Package com.illumon.iris.db.v2.permissions

Class DbAclWriteClient

java.lang.Object
com.illumon.iris.db.v2.permissions.DbAclWriteClient
All Implemented Interfaces:
DbAclWriter
public class DbAclWriteClient extends Object implements DbAclWriter
The AclClient used for Acl Editor in SwingUI and for IrisDbUserMod

  • Constructor Details

    • DbAclWriteClient

      public DbAclWriteClient(com.fishlib.io.logger.Logger logger)
      Constructor that initializes the base web target for all acl rest api calls
      Parameters:
      logger - The passed in logger used to log api failures

    • DbAclWriteClient

      public DbAclWriteClient(com.fishlib.io.logger.Logger logger, @NotNull io.deephaven.enterprise.auth.TokenFactoryFactory tokenFactoryFactory)
      Constructor that initializes the base web target for all acl rest api calls
      Parameters:
      logger - The passed in logger used to log api failures
      tokenFactoryFactory - a factory for creating tokens used for REST calls

  • Method Details

    • getInstance

      public static DbAclWriteClient getInstance(com.fishlib.io.logger.Logger log)
      Static method to allow simple way to get a DbAclWriteClient from a console.
      Parameters:
      log - A logger instance
      Returns:
      DbAclWriteClient

    • addUser

      public void addUser(String user, String passwordHash) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds a user to the Iris system.
      Specified by:
      addUser in interface DbAclWriter
      Parameters:
      user - the user to add.
      passwordHash - the APR1 hash of the user's password. Ignored if the system is not configured to manage user authentication.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • changePassword

      public void changePassword(String user, String passwordHash) throws AclStoreException
      Description copied from interface: DbAclWriter
      Changes the password for a user.
      Specified by:
      changePassword in interface DbAclWriter
      Parameters:
      user - the user to change a password for.
      passwordHash - the APR1 hash of the user's password.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addMembership

      public void addMembership(String user, List<String> groups)
      Description copied from interface: DbAclWriter
      Adds a user to a list of groups

      If the user could not be added to all the groups, a RuntimeException is thrown.

      Specified by:
      addMembership in interface DbAclWriter
      Parameters:
      user - the user to add to the groups
      groups - a list of groups to add the user to

    • removeMembership

      public void removeMembership(String user, List<String> groups) throws AclStoreException
      Description copied from interface: DbAclWriter
      Removes a user from a list of groups.

      It is possible that the user may be removed from some groups and not others. If the user could not be removed from all the specified groups (e.g., because they are not a member of those groups), a runtime exception is thrown.

      Specified by:
      removeMembership in interface DbAclWriter
      Parameters:
      user - the user to remove from groups
      groups - a list of groups to remove the user from
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteGroup

      public void deleteGroup(String group) throws AclStoreException
      Description copied from interface: DbAclWriter
      Deletes a group.

      The group is removed from all user to group mappings, all group to strategy mappings. All table ACLs and input table editors that reference the group are deleted.

      Specified by:
      deleteGroup in interface DbAclWriter
      Parameters:
      group - the group to delete.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteUser

      public void deleteUser(String user) throws AclStoreException
      Description copied from interface: DbAclWriter
      The user is deleted.

      Deletes the user's group, followed by deleting any other user to group associations for the user.

      If managed authentication is enabled, also deletes the user's password.

      Specified by:
      deleteUser in interface DbAclWriter
      Parameters:
      user - the user to delete
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addGroupStrategy

      public void addGroupStrategy(String group, String strategy) throws AclStoreException
      Description copied from interface: DbAclWriter
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account.

      This will add a group to the intermediate "strategy".

      Specified by:
      addGroupStrategy in interface DbAclWriter
      Parameters:
      group - the group to map to a strategy
      strategy - the strategy that the group is added to
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteGroupStrategy

      public void deleteGroupStrategy(String group, String strategy) throws AclStoreException
      Description copied from interface: DbAclWriter
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account.

      This will remove a group from the intermediate "strategy".

      Specified by:
      deleteGroupStrategy in interface DbAclWriter
      Parameters:
      group - the group to remove a mapping to a strategy
      strategy - the strategy that the group is removed from
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addStrategyAccount

      public void addStrategyAccount(String strategy, String account) throws AclStoreException
      Description copied from interface: DbAclWriter
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account.

      This will add an account to the intermediate "strategy".

      Specified by:
      addStrategyAccount in interface DbAclWriter
      Parameters:
      strategy - the strategy that the account is added to
      account - the account to add to a strategy
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteStrategyAccount

      public void deleteStrategyAccount(String strategy, String account) throws AclStoreException
      Description copied from interface: DbAclWriter
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account.

      This will remove an account from the intermediate "strategy".

      Specified by:
      deleteStrategyAccount in interface DbAclWriter
      Parameters:
      strategy - the strategy that the account is added to
      account - the account to add to a strategy
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addAcl

      public int addAcl(String group, String ns, String table, String acl) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds an ACL entry.

      No ACL entry may currently exist for the group and table in question.

      Specified by:
      addAcl in interface DbAclWriter
      Parameters:
      group - the group to add the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the tablename to add the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      acl - the ACL to add, see Acl Documentation.
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • updateAcl

      public int updateAcl(String group, String ns, String table, String acl) throws AclStoreException
      Description copied from interface: DbAclWriter
      Changes an already existent ACL entry.

      An ACL entry must currently exist for the group and table in question.

      Specified by:
      updateAcl in interface DbAclWriter
      Parameters:
      group - the group to update the entry for
      ns - the namespace to update the entry for ("*" for all namespaces)
      table - the tablename to update the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      acl - the new ACL, see Acl Documentation.
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteAcls

      public void deleteAcls(String group, String ns, String table) throws AclStoreException
      Description copied from interface: DbAclWriter
      Deletes an ACL entry for a group and table.
      Specified by:
      deleteAcls in interface DbAclWriter
      Parameters:
      group - the group to remove the entry for
      ns - the namespace to remove the entry for ("*" for all namespaces)
      table - the tablename to remove the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addColumnAcl

      public int addColumnAcl(String group, String ns, String table, String columns, String acl) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds a Column ACL entry.

      No ACL entry may currently exist for the group and table in question.

      Specified by:
      addColumnAcl in interface DbAclWriter
      Parameters:
      group - the group to add the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the tablename to add the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      columns - the columns the ACL applies to
      acl - the ACL to add, see Acl Documentation.
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • updateColumnAcl

      public int updateColumnAcl(String group, String ns, String table, String columns, String acl) throws AclStoreException
      Description copied from interface: DbAclWriter
      Changes an already existent Column ACL entry.

      An ACL entry must currently exist for the group, table, and column set in question.

      Specified by:
      updateColumnAcl in interface DbAclWriter
      Parameters:
      group - the group to update the entry for
      ns - the namespace to update the entry for ("*" for all namespaces)
      table - the tablename to update the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      columns - the columns the ACL applies to
      acl - the new ACL, see Acl Documentation.
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteColumnAcls

      public void deleteColumnAcls(String group, String ns, String table, String columns) throws AclStoreException
      Description copied from interface: DbAclWriter
      Deletes a Column ACL entry for a group, table, and column set.
      Specified by:
      deleteColumnAcls in interface DbAclWriter
      Parameters:
      group - the group to remove the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the tablename to add the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      columns - the applicable columns set
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addInputTableEditor

      public int addInputTableEditor(String group, String ns, String table, boolean canEdit) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds an entry to the ACL database for editing an input table.
      Specified by:
      addInputTableEditor in interface DbAclWriter
      Parameters:
      group - the group to add the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the tablename to add the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      canEdit - whether the table is editable for this group
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • updateInputTableEditor

      public int updateInputTableEditor(String group, String ns, String table, boolean canEdit) throws AclStoreException
      Description copied from interface: DbAclWriter
      Updates an entry to the ACL database for editing an input table.
      Specified by:
      updateInputTableEditor in interface DbAclWriter
      Parameters:
      group - the group to update the entry for
      ns - the namespace to update the entry for ("*" for all namespaces)
      table - the tablename to update the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      canEdit - whether the table is editable for this group
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteInputTableEditor

      public void deleteInputTableEditor(String group, String ns, String table) throws AclStoreException
      Description copied from interface: DbAclWriter
      Deletes an entry to the ACL database for editing an input table.
      Specified by:
      deleteInputTableEditor in interface DbAclWriter
      Parameters:
      group - the group to delete the entry for
      ns - the namespace to delete the entry for ("*" for all namespaces)
      table - the tablename to delete the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addOrUpdateSystemUserAcl

      public int addOrUpdateSystemUserAcl(String user, String systemUser) throws AclStoreException
      Description copied from interface: DbAclWriter
      Inserts or Updates an entry to the ACL database for run-as mapping
      Specified by:
      addOrUpdateSystemUserAcl in interface DbAclWriter
      Parameters:
      user - the user whose system-user mapping is to be updated
      systemUser - the system-user which will be used for launching workers
      Returns:
      the number of rows within the ACL database that were modified
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteSystemUserAcl

      public void deleteSystemUserAcl(String user) throws AclStoreException
      Description copied from interface: DbAclWriter
      Removes an entry from the ACL database for run-as mapping
      Specified by:
      deleteSystemUserAcl in interface DbAclWriter
      Parameters:
      user - the user whose system-user mapping is to be deleted
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addPublicKeyForUser

      public int addPublicKeyForUser(@NotNull String user, @NotNull PublicKey publicKey, @Nullable String comment) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds a public key for the user into the ACL database.
      Specified by:
      addPublicKeyForUser in interface DbAclWriter
      Parameters:
      user - The identifier for the user.
      publicKey - The user's public key.
      comment - An optional comment.
      Returns:
      The number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deletePublicKeyForUser

      public boolean deletePublicKeyForUser(@NotNull String user, @NotNull PublicKey publicKey) throws AclStoreException
      Description copied from interface: DbAclWriter
      Delete the public key from the ACL database, if it exists.
      Specified by:
      deletePublicKeyForUser in interface DbAclWriter
      Parameters:
      user - The user whose public key is to be deleted.
      publicKey - The public key to remove.
      Returns:
      True if the key was deleted.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteAllAclData

      public void deleteAllAclData() throws AclStoreException
      Description copied from interface: DbAclWriter
      Deletes all data in the ACL store. Use judiciously.
      Specified by:
      deleteAllAclData in interface DbAclWriter
      Throws:
      AclStoreException - if the underlying operation could not be completed