Search in sources :

Example 36 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class DruidPlannerResourceAnalyzeTest method testSubqueryView.

@Test
public void testSubqueryView() {
    final String sql = "SELECT COUNT(*)\n" + "FROM (\n" + "  SELECT DISTINCT dim2\n" + "  FROM druid.foo\n" + "  WHERE SUBSTRING(dim2, 1, 1) IN (\n" + "    SELECT SUBSTRING(dim1, 1, 1) FROM view.cview WHERE dim2 IS NOT NULL\n" + "  )\n" + ")";
    Set<ResourceAction> requiredResources = analyzeResources(PLANNER_CONFIG_DEFAULT, sql, CalciteTests.REGULAR_USER_AUTH_RESULT);
    Assert.assertEquals(ImmutableSet.of(new ResourceAction(new Resource("foo", ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource("cview", ResourceType.VIEW), Action.READ)), requiredResources);
}
Also used : Resource(org.apache.druid.server.security.Resource) ResourceAction(org.apache.druid.server.security.ResourceAction) Test(org.junit.Test)

Example 37 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class DruidPlannerResourceAnalyzeTest method testTable.

@Test
public void testTable() {
    final String sql = "SELECT COUNT(*) FROM foo WHERE foo.dim1 <> 'z'";
    Set<ResourceAction> requiredResources = analyzeResources(PLANNER_CONFIG_DEFAULT, sql, CalciteTests.REGULAR_USER_AUTH_RESULT);
    Assert.assertEquals(ImmutableSet.of(new ResourceAction(new Resource("foo", ResourceType.DATASOURCE), Action.READ)), requiredResources);
}
Also used : Resource(org.apache.druid.server.security.Resource) ResourceAction(org.apache.druid.server.security.ResourceAction) Test(org.junit.Test)

Example 38 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class DruidPlannerResourceAnalyzeTest method testJoinView.

@Test
public void testJoinView() {
    final String sql = "SELECT COUNT(*) FROM view.cview as aview INNER JOIN numfoo ON aview.dim2 = numfoo.dim2 WHERE numfoo.dim1 <> 'z'";
    Set<ResourceAction> requiredResources = analyzeResources(PLANNER_CONFIG_DEFAULT, sql, CalciteTests.REGULAR_USER_AUTH_RESULT);
    Assert.assertEquals(ImmutableSet.of(new ResourceAction(new Resource("cview", ResourceType.VIEW), Action.READ), new ResourceAction(new Resource("numfoo", ResourceType.DATASOURCE), Action.READ)), requiredResources);
}
Also used : Resource(org.apache.druid.server.security.Resource) ResourceAction(org.apache.druid.server.security.ResourceAction) Test(org.junit.Test)

Example 39 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class DruidPlannerResourceAnalyzeTest method testConfusingTable.

@Test
public void testConfusingTable() {
    final String sql = "SELECT COUNT(*) FROM foo as druid WHERE druid.dim1 <> 'z'";
    Set<ResourceAction> requiredResources = analyzeResources(PLANNER_CONFIG_DEFAULT, sql, CalciteTests.REGULAR_USER_AUTH_RESULT);
    Assert.assertEquals(ImmutableSet.of(new ResourceAction(new Resource("foo", ResourceType.DATASOURCE), Action.READ)), requiredResources);
}
Also used : Resource(org.apache.druid.server.security.Resource) ResourceAction(org.apache.druid.server.security.ResourceAction) Test(org.junit.Test)

Example 40 with ResourceAction

use of org.apache.druid.server.security.ResourceAction in project druid by druid-io.

the class SqlResource method cancelQuery.

@DELETE
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response cancelQuery(@PathParam("id") String sqlQueryId, @Context final HttpServletRequest req) {
    log.debug("Received cancel request for query [%s]", sqlQueryId);
    List<SqlLifecycle> lifecycles = sqlLifecycleManager.getAll(sqlQueryId);
    if (lifecycles.isEmpty()) {
        return Response.status(Status.NOT_FOUND).build();
    }
    Set<ResourceAction> resources = lifecycles.stream().flatMap(lifecycle -> lifecycle.getRequiredResourceActions().stream()).collect(Collectors.toSet());
    Access access = AuthorizationUtils.authorizeAllResourceActions(req, resources, authorizerMapper);
    if (access.isAllowed()) {
        // should remove only the lifecycles in the snapshot.
        sqlLifecycleManager.removeAll(sqlQueryId, lifecycles);
        lifecycles.forEach(SqlLifecycle::cancel);
        return Response.status(Status.ACCEPTED).build();
    } else {
        return Response.status(Status.FORBIDDEN).build();
    }
}
Also used : Logger(org.apache.druid.java.util.common.logger.Logger) SqlLifecycle(org.apache.druid.sql.SqlLifecycle) PathParam(javax.ws.rs.PathParam) Produces(javax.ws.rs.Produces) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) Inject(com.google.inject.Inject) CountingOutputStream(com.google.common.io.CountingOutputStream) BadQueryException(org.apache.druid.query.BadQueryException) Path(javax.ws.rs.Path) Yielders(org.apache.druid.java.util.common.guava.Yielders) QueryCapacityExceededException(org.apache.druid.query.QueryCapacityExceededException) HttpServletRequest(javax.servlet.http.HttpServletRequest) MediaType(javax.ws.rs.core.MediaType) Consumes(javax.ws.rs.Consumes) SqlPlanningException(org.apache.druid.sql.SqlPlanningException) ForbiddenException(org.apache.druid.server.security.ForbiddenException) Yielder(org.apache.druid.java.util.common.guava.Yielder) Status(javax.ws.rs.core.Response.Status) Nullable(javax.annotation.Nullable) DELETE(javax.ws.rs.DELETE) SanitizableException(org.apache.druid.common.exception.SanitizableException) Sequence(org.apache.druid.java.util.common.guava.Sequence) Access(org.apache.druid.server.security.Access) POST(javax.ws.rs.POST) Context(javax.ws.rs.core.Context) ServerConfig(org.apache.druid.server.initialization.ServerConfig) QueryInterruptedException(org.apache.druid.query.QueryInterruptedException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) SqlLifecycleFactory(org.apache.druid.sql.SqlLifecycleFactory) StringUtils(org.apache.druid.java.util.common.StringUtils) Set(java.util.Set) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) SqlRowTransformer(org.apache.druid.sql.SqlRowTransformer) StreamingOutput(javax.ws.rs.core.StreamingOutput) IOException(java.io.IOException) Json(org.apache.druid.guice.annotations.Json) AuthorizationUtils(org.apache.druid.server.security.AuthorizationUtils) SqlLifecycleManager(org.apache.druid.sql.SqlLifecycleManager) Collectors(java.util.stream.Collectors) List(java.util.List) QueryTimeoutException(org.apache.druid.query.QueryTimeoutException) Response(javax.ws.rs.core.Response) ResourceAction(org.apache.druid.server.security.ResourceAction) ResourceLimitExceededException(org.apache.druid.query.ResourceLimitExceededException) Preconditions(com.google.common.base.Preconditions) RelOptPlanner(org.apache.calcite.plan.RelOptPlanner) QueryUnsupportedException(org.apache.druid.query.QueryUnsupportedException) SqlLifecycle(org.apache.druid.sql.SqlLifecycle) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Produces(javax.ws.rs.Produces)

Aggregations

ResourceAction (org.apache.druid.server.security.ResourceAction)40 Resource (org.apache.druid.server.security.Resource)35 Test (org.junit.Test)22 Access (org.apache.druid.server.security.Access)19 ForbiddenException (org.apache.druid.server.security.ForbiddenException)13 HashMap (java.util.HashMap)8 Response (javax.ws.rs.core.Response)8 Path (javax.ws.rs.Path)6 Produces (javax.ws.rs.Produces)6 List (java.util.List)5 POST (javax.ws.rs.POST)5 WebApplicationException (javax.ws.rs.WebApplicationException)5 BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)5 Inject (com.google.inject.Inject)4 Set (java.util.Set)4 Collectors (java.util.stream.Collectors)4 Nullable (javax.annotation.Nullable)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 Consumes (javax.ws.rs.Consumes)4 DELETE (javax.ws.rs.DELETE)4