blob: 1cc708d0813e3605a3d3e08b66a676eb1142fbc9 [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
#include "access_controller.h"
#include "meta_access_controller.h"
#include "replica_access_controller.h"
#include "utils/flags.h"
#include "utils/fmt_logging.h"
#include "utils/strings.h"
DSN_DEFINE_bool(security, enable_acl, false, "whether enable access controller or not");
DSN_DEFINE_bool(security,
enable_ranger_acl,
false,
"whether enable access controller integrate to Apache Ranger or not");
DSN_DEFINE_string(security,
super_users,
"",
"super users for access controller, comma-separated list of user names");
namespace dsn {
namespace security {
access_controller::access_controller()
{
// when FLAGS_enable_ranger_acl is true, FLAGS_enable_acl must be true.
// TODO(wanghao): check with DSN_DEFINE_group_validator().
CHECK(!FLAGS_enable_ranger_acl || FLAGS_enable_acl,
"when FLAGS_enable_ranger_acl is true, FLAGS_enable_acl must be true too");
utils::split_args(FLAGS_super_users, _super_users, ',');
}
access_controller::~access_controller() {}
bool access_controller::is_enable_ranger_acl() const { return FLAGS_enable_ranger_acl; }
bool access_controller::is_super_user(const std::string &user_name) const
{
return _super_users.find(user_name) != _super_users.end();
}
std::shared_ptr<access_controller> create_meta_access_controller(
const std::shared_ptr<ranger::ranger_resource_policy_manager> &policy_manager)
{
return std::make_shared<meta_access_controller>(policy_manager);
}
std::unique_ptr<access_controller> create_replica_access_controller(const std::string &replica_name)
{
return std::make_unique<replica_access_controller>(replica_name);
}
} // namespace security
} // namespace dsn