func (self *ClusterConfiguration) AuthenticateClusterAdmin(username, password string) (common.User, error) {
user := self.clusterAdmins[username]
if user == nil {
return nil, common.NewAuthorizationError("Invalid username/password")
}
if user.isValidPwd(password) {
return user, nil
}
return nil, common.NewAuthorizationError("Invalid username/password")
}
func (self *ClusterConfiguration) AuthenticateDbUser(db, username, password string) (common.User, error) {
dbUsers := self.dbUsers[db]
if dbUsers == nil || dbUsers[username] == nil {
return nil, common.NewAuthorizationError("Invalid username/password")
}
user := dbUsers[username]
if user.isValidPwd(password) {
return user, nil
}
return nil, common.NewAuthorizationError("Invalid username/password")
}
func (self *CoordinatorImpl) AuthenticateDbUser(db, username, password string) (common.User, error) {
log.Debug("(raft:%s) Authenticating password for %s;%s", self.raftServer.(*RaftServer).raftServer.Name(), db, username)
dbUsers := self.clusterConfiguration.dbUsers[db]
if dbUsers == nil || dbUsers[username] == nil {
return nil, common.NewAuthorizationError("Invalid username/password")
}
user := dbUsers[username]
if user.isValidPwd(password) {
return user, nil
}
return nil, common.NewAuthorizationError("Invalid username/password")
}
func (self *CoordinatorImpl) ChangeDbUserPermissions(requester common.User, db, username, readPermissions, writePermissions string) error {
if !requester.IsClusterAdmin() && !requester.IsDbAdmin(db) {
return common.NewAuthorizationError("Insufficient permissions")
}
return self.raftServer.ChangeDbUserPermissions(db, username, readPermissions, writePermissions)
}
func (self *CoordinatorImpl) ListClusterAdmins(requester common.User) ([]string, error) {
if !requester.IsClusterAdmin() {
return nil, common.NewAuthorizationError("Insufficient permissions")
}
return self.clusterConfiguration.GetClusterAdmins(), nil
}
func (self *CoordinatorImpl) CreateDbUser(requester common.User, db, username, password string) error {
if !requester.IsClusterAdmin() && !requester.IsDbAdmin(db) {
return common.NewAuthorizationError("Insufficient permissions")
}
if username == "" {
return fmt.Errorf("Username cannot be empty")
}
if !isValidName(username) {
return fmt.Errorf("%s isn't a valid username", username)
}
hash, err := cluster.HashPassword(password)
if err != nil {
return err
}
self.CreateDatabase(requester, db, uint8(1)) // ignore the error since the db may exist
if self.clusterConfiguration.GetDbUser(db, username) != nil {
return fmt.Errorf("User %s already exists", username)
}
matchers := []*cluster.Matcher{&cluster.Matcher{true, ".*"}}
log.Debug("(raft:%s) Creating user %s:%s", self.raftServer.(*RaftServer).raftServer.Name(), db, username)
return self.raftServer.SaveDbUser(&cluster.DbUser{cluster.CommonUser{
Name: username,
Hash: string(hash),
CacheKey: db + "%" + username,
}, db, matchers, matchers, false})
}
func (self *CoordinatorImpl) ListDbUsers(requester common.User, db string) ([]common.User, error) {
if !requester.IsClusterAdmin() && !requester.IsDbAdmin(db) {
return nil, common.NewAuthorizationError("Insufficient permissions")
}
return self.clusterConfiguration.GetDbUsers(db), nil
}
func (self *CoordinatorImpl) WriteSeriesData(user common.User, db string, series []*protocol.Series) error {
// make sure that the db exist
if !self.clusterConfiguration.DatabasesExists(db) {
return fmt.Errorf("Database %s doesn't exist", db)
}
for _, s := range series {
seriesName := s.GetName()
if user.HasWriteAccess(seriesName) {
continue
}
return common.NewAuthorizationError("User %s doesn't have write permissions for %s", user.GetName(), seriesName)
}
err := self.CommitSeriesData(db, series, false)
if err != nil {
return err
}
for _, s := range series {
self.ProcessContinuousQueries(db, s)
}
return err
}
func (self *Permissions) AuthorizeDeleteClusterAdmin(user common.User) (ok bool, err common.AuthorizationError) {
if !user.IsClusterAdmin() {
return false, common.NewAuthorizationError("Insufficient permissions to delete cluster admin")
}
return true, ""
}
func (self *Permissions) AuthorizeChangeClusterAdminPassword(user common.User) (ok bool, err common.AuthorizationError) {
if !user.IsClusterAdmin() {
return false, common.NewAuthorizationError("Insufficient permissions to change cluster admin password")
}
return true, ""
}
func (self *Permissions) AuthorizeDropDatabase(user common.User) (ok bool, err common.AuthorizationError) {
if !user.IsClusterAdmin() {
return false, common.NewAuthorizationError("Insufficient permissions to drop database")
}
return true, ""
}
func (self *Permissions) AuthorizeDeleteQuery(user common.User, db string) (ok bool, err common.AuthorizationError) {
if !user.IsDbAdmin(db) {
return false, common.NewAuthorizationError("Insufficient permission to write to %s", db)
}
return true, ""
}
func (self *Permissions) AuthorizeDropSeries(user common.User, db string, seriesName string) (ok bool, err common.AuthorizationError) {
if !user.IsDbAdmin(db) && !user.HasWriteAccess(seriesName) {
return false, common.NewAuthorizationError("Insufficient permissions to drop series")
}
return true, ""
}
func (self *Permissions) AuthorizeListContinuousQueries(user common.User, db string) (ok bool, err common.AuthorizationError) {
if !user.IsDbAdmin(db) {
return false, common.NewAuthorizationError("Insufficient permissions to list continuous queries")
}
return true, ""
}
func (self *Permissions) AuthorizeGrantDbUserAdmin(user common.User, db string) (ok bool, err common.AuthorizationError) {
if !user.IsDbAdmin(db) {
return false, common.NewAuthorizationError("Insufficient permissions to grant db user admin privileges on %s", db)
}
return true, ""
}
func (self *Permissions) AuthorizeChangeDbUserPermissions(user common.User, db string) (ok bool, err common.AuthorizationError) {
if !user.IsDbAdmin(db) {
return false, common.NewAuthorizationError("Insufficient permissions to change db user permissions on %s", db)
}
return true, ""
}
func (self *Permissions) AuthorizeChangeDbUserPassword(user common.User, db string, targetUsername string) (ok bool, err common.AuthorizationError) {
if !user.IsDbAdmin(db) && !(user.GetDb() == db && user.GetName() == targetUsername) {
return false, common.NewAuthorizationError("Insufficient permissions to change db user password for %s on %s", targetUsername, db)
}
return true, ""
}
func (self *CoordinatorImpl) ListContinuousQueries(user common.User, db string) ([]*protocol.Series, error) {
if !user.IsClusterAdmin() && !user.IsDbAdmin(db) {
return nil, common.NewAuthorizationError("Insufficient permissions to list continuous queries")
}
queries := self.clusterConfiguration.GetContinuousQueries(db)
points := []*protocol.Point{}
for _, query := range queries {
queryId := int64(query.Id)
queryString := query.Query
timestamp := time.Now().Unix()
sequenceNumber := uint64(1)
points = append(points, &protocol.Point{
Values: []*protocol.FieldValue{
&protocol.FieldValue{Int64Value: &queryId},
&protocol.FieldValue{StringValue: &queryString},
},
Timestamp: ×tamp,
SequenceNumber: &sequenceNumber,
})
}
seriesName := "continuous queries"
series := []*protocol.Series{&protocol.Series{
Name: &seriesName,
Fields: []string{"id", "query"},
Points: points,
}}
return series, nil
}
func (self *CoordinatorImpl) DropDatabase(user common.User, db string) error {
if !user.IsClusterAdmin() {
return common.NewAuthorizationError("Insufficient permission to drop database")
}
if self.clusterConfiguration.IsSingleServer() {
if err := self.datastore.DropDatabase(db); err != nil {
return err
}
} else {
servers, _ := self.clusterConfiguration.GetServersToMakeQueryTo(&db)
for _, server := range servers {
if err := self.handleDropDatabase(server.server, db); err != nil {
return err
}
}
}
// don't delete the metadata, we need the replication factor to be
// able to replicate the request properly
if err := self.raftServer.DropDatabase(db); err != nil {
return err
}
return nil
}
func (self *CoordinatorImpl) CreateSubscription(requester common.User, subscription *cluster.Subscription) error {
if !requester.IsClusterAdmin() {
return common.NewAuthorizationError("Insufficient permissions")
}
return self.raftServer.SaveSubscription(subscription)
return nil
}
func (self *CoordinatorImpl) runDeleteQuery(querySpec *parser.QuerySpec, seriesWriter SeriesWriter) error {
db := querySpec.Database()
if !querySpec.User().IsDbAdmin(db) {
return common.NewAuthorizationError("Insufficient permission to write to %s", db)
}
querySpec.RunAgainstAllServersInShard = true
return self.runQuerySpec(querySpec, seriesWriter)
}
func (self *CoordinatorImpl) ListDatabases(user common.User) ([]*cluster.Database, error) {
if !user.IsClusterAdmin() {
return nil, common.NewAuthorizationError("Insufficient permissions to list databases")
}
dbs := self.clusterConfiguration.GetDatabases()
return dbs, nil
}
func (self *CoordinatorImpl) runDropSeriesQuery(querySpec *parser.QuerySpec, seriesWriter SeriesWriter) error {
user := querySpec.User()
db := querySpec.Database()
series := querySpec.Query().DropSeriesQuery.GetTableName()
if !user.IsClusterAdmin() && !user.IsDbAdmin(db) && !user.HasWriteAccess(series) {
return common.NewAuthorizationError("Insufficient permissions to drop series")
}
querySpec.RunAgainstAllServersInShard = true
return self.runQuerySpec(querySpec, seriesWriter)
}
func (self *CoordinatorImpl) CreateDatabase(user common.User, db string) error {
if !user.IsClusterAdmin() {
return common.NewAuthorizationError("Insufficient permission to create database")
}
err := self.raftServer.CreateDatabase(db)
if err != nil {
return err
}
return nil
}
func (self *CoordinatorImpl) ChangeDbUserPassword(requester common.User, db, username, password string) error {
if !requester.IsClusterAdmin() && !requester.IsDbAdmin(db) && !(requester.GetDb() == db && requester.GetName() == username) {
return common.NewAuthorizationError("Insufficient permissions")
}
hash, err := cluster.HashPassword(password)
if err != nil {
return err
}
return self.raftServer.ChangeDbUserPassword(db, username, hash)
}
func (self *CoordinatorImpl) ListSubscriptions(user common.User) error /*([]*Subscription, error)*/ {
if !user.IsClusterAdmin() {
return common.NewAuthorizationError("Insufficient permissions to list subscriptions")
}
fmt.Println("I reached coordinator listsubscriptions")
subscriptions := self.clusterConfiguration.GetSubscriptions()
fmt.Println(subscriptions)
return nil
//return subscriptions, nil
}
func (self *CoordinatorImpl) DropDatabase(user common.User, db string) error {
if !user.IsClusterAdmin() {
return common.NewAuthorizationError("Insufficient permission to drop database")
}
if err := self.raftServer.DropDatabase(db); err != nil {
return err
}
return self.datastore.DropDatabase(db)
}
func (self *CoordinatorImpl) SubscribeTimeSeries(user common.User) error /*([]*Subscription, error)*/ {
if !user.IsClusterAdmin() {
return common.NewAuthorizationError("Insufficient permissions to make a subscription")
}
fmt.Println("subscribing to a database")
//subscriptions := self.clusterConfiguration.GetSubscriptions()
//return subscriptions, nil
return nil
}
func (self *CoordinatorImpl) DeleteContinuousQuery(user common.User, db string, id uint32) error {
if !user.IsClusterAdmin() && !user.IsDbAdmin(db) {
return common.NewAuthorizationError("Insufficient permissions to delete continuous query")
}
err := self.raftServer.DeleteContinuousQuery(db, id)
if err != nil {
return err
}
return nil
}
func (self *CoordinatorImpl) GetDbUser(requester common.User, db string, username string) (common.User, error) {
if !requester.IsClusterAdmin() && !requester.IsDbAdmin(db) {
return nil, common.NewAuthorizationError("Insufficient permissions")
}
dbUser := self.clusterConfiguration.GetDbUser(db, username)
if dbUser == nil {
return nil, fmt.Errorf("Invalid username %s", username)
}
return dbUser, nil
}
