/** * Creates a FunctionResource representing the collection of functions scoped * to a specific keyspace. * * @param keyspace name of the keyspace * @return FunctionResource instance representing all of the keyspace's functions */ public static FunctionResource keyspace(String keyspace) { return new FunctionResource(keyspace); }
/** * @return Printable name of the resource. */ public String getName() { switch (level) { case ROOT: return ROOT_NAME; case KEYSPACE: return String.format("%s/%s", ROOT_NAME, keyspace); case FUNCTION: return String.format("%s/%s/%s[%s]", ROOT_NAME, keyspace, name, argListAsString()); } throw new AssertionError(); }
/** * Parses a resource name into a FunctionResource instance. * * @param name Name of the function resource. * @return FunctionResource instance matching the name. */ public static FunctionResource fromName(String name) { String[] parts = StringUtils.split(name, '/'); if (!parts[0].equals(ROOT_NAME) || parts.length > 3) throw new IllegalArgumentException(String.format("%s is not a valid function resource name", name)); if (parts.length == 1) return root(); if (parts.length == 2) return keyspace(parts[1]); String[] nameAndArgs = StringUtils.split(parts[2], "[|]"); return function(parts[1], nameAndArgs[0], argsListFromString(nameAndArgs[1])); }
public Set<Permission> applicablePermissions() { switch (level) { case ROOT: case KEYSPACE: return COLLECTION_LEVEL_PERMISSIONS; case FUNCTION: { Optional<Function> function = Schema.instance.findFunction(getFunctionName(), argTypes); assert function.isPresent() : "Unable to find function object for resource " + toString(); return function.get().isAggregate() ? AGGREGATE_FUNCTION_PERMISSIONS : SCALAR_FUNCTION_PERMISSIONS; } } throw new AssertionError(); }
public void checkAccess(ClientState state) throws UnauthorizedException, InvalidRequestException { if (Schema.instance.findFunction(functionName, argTypes).isPresent() && orReplace) state.ensureHasPermission(Permission.ALTER, FunctionResource.function(functionName.keyspace, functionName.name, argTypes)); else state.ensureHasPermission(Permission.CREATE, FunctionResource.keyspace(functionName.keyspace)); }
/** * Creates an IResource instance from its external name. * Resource implementation class is inferred by matching against the known IResource * impls' root level resources. * @param name * @return an IResource instance created from the name */ public static IResource fromName(String name) { if (name.startsWith(RoleResource.root().getName())) return RoleResource.fromName(name); else if (name.startsWith(DataResource.root().getName())) return DataResource.fromName(name); else if (name.startsWith(FunctionResource.root().getName())) return FunctionResource.fromName(name); else if (name.startsWith(JMXResource.root().getName())) return JMXResource.fromName(name); else throw new IllegalArgumentException(String.format("Name %s is not valid for any resource type", name)); }
res = FunctionResource.root(); state._fsp--; res = FunctionResource.keyspace(ks); res = FunctionResource.functionFromCql(fn.keyspace, fn.name, argsTypes);
public void onDropAggregate(String ksName, String aggregateName, List<AbstractType<?>> argTypes) { DatabaseDescriptor.getAuthorizer() .revokeAllOn(FunctionResource.function(ksName, aggregateName, argTypes)); } }
protected void grantPermissionsToCreator(QueryState state) { try { RoleResource role = RoleResource.role(state.getClientState().getUser().getName()); DataResource keyspace = DataResource.keyspace(keyspace()); DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, keyspace.applicablePermissions(), keyspace, role); FunctionResource functions = FunctionResource.keyspace(keyspace()); DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, functions.applicablePermissions(), functions, role); } catch (RequestExecutionException e) { throw new RuntimeException(e); } } }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
public boolean exists() { switch (level) { case ROOT: return true; case KEYSPACE: return Schema.instance.getKeyspaces().contains(keyspace); case FUNCTION: return Schema.instance.findFunction(getFunctionName(), argTypes).isPresent(); } throw new AssertionError(); }
/** * Creates an IResource instance from its external name. * Resource implementation class is inferred by matching against the known IResource * impls' root level resources. * @param name * @return an IResource instance created from the name */ public static IResource fromName(String name) { if (name.startsWith(RoleResource.root().getName())) return RoleResource.fromName(name); else if (name.startsWith(DataResource.root().getName())) return DataResource.fromName(name); else if (name.startsWith(FunctionResource.root().getName())) return FunctionResource.fromName(name); else if (name.startsWith(JMXResource.root().getName())) return JMXResource.fromName(name); else throw new IllegalArgumentException(String.format("Name %s is not valid for any resource type", name)); }
res = FunctionResource.root(); state._fsp--; res = FunctionResource.keyspace(ks); res = FunctionResource.functionFromCql(fn.keyspace, fn.name, argsTypes);
public void checkAccess(ClientState state) throws UnauthorizedException, InvalidRequestException { if (Schema.instance.findFunction(functionName, argTypes).isPresent() && orReplace) state.ensureHasPermission(Permission.ALTER, FunctionResource.function(functionName.keyspace, functionName.name, argTypes)); else state.ensureHasPermission(Permission.CREATE, FunctionResource.keyspace(functionName.keyspace)); }
public void onDropAggregate(String ksName, String aggregateName, List<AbstractType<?>> argTypes) { DatabaseDescriptor.getAuthorizer() .revokeAllOn(FunctionResource.function(ksName, aggregateName, argTypes)); } }
public Set<Permission> applicablePermissions() { switch (level) { case ROOT: case KEYSPACE: return COLLECTION_LEVEL_PERMISSIONS; case FUNCTION: { Optional<Function> function = Schema.instance.findFunction(getFunctionName(), argTypes); assert function.isPresent() : "Unable to find function object for resource " + toString(); return function.get().isAggregate() ? AGGREGATE_FUNCTION_PERMISSIONS : SCALAR_FUNCTION_PERMISSIONS; } } throw new AssertionError(); }
protected void grantPermissionsToCreator(QueryState state) { try { RoleResource role = RoleResource.role(state.getClientState().getUser().getName()); DataResource keyspace = DataResource.keyspace(keyspace()); DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, keyspace.applicablePermissions(), keyspace, role); FunctionResource functions = FunctionResource.keyspace(keyspace()); DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, functions.applicablePermissions(), functions, role); } catch (RequestExecutionException e) { throw new RuntimeException(e); } } }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
public boolean exists() { switch (level) { case ROOT: return true; case KEYSPACE: return Schema.instance.getKeyspaces().contains(keyspace); case FUNCTION: return Schema.instance.findFunction(getFunctionName(), argTypes).isPresent(); } throw new AssertionError(); }
/** * Parses a resource name into a FunctionResource instance. * * @param name Name of the function resource. * @return FunctionResource instance matching the name. */ public static FunctionResource fromName(String name) { String[] parts = StringUtils.split(name, '/'); if (!parts[0].equals(ROOT_NAME) || parts.length > 3) throw new IllegalArgumentException(String.format("%s is not a valid function resource name", name)); if (parts.length == 1) return root(); if (parts.length == 2) return keyspace(parts[1]); String[] nameAndArgs = StringUtils.split(parts[2], "[|]"); return function(parts[1], nameAndArgs[0], argsListFromString(nameAndArgs[1])); }