Package com.linkedin.venice.controller.server

Class AbstractRoute

java.lang.Object

com.linkedin.venice.controller.server.AbstractRoute

Direct Known Subclasses:

AdminCommandExecutionRoutes, AdminTopicMetadataRoutes, ClusterRoutes, ControllerRoutes, CreateStore, CreateVersion, DataRecoveryRoutes, JobRoutes, MigrationRoutes, NewClusterBuildOutRoutes, NodesAndReplicas, RoutersClusterConfigRoutes, SchemaRoutes, SkipAdminRoute, StoragePersonaRoutes, StoresRoutes, VersionRoute

public class AbstractRoute
extends Object

Constructor Summary

Constructors

Constructor	Description
AbstractRoute(boolean sslEnabled, Optional<DynamicAccessController> accessController)	Default constructor for different controller request routes.

Method Summary

Modifier and Type	Method	Description
protected static X509Certificate	getCertificate(spark.Request request)	Helper function to get certificate out of Spark request
protected String	getPrincipalId(spark.Request request)	Get principal Id from request.
protected boolean	hasAccessToStore(spark.Request request)	Check whether the user has "GET" method access to the related store resource.
protected boolean	hasReadAccessToTopic(spark.Request request)	Check whether the user has "Read" method access to the related version topics.
protected boolean	hasWriteAccessToTopic(spark.Request request)	Check whether the user has "Write" method access to the related version topics.
protected boolean	isAclEnabled()
protected boolean	isAllowListUser(spark.Request request)	Check whether the user is within the admin users allowlist.
protected boolean	isSslEnabled()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AbstractRoute

public AbstractRoute(boolean sslEnabled,
 Optional<DynamicAccessController> accessController)

Default constructor for different controller request routes. TODO: once Venice Admin allowlist proposal is approved, we can transfer the allowlist to all routes through this constructor; make sure Nuage is also in the allowlist so that they can create stores

Parameters:

accessController - the access client that check whether a certificate can access a resource

Method Details

hasWriteAccessToTopic

protected boolean hasWriteAccessToTopic(spark.Request request)

Check whether the user has "Write" method access to the related version topics.

hasReadAccessToTopic

protected boolean hasReadAccessToTopic(spark.Request request)

Check whether the user has "Read" method access to the related version topics.

getPrincipalId

protected String getPrincipalId(spark.Request request)

Get principal Id from request.

hasAccessToStore

protected boolean hasAccessToStore(spark.Request request)

Check whether the user has "GET" method access to the related store resource. Notice: currently we don't have any controller request that necessarily requires "GET" ACL to store; ACL is not checked for requests that want to get metadata of a store/job.

isAllowListUser

protected boolean isAllowListUser(spark.Request request)

Check whether the user is within the admin users allowlist.

isSslEnabled

protected boolean isSslEnabled()

Returns:

whether SSL is enabled

isAclEnabled

protected boolean isAclEnabled()

Returns:

whether ACL check is enabled.

getCertificate

protected static X509Certificate getCertificate(spark.Request request)

Helper function to get certificate out of Spark request