Example 1 with AuthorizationClient
use of co.cask.cdap.client.AuthorizationClient in project cdap by caskdata.
the class AuthorizationCLITest method setup.
@BeforeClass
public static void setup() throws Exception {
CLIConfig cliConfig = createCLIConfig(AUTH_STANDALONE.getBaseURI());
LaunchOptions launchOptions = new LaunchOptions(LaunchOptions.DEFAULT.getUri(), true, true, false);
CLIMain cliMain = new CLIMain(launchOptions, cliConfig);
cli = cliMain.getCLI();
testCommandOutputContains(cli, "connect " + AUTH_STANDALONE.getBaseURI(), "Successfully connected");
authorizationClient = new AuthorizationClient(cliConfig.getClientConfig());
// Grant the privileges on the instance first. This is so that the current user can create a namespace.
// This needs to be done using the client because in these tests, it is impossible to set the
// SecurityRequestContext to a non-null value. Having a null user name is fine, but when it is used as null via a
// CLI command, the null is serialized to the String "null" which causes issues during enforcement, when the user
// is received as null, and not the String "null".
authorizationClient.grant(INSTANCE_ID, SecurityRequestContext.toPrincipal(), Collections.singleton(Action.ADMIN));
}
Also used :
AuthorizationClient(co.cask.cdap.client.AuthorizationClient)
BeforeClass(org.junit.BeforeClass)
Example 2 with AuthorizationClient
use of co.cask.cdap.client.AuthorizationClient in project cdap by caskdata.
the class AuthorizationHandlerTest method testDisabled.
private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception {
final InMemoryAuthorizer authorizer = new InMemoryAuthorizer();
NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()).addHttpHandlers(ImmutableList.of(new AuthorizationHandler(authorizer, new AuthorizerInstantiator(cConf, FACTORY) {
@Override
public Authorizer get() {
return authorizer;
}
}, cConf, authorizer, new MasterAuthenticationContext(), entityExistenceVerifier))).build();
service.startAndWait();
try {
final AuthorizationClient client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
final NamespaceId ns1 = Ids.namespace("ns1");
final Role admins = new Role("admins");
// Test that the right exception is thrown when any Authorization REST API is called with authorization disabled
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.grant(ns1, admin, ImmutableSet.of(Action.READ));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(ns1, admin, ImmutableSet.of(Action.READ));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(ns1);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listPrivileges(admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.addRoleToPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.removeRoleFromPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.createRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.dropRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listAllRoles();
}
}, feature, configSetting);
} finally {
service.stopAndWait();
}
}
Also used :
Role(co.cask.cdap.proto.security.Role)
MasterAuthenticationContext(co.cask.cdap.security.auth.context.MasterAuthenticationContext)
CommonNettyHttpServiceBuilder(co.cask.cdap.common.http.CommonNettyHttpServiceBuilder)
InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer)
AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator)
NettyHttpService(co.cask.http.NettyHttpService)
AuthorizationClient(co.cask.cdap.client.AuthorizationClient)
NamespaceId(co.cask.cdap.proto.id.NamespaceId)
FeatureDisabledException(co.cask.cdap.common.FeatureDisabledException)
IOException(java.io.IOException)
RoleNotFoundException(co.cask.cdap.security.spi.authorization.RoleNotFoundException)
RoleAlreadyExistsException(co.cask.cdap.security.spi.authorization.RoleAlreadyExistsException)
UnauthenticatedException(co.cask.cdap.common.UnauthenticatedException)
NotFoundException(co.cask.cdap.common.NotFoundException)
UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException)
Example 3 with AuthorizationClient
use of co.cask.cdap.client.AuthorizationClient in project cdap by caskdata.
the class AuthorizationHandlerTest method setUp.
@Before
public void setUp() throws Exception {
CConfiguration conf = CConfiguration.create();
conf.setBoolean(Constants.Security.Authorization.ENABLED, true);
conf.setBoolean(Constants.Security.ENABLED, true);
properties.setProperty("superusers", admin.getName());
final InMemoryAuthorizer auth = new InMemoryAuthorizer();
auth.initialize(FACTORY.create(properties));
service = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName()).addHttpHandlers(ImmutableList.of(new AuthorizationHandler(auth, new AuthorizerInstantiator(conf, FACTORY) {
@Override
public Authorizer get() {
return auth;
}
}, conf, auth, new MasterAuthenticationContext(), entityExistenceVerifier))).modifyChannelPipeline(new Function<ChannelPipeline, ChannelPipeline>() {
@Override
public ChannelPipeline apply(ChannelPipeline input) {
input.addBefore("dispatcher", "usernamesetter", new TestUserNameSetter());
input.addAfter("usernamesetter", "authenticator", new AuthenticationChannelHandler());
return input;
}
}).build();
service.startAndWait();
client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
System.setProperty(USERNAME_PROPERTY, admin.getName());
}
Also used :
MasterAuthenticationContext(co.cask.cdap.security.auth.context.MasterAuthenticationContext)
CommonNettyHttpServiceBuilder(co.cask.cdap.common.http.CommonNettyHttpServiceBuilder)
InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer)
AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator)
AuthenticationChannelHandler(co.cask.cdap.common.http.AuthenticationChannelHandler)
AuthorizationClient(co.cask.cdap.client.AuthorizationClient)
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
ChannelPipeline(org.jboss.netty.channel.ChannelPipeline)
Before(org.junit.Before)
Aggregations
AuthorizationClient (co.cask.cdap.client.AuthorizationClient)3
CommonNettyHttpServiceBuilder (co.cask.cdap.common.http.CommonNettyHttpServiceBuilder)2
MasterAuthenticationContext (co.cask.cdap.security.auth.context.MasterAuthenticationContext)2
AuthorizerInstantiator (co.cask.cdap.security.authorization.AuthorizerInstantiator)2
InMemoryAuthorizer (co.cask.cdap.security.authorization.InMemoryAuthorizer)2
FeatureDisabledException (co.cask.cdap.common.FeatureDisabledException)1
NotFoundException (co.cask.cdap.common.NotFoundException)1
UnauthenticatedException (co.cask.cdap.common.UnauthenticatedException)1
CConfiguration (co.cask.cdap.common.conf.CConfiguration)1
AuthenticationChannelHandler (co.cask.cdap.common.http.AuthenticationChannelHandler)1
NamespaceId (co.cask.cdap.proto.id.NamespaceId)1
Role (co.cask.cdap.proto.security.Role)1
RoleAlreadyExistsException (co.cask.cdap.security.spi.authorization.RoleAlreadyExistsException)1
RoleNotFoundException (co.cask.cdap.security.spi.authorization.RoleNotFoundException)1
UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)1
NettyHttpService (co.cask.http.NettyHttpService)1
IOException (java.io.IOException)1
ChannelPipeline (org.jboss.netty.channel.ChannelPipeline)1
Before (org.junit.Before)1
BeforeClass (org.junit.BeforeClass)1
