| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License. |
| |
| #include "access_controller.h" |
| |
| #include "meta_access_controller.h" |
| #include "replica_access_controller.h" |
| #include "utils/flags.h" |
| #include "utils/fmt_logging.h" |
| #include "utils/strings.h" |
| |
| DSN_DEFINE_bool(security, enable_acl, false, "whether enable access controller or not"); |
| DSN_DEFINE_bool(security, |
| enable_ranger_acl, |
| false, |
| "whether enable access controller integrate to Apache Ranger or not"); |
| DSN_DEFINE_string(security, |
| super_users, |
| "", |
| "super users for access controller, comma-separated list of user names"); |
| |
| namespace dsn { |
| namespace security { |
| |
| access_controller::access_controller() |
| { |
| // when FLAGS_enable_ranger_acl is true, FLAGS_enable_acl must be true. |
| // TODO(wanghao): check with DSN_DEFINE_group_validator(). |
| CHECK(!FLAGS_enable_ranger_acl || FLAGS_enable_acl, |
| "when FLAGS_enable_ranger_acl is true, FLAGS_enable_acl must be true too"); |
| utils::split_args(FLAGS_super_users, _super_users, ','); |
| } |
| |
| access_controller::~access_controller() {} |
| |
| bool access_controller::is_enable_ranger_acl() const { return FLAGS_enable_ranger_acl; } |
| |
| bool access_controller::is_super_user(const std::string &user_name) const |
| { |
| return _super_users.find(user_name) != _super_users.end(); |
| } |
| |
| std::shared_ptr<access_controller> create_meta_access_controller( |
| const std::shared_ptr<ranger::ranger_resource_policy_manager> &policy_manager) |
| { |
| return std::make_shared<meta_access_controller>(policy_manager); |
| } |
| |
| std::unique_ptr<access_controller> create_replica_access_controller(const std::string &replica_name) |
| { |
| return std::make_unique<replica_access_controller>(replica_name); |
| } |
| } // namespace security |
| } // namespace dsn |