@GET @Produces(MediaType.APPLICATION_JSON) public Iterable<String> getDataSources(@Context final HttpServletRequest request) { Function<String, Iterable<ResourceAction>> raGenerator = datasourceName -> { return Collections.singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(datasourceName)); }; return AuthorizationUtils.filterAuthorizedResources( request, getAllDataSources(), raGenerator, authorizerMapper ); }
@GET @Path("/history") @Produces(MediaType.APPLICATION_JSON) public Response specGetAllHistory(@Context final HttpServletRequest req) { return asLeaderWithSupervisorManager( manager -> Response.ok( AuthorizationUtils.filterAuthorizedResources( req, manager.getSupervisorHistory(), SPEC_DATASOURCE_READ_RA_GENERATOR, authorizerMapper ) ).build() ); }
private CloseableIterator<DataSegment> getAuthorizedPublishedSegments( JsonParserIterator<DataSegment> it, DataContext root ) { final AuthenticationResult authenticationResult = (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT); Function<DataSegment, Iterable<ResourceAction>> raGenerator = segment -> Collections.singletonList( AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSource())); final Iterable<DataSegment> authorizedSegments = AuthorizationUtils.filterAuthorizedResources( authenticationResult, () -> it, raGenerator, authorizerMapper ); return wrap(authorizedSegments.iterator(), it); }
private CloseableIterator<TaskStatusPlus> getAuthorizedTasks( JsonParserIterator<TaskStatusPlus> it, DataContext root ) { final AuthenticationResult authenticationResult = (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT); Function<TaskStatusPlus, Iterable<ResourceAction>> raGenerator = task -> Collections.singletonList( AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(task.getDataSource())); final Iterable<TaskStatusPlus> authorizedTasks = AuthorizationUtils.filterAuthorizedResources( authenticationResult, () -> it, raGenerator, authorizerMapper ); return wrap(authorizedTasks.iterator(), it); }
private Iterator<Entry<DataSegment, SegmentMetadataHolder>> getAuthorizedAvailableSegments( Iterator<Entry<DataSegment, SegmentMetadataHolder>> availableSegmentEntries, DataContext root ) { final AuthenticationResult authenticationResult = (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT); Function<Entry<DataSegment, SegmentMetadataHolder>, Iterable<ResourceAction>> raGenerator = segment -> Collections .singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getKey().getDataSource())); final Iterable<Entry<DataSegment, SegmentMetadataHolder>> authorizedSegments = AuthorizationUtils.filterAuthorizedResources( authenticationResult, () -> availableSegmentEntries, raGenerator, authorizerMapper ); return authorizedSegments.iterator(); }
@GET @Path("/segments") @Produces(MediaType.APPLICATION_JSON) public Response getDatabaseSegments(@Context final HttpServletRequest req) { final Collection<ImmutableDruidDataSource> druidDataSources = metadataSegmentManager.getDataSources(); final Stream<DataSegment> metadataSegments = druidDataSources .stream() .flatMap(t -> t.getSegments().stream()); Function<DataSegment, Iterable<ResourceAction>> raGenerator = segment -> Collections.singletonList( AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSource())); final Iterable<DataSegment> authorizedSegments = AuthorizationUtils.filterAuthorizedResources(req, metadataSegments::iterator, raGenerator, authorizerMapper); final StreamingOutput stream = outputStream -> { final JsonFactory jsonFactory = jsonMapper.getFactory(); try (final JsonGenerator jsonGenerator = jsonFactory.createGenerator(outputStream)) { jsonGenerator.writeStartArray(); for (DataSegment ds : authorizedSegments) { jsonGenerator.writeObject(ds); jsonGenerator.flush(); } jsonGenerator.writeEndArray(); } }; Response.ResponseBuilder builder = Response.status(Response.Status.OK); return builder.entity(stream).build(); }
private Set<String> filterAuthorizedSupervisorIds( final HttpServletRequest req, SupervisorManager manager, Collection<String> supervisorIds ) { Function<String, Iterable<ResourceAction>> raGenerator = supervisorId -> { Optional<SupervisorSpec> supervisorSpecOptional = manager.getSupervisorSpec(supervisorId); if (supervisorSpecOptional.isPresent()) { return Iterables.transform( supervisorSpecOptional.get().getDataSources(), AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR ); } else { return null; } }; return Sets.newHashSet( AuthorizationUtils.filterAuthorizedResources( req, supervisorIds, raGenerator, authorizerMapper ) ); }
AuthorizationUtils.filterAuthorizedResources( req, dataSourceNamesPreAuth,
final List<VersionedSupervisorSpec> authorizedHistoryForId = Lists.newArrayList( AuthorizationUtils.filterAuthorizedResources( req, historyForId,
static SortedSet<ImmutableDruidDataSource> getSecuredDataSources( HttpServletRequest request, InventoryView inventoryView, final AuthorizerMapper authorizerMapper ) { if (authorizerMapper == null) { throw new ISE("No authorization mapper found"); } Iterable<ImmutableDruidDataSource> filteredResources = AuthorizationUtils.filterAuthorizedResources( request, getDataSources(inventoryView), datasource -> Collections.singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(datasource.getName())), authorizerMapper ); SortedSet<ImmutableDruidDataSource> set = new TreeSet<>(comparingByName()); filteredResources.forEach(set::add); return Collections.unmodifiableSortedSet(set); } }
AuthorizationUtils.filterAuthorizedResources( authenticationResult, entry.getValue(),
private Set<String> getAuthorizedTableNamesFromSubSchema( final SchemaPlus subSchema, final AuthenticationResult authenticationResult ) { if (DruidSchema.NAME.equals(subSchema.getName())) { // The "druid" schema's tables represent Druid datasources which require authorization return ImmutableSet.copyOf( AuthorizationUtils.filterAuthorizedResources( authenticationResult, subSchema.getTableNames(), DRUID_TABLE_RA_GENERATOR, authorizerMapper ) ); } else { // for non "druid" schema, we don't filter anything return subSchema.getTableNames(); } }
private Set<String> getAuthorizedFunctionNamesFromSubSchema( final SchemaPlus subSchema, final AuthenticationResult authenticationResult ) { if (DruidSchema.NAME.equals(subSchema.getName())) { // The "druid" schema's functions represent views on Druid datasources, authorize them as if they were // datasources for now return ImmutableSet.copyOf( AuthorizationUtils.filterAuthorizedResources( authenticationResult, subSchema.getFunctionNames(), DRUID_TABLE_RA_GENERATOR, authorizerMapper ) ); } else { // for non "druid" schema, we don't filter anything return subSchema.getFunctionNames(); } } }
final Iterable<ResType> filteredResources = filterAuthorizedResources( authenticationResult, resources,
AuthorizationUtils.filterAuthorizedResources( req, optionalTypeFilteredList,
@GET @Produces(MediaType.APPLICATION_JSON) public Iterable<String> getDataSources(@Context final HttpServletRequest request) { Function<String, Iterable<ResourceAction>> raGenerator = datasourceName -> { return Collections.singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(datasourceName)); }; return AuthorizationUtils.filterAuthorizedResources( request, getSegmentsForDatasources().keySet(), raGenerator, authorizerMapper ); }
private CloseableIterator<TaskStatusPlus> getAuthorizedTasks(JsonParserIterator<TaskStatusPlus> it, DataContext root) { final AuthenticationResult authenticationResult = (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT); Function<TaskStatusPlus, Iterable<ResourceAction>> raGenerator = task -> Collections.singletonList( AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(task.getDataSource())); final Iterable<TaskStatusPlus> authorizedTasks = AuthorizationUtils.filterAuthorizedResources( authenticationResult, () -> it, raGenerator, authorizerMapper); return wrap(authorizedTasks.iterator(), it); }
private CloseableIterator<DataSegment> getAuthorizedPublishedSegments( JsonParserIterator<DataSegment> it, DataContext root ) { final AuthenticationResult authenticationResult = (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT); Function<DataSegment, Iterable<ResourceAction>> raGenerator = segment -> Collections.singletonList( AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSource())); final Iterable<DataSegment> authorizedSegments = AuthorizationUtils.filterAuthorizedResources( authenticationResult, () -> it, raGenerator, authorizerMapper); return wrap(authorizedSegments.iterator(), it); }
private Iterator<Entry<DataSegment, SegmentMetadataHolder>> getAuthorizedAvailableSegments( Iterator<Entry<DataSegment, SegmentMetadataHolder>> availableSegmentEntries, DataContext root ) { final AuthenticationResult authenticationResult = (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT); Function<Entry<DataSegment, SegmentMetadataHolder>, Iterable<ResourceAction>> raGenerator = segment -> Collections .singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getKey().getDataSource())); final Iterable<Entry<DataSegment, SegmentMetadataHolder>> authorizedSegments = AuthorizationUtils.filterAuthorizedResources( authenticationResult, () -> availableSegmentEntries, raGenerator, authorizerMapper); return authorizedSegments.iterator(); }
@GET @Path("/history") @Produces(MediaType.APPLICATION_JSON) public Response specGetAllHistory(@Context final HttpServletRequest req) { return asLeaderWithSupervisorManager( manager -> Response.ok( AuthorizationUtils.filterAuthorizedResources( req, manager.getSupervisorHistory(), SPEC_DATASOURCE_READ_RA_GENERATOR, authorizerMapper ) ).build() ); }