|
| 1 | +/* |
| 2 | + * Licensed to the Apache Software Foundation (ASF) under one |
| 3 | + * or more contributor license agreements. See the NOTICE file |
| 4 | + * distributed with this work for additional information |
| 5 | + * regarding copyright ownership. The ASF licenses this file |
| 6 | + * to you under the Apache License, Version 2.0 (the |
| 7 | + * "License"); you may not use this file except in compliance |
| 8 | + * with the License. You may obtain a copy of the License at |
| 9 | + * |
| 10 | + * http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | + * |
| 12 | + * Unless required by applicable law or agreed to in writing, software |
| 13 | + * distributed under the License is distributed on an "AS IS" BASIS, |
| 14 | + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 15 | + * See the License for the specific language governing permissions and |
| 16 | + * limitations under the License. |
| 17 | + */ |
| 18 | + |
| 19 | +package org.apache.cassandra.sidecar.adapters.base; |
| 20 | + |
| 21 | +import java.util.Iterator; |
| 22 | +import java.util.List; |
| 23 | +import java.util.Locale; |
| 24 | +import java.util.Map; |
| 25 | +import java.util.Random; |
| 26 | +import java.util.UUID; |
| 27 | +import java.util.regex.Pattern; |
| 28 | + |
| 29 | +import com.google.common.annotations.VisibleForTesting; |
| 30 | + |
| 31 | +import com.datastax.driver.core.ExecutionInfo; |
| 32 | +import com.datastax.driver.core.ResultSet; |
| 33 | +import com.datastax.driver.core.Row; |
| 34 | +import com.datastax.driver.core.SimpleStatement; |
| 35 | +import org.apache.cassandra.sidecar.common.request.data.GenerateRoleRequestPayload; |
| 36 | +import org.apache.cassandra.sidecar.common.response.GenerateRoleResponse; |
| 37 | +import org.apache.cassandra.sidecar.common.server.ICassandraAdapter; |
| 38 | +import org.apache.cassandra.sidecar.common.server.RolesOperations; |
| 39 | + |
| 40 | +public class CassandraRolesOperations implements RolesOperations |
| 41 | +{ |
| 42 | + private final UUIDGenerator generator; |
| 43 | + private final ICassandraAdapter cassandraAdapter; |
| 44 | + |
| 45 | + public CassandraRolesOperations(ICassandraAdapter cassandraAdapter) |
| 46 | + { |
| 47 | + this.cassandraAdapter = cassandraAdapter; |
| 48 | + this.generator = new UUIDGenerator(); |
| 49 | + } |
| 50 | + |
| 51 | + public GenerateRoleResponse generateRole(GenerateRoleRequestPayload payload) |
| 52 | + { |
| 53 | + String role = null; |
| 54 | + String password = null; |
| 55 | + if (payload.sidecarGeneration) |
| 56 | + { |
| 57 | + role = generator.generate(payload.roleNameOptions); |
| 58 | + // we do not accept any parameters for password, it will be just uuid |
| 59 | + if (payload.passwordGeneration) |
| 60 | + password = generator.generate(Map.of()); |
| 61 | + } |
| 62 | + |
| 63 | + try |
| 64 | + { |
| 65 | + SimpleStatement statement = new SimpleStatement(constructQuery(payload, role, password)); |
| 66 | + ResultSet resultSet = cassandraAdapter.executeLocal(statement); |
| 67 | + |
| 68 | + ExecutionInfo executionInfo = resultSet.getExecutionInfo(); |
| 69 | + List<String> warnings = executionInfo.getWarnings(); |
| 70 | + if (warnings != null && !warnings.isEmpty()) |
| 71 | + throw new IllegalStateException(String.join(" ", warnings)); |
| 72 | + |
| 73 | + if (payload.sidecarGeneration) |
| 74 | + { |
| 75 | + return new GenerateRoleResponse(role, password); |
| 76 | + } |
| 77 | + else |
| 78 | + { |
| 79 | + Row one = resultSet.one(); |
| 80 | + return new GenerateRoleResponse(one.getString("generated_role"), one.getString("generated_password")); |
| 81 | + } |
| 82 | + } |
| 83 | + catch (Throwable t) |
| 84 | + { |
| 85 | + throw new IllegalStateException(t); |
| 86 | + } |
| 87 | + } |
| 88 | + |
| 89 | + private String constructQuery(GenerateRoleRequestPayload payload, String generatedRole, String generatedPassword) |
| 90 | + { |
| 91 | + String query; |
| 92 | + boolean withStarted = false; |
| 93 | + if (payload.sidecarGeneration) |
| 94 | + { |
| 95 | + if (payload.passwordGeneration) |
| 96 | + { |
| 97 | + query = "CREATE ROLE " + generatedRole + " WITH PASSWORD = '" + generatedPassword + "'"; |
| 98 | + withStarted = true; |
| 99 | + } |
| 100 | + else |
| 101 | + { |
| 102 | + query = "CREATE ROLE " + generatedRole; |
| 103 | + withStarted = true; |
| 104 | + } |
| 105 | + } |
| 106 | + else |
| 107 | + { |
| 108 | + if (payload.passwordGeneration) |
| 109 | + { |
| 110 | + query = "CREATE GENERATED ROLE WITH GENERATED PASSWORD"; |
| 111 | + withStarted = true; |
| 112 | + } |
| 113 | + else |
| 114 | + { |
| 115 | + query = "CREATE GENERATED ROLE"; |
| 116 | + } |
| 117 | + } |
| 118 | + |
| 119 | + if (!payload.sidecarGeneration) |
| 120 | + { |
| 121 | + |
| 122 | + StringBuilder sb = new StringBuilder(); |
| 123 | + Map<String, String> config = payload.roleNameOptions(); |
| 124 | + if (config != null) |
| 125 | + { |
| 126 | + Iterator<Map.Entry<String, String>> iterator = config.entrySet().iterator(); |
| 127 | + while (iterator.hasNext()) |
| 128 | + { |
| 129 | + Map.Entry<String, String> next = iterator.next(); |
| 130 | + |
| 131 | + sb.append("'").append(next.getKey()).append("'") |
| 132 | + .append(":") |
| 133 | + .append("'").append(next.getValue()).append("'"); |
| 134 | + |
| 135 | + if (iterator.hasNext()) |
| 136 | + sb.append(","); |
| 137 | + } |
| 138 | + } |
| 139 | + |
| 140 | + String maybeOptions = sb.toString(); |
| 141 | + if (!maybeOptions.isBlank()) |
| 142 | + { |
| 143 | + if (withStarted) |
| 144 | + query = query + " AND OPTIONS = {" + maybeOptions + "}"; |
| 145 | + else |
| 146 | + query = query + " WITH OPTIONS = {" + maybeOptions + "}"; |
| 147 | + } |
| 148 | + } |
| 149 | + |
| 150 | + return query; |
| 151 | + } |
| 152 | + |
| 153 | + /** |
| 154 | + * Generator of UUIDs where first character is always a character. |
| 155 | + */ |
| 156 | + @VisibleForTesting |
| 157 | + public static class UUIDGenerator |
| 158 | + { |
| 159 | + public static final String NAME_PREFIX_KEY = "name_prefix"; |
| 160 | + public static final String NAME_SUFFIX_KEY = "name_suffix"; |
| 161 | + public static final String NAME_SIZE = "name_size"; |
| 162 | + public static final int MINIMUM_NAME_SIZE = 10; |
| 163 | + |
| 164 | + private static final Pattern PATTERN = Pattern.compile("-"); |
| 165 | + public static final char[] FIRST_CHARS = { 'a', 'b', 'c', 'd', 'e', 'f' }; |
| 166 | + |
| 167 | + private static final Random random = new Random(); |
| 168 | + // lenght of UUID without hyphens |
| 169 | + // generated name can be longer than this if it has prefix / suffix |
| 170 | + public static final int MAXIMUM_NAME_SIZE = 32; |
| 171 | + |
| 172 | + public String generate(Map<String, String> options) |
| 173 | + { |
| 174 | + int size = getSize(options); |
| 175 | + |
| 176 | + // to always start on a letter, so we do not need to wrap in '' |
| 177 | + char firstChar = FIRST_CHARS[random.nextInt(6)]; |
| 178 | + String uuid = UUID.randomUUID().toString().toLowerCase(Locale.ROOT); |
| 179 | + String uuidWithoutHyphens = PATTERN.matcher(uuid).replaceAll(""); |
| 180 | + String name = firstChar + uuidWithoutHyphens.substring(1); |
| 181 | + |
| 182 | + name = name.substring(0, size); |
| 183 | + name = enrich(NAME_PREFIX_KEY, name, options); |
| 184 | + name = enrich(NAME_SUFFIX_KEY, name, options); |
| 185 | + |
| 186 | + return name; |
| 187 | + } |
| 188 | + |
| 189 | + private String enrich(String key, String generatedValue, Map<String, String> options) |
| 190 | + { |
| 191 | + if (options == null || options.isEmpty()) |
| 192 | + return generatedValue; |
| 193 | + |
| 194 | + if (options.containsKey(key)) |
| 195 | + { |
| 196 | + Object value = options.get(key); |
| 197 | + |
| 198 | + if (value == null) |
| 199 | + throw new IllegalArgumentException("Value of " + key + " cannot be null."); |
| 200 | + |
| 201 | + if (NAME_PREFIX_KEY.equals(key)) |
| 202 | + generatedValue = value + generatedValue; |
| 203 | + else if (NAME_SUFFIX_KEY.equals(key)) |
| 204 | + generatedValue = generatedValue + value; |
| 205 | + } |
| 206 | + |
| 207 | + return generatedValue; |
| 208 | + } |
| 209 | + |
| 210 | + private int getSize(Map<String, String> options) |
| 211 | + { |
| 212 | + Object sizeObject; |
| 213 | + if (options == null) |
| 214 | + { |
| 215 | + sizeObject = MAXIMUM_NAME_SIZE; |
| 216 | + } |
| 217 | + else if (options.containsKey(NAME_SIZE)) |
| 218 | + { |
| 219 | + Object nameSizeValue = options.get(NAME_SIZE); |
| 220 | + if (nameSizeValue != null) |
| 221 | + sizeObject = nameSizeValue; |
| 222 | + else |
| 223 | + throw new IllegalArgumentException("Value of " + NAME_SIZE + " has to be strictly positive integer."); |
| 224 | + } |
| 225 | + else |
| 226 | + { |
| 227 | + sizeObject = MAXIMUM_NAME_SIZE; |
| 228 | + } |
| 229 | + |
| 230 | + int size; |
| 231 | + |
| 232 | + if (sizeObject instanceof String) |
| 233 | + { |
| 234 | + try |
| 235 | + { |
| 236 | + size = Integer.parseInt((String) sizeObject); |
| 237 | + } |
| 238 | + catch (Throwable t) |
| 239 | + { |
| 240 | + throw new IllegalArgumentException("Value '" + sizeObject + "' can't be converted to integer."); |
| 241 | + } |
| 242 | + } |
| 243 | + else size = ((Number) sizeObject).intValue(); |
| 244 | + |
| 245 | + if (size < MINIMUM_NAME_SIZE) |
| 246 | + throw new IllegalArgumentException("Value of " + NAME_SIZE + " parameter has to be at least " + MINIMUM_NAME_SIZE + '.'); |
| 247 | + |
| 248 | + if (size > MAXIMUM_NAME_SIZE) |
| 249 | + throw new IllegalArgumentException("Generator generates names of maximum length " + MAXIMUM_NAME_SIZE + ". " + |
| 250 | + "You want to generate with length " + size + '.'); |
| 251 | + |
| 252 | + return size; |
| 253 | + } |
| 254 | + } |
| 255 | +} |
0 commit comments