Class AbstractRoute
- java.lang.Object
-
- com.linkedin.venice.controller.server.AbstractRoute
-
- Direct Known Subclasses:
AdminCommandExecutionRoutes,AdminTopicMetadataRoutes,ClusterRoutes,ControllerRoutes,CreateStore,CreateVersion,DataRecoveryRoutes,JobRoutes,MigrationRoutes,NewClusterBuildOutRoutes,NodesAndReplicas,RoutersClusterConfigRoutes,SchemaRoutes,SkipAdminRoute,StoragePersonaRoutes,StoresRoutes,VersionRoute
public class AbstractRoute extends java.lang.Object
-
-
Constructor Summary
Constructors Constructor Description AbstractRoute(boolean sslEnabled, java.util.Optional<DynamicAccessController> accessController)Default constructor for different controller request routes.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected static java.security.cert.X509CertificategetCertificate(spark.Request request)Helper function to get certificate out of Spark requestprotected java.lang.StringgetPrincipalId(spark.Request request)Get principal Id from request.protected booleanhasAccessToStore(spark.Request request)Check whether the user has "GET" method access to the related store resource.protected booleanhasReadAccessToTopic(spark.Request request)Check whether the user has "Read" method access to the related version topics.protected booleanhasWriteAccessToTopic(spark.Request request)Check whether the user has "Write" method access to the related version topics.protected booleanisAclEnabled()protected booleanisAllowListUser(spark.Request request)Check whether the user is within the admin users allowlist.protected booleanisSslEnabled()
-
-
-
Constructor Detail
-
AbstractRoute
public AbstractRoute(boolean sslEnabled, java.util.Optional<DynamicAccessController> accessController)Default constructor for different controller request routes. TODO: once Venice Admin allowlist proposal is approved, we can transfer the allowlist to all routes through this constructor; make sure Nuage is also in the allowlist so that they can create stores- Parameters:
accessController- the access client that check whether a certificate can access a resource
-
-
Method Detail
-
hasWriteAccessToTopic
protected boolean hasWriteAccessToTopic(spark.Request request)
Check whether the user has "Write" method access to the related version topics.
-
hasReadAccessToTopic
protected boolean hasReadAccessToTopic(spark.Request request)
Check whether the user has "Read" method access to the related version topics.
-
getPrincipalId
protected java.lang.String getPrincipalId(spark.Request request)
Get principal Id from request.
-
hasAccessToStore
protected boolean hasAccessToStore(spark.Request request)
Check whether the user has "GET" method access to the related store resource. Notice: currently we don't have any controller request that necessarily requires "GET" ACL to store; ACL is not checked for requests that want to get metadata of a store/job.
-
isAllowListUser
protected boolean isAllowListUser(spark.Request request)
Check whether the user is within the admin users allowlist.
-
isSslEnabled
protected boolean isSslEnabled()
- Returns:
- whether SSL is enabled
-
isAclEnabled
protected boolean isAclEnabled()
- Returns:
- whether ACL check is enabled.
-
getCertificate
protected static java.security.cert.X509Certificate getCertificate(spark.Request request)
Helper function to get certificate out of Spark request
-
-