Package com.illumon.iris.db.v2.permissions

Class EtcdDbAclGuiHelper

java.lang.Object
com.illumon.iris.db.v2.permissions.EtcdDbAclProvider
com.illumon.iris.db.v2.permissions.EtcdDbAclGuiHelper
All Implemented Interfaces:
com.illumon.iris.auth.AuthModule, DbAclGuiHelper, DbAclProvider, DbAclWriter, AutoCloseable
public class EtcdDbAclGuiHelper extends EtcdDbAclProvider implements DbAclGuiHelper
Implementation class of DbAclGuiHelper that uses etcd as Acl store

  • Field Details

    • aclValidator

      protected final com.illumon.iris.db.v2.permissions.AclValidator aclValidator

  • Method Details

    • getUsersAndGroupsTable

      public Table getUsersAndGroupsTable()
      Description copied from interface: DbAclGuiHelper
      Retrieves a Table of all users and their groups, sorted by User and Groupname
      Specified by:
      getUsersAndGroupsTable in interface DbAclGuiHelper
      Returns:
      A Table all users and their groups

    • getExternalAuthOnlyUsers

      public Table getExternalAuthOnlyUsers(@NotNull String[] invalidHashes)
      Returns a table with one column listing users whose passwords indicate external authentication.
      Specified by:
      getExternalAuthOnlyUsers in interface DbAclGuiHelper
      Parameters:
      invalidHashes - A List of password hashes that are valid only for external authentication.
      Returns:
      A Table of users

    • getGroupStrategyTable

      public Table getGroupStrategyTable()
      Description copied from interface: DbAclGuiHelper
      Retrieves a Table of all groups and associated strategies, sorted by Groupname and Strategy
      Specified by:
      getGroupStrategyTable in interface DbAclGuiHelper
      Returns:
      A Table of all groups and associated strategies

    • getStrategyAccountTable

      public Table getStrategyAccountTable()
      Description copied from interface: DbAclGuiHelper
      Retrieves a Table of all strategies and associated accounts, sorted by Strategy and Account
      Specified by:
      getStrategyAccountTable in interface DbAclGuiHelper
      Returns:
      A Table of all strategies and associated accounts

    • getTableAclTable

      public Table getTableAclTable()
      Description copied from interface: DbAclGuiHelper
      Retrieves a Table of all table ACLs, sorted by Groupname, Namespace, Tablename, and Filter
      Specified by:
      getTableAclTable in interface DbAclGuiHelper
      Returns:
      A Table of all table ACLs

    • getColumnAclTable

      public Table getColumnAclTable()
      Description copied from interface: DbAclGuiHelper
      Retrieves a Table of all column ACLs, sorted by Groupname, Namespace, Tablename, Columns, and Filter
      Specified by:
      getColumnAclTable in interface DbAclGuiHelper
      Returns:
      A Table of all column ACLs

    • getTableEditorTable

      public Table getTableEditorTable()
      Description copied from interface: DbAclGuiHelper
      Retrieves a Table of all input table editor permissions, sorted by Groupname, Namespace, and Tablename
      Specified by:
      getTableEditorTable in interface DbAclGuiHelper
      Returns:
      A Table all input table editor permissions

    • getSystemUserAclTable

      public Table getSystemUserAclTable()
      Description copied from interface: DbAclGuiHelper
      Retrieves a Table of all users and matching systemuser mappings, sorted by user
      Specified by:
      getSystemUserAclTable in interface DbAclGuiHelper
      Returns:
      A Table all users and matching systemuser mappings

    • getSystemUserAclTable

      public Table getSystemUserAclTable(String groupName)
      Description copied from interface: DbAclGuiHelper
      Retrieves a Table of users and matching systemuser mappings for members of the specified group, sorted by user
      Specified by:
      getSystemUserAclTable in interface DbAclGuiHelper
      Parameters:
      groupName - The group name for which to filter users and systemuser mappings by membership
      Returns:
      A Table users and matching systemuser mappings for members of the specified group

    • getPublicKeyTable

      public Table getPublicKeyTable(String user)
      Description copied from interface: DbAclGuiHelper
      Retrieves a Table of users, base64-encoded public keys, and the comment associated with the key when added.
      Specified by:
      getPublicKeyTable in interface DbAclGuiHelper
      Parameters:
      user - The user for which to filter public keys. If null, all will be retrieved.
      Returns:
      A Table with 'user', 'keyval', 'comment' columns.

    • retrieveOneAcl

      public String retrieveOneAcl(String group, String namespace, String tableName)
      Description copied from interface: DbAclGuiHelper
      Retrieves a single table ACL filter. Wildcards are not considered, so only highest priority (specific namespace and tableName) ACLs are returned, and, if there is no specifically assigned ACL, null is returned.
      Specified by:
      retrieveOneAcl in interface DbAclGuiHelper
      Parameters:
      group - The specific groupname to match
      namespace - The specific namespace to match
      tableName - The specific tablename to match
      Returns:
      A String table ACL filter or null if no match

    • retrieveOneColumnAcl

      public String retrieveOneColumnAcl(String group, String namespace, String tableName, String columns)
      Description copied from interface: DbAclGuiHelper
      Retrieves a single column ACL filter Wildcards are not considered, so only highest priority (specific namespace and tableName) ACLs are returned, and, if there is no specifically assigned ACL, null is returned.
      Specified by:
      retrieveOneColumnAcl in interface DbAclGuiHelper
      Parameters:
      group - The specific groupname to match
      namespace - The specific namespace to match
      tableName - The specific tablename to match
      columns - The specific columns string to match
      Returns:
      A String column ACL filter or null if no match

    • retrieveOneEditable

      public Boolean retrieveOneEditable(String group, String namespace, String tableName)
      Description copied from interface: DbAclGuiHelper
      Retrieves a single input table editor permission Wildcards are not considered, so only highest priority (specific namespace and tableName) ACLs are returned, and, if there is no specifically assigned ACL, null is returned.
      Specified by:
      retrieveOneEditable in interface DbAclGuiHelper
      Parameters:
      group - The specific groupname to match
      namespace - The specific namespace to match
      tableName - The specific tablename to match
      Returns:
      A Boolean input table editor permission, which is null if there is no match

    • userExists

      public boolean userExists(String username)
      Specified by:
      userExists in interface com.illumon.iris.auth.AuthModule

    • isUserPassValid

      public boolean isUserPassValid(String username, String password)
      Specified by:
      isUserPassValid in interface com.illumon.iris.auth.AuthModule

    • getFilterDetailsForUser

      @NotNull public List<PermissionFilterProvider.FilterDetails> getFilterDetailsForUser(io.deephaven.enterprise.auth.UserContext userContext)
      Description copied from interface: DbAclProvider
      Gets the tableacls permissions filters for an effective user
      Specified by:
      getFilterDetailsForUser in interface DbAclProvider
      Parameters:
      userContext - The UserContext from which the effective username to filter will be obtained
      Returns:
      A List of PermissionFilterProvider.FilterDetails for the effective user

    • retrieveRowAcls

      @NotNull public Collection<String> retrieveRowAcls(String effectiveUser, String namespace, String tableName)
      Description copied from interface: DbAclProvider
      Returns the most specific tableacl per group for a specific user, namespace, and table.
      Specified by:
      retrieveRowAcls in interface DbAclProvider
      Parameters:
      effectiveUser - the user for which acls should be retrieved
      namespace - the namespace specifically for which acls should be retrieved - will also match * in tableacls
      tableName - the table name specifically for which acls should be retrieved - will also match * in tableacls
      Returns:
      A Collection of tableacls filters.

    • retrieveColumnAcls

      @NotNull public Map<String,List<com.fishlib.base.Pair<String,String>>> retrieveColumnAcls(String effectiveUser, String namespace, String tableName)
      Description copied from interface: DbAclProvider
      Returns the most specific Column ACL per group for a specific user, namespace, and table.
      Specified by:
      retrieveColumnAcls in interface DbAclProvider
      Parameters:
      effectiveUser - the user for which acls should be retrieved
      namespace - the namespace specifically for which acls should be retrieved - will also match * in columnacls
      tableName - the table name specifically for which acls should be retrieved - will also match * in columnacls
      Returns:
      A Map of group names to Lists of columns and filter pairs.

    • canEditInputTable

      public boolean canEditInputTable(String effectiveUser, String namespace, String tableName)
      Description copied from interface: DbAclProvider
      Checks whether a user has rights to edit an input table
      Specified by:
      canEditInputTable in interface DbAclProvider
      Parameters:
      effectiveUser - The user for whom permissions should be checked
      namespace - the namespace specifically for which acls should be retrieved - will also match * in inputtableeditors
      tableName - the table name specifically for which acls should be retrieved - will also match * in inputtableeditors
      Returns:
      True if the user has an effective canedit grant, otherwise false

    • canAnyoneEditInputTable

      public boolean canAnyoneEditInputTable(String namespace, String tableName)
      Description copied from interface: DbAclProvider
      Checks whether an input table can be edited by all users
      Specified by:
      canAnyoneEditInputTable in interface DbAclProvider
      Parameters:
      namespace - the namespace specifically for which acls should be retrieved - will also match * in inputtableeditors
      tableName - the table name specifically for which acls should be retrieved - will also match * in inputtableeditors
      Returns:
      True if the input table can be edited by all users, otherwise false

    • getAccountsForUser

      @NotNull public String[] getAccountsForUser(String effectiveUser)
      Description copied from interface: DbAclProvider
      Retrieves all strategy accounts associated with a user, directly or through group membership
      Specified by:
      getAccountsForUser in interface DbAclProvider
      Parameters:
      effectiveUser - The user for whom strategy account access should be checked
      Returns:
      An array of String of associated strategy accounts

    • getAccountsForStrategy

      @NotNull public String[] getAccountsForStrategy(String strategy)
      Description copied from interface: DbAclProvider
      Retrieves all strategy accounts associated with a particular strategy
      Specified by:
      getAccountsForStrategy in interface DbAclProvider
      Parameters:
      strategy - The strategy name for which to filter accounts
      Returns:
      An array of String of strategy account names

    • getStrategyForAccount

      @NotNull public String[] getStrategyForAccount(String account)
      Description copied from interface: DbAclProvider
      Retrieves all strategies associated with a particular strategy account
      Specified by:
      getStrategyForAccount in interface DbAclProvider
      Parameters:
      account - The strategy account name for which to filter strategies
      Returns:
      An array of String of strategy account names

    • getAccountsForGroup

      @NotNull public String[] getAccountsForGroup(String group)
      Description copied from interface: DbAclProvider
      Retrieves all strategy accounts associated with a particular group
      Specified by:
      getAccountsForGroup in interface DbAclProvider
      Parameters:
      group - The group name for which to filter accounts
      Returns:
      An array of String of strategy account names

    • getStrategiesForGroup

      @NotNull public String[] getStrategiesForGroup(String group)
      Description copied from interface: DbAclProvider
      Retrieves all strategies associated with a particular group
      Specified by:
      getStrategiesForGroup in interface DbAclProvider
      Parameters:
      group - The group name for which to filter strategies
      Returns:
      An array of String of strategy names

    • groupStrategyExists

      public boolean groupStrategyExists(String groupName, String strategy)
      Description copied from interface: DbAclProvider
      Checks whether a particular association of a group and a strategy exists
      Specified by:
      groupStrategyExists in interface DbAclProvider
      Parameters:
      groupName - The group name to check
      strategy - The strategy name to check
      Returns:
      True if the mapping exists, false if it does not

    • getGroupsForUser

      @NotNull public String[] getGroupsForUser(String effectiveUser)
      Description copied from interface: DbAclProvider
      Get the groups to which a user is mapped
      Specified by:
      getGroupsForUser in interface DbAclProvider
      Parameters:
      effectiveUser - The String name of the user to find groups for
      Returns:
      A String array of groups mapped to this user

    • getStrategiesForUser

      @NotNull public String[] getStrategiesForUser(String effectiveUser)
      Description copied from interface: DbAclProvider
      Retrieves all strategies associated with a particular user, either directly or through group membership
      Specified by:
      getStrategiesForUser in interface DbAclProvider
      Parameters:
      effectiveUser - The user for whom strategy access should be checked
      Returns:
      An array of String of strategy names

    • getUsersForGroup

      @NotNull public String[] getUsersForGroup(String group)
      Description copied from interface: DbAclProvider
      Get the users that are members of a group
      Specified by:
      getUsersForGroup in interface DbAclProvider
      Parameters:
      group - The String name of the group to find users for
      Returns:
      A String array of users with membership in this group

    • getRunAsUser

      public String getRunAsUser(String effectiveUser)
      Description copied from interface: DbAclProvider
      Returns the systemuser to which the effectiveUser is mapped, or null if no mapping exists.
      Specified by:
      getRunAsUser in interface DbAclProvider
      Parameters:
      effectiveUser - The user for which a mapped systemuser name should be retrieved.
      Returns:
      the String systemuser to which the effectiveUser is mapped, or null if no mapping exists.

    • getPublicKeys

      @NotNull public List<PublicKeyRecord> getPublicKeys(String user)
      Description copied from interface: DbAclProvider
      Retrieve the public key data in the ACL database for the user. If the user is null then all keys are retrieved.
      Specified by:
      getPublicKeys in interface DbAclProvider
      Parameters:
      user - The user identifier.
      Returns:
      A list of PublicKeyRecord objects containing the user, the base64-encoded PublicKey key value, and a comment.