blob: 8b6d81a40f1b7a7894e91460a16d072254fb788a [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.iotdb.commons.auth.authorizer;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.snapshot.SnapshotProcessor;
import java.util.List;
import java.util.Map;
import java.util.Set;
/** This interface provides all authorization-relative operations. */
public interface IAuthorizer extends SnapshotProcessor {
/**
* Login for a user.
*
* @param username The username of the user.
* @param password The password of the user.
* @return True if such user exists and the given password is correct, else return false.
* @throws AuthException if exception raised when searching for the user.
*/
boolean login(String username, String password) throws AuthException;
/**
* Create a user with given username and password. New users will only be granted no privileges.
*
* @param username is not null or empty
* @param password is not null or empty
* @throws AuthException if the given username or password is illegal or the user already exists.
*/
void createUser(String username, String password) throws AuthException;
/**
* Delete a user.
*
* @param username the username of the user.
* @throws AuthException When attempting to delete the default administrator or the user does not
* exists.
*/
void deleteUser(String username) throws AuthException;
/**
* Grant a privilege on a seriesPath to a user.
*
* @param username The username of the user to which the privilege should be added.
* @param path The seriesPath on which the privilege takes effect. If the privilege is a
* seriesPath-free privilege, this should be "root".
* @param privilegeId An integer that represents a privilege.
* @param grantOpt Whether the privilege is grant option.
* @throws AuthException If the user does not exist or the privilege or the seriesPath is illegal
* or the permission already exists.
*/
void grantPrivilegeToUser(String username, PartialPath path, int privilegeId, boolean grantOpt)
throws AuthException;
/**
* Revoke a privilege on seriesPath from a user.
*
* @param username The username of the user from which the privilege should be removed.
* @param path The seriesPath on which the privilege takes effect. If the privilege is a
* seriesPath-free privilege, this should be "root".
* @param privilegeId An integer that represents a privilege.
* @throws AuthException If the user does not exist or the privilege or the seriesPath is illegal
* or if the permission does not exist.
*/
void revokePrivilegeFromUser(String username, PartialPath path, int privilegeId)
throws AuthException;
/**
* Add a role.
*
* @param roleName the name of the role to be added.
* @throws AuthException if exception raised when adding the role or the role already exists.
*/
void createRole(String roleName) throws AuthException;
/**
* Delete a role.
*
* @param roleName the name of the role tobe deleted.
* @throws AuthException if exception raised when deleting the role or the role does not exists.
*/
void deleteRole(String roleName) throws AuthException;
/**
* Add a privilege on a seriesPath to a role.
*
* @param roleName The name of the role to which the privilege is added.
* @param path The seriesPath on which the privilege takes effect. If the privilege is a
* seriesPath-free privilege, this should be "root".
* @param privilegeId An integer that represents a privilege.
* @throws AuthException If the role does not exist or the privilege or the seriesPath is illegal
* or the privilege already exists.
*/
void grantPrivilegeToRole(String roleName, PartialPath path, int privilegeId, boolean grantOpt)
throws AuthException;
/**
* Remove a privilege on a seriesPath from a role.
*
* @param roleName The name of the role from which the privilege is removed.
* @param path The seriesPath on which the privilege takes effect. If the privilege is a
* seriesPath-free privilege, this should be "root".
* @param privilegeId An integer that represents a privilege.
* @throws AuthException If the role does not exist or the privilege or the seriesPath is illegal
* or the privilege does not exists.
*/
void revokePrivilegeFromRole(String roleName, PartialPath path, int privilegeId)
throws AuthException;
/**
* Add a role to a user.
*
* @param roleName The name of the role to be added.
* @param username The name of the user to which the role is added.
* @throws AuthException If either the role or the user does not exist or the role already exists.
*/
void grantRoleToUser(String roleName, String username) throws AuthException;
/**
* Revoke a role from a user.
*
* @param roleName The name of the role to be removed.
* @param username The name of the user from which the role is removed.
* @throws AuthException If either the role or the user does not exist or the role already exists.
*/
void revokeRoleFromUser(String roleName, String username) throws AuthException;
/**
* Get the all the privileges of a user on a seriesPath.
*
* @param username The user whose privileges are to be queried.
* @param path The seriesPath on which the privileges take effect. If the privilege is a
* seriesPath-free privilege, this should be "root".
* @return A set of integers each present a privilege.
* @throws AuthException if exception raised when finding the privileges.
*/
Set<Integer> getPrivileges(String username, PartialPath path) throws AuthException;
/**
* Modify the password of a user.
*
* @param username The user whose password is to be modified.
* @param newPassword The new password.
* @throws AuthException If the user does not exists or the new password is illegal.
*/
void updateUserPassword(String username, String newPassword) throws AuthException;
/**
* Check if the user have the privilege on the seriesPath.
*
* @param username The name of the user whose privileges are checked.
* @param path The seriesPath on which the privilege takes effect. If the privilege is system
* privilege, path should be null.
* @param privilegeId An integer that represents a privilege.
* @return True if the user has such privilege, false if the user does not have such privilege.
* @throws AuthException If the seriesPath or the privilege is illegal.
*/
boolean checkUserPrivileges(String username, PartialPath path, int privilegeId)
throws AuthException;
/** Reset the Authorizer to initiative status. */
void reset() throws AuthException;
/**
* List existing users in the database.
*
* @return A list contains all usernames.
*/
List<String> listAllUsers();
/**
* List existing roles in the database.
*
* @return A list contains all roleNames.
*/
List<String> listAllRoles();
/**
* Find a role by its name.
*
* @param roleName the name of the role.
* @return A role whose name is roleName or null if such role does not exist.
*/
Role getRole(String roleName) throws AuthException;
/**
* Find a user by its name.
*
* @param username the name of the user.
* @return A user whose name is username or null if such user does not exist.
*/
User getUser(String username) throws AuthException;
/**
* Whether data water-mark is enabled for user 'userName'.
*
* @param userName the name of user
* @throws AuthException if the user does not exist
*/
boolean isUserUseWaterMark(String userName) throws AuthException;
/**
* Enable or disable data water-mark for user 'userName'.
*
* @param userName the name of user
* @param useWaterMark whether to use water-mark or not
* @throws AuthException if the user does not exist.
*/
void setUserUseWaterMark(String userName, boolean useWaterMark) throws AuthException;
/**
* get all user water mark status
*
* @return key->userName, value->useWaterMark or not
*/
Map<String, Boolean> getAllUserWaterMarkStatus();
/**
* get all user
*
* @return key-> userName, value->user
*/
Map<String, User> getAllUsers();
/**
* get all role
*
* @return key->userName, value->role
*/
Map<String, Role> getAllRoles();
/**
* clear all old user info, replace the old users with the new one
*
* @param users new users info
* @throws AuthException IOException
*/
void replaceAllUsers(Map<String, User> users) throws AuthException;
/**
* clear all old role info, replace the old roles with the new one
*
* @param roles new roles info
* @throws AuthException IOException
*/
void replaceAllRoles(Map<String, Role> roles) throws AuthException;
void setUserForPreVersion(boolean preVersion);
void setRoleForPreVersion(boolean preVersion);
boolean forUserPreVersion();
boolean forRolePreVersion();
/**
* Create a user with given username and password. New users will only be granted no privileges.
*
* @param username is not null or empty
* @param password is not null or empty
* @throws AuthException if the given username or password is illegal or the user already exists.
*/
void createUserWithoutCheck(String username, String password) throws AuthException;
void createUserWithRawPassword(String username, String password) throws AuthException;
void checkUserPathPrivilege();
}