Package com.illumon.iris.db.v2.permissions

Interface DbAclWriter

All Known Subinterfaces:
DbAclProvider
All Known Implementing Classes:
DbAclWriteClient, EtcdDbAclGuiHelper, EtcdDbAclProvider, MysqlDbAclGuiHelper, MysqlDbAclProvider, PermissionFilterProviderEtcdImpl, PermissionFilterProviderMysqlImpl, UnauthenticatedPermissionFilterProviderEtcdImpl, UnauthenticatedPermissionFilterProviderMysqlImpl
public interface DbAclWriter
This interface is used to manage Iris users, groups, account mappings, ACLs and input table editors.

  • Method Details

    • addMembership

      void addMembership​(String user, List<String> groups) throws SQLException
      Adds a user to a list of groups If the user could not be added to all of the groups, a RuntimeException is thrown.
      Parameters:
      user - the user to add to the groups
      groups - a list of groups to add the user to
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • removeMembership

      void removeMembership​(String user, List<String> groups) throws SQLException
      Removes a user from a list of groups. It is possible that the user may be removed from some groups and not others. If the user could not be removed from all of the specified groups (e.g., because they are not a member of those groups), a runtime exception is thrown.
      Parameters:
      user - the user to remove from groups
      groups - a list of groups to remove the user from
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteGroup

      void deleteGroup​(String group) throws SQLException
      Deletes a group. The group is removed from all user to group mappings, all group to strategy mappings. All table ACLs and input table editors that reference the group are deleted.
      Parameters:
      group - the group to delete.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteUser

      void deleteUser​(String user) throws SQLException
      The user is deleted. Deletes the user's group, followed by deleting any other user to group associations for the user. If managed authentication is enabled, also deletes the user's password.
      Parameters:
      user - the user to delete
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • addGroupStrategy

      void addGroupStrategy​(String group, String strategy) throws SQLException
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account. This will add a group to the intermediate "strategy".
      Parameters:
      group - the group to map to a strategy
      strategy - the strategy that the group is added to
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteGroupStrategy

      void deleteGroupStrategy​(String group, String strategy) throws SQLException
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account. This will remove a group from the intermediate "strategy".
      Parameters:
      group - the group to remove a mapping to a strategy
      strategy - the strategy that the group is removed from
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • addStrategyAccount

      void addStrategyAccount​(String strategy, String account) throws SQLException
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account. This will add an account to the intermediate "strategy".
      Parameters:
      strategy - the strategy that the account is added to
      account - the account to add to a strategy
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteStrategyAccount

      void deleteStrategyAccount​(String strategy, String account) throws SQLException
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account. This will remove an account from the intermediate "strategy".
      Parameters:
      strategy - the strategy that the account is added to
      account - the account to add to a strategy
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • addAcl

      int addAcl​(String group, String ns, String table, String acl) throws SQLException
      Adds an ACL entry. No ACL entry may currently exist for the group and table in question.
      Parameters:
      group - the group to add the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the namespace to add the entry for ("*" for tables within a namespace, if ns is "*" table must also be "*")
      acl - the ACL to add, see http://wiki.illumon.com/Iris/Permissions#Table_Access_Control_Lists_.28ACLs.29
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • updateAcl

      int updateAcl​(String group, String ns, String table, String acl) throws SQLException
      Changes an already existent ACL entry. An ACL entry must currently exist for the group and table in question.
      Parameters:
      group - the group to update the entry for
      ns - the namespace to update the entry for ("*" for all namespaces)
      table - the namespace to update the entry for ("*" for tables within a namespace, if ns is "*" table must also be "*")
      acl - the new ACL, see http://wiki.illumon.com/Iris/Permissions#Table_Access_Control_Lists_.28ACLs.29
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteAcls

      void deleteAcls​(String group, String ns, String table) throws SQLException
      Deletes an ACL entry for a group and table.
      Parameters:
      group - the group to remove the entry for
      ns - the namespace to remove the entry for ("*" for all namespaces)
      table - the namespace to remove the entry for ("*" for tables within a namespace, if ns is "*" table must also be "*")
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • addColumnAcl

      int addColumnAcl​(String group, String ns, String table, String columns, String acl) throws SQLException
      Adds a Column ACL entry. No ACL entry may currently exist for the group and table in question.
      Parameters:
      group - the group to add the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the namespace to add the entry for ("*" for tables within a namespace, if ns is "*" table must also be "*")
      columns - the columns the ACL applies to
      acl - the ACL to add, see http://wiki.illumon.com/Iris/Permissions#Table_Access_Control_Lists_.28ACLs.29
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • updateColumnAcl

      int updateColumnAcl​(String group, String ns, String table, String columns, String acl) throws SQLException
      Changes an already existent Column ACL entry. An ACL entry must currently exist for the group, table, and column set in question.
      Parameters:
      group - the group to update the entry for
      ns - the namespace to update the entry for ("*" for all namespaces)
      table - the namespace to update the entry for ("*" for tables within a namespace, if ns is "*" table must also be "*")
      columns - the columns the ACL applies to
      acl - the new ACL, see http://wiki.illumon.com/Iris/Permissions#Table_Access_Control_Lists_.28ACLs.29
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteColumnAcls

      void deleteColumnAcls​(String group, String ns, String table, String columns) throws SQLException
      Deletes a Column ACL entry for a group, table, and column set.
      Parameters:
      group - the group to remove the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the namespace to add the entry for ("*" for tables within a namespace, if ns is "*" table must also be "*")
      columns - the applicable columne set
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • addSystemAcl

      int addSystemAcl​(String group, String key, String acl) throws SQLException
      Adds a system ACL entry. No ACL entry may currently exist for the group and key in question.
      Parameters:
      group - the group to add the entry for
      key - the key to add the entry for (wildcard not allowed)
      acl - the ACL to add, see http://wiki.illumon.com/Iris/Permissions#Table_Access_Control_Lists_.28ACLs.29
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • updateSystemAcl

      int updateSystemAcl​(String group, String key, String acl) throws SQLException
      Changes an already existent system ACL entry. An ACL entry must currently exist for the group and key in question.
      Parameters:
      group - the group to update the entry for
      key - the key to update the entry for (no wildcard)
      acl - the new ACL, see http://wiki.illumon.com/Iris/Permissions#Table_Access_Control_Lists_.28ACLs.29
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteSystemAcls

      void deleteSystemAcls​(String group, String key) throws SQLException
      Deletes a system ACL entry for a group and key.
      Parameters:
      group - the group to remove the entry for
      key - the namespace to add the entry for (wildcard not allowed)
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • addInputTableEditor

      int addInputTableEditor​(String group, String ns, String table, boolean canEdit) throws SQLException
      Adds an entry to the ACL database for editing an input table.
      Parameters:
      group - the group to add the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the namespace to add the entry for ("*" for tables within a namespace, if ns is "*" table must also be "*")
      canEdit - whether the table is editable for this group
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • updateInputTableEditor

      int updateInputTableEditor​(String group, String ns, String table, boolean canEdit) throws SQLException
      Updates an entry to the ACL database for editing an input table.
      Parameters:
      group - the group to update the entry for
      ns - the namespace to update the entry for ("*" for all namespaces)
      table - the namespace to update the entry for ("*" for tables within a namespace, if ns is "*" table must also be "*")
      canEdit - whether the table is editable for this group
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteInputTableEditor

      void deleteInputTableEditor​(String group, String ns, String table) throws SQLException
      Deletes an entry to the ACL database for editing an input table.
      Parameters:
      group - the group to delete the entry for
      ns - the namespace to delete the entry for ("*" for all namespaces)
      table - the namespace to delete the entry for ("*" for tables within a namespace, if ns is "*" table must also be "*")
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • addOrUpdateSystemUserAcl

      int addOrUpdateSystemUserAcl​(String user, String systemUser) throws SQLException
      Inserts or Updates an entry to the ACL database for run-as mapping
      Parameters:
      user - the user whose system-user mapping is to be updated
      systemUser - the system-user which will be used for launching workers
      Returns:
      the number of rows within the ACL database that were modified
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteSystemUserAcl

      void deleteSystemUserAcl​(String user) throws SQLException
      Removes an entry from the ACL database for run-as mapping
      Parameters:
      user - the user whose system-user mapping is to be deleted
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • addUser

      void addUser​(String user, String passwordHash) throws SQLException
      Adds a user to the Iris system.
      Parameters:
      user - the user to add.
      passwordHash - the APR1 hash of the user's password. Ignored if the system is not configured to manage user authentication.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • changePassword

      void changePassword​(String user, String passwordHash) throws SQLException
      Changes the password for a user.
      Parameters:
      user - the user to change a password for.
      passwordHash - the APR1 hash of the user's password.
      Throws:
      SQLException - if the underlying SQL operation could not be completed

    • deleteAllAclData

      void deleteAllAclData() throws SQLException
      Deletes all data in the ACL store. Use judiciously.
      Throws:
      SQLException