use of co.cask.cdap.api.artifact.ArtifactSummary in project cdap by caskdata.
the class ArtifactRepository method getApplicationClasses.
/**
* Get all application classes in the given namespace of the given class name.
* Will never return null. If no artifacts exist, an empty list is returned. Namespace existence is not checked.
*
* @param namespace the namespace to get application classes from
* @param className the application class to get
* @return an unmodifiable list of application classes that belong to the given namespace
* @throws IOException if there as an exception reading from the meta store
*/
public List<ApplicationClassInfo> getApplicationClasses(NamespaceId namespace, String className) throws IOException {
List<ApplicationClassInfo> infos = Lists.newArrayList();
for (Map.Entry<ArtifactDescriptor, ApplicationClass> entry : artifactStore.getApplicationClasses(namespace, className).entrySet()) {
ArtifactSummary artifactSummary = ArtifactSummary.from(entry.getKey().getArtifactId());
ApplicationClass appClass = entry.getValue();
infos.add(new ApplicationClassInfo(artifactSummary, appClass.getClassName(), appClass.getConfigSchema()));
}
return Collections.unmodifiableList(infos);
}
use of co.cask.cdap.api.artifact.ArtifactSummary in project cdap by caskdata.
the class ArtifactRepository method getArtifactSummaries.
/**
* Get all artifacts in the given artifact range. Will never return null.
*
* @param range the range of the artifact
* @param limit the limit number of the result
* @param order the order of the result
* @return an unmodifiable list of artifacts in the given namespace of the given name
* @throws IOException if there as an exception reading from the meta store
*/
public List<ArtifactSummary> getArtifactSummaries(final ArtifactRange range, int limit, ArtifactSortOrder order) throws Exception {
List<ArtifactSummary> summaries = new ArrayList<>();
List<ArtifactSummary> artifacts = convertAndAdd(summaries, artifactStore.getArtifacts(range, limit, order));
// todo - CDAP-11560 should filter in artifact store
return Collections.unmodifiableList(Lists.newArrayList(filterAuthorizedArtifacts(artifacts, new NamespaceId(range.getNamespace()))));
}
use of co.cask.cdap.api.artifact.ArtifactSummary in project cdap by caskdata.
the class AuthorizationTest method testApps.
@Test
@Category(SlowTests.class)
public void testApps() throws Exception {
try {
deployApplication(NamespaceId.DEFAULT, DummyApp.class);
Assert.fail("App deployment should fail because alice does not have ADMIN privilege on the application");
} catch (UnauthorizedException e) {
// Expected
}
createAuthNamespace();
Authorizer authorizer = getAuthorizer();
ApplicationId dummyAppId = AUTH_NAMESPACE.app(DummyApp.class.getSimpleName());
Map<EntityId, Set<Action>> neededPrivileges = ImmutableMap.<EntityId, Set<Action>>builder().put(dummyAppId, EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.artifact(DummyApp.class.getSimpleName(), "1.0-SNAPSHOT"), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset("whom"), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.stream("who"), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset("customDataset"), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.datasetType(KeyValueTable.class.getName()), EnumSet.of(Action.ADMIN)).build();
setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges);
// alice will not be able to deploy the app since she does not have privilege on the implicit dataset module
try {
deployApplication(AUTH_NAMESPACE, DummyApp.class);
Assert.fail();
} catch (UnauthorizedException e) {
// expected
}
// grant alice the required implicit type and module
grantAndAssertSuccess(AUTH_NAMESPACE.datasetType(DummyApp.CustomDummyDataset.class.getName()), ALICE, EnumSet.of(Action.ADMIN));
cleanUpEntities.add(AUTH_NAMESPACE.datasetType(DummyApp.CustomDummyDataset.class.getName()));
grantAndAssertSuccess(AUTH_NAMESPACE.datasetModule(DummyApp.CustomDummyDataset.class.getName()), ALICE, EnumSet.of(Action.ADMIN));
cleanUpEntities.add(AUTH_NAMESPACE.datasetModule(DummyApp.CustomDummyDataset.class.getName()));
// this time it should be successful
ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, DummyApp.class);
// Bob should not have any privileges on Alice's app
Assert.assertTrue("Bob should not have any privileges on alice's app", authorizer.listPrivileges(BOB).isEmpty());
// update should succeed because alice has admin privileges on the app
appManager.update(new AppRequest(new ArtifactSummary(DummyApp.class.getSimpleName(), "1.0-SNAPSHOT")));
// Update should fail for Bob
SecurityRequestContext.setUserId(BOB.getName());
try {
appManager.update(new AppRequest(new ArtifactSummary(DummyApp.class.getSimpleName(), "1.0-SNAPSHOT")));
Assert.fail("App update should have failed because Bob does not have admin privileges on the app.");
} catch (UnauthorizedException expected) {
// expected
}
// grant READ and WRITE to Bob
grantAndAssertSuccess(dummyAppId, BOB, ImmutableSet.of(Action.READ, Action.WRITE));
// delete should fail
try {
appManager.delete();
} catch (UnauthorizedException expected) {
// expected
}
// grant ADMIN to Bob. Now delete should succeed
grantAndAssertSuccess(dummyAppId, BOB, ImmutableSet.of(Action.ADMIN));
// deletion should succeed since BOB has privileges on the app
appManager.delete();
// Should still have the privilege for the app since we no longer revoke privileges after deletion of an entity
Assert.assertTrue(!getAuthorizer().isVisible(Collections.singleton(dummyAppId), BOB).isEmpty());
// bob should still have privileges granted to him
Assert.assertEquals(3, authorizer.listPrivileges(BOB).size());
// switch back to Alice
SecurityRequestContext.setUserId(ALICE.getName());
// Deploy a couple of apps in the namespace
// Deploy dummy app should be successful since we already pre-grant the required privileges
deployApplication(AUTH_NAMESPACE, DummyApp.class);
final ApplicationId appId = AUTH_NAMESPACE.app(AllProgramsApp.NAME);
Map<EntityId, Set<Action>> anotherAppNeededPrivilege = ImmutableMap.<EntityId, Set<Action>>builder().put(appId, EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.artifact(AllProgramsApp.class.getSimpleName(), "1.0-SNAPSHOT"), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset(AllProgramsApp.DATASET_NAME), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset(AllProgramsApp.DATASET_NAME2), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset(AllProgramsApp.DATASET_NAME3), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset(AllProgramsApp.DS_WITH_SCHEMA_NAME), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.stream(AllProgramsApp.STREAM_NAME), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.datasetType(ObjectMappedTable.class.getName()), EnumSet.of(Action.ADMIN)).build();
setUpPrivilegeAndRegisterForDeletion(ALICE, anotherAppNeededPrivilege);
Map<EntityId, Set<Action>> bobDatasetPrivileges = ImmutableMap.<EntityId, Set<Action>>builder().put(AUTH_NAMESPACE.dataset(AllProgramsApp.DATASET_NAME), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset(AllProgramsApp.DATASET_NAME2), EnumSet.of(Action.ADMIN)).build();
Map<EntityId, Set<Action>> bobProgramPrivileges = ImmutableMap.<EntityId, Set<Action>>builder().put(appId.program(ProgramType.FLOW, AllProgramsApp.NoOpFlow.NAME), EnumSet.of(Action.EXECUTE)).put(appId.program(ProgramType.SERVICE, AllProgramsApp.NoOpService.NAME), EnumSet.of(Action.EXECUTE)).put(appId.program(ProgramType.WORKER, AllProgramsApp.NoOpWorker.NAME), EnumSet.of(Action.EXECUTE)).build();
setUpPrivilegeAndRegisterForDeletion(BOB, bobDatasetPrivileges);
setUpPrivilegeAndRegisterForDeletion(BOB, bobProgramPrivileges);
deployApplication(AUTH_NAMESPACE, AllProgramsApp.class);
// Switch to BOB since he does not have any privilege
SecurityRequestContext.setUserId(BOB.getName());
// deleting all apps should fail because bob does not have admin privileges on the apps and the namespace
try {
deleteAllApplications(AUTH_NAMESPACE);
Assert.fail("Deleting all applications in the namespace should have failed because bob does not have ADMIN " + "privilege on the workflow app.");
} catch (UnauthorizedException expected) {
// expected
}
ApplicationDetail applicationDetail = getAppDetail(appId);
Assert.assertEquals(bobDatasetPrivileges.keySet(), Sets.<EntityId>newHashSet(Iterables.transform(applicationDetail.getDatasets(), new Function<DatasetDetail, DatasetId>() {
@Override
public DatasetId apply(DatasetDetail input) {
return appId.getNamespaceId().dataset(input.getName());
}
})));
Assert.assertEquals(bobProgramPrivileges.keySet(), Sets.<EntityId>newHashSet(Iterables.transform(applicationDetail.getPrograms(), new Function<ProgramRecord, ProgramId>() {
@Override
public ProgramId apply(ProgramRecord input) {
return appId.program(input.getType(), input.getName());
}
})));
Assert.assertEquals(Collections.emptyList(), applicationDetail.getStreams());
// Switch to ALICE, deletion should be successful since ALICE has ADMIN privileges
SecurityRequestContext.setUserId(ALICE.getName());
deleteAllApplications(AUTH_NAMESPACE);
}
use of co.cask.cdap.api.artifact.ArtifactSummary in project cdap by caskdata.
the class Spark2Test method deploy.
private ApplicationManager deploy(NamespaceId namespaceId, Class<? extends Application> appClass) throws Exception {
ArtifactId artifactId = new ArtifactId(namespaceId.getNamespace(), appClass.getSimpleName(), "1.0-SNAPSHOT");
addArtifact(artifactId, ARTIFACTS.get(appClass));
AppRequest<?> appRequest = new AppRequest<>(new ArtifactSummary(artifactId.getArtifact(), artifactId.getVersion()), null);
return deployApplication(namespaceId.app(appClass.getSimpleName()), appRequest);
}
use of co.cask.cdap.api.artifact.ArtifactSummary in project cdap by caskdata.
the class IntegrationTestBase method doClear.
private void doClear(NamespaceId namespace, boolean deleteNamespace) throws Exception {
// stop all programs in the namespace
getProgramClient().stopAll(namespace);
if (deleteNamespace) {
getNamespaceClient().delete(namespace);
return;
}
// delete all apps in the namespace
for (ApplicationRecord app : getApplicationClient().list(namespace)) {
getApplicationClient().delete(namespace.app(app.getName(), app.getAppVersion()));
}
// delete all streams
for (StreamDetail streamDetail : getStreamClient().list(namespace)) {
getStreamClient().delete(namespace.stream(streamDetail.getName()));
}
// delete all dataset instances
for (DatasetSpecificationSummary datasetSpecSummary : getDatasetClient().list(namespace)) {
getDatasetClient().delete(namespace.dataset(datasetSpecSummary.getName()));
}
ArtifactClient artifactClient = new ArtifactClient(getClientConfig(), getRestClient());
for (ArtifactSummary artifactSummary : artifactClient.list(namespace, ArtifactScope.USER)) {
artifactClient.delete(namespace.artifact(artifactSummary.getName(), artifactSummary.getVersion()));
}
assertIsClear(namespace);
}
Aggregations