resource} corresponding to any Druid datasources or views which are taking part in the query.
 */
public ValidationResult validate() throws SqlParseException, ValidationException {
    resetPlanner();
    final ParsedNodes parsed = ParsedNodes.create(planner.parse(plannerContext.getSql()));
    final SqlValidator validator = getValidator();
    final SqlNode validatedQueryNode;
    try {
        validatedQueryNode = validator.validate(rewriteDynamicParameters(parsed.getQueryNode()));
    } catch (RuntimeException e) {
        throw new ValidationException(e);
    }
    SqlResourceCollectorShuttle resourceCollectorShuttle = new SqlResourceCollectorShuttle(validator, plannerContext);
    validatedQueryNode.accept(resourceCollectorShuttle);
    final Set<ResourceAction> resourceActions = new HashSet<>(resourceCollectorShuttle.getResourceActions());
    if (parsed.getInsertNode() != null) {
        final String targetDataSource = validateAndGetDataSourceForInsert(parsed.getInsertNode());
        resourceActions.add(new ResourceAction(new Resource(targetDataSource, ResourceType.DATASOURCE), Action.WRITE));
    }
    plannerContext.setResourceActions(resourceActions);
    return new ValidationResult(resourceActions);
}

Example 10 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class IndexTaskUtils method datasourceAuthorizationCheck.

/**
 * Authorizes action to be performed on a task's datasource
 *
 * @return authorization result
 */
public static Access datasourceAuthorizationCheck(final HttpServletRequest req, Action action, String datasource, AuthorizerMapper authorizerMapper) {
    ResourceAction resourceAction = new ResourceAction(new Resource(datasource, ResourceType.DATASOURCE), action);
    Access access = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper);
    if (!access.isAllowed()) {
        throw new ForbiddenException(access.toString());
    }
    return access;
}