Class AclSelector
java.lang.Object
org.apache.drill.exec.resourcemgr.config.selectors.AbstractResourcePoolSelector
org.apache.drill.exec.resourcemgr.config.selectors.AclSelector
- All Implemented Interfaces:
ResourcePoolSelector
Evaluates if a query can be admitted to a ResourcePool or not by comparing query user/groups with the
configured users/groups policies for this selector. AclSelector can be configured using both long-form syntax or
short-form syntax as defined below:
- Long-Form Syntax: Allows to use identifiers to specify allowed and disallowed users/groups. For example: users: [alice:+, bob:-] means alice is allowed whereas bob is denied access to the pool
- Short-Form Syntax: Allows to specify lists of allowed users/groups only. For example: users: [alice, bob] means only alice and bob are allowed access to this pool
selector: {
acl: {
users: [alice:+, bob:-],
groups: [sales, marketing]
}
}
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.drill.exec.resourcemgr.config.selectors.ResourcePoolSelector
ResourcePoolSelector.SelectorType
-
Field Summary
Fields inherited from class org.apache.drill.exec.resourcemgr.config.selectors.AbstractResourcePoolSelector
SELECTOR_TYPE
-
Method Summary
Modifier and TypeMethodDescriptionboolean
checkQueryUserGroups
(String queryUser, Set<String> queryGroups) boolean
isQuerySelected
(QueryContext queryContext) Determines if a given query is selected by this ACL selector of a Resource Pool or not.toString()
Methods inherited from class org.apache.drill.exec.resourcemgr.config.selectors.AbstractResourcePoolSelector
getSelectorType
-
Method Details
-
isQuerySelected
Determines if a given query is selected by this ACL selector of a Resource Pool or not. Following rules are followed to evaluate the selection. Assumption: There is an assumption made that if a user or group is configured in both +ve/-ve respective lists then it will be treated to be present in -ve list. Rules: 1) Check if query user is present in -ve users list, If yes then query is not selected else go to 2 2) Check if query user is present in +ve users list, If yes then query is selected else go to 3 3) Check if * is present in -ve users list, if yes then query is not selected else go to 4 4) Check if * is present in +ve users list, if yes then query is selected else go to 5 5) If here that means query user or * is absent in both +ve and -ve users list so check for groups of query user in step 6 6) Check if any of groups of query user is present in -ve groups list, If yes then query is not selected else go to 7 7) Check if any of groups of query user is present in +ve groups list, If yes then query selected else go to 8 8) Check if * is present in -ve groups list, If yes then query is not selected else go to 9 9) Check if * is present in +ve groups list, If yes then query is selected else go to 10 10) Query user and groups of it is neither present is +ve/-ve users list not +ve/-ve groups list hence the query is not selected- Specified by:
isQuerySelected
in interfaceResourcePoolSelector
- Specified by:
isQuerySelected
in classAbstractResourcePoolSelector
- Parameters:
queryContext
- QueryContext to get information about query user- Returns:
- true if a query is selected by this selector, false otherwise
-
checkQueryUserGroups
-
getAllowedUsers
-
getAllowedGroups
-
getDeniedUsers
-
getDeniedGroups
-
toString
- Overrides:
toString
in classAbstractResourcePoolSelector
-