src/kudu/master/authz_provider.h - kudu - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 #pragma once

 #include <string>
 #include <unordered_set>

 #include "kudu/gutil/port.h"
 #include "kudu/util/status.h"

 namespace kudu {

 class SchemaPB;

 namespace security {
 class TablePrivilegePB;
 } // namespace security

 namespace master {

 // An interface for handling authorizations on Kudu operations.
 class AuthzProvider {
  public:

   AuthzProvider();
   virtual ~AuthzProvider() = default;

   // Starts the AuthzProvider instance.
   virtual Status Start() = 0;

   // Stops the AuthzProvider instance.
   virtual void Stop() = 0;

   // Checks if the table creation is authorized for the given user.
   // If the table is being created with a different owner than the user,
   // then more strict privilege is required.
   //
   // If the operation is not authorized, returns Status::NotAuthorized().
   // Otherwise, may return other Status error codes depend on actual errors.
   virtual Status AuthorizeCreateTable(const std::string& table_name,
                                       const std::string& user,
                                       const std::string& owner) WARN_UNUSED_RESULT = 0;

   // Checks if the table deletion is authorized for the given user.
   //
   // If the operation is not authorized, returns Status::NotAuthorized().
   // Otherwise, may return other Status error codes depend on actual errors.
   virtual Status AuthorizeDropTable(const std::string& table_name,
                                     const std::string& user) WARN_UNUSED_RESULT = 0;

   // Checks if the table alteration is authorized for the given user.
   //
   // If the operation is not authorized, returns Status::NotAuthorized().
   // Otherwise, may return other Status error codes depend on actual errors.
   virtual Status AuthorizeAlterTable(const std::string& old_table,
                                      const std::string& new_table,
                                      const std::string& user) WARN_UNUSED_RESULT = 0;

   // Checks if retrieving metadata about the table is authorized for the
   // given user. For example, when checking for table presence or locations.
   //
   // If the operation is not authorized, returns Status::NotAuthorized().
   // Otherwise, may return other Status error codes depend on actual errors.
   virtual Status AuthorizeGetTableMetadata(const std::string& table_name,
                                            const std::string& user) WARN_UNUSED_RESULT = 0;

   // Filters the given table names, removing any the user is not authorized to
   // see.
   //
   // Sets 'checked_table_names' if the AuthzProvider actually checked
   // privileges for the table (rather than just passing through). This may be
   // useful, e.g. to indicate that the caller needs to verify the table names
   // have not changed during authorization.
   virtual Status AuthorizeListTables(const std::string& user,
                                      std::unordered_set<std::string>* table_names,
                                      bool* checked_table_names) WARN_UNUSED_RESULT = 0;

   // Checks if statistics of the table is authorized for the
   // given user.
   //
   // If the operation is not authorized, returns Status::NotAuthorized().
   // Otherwise, may return other Status error codes depend on actual errors.
   virtual Status AuthorizeGetTableStatistics(const std::string& table_name,
                                              const std::string& user) WARN_UNUSED_RESULT = 0;

   // Populates the privilege fields of 'pb' with the table-specific privileges
   // for the given user, using 'schema_pb' for metadata (e.g. column IDs). This
   // does not populate the table ID field of 'pb' -- only the privilege fields;
   // as such, it is expected that the table ID field is already set.
   virtual Status FillTablePrivilegePB(const std::string& table_name,
                                       const std::string& user,
                                       const SchemaPB& schema_pb,
                                       security::TablePrivilegePB* pb) WARN_UNUSED_RESULT = 0;

   // Checks if the given user is trusted and thus can be exempted from
   // authorization validation.
   bool IsTrustedUser(const std::string& user) const;

  private:
   std::unordered_set<std::string> trusted_users_;
 };

 } // namespace master
 } // namespace kudu
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	#pragma once

	#include <string>
	#include <unordered_set>

	#include "kudu/gutil/port.h"
	#include "kudu/util/status.h"

	namespace kudu {

	class SchemaPB;

	namespace security {
	class TablePrivilegePB;
	} // namespace security

	namespace master {

	// An interface for handling authorizations on Kudu operations.
	class AuthzProvider {
	public:

	AuthzProvider();
	virtual ~AuthzProvider() = default;

	// Starts the AuthzProvider instance.
	virtual Status Start() = 0;

	// Stops the AuthzProvider instance.
	virtual void Stop() = 0;

	// Checks if the table creation is authorized for the given user.
	// If the table is being created with a different owner than the user,
	// then more strict privilege is required.
	//
	// If the operation is not authorized, returns Status::NotAuthorized().
	// Otherwise, may return other Status error codes depend on actual errors.
	virtual Status AuthorizeCreateTable(const std::string& table_name,
	const std::string& user,
	const std::string& owner) WARN_UNUSED_RESULT = 0;

	// Checks if the table deletion is authorized for the given user.
	//
	// If the operation is not authorized, returns Status::NotAuthorized().
	// Otherwise, may return other Status error codes depend on actual errors.
	virtual Status AuthorizeDropTable(const std::string& table_name,
	const std::string& user) WARN_UNUSED_RESULT = 0;

	// Checks if the table alteration is authorized for the given user.
	//
	// If the operation is not authorized, returns Status::NotAuthorized().
	// Otherwise, may return other Status error codes depend on actual errors.
	virtual Status AuthorizeAlterTable(const std::string& old_table,
	const std::string& new_table,
	const std::string& user) WARN_UNUSED_RESULT = 0;

	// Checks if retrieving metadata about the table is authorized for the
	// given user. For example, when checking for table presence or locations.
	//
	// If the operation is not authorized, returns Status::NotAuthorized().
	// Otherwise, may return other Status error codes depend on actual errors.
	virtual Status AuthorizeGetTableMetadata(const std::string& table_name,
	const std::string& user) WARN_UNUSED_RESULT = 0;

	// Filters the given table names, removing any the user is not authorized to
	// see.
	//
	// Sets 'checked_table_names' if the AuthzProvider actually checked
	// privileges for the table (rather than just passing through). This may be
	// useful, e.g. to indicate that the caller needs to verify the table names
	// have not changed during authorization.
	virtual Status AuthorizeListTables(const std::string& user,
	std::unordered_set<std::string>* table_names,
	bool* checked_table_names) WARN_UNUSED_RESULT = 0;

	// Checks if statistics of the table is authorized for the
	// given user.
	//
	// If the operation is not authorized, returns Status::NotAuthorized().
	// Otherwise, may return other Status error codes depend on actual errors.
	virtual Status AuthorizeGetTableStatistics(const std::string& table_name,
	const std::string& user) WARN_UNUSED_RESULT = 0;

	// Populates the privilege fields of 'pb' with the table-specific privileges
	// for the given user, using 'schema_pb' for metadata (e.g. column IDs). This
	// does not populate the table ID field of 'pb' -- only the privilege fields;
	// as such, it is expected that the table ID field is already set.
	virtual Status FillTablePrivilegePB(const std::string& table_name,
	const std::string& user,
	const SchemaPB& schema_pb,
	security::TablePrivilegePB* pb) WARN_UNUSED_RESULT = 0;

	// Checks if the given user is trusted and thus can be exempted from
	// authorization validation.
	bool IsTrustedUser(const std::string& user) const;

	private:
	std::unordered_set<std::string> trusted_users_;
	};

	} // namespace master
	} // namespace kudu