Search in sources :

Example 31 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class OverlordResource method getTasks.

@GET
@Path("/tasks")
@Produces(MediaType.APPLICATION_JSON)
public Response getTasks(@QueryParam("state") final String state, @QueryParam("datasource") final String dataSource, @QueryParam("createdTimeInterval") final String createdTimeInterval, @QueryParam("max") final Integer maxCompletedTasks, @QueryParam("type") final String type, @Context final HttpServletRequest req) {
    // check for valid state
    if (state != null) {
        if (!API_TASK_STATES.contains(StringUtils.toLowerCase(state))) {
            return Response.status(Status.BAD_REQUEST).entity(StringUtils.format("Invalid state : %s, valid values are: %s", state, API_TASK_STATES)).build();
        }
    }
    // fail fast if user not authorized to access datasource
    if (dataSource != null) {
        final ResourceAction resourceAction = new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.READ);
        final Access authResult = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper);
        if (!authResult.isAllowed()) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(StringUtils.format("Access-Check-Result: %s", authResult.toString())).build());
        }
    }
    List<TaskStatusPlus> finalTaskList = new ArrayList<>();
    Function<AnyTask, TaskStatusPlus> activeTaskTransformFunc = workItem -> new TaskStatusPlus(workItem.getTaskId(), workItem.getTaskGroupId(), workItem.getTaskType(), workItem.getCreatedTime(), workItem.getQueueInsertionTime(), workItem.getTaskState(), workItem.getRunnerTaskState(), null, workItem.getLocation(), workItem.getDataSource(), null);
    Function<TaskInfo<Task, TaskStatus>, TaskStatusPlus> completeTaskTransformFunc = taskInfo -> new TaskStatusPlus(taskInfo.getId(), taskInfo.getTask() == null ? null : taskInfo.getTask().getGroupId(), taskInfo.getTask() == null ? null : taskInfo.getTask().getType(), taskInfo.getCreatedTime(), // TaskStorage API doesn't yet allow it.
    DateTimes.EPOCH, taskInfo.getStatus().getStatusCode(), RunnerTaskState.NONE, taskInfo.getStatus().getDuration(), taskInfo.getStatus().getLocation() == null ? TaskLocation.unknown() : taskInfo.getStatus().getLocation(), taskInfo.getDataSource(), taskInfo.getStatus().getErrorMsg());
    // checking for complete tasks first to avoid querying active tasks if user only wants complete tasks
    if (state == null || "complete".equals(StringUtils.toLowerCase(state))) {
        Duration createdTimeDuration = null;
        if (createdTimeInterval != null) {
            final Interval theInterval = Intervals.of(StringUtils.replace(createdTimeInterval, "_", "/"));
            createdTimeDuration = theInterval.toDuration();
        }
        final List<TaskInfo<Task, TaskStatus>> taskInfoList = taskStorageQueryAdapter.getCompletedTaskInfoByCreatedTimeDuration(maxCompletedTasks, createdTimeDuration, dataSource);
        final List<TaskStatusPlus> completedTasks = taskInfoList.stream().map(completeTaskTransformFunc::apply).collect(Collectors.toList());
        finalTaskList.addAll(completedTasks);
    }
    final List<TaskInfo<Task, TaskStatus>> allActiveTaskInfo;
    final List<AnyTask> allActiveTasks = new ArrayList<>();
    if (state == null || !"complete".equals(StringUtils.toLowerCase(state))) {
        allActiveTaskInfo = taskStorageQueryAdapter.getActiveTaskInfo(dataSource);
        for (final TaskInfo<Task, TaskStatus> task : allActiveTaskInfo) {
            allActiveTasks.add(new AnyTask(task.getId(), task.getTask() == null ? null : task.getTask().getGroupId(), task.getTask() == null ? null : task.getTask().getType(), SettableFuture.create(), task.getDataSource(), null, null, task.getCreatedTime(), DateTimes.EPOCH, TaskLocation.unknown()));
        }
    }
    if (state == null || "waiting".equals(StringUtils.toLowerCase(state))) {
        final List<AnyTask> waitingWorkItems = filterActiveTasks(RunnerTaskState.WAITING, allActiveTasks);
        List<TaskStatusPlus> transformedWaitingList = waitingWorkItems.stream().map(activeTaskTransformFunc::apply).collect(Collectors.toList());
        finalTaskList.addAll(transformedWaitingList);
    }
    if (state == null || "pending".equals(StringUtils.toLowerCase(state))) {
        final List<AnyTask> pendingWorkItems = filterActiveTasks(RunnerTaskState.PENDING, allActiveTasks);
        List<TaskStatusPlus> transformedPendingList = pendingWorkItems.stream().map(activeTaskTransformFunc::apply).collect(Collectors.toList());
        finalTaskList.addAll(transformedPendingList);
    }
    if (state == null || "running".equals(StringUtils.toLowerCase(state))) {
        final List<AnyTask> runningWorkItems = filterActiveTasks(RunnerTaskState.RUNNING, allActiveTasks);
        List<TaskStatusPlus> transformedRunningList = runningWorkItems.stream().map(activeTaskTransformFunc::apply).collect(Collectors.toList());
        finalTaskList.addAll(transformedRunningList);
    }
    final List<TaskStatusPlus> authorizedList = securedTaskStatusPlus(finalTaskList, dataSource, type, req);
    return Response.ok(authorizedList).build();
}
Also used : Produces(javax.ws.rs.Produces) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) TaskLogStreamer(org.apache.druid.tasklogs.TaskLogStreamer) Inject(com.google.inject.Inject) Path(javax.ws.rs.Path) ResourceFilters(com.sun.jersey.spi.container.ResourceFilters) JacksonConfigManager(org.apache.druid.common.config.JacksonConfigManager) SettableFuture(com.google.common.util.concurrent.SettableFuture) TaskStorageQueryAdapter(org.apache.druid.indexing.overlord.TaskStorageQueryAdapter) HttpMediaType(org.apache.druid.server.http.HttpMediaType) MediaType(javax.ws.rs.core.MediaType) QueryParam(javax.ws.rs.QueryParam) TaskActionClient(org.apache.druid.indexing.common.actions.TaskActionClient) Consumes(javax.ws.rs.Consumes) TaskQueue(org.apache.druid.indexing.overlord.TaskQueue) Optional(com.google.common.base.Optional) Task(org.apache.druid.indexing.common.task.Task) TaskRunner(org.apache.druid.indexing.overlord.TaskRunner) Map(java.util.Map) DefaultValue(javax.ws.rs.DefaultValue) HeaderParam(javax.ws.rs.HeaderParam) ForbiddenException(org.apache.druid.server.security.ForbiddenException) TaskResourceFilter(org.apache.druid.indexing.overlord.http.security.TaskResourceFilter) DELETE(javax.ws.rs.DELETE) WorkerBehaviorConfig(org.apache.druid.indexing.overlord.setup.WorkerBehaviorConfig) DateTimes(org.apache.druid.java.util.common.DateTimes) Function(com.google.common.base.Function) Context(javax.ws.rs.core.Context) ImmutableMap(com.google.common.collect.ImmutableMap) Collection(java.util.Collection) StringUtils(org.apache.druid.java.util.common.StringUtils) Set(java.util.Set) Action(org.apache.druid.server.security.Action) IndexerMetadataStorageAdapter(org.apache.druid.indexing.overlord.IndexerMetadataStorageAdapter) Collectors(java.util.stream.Collectors) AuditManager(org.apache.druid.audit.AuditManager) TaskStatusPlus(org.apache.druid.indexer.TaskStatusPlus) DatasourceResourceFilter(org.apache.druid.server.http.security.DatasourceResourceFilter) TaskState(org.apache.druid.indexer.TaskState) List(java.util.List) Response(javax.ws.rs.core.Response) ClientTaskQuery(org.apache.druid.client.indexing.ClientTaskQuery) AuditEntry(org.apache.druid.audit.AuditEntry) DataSegment(org.apache.druid.timeline.DataSegment) WebApplicationException(javax.ws.rs.WebApplicationException) TaskMaster(org.apache.druid.indexing.overlord.TaskMaster) Logger(org.apache.druid.java.util.common.logger.Logger) SetResult(org.apache.druid.common.config.ConfigManager.SetResult) TaskActionHolder(org.apache.druid.indexing.common.actions.TaskActionHolder) AuditInfo(org.apache.druid.audit.AuditInfo) PathParam(javax.ws.rs.PathParam) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) Intervals(org.apache.druid.java.util.common.Intervals) GET(javax.ws.rs.GET) Duration(org.joda.time.Duration) HashMap(java.util.HashMap) AtomicReference(java.util.concurrent.atomic.AtomicReference) TaskStatus(org.apache.druid.indexer.TaskStatus) WorkerTaskRunnerQueryAdapter(org.apache.druid.indexing.overlord.WorkerTaskRunnerQueryAdapter) ScalingStats(org.apache.druid.indexing.overlord.autoscaling.ScalingStats) ArrayList(java.util.ArrayList) EntryExistsException(org.apache.druid.metadata.EntryExistsException) Interval(org.joda.time.Interval) HttpServletRequest(javax.servlet.http.HttpServletRequest) Lists(com.google.common.collect.Lists) ImmutableList(com.google.common.collect.ImmutableList) DefaultWorkerBehaviorConfig(org.apache.druid.indexing.overlord.setup.DefaultWorkerBehaviorConfig) ByteSource(com.google.common.io.ByteSource) Status(javax.ws.rs.core.Response.Status) StateResourceFilter(org.apache.druid.server.http.security.StateResourceFilter) Nullable(javax.annotation.Nullable) ImmutableWorkerInfo(org.apache.druid.indexing.overlord.ImmutableWorkerInfo) Access(org.apache.druid.server.security.Access) POST(javax.ws.rs.POST) TaskInfo(org.apache.druid.indexer.TaskInfo) ResourceType(org.apache.druid.server.security.ResourceType) DateTime(org.joda.time.DateTime) TaskLocation(org.apache.druid.indexer.TaskLocation) WorkerTaskRunner(org.apache.druid.indexing.overlord.WorkerTaskRunner) ConfigResourceFilter(org.apache.druid.server.http.security.ConfigResourceFilter) AuthorizationUtils(org.apache.druid.server.security.AuthorizationUtils) Maps(com.google.common.collect.Maps) RunnerTaskState(org.apache.druid.indexer.RunnerTaskState) ProvisioningStrategy(org.apache.druid.indexing.overlord.autoscaling.ProvisioningStrategy) Resource(org.apache.druid.server.security.Resource) ResourceAction(org.apache.druid.server.security.ResourceAction) TaskRunnerWorkItem(org.apache.druid.indexing.overlord.TaskRunnerWorkItem) Collections(java.util.Collections) Task(org.apache.druid.indexing.common.task.Task) WebApplicationException(javax.ws.rs.WebApplicationException) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) ArrayList(java.util.ArrayList) Duration(org.joda.time.Duration) TaskStatus(org.apache.druid.indexer.TaskStatus) TaskInfo(org.apache.druid.indexer.TaskInfo) TaskStatusPlus(org.apache.druid.indexer.TaskStatusPlus) ResourceAction(org.apache.druid.server.security.ResourceAction) Interval(org.joda.time.Interval) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 32 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class OverlordResource method securedTaskStatusPlus.

private List<TaskStatusPlus> securedTaskStatusPlus(List<TaskStatusPlus> collectionToFilter, @Nullable String dataSource, @Nullable String type, HttpServletRequest req) {
    Function<TaskStatusPlus, Iterable<ResourceAction>> raGenerator = taskStatusPlus -> {
        final String taskId = taskStatusPlus.getId();
        final String taskDatasource = taskStatusPlus.getDataSource();
        if (taskDatasource == null) {
            throw new WebApplicationException(Response.serverError().entity(StringUtils.format("No task information found for task with id: [%s]", taskId)).build());
        }
        return Collections.singletonList(new ResourceAction(new Resource(taskDatasource, ResourceType.DATASOURCE), Action.READ));
    };
    List<TaskStatusPlus> optionalTypeFilteredList = collectionToFilter;
    if (type != null) {
        optionalTypeFilteredList = collectionToFilter.stream().filter(task -> type.equals(task.getType())).collect(Collectors.toList());
    }
    if (dataSource != null) {
        // skip auth check here, as it's already done in getTasks
        return optionalTypeFilteredList;
    }
    return Lists.newArrayList(AuthorizationUtils.filterAuthorizedResources(req, optionalTypeFilteredList, raGenerator, authorizerMapper));
}
Also used : Produces(javax.ws.rs.Produces) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) TaskLogStreamer(org.apache.druid.tasklogs.TaskLogStreamer) Inject(com.google.inject.Inject) Path(javax.ws.rs.Path) ResourceFilters(com.sun.jersey.spi.container.ResourceFilters) JacksonConfigManager(org.apache.druid.common.config.JacksonConfigManager) SettableFuture(com.google.common.util.concurrent.SettableFuture) TaskStorageQueryAdapter(org.apache.druid.indexing.overlord.TaskStorageQueryAdapter) HttpMediaType(org.apache.druid.server.http.HttpMediaType) MediaType(javax.ws.rs.core.MediaType) QueryParam(javax.ws.rs.QueryParam) TaskActionClient(org.apache.druid.indexing.common.actions.TaskActionClient) Consumes(javax.ws.rs.Consumes) TaskQueue(org.apache.druid.indexing.overlord.TaskQueue) Optional(com.google.common.base.Optional) Task(org.apache.druid.indexing.common.task.Task) TaskRunner(org.apache.druid.indexing.overlord.TaskRunner) Map(java.util.Map) DefaultValue(javax.ws.rs.DefaultValue) HeaderParam(javax.ws.rs.HeaderParam) ForbiddenException(org.apache.druid.server.security.ForbiddenException) TaskResourceFilter(org.apache.druid.indexing.overlord.http.security.TaskResourceFilter) DELETE(javax.ws.rs.DELETE) WorkerBehaviorConfig(org.apache.druid.indexing.overlord.setup.WorkerBehaviorConfig) DateTimes(org.apache.druid.java.util.common.DateTimes) Function(com.google.common.base.Function) Context(javax.ws.rs.core.Context) ImmutableMap(com.google.common.collect.ImmutableMap) Collection(java.util.Collection) StringUtils(org.apache.druid.java.util.common.StringUtils) Set(java.util.Set) Action(org.apache.druid.server.security.Action) IndexerMetadataStorageAdapter(org.apache.druid.indexing.overlord.IndexerMetadataStorageAdapter) Collectors(java.util.stream.Collectors) AuditManager(org.apache.druid.audit.AuditManager) TaskStatusPlus(org.apache.druid.indexer.TaskStatusPlus) DatasourceResourceFilter(org.apache.druid.server.http.security.DatasourceResourceFilter) TaskState(org.apache.druid.indexer.TaskState) List(java.util.List) Response(javax.ws.rs.core.Response) ClientTaskQuery(org.apache.druid.client.indexing.ClientTaskQuery) AuditEntry(org.apache.druid.audit.AuditEntry) DataSegment(org.apache.druid.timeline.DataSegment) WebApplicationException(javax.ws.rs.WebApplicationException) TaskMaster(org.apache.druid.indexing.overlord.TaskMaster) Logger(org.apache.druid.java.util.common.logger.Logger) SetResult(org.apache.druid.common.config.ConfigManager.SetResult) TaskActionHolder(org.apache.druid.indexing.common.actions.TaskActionHolder) AuditInfo(org.apache.druid.audit.AuditInfo) PathParam(javax.ws.rs.PathParam) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) Intervals(org.apache.druid.java.util.common.Intervals) GET(javax.ws.rs.GET) Duration(org.joda.time.Duration) HashMap(java.util.HashMap) AtomicReference(java.util.concurrent.atomic.AtomicReference) TaskStatus(org.apache.druid.indexer.TaskStatus) WorkerTaskRunnerQueryAdapter(org.apache.druid.indexing.overlord.WorkerTaskRunnerQueryAdapter) ScalingStats(org.apache.druid.indexing.overlord.autoscaling.ScalingStats) ArrayList(java.util.ArrayList) EntryExistsException(org.apache.druid.metadata.EntryExistsException) Interval(org.joda.time.Interval) HttpServletRequest(javax.servlet.http.HttpServletRequest) Lists(com.google.common.collect.Lists) ImmutableList(com.google.common.collect.ImmutableList) DefaultWorkerBehaviorConfig(org.apache.druid.indexing.overlord.setup.DefaultWorkerBehaviorConfig) ByteSource(com.google.common.io.ByteSource) Status(javax.ws.rs.core.Response.Status) StateResourceFilter(org.apache.druid.server.http.security.StateResourceFilter) Nullable(javax.annotation.Nullable) ImmutableWorkerInfo(org.apache.druid.indexing.overlord.ImmutableWorkerInfo) Access(org.apache.druid.server.security.Access) POST(javax.ws.rs.POST) TaskInfo(org.apache.druid.indexer.TaskInfo) ResourceType(org.apache.druid.server.security.ResourceType) DateTime(org.joda.time.DateTime) TaskLocation(org.apache.druid.indexer.TaskLocation) WorkerTaskRunner(org.apache.druid.indexing.overlord.WorkerTaskRunner) ConfigResourceFilter(org.apache.druid.server.http.security.ConfigResourceFilter) AuthorizationUtils(org.apache.druid.server.security.AuthorizationUtils) Maps(com.google.common.collect.Maps) RunnerTaskState(org.apache.druid.indexer.RunnerTaskState) ProvisioningStrategy(org.apache.druid.indexing.overlord.autoscaling.ProvisioningStrategy) Resource(org.apache.druid.server.security.Resource) ResourceAction(org.apache.druid.server.security.ResourceAction) TaskRunnerWorkItem(org.apache.druid.indexing.overlord.TaskRunnerWorkItem) Collections(java.util.Collections) WebApplicationException(javax.ws.rs.WebApplicationException) Resource(org.apache.druid.server.security.Resource) TaskStatusPlus(org.apache.druid.indexer.TaskStatusPlus) ResourceAction(org.apache.druid.server.security.ResourceAction)

Example 33 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class TaskResourceFilter method filter.

@Override
public ContainerRequest filter(ContainerRequest request) {
    String taskId = Preconditions.checkNotNull(request.getPathSegments().get(Iterables.indexOf(request.getPathSegments(), input -> "task".equals(input.getPath())) + 1).getPath());
    IdUtils.validateId("taskId", taskId);
    Optional<Task> taskOptional = taskStorageQueryAdapter.getTask(taskId);
    if (!taskOptional.isPresent()) {
        throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).entity(StringUtils.format("Cannot find any task with id: [%s]", taskId)).build());
    }
    final String dataSourceName = Preconditions.checkNotNull(taskOptional.get().getDataSource());
    final ResourceAction resourceAction = new ResourceAction(new Resource(dataSourceName, ResourceType.DATASOURCE), getAction(request));
    final Access authResult = AuthorizationUtils.authorizeResourceAction(getReq(), resourceAction, getAuthorizerMapper());
    if (!authResult.isAllowed()) {
        throw new ForbiddenException(authResult.toString());
    }
    return request;
}
Also used : Task(org.apache.druid.indexing.common.task.Task) ForbiddenException(org.apache.druid.server.security.ForbiddenException) WebApplicationException(javax.ws.rs.WebApplicationException) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction)

Example 34 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class MetadataResource method getAllUsedSegmentsWithOvershadowedStatus.

private Response getAllUsedSegmentsWithOvershadowedStatus(HttpServletRequest req, @Nullable Set<String> dataSources) {
    DataSourcesSnapshot dataSourcesSnapshot = segmentsMetadataManager.getSnapshotOfDataSourcesWithAllUsedSegments();
    Collection<ImmutableDruidDataSource> dataSourcesWithUsedSegments = dataSourcesSnapshot.getDataSourcesWithAllUsedSegments();
    if (dataSources != null && !dataSources.isEmpty()) {
        dataSourcesWithUsedSegments = dataSourcesWithUsedSegments.stream().filter(dataSourceWithUsedSegments -> dataSources.contains(dataSourceWithUsedSegments.getName())).collect(Collectors.toList());
    }
    final Stream<DataSegment> usedSegments = dataSourcesWithUsedSegments.stream().flatMap(t -> t.getSegments().stream());
    final Set<SegmentId> overshadowedSegments = dataSourcesSnapshot.getOvershadowedSegments();
    final Stream<SegmentWithOvershadowedStatus> usedSegmentsWithOvershadowedStatus = usedSegments.map(segment -> new SegmentWithOvershadowedStatus(segment, overshadowedSegments.contains(segment.getId())));
    final Function<SegmentWithOvershadowedStatus, Iterable<ResourceAction>> raGenerator = segment -> Collections.singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSegment().getDataSource()));
    final Iterable<SegmentWithOvershadowedStatus> authorizedSegments = AuthorizationUtils.filterAuthorizedResources(req, usedSegmentsWithOvershadowedStatus::iterator, raGenerator, authorizerMapper);
    Response.ResponseBuilder builder = Response.status(Response.Status.OK);
    return builder.entity(authorizedSegments).build();
}
Also used : Iterables(com.google.common.collect.Iterables) PathParam(javax.ws.rs.PathParam) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) Inject(com.google.inject.Inject) SegmentWithOvershadowedStatus(org.apache.druid.timeline.SegmentWithOvershadowedStatus) Path(javax.ws.rs.Path) Collections2(com.google.common.collect.Collections2) ResourceFilters(com.sun.jersey.spi.container.ResourceFilters) DataSourcesSnapshot(org.apache.druid.client.DataSourcesSnapshot) TreeSet(java.util.TreeSet) Interval(org.joda.time.Interval) HttpServletRequest(javax.servlet.http.HttpServletRequest) MediaType(javax.ws.rs.core.MediaType) QueryParam(javax.ws.rs.QueryParam) ImmutableDruidDataSource(org.apache.druid.client.ImmutableDruidDataSource) Nullable(javax.annotation.Nullable) JettyUtils(org.apache.druid.server.JettyUtils) Function(com.google.common.base.Function) POST(javax.ws.rs.POST) Context(javax.ws.rs.core.Context) SegmentsMetadataManager(org.apache.druid.metadata.SegmentsMetadataManager) Collection(java.util.Collection) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Segments(org.apache.druid.indexing.overlord.Segments) Set(java.util.Set) Json(org.apache.druid.guice.annotations.Json) AuthorizationUtils(org.apache.druid.server.security.AuthorizationUtils) Collectors(java.util.stream.Collectors) DatasourceResourceFilter(org.apache.druid.server.http.security.DatasourceResourceFilter) List(java.util.List) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) ResourceAction(org.apache.druid.server.security.ResourceAction) IndexerMetadataStorageCoordinator(org.apache.druid.indexing.overlord.IndexerMetadataStorageCoordinator) DataSegment(org.apache.druid.timeline.DataSegment) UriInfo(javax.ws.rs.core.UriInfo) SegmentId(org.apache.druid.timeline.SegmentId) Collections(java.util.Collections) ImmutableDruidDataSource(org.apache.druid.client.ImmutableDruidDataSource) SegmentId(org.apache.druid.timeline.SegmentId) DataSegment(org.apache.druid.timeline.DataSegment) Response(javax.ws.rs.core.Response) SegmentWithOvershadowedStatus(org.apache.druid.timeline.SegmentWithOvershadowedStatus) DataSourcesSnapshot(org.apache.druid.client.DataSourcesSnapshot)

Example 35 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class DruidPlannerResourceAnalyzeTest method testSubquery.

@Test
public void testSubquery() {
    final String sql = "SELECT COUNT(*)\n" + "FROM (\n" + "  SELECT DISTINCT dim2\n" + "  FROM druid.foo\n" + "  WHERE SUBSTRING(dim2, 1, 1) IN (\n" + "    SELECT SUBSTRING(dim1, 1, 1) FROM druid.numfoo WHERE dim1 IS NOT NULL\n" + "  )\n" + ")";
    Set<ResourceAction> requiredResources = analyzeResources(PLANNER_CONFIG_DEFAULT, sql, CalciteTests.REGULAR_USER_AUTH_RESULT);
    Assert.assertEquals(ImmutableSet.of(new ResourceAction(new Resource("foo", ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource("numfoo", ResourceType.DATASOURCE), Action.READ)), requiredResources);
}
Also used : Resource(org.apache.druid.server.security.Resource) ResourceAction(org.apache.druid.server.security.ResourceAction) Test(org.junit.Test)

Aggregations

ResourceAction (org.apache.druid.server.security.ResourceAction)40 Resource (org.apache.druid.server.security.Resource)35 Test (org.junit.Test)22 Access (org.apache.druid.server.security.Access)19 ForbiddenException (org.apache.druid.server.security.ForbiddenException)13 HashMap (java.util.HashMap)8 Response (javax.ws.rs.core.Response)8 Path (javax.ws.rs.Path)6 Produces (javax.ws.rs.Produces)6 List (java.util.List)5 POST (javax.ws.rs.POST)5 WebApplicationException (javax.ws.rs.WebApplicationException)5 BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)5 Inject (com.google.inject.Inject)4 Set (java.util.Set)4 Collectors (java.util.stream.Collectors)4 Nullable (javax.annotation.Nullable)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 Consumes (javax.ws.rs.Consumes)4 DELETE (javax.ws.rs.DELETE)4