Example 56 with NamespaceMeta
use of co.cask.cdap.proto.NamespaceMeta in project cdap by caskdata.
the class AuthorizationTest method testCrossNSDatasetAccessFromFlowlet.
private void testCrossNSDatasetAccessFromFlowlet(final FlowManager flowManager) throws Exception {
NamespaceMeta outputDatasetNS = new NamespaceMeta.Builder().setName("outputNS").build();
getNamespaceAdmin().create(outputDatasetNS);
addDatasetInstance(outputDatasetNS.getNamespaceId().dataset("store"), "keyValueTable");
// switch to BOB
SecurityRequestContext.setUserId(BOB.getName());
Map<String, String> args = ImmutableMap.of(CrossNsDatasetAccessApp.OUTPUT_DATASET_NS, outputDatasetNS.getNamespaceId().getNamespace(), CrossNsDatasetAccessApp.OUTPUT_DATASET_NAME, "store");
// But trying to run a flow as BOB will fail since this flow writes to a dataset in another namespace in which
// is not accessible to BOB.
flowManager.start(args);
// wait for flow to be running
Tasks.waitFor(true, new Callable<Boolean>() {
@Override
public Boolean call() throws Exception {
return flowManager.isRunning();
}
}, 120, TimeUnit.SECONDS);
// The above will be a runtime failure after the flow start since it will not be able to use the dataset in the
// another namespace. Since the failure will lead to no metrics being emitted we cannot actually check it tried
// processing or not. So stop the flow and check that the output dataset is empty
flowManager.stop();
SecurityRequestContext.setUserId(ALICE.getName());
assertDatasetIsEmpty(outputDatasetNS.getNamespaceId(), "store");
// Give BOB permission to write to the dataset in another namespace
grantAndAssertSuccess(outputDatasetNS.getNamespaceId().dataset("store"), BOB, EnumSet.of(Action.WRITE));
// switch back to BOB to run flow again
SecurityRequestContext.setUserId(BOB.getName());
// running the flow now should pass and write data in another namespace successfully
flowManager.start(args);
flowManager.getFlowletMetrics("saver").waitForProcessed(10, 30, TimeUnit.SECONDS);
// switch back to alice and verify the data its fine now to verify the run record here because if the flow failed
// to write we will not see any data
SecurityRequestContext.setUserId(ALICE.getName());
DataSetManager<KeyValueTable> dataSetManager = getDataset(outputDatasetNS.getNamespaceId().dataset("store"));
KeyValueTable results = dataSetManager.get();
for (int i = 0; i < 10; i++) {
byte[] key = String.valueOf(i).getBytes(Charsets.UTF_8);
Assert.assertArrayEquals(key, results.read(key));
}
flowManager.stop();
getNamespaceAdmin().delete(outputDatasetNS.getNamespaceId());
}
Also used :
NamespaceMeta(co.cask.cdap.proto.NamespaceMeta)
KeyValueTable(co.cask.cdap.api.dataset.lib.KeyValueTable)
TimeoutException(java.util.concurrent.TimeoutException)
UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
Example 57 with NamespaceMeta
use of co.cask.cdap.proto.NamespaceMeta in project cdap by caskdata.
the class BatchStreamIntegrationTestRun method submitAndVerifyStreamOtherNamespaceBatchJob.
private void submitAndVerifyStreamOtherNamespaceBatchJob(Class<? extends AbstractApplication> appClass, String namespace, String streamWriter, String mapReduceName, int timeout) throws Exception {
NamespaceId namespaceId = new NamespaceId(namespace);
NamespaceMeta namespaceMeta = new NamespaceMeta.Builder().setName(namespace).build();
getNamespaceAdmin().create(namespaceMeta);
deployApplication(namespaceId, appClass);
ApplicationManager applicationManager = deployApplication(appClass);
StreamManager streamManager = getStreamManager(namespaceId.stream(streamWriter));
verifyStreamBatchJob(streamManager, applicationManager, mapReduceName, timeout);
}
Also used :
ApplicationManager(co.cask.cdap.test.ApplicationManager)
NamespaceMeta(co.cask.cdap.proto.NamespaceMeta)
StreamManager(co.cask.cdap.test.StreamManager)
NamespaceId(co.cask.cdap.proto.id.NamespaceId)
Example 58 with NamespaceMeta
use of co.cask.cdap.proto.NamespaceMeta in project cdap by caskdata.
the class AuthorizationTest method testCrossNSDatasetAccessWithAuthMapReduce.
private void testCrossNSDatasetAccessWithAuthMapReduce(MapReduceManager mrManager) throws Exception {
NamespaceMeta inputDatasetNS = new NamespaceMeta.Builder().setName("inputNS").build();
getNamespaceAdmin().create(inputDatasetNS);
NamespaceMeta outputDatasetNS = new NamespaceMeta.Builder().setName("outputNS").build();
getNamespaceAdmin().create(outputDatasetNS);
addDatasetInstance(inputDatasetNS.getNamespaceId().dataset("table1"), "keyValueTable").create();
addDatasetInstance(outputDatasetNS.getNamespaceId().dataset("table2"), "keyValueTable").create();
addDummyData(inputDatasetNS.getNamespaceId(), "table1");
Map<String, String> argsForMR = ImmutableMap.of(DatasetCrossNSAccessWithMAPApp.INPUT_DATASET_NS, inputDatasetNS.getNamespaceId().getNamespace(), DatasetCrossNSAccessWithMAPApp.INPUT_DATASET_NAME, "table1", DatasetCrossNSAccessWithMAPApp.OUTPUT_DATASET_NS, outputDatasetNS.getNamespaceId().getNamespace(), DatasetCrossNSAccessWithMAPApp.OUTPUT_DATASET_NAME, "table2");
// Switch to BOB and run the mapreduce job. The job will fail at the runtime since BOB does not have permission
// on the input and output datasets in another namespaces.
SecurityRequestContext.setUserId(BOB.getName());
assertProgramFailure(argsForMR, mrManager);
// Switch back to Alice
SecurityRequestContext.setUserId(ALICE.getName());
// Verify nothing write to the output dataset
assertDatasetIsEmpty(outputDatasetNS.getNamespaceId(), "table2");
// give privilege to BOB on the input dataset
grantAndAssertSuccess(inputDatasetNS.getNamespaceId().dataset("table1"), BOB, EnumSet.of(Action.READ));
// switch back to bob and try running again. this will still fail since bob does not have access on the output
// dataset
SecurityRequestContext.setUserId(BOB.getName());
assertProgramFailure(argsForMR, mrManager);
// Switch back to Alice
SecurityRequestContext.setUserId(ALICE.getName());
// Verify nothing write to the output dataset
assertDatasetIsEmpty(outputDatasetNS.getNamespaceId(), "table2");
// give privilege to BOB on the output dataset
grantAndAssertSuccess(outputDatasetNS.getNamespaceId().dataset("table2"), BOB, EnumSet.of(Action.WRITE));
// switch back to BOB and run MR again. this should work
SecurityRequestContext.setUserId(BOB.getName());
mrManager.start(argsForMR);
mrManager.waitForRun(ProgramRunStatus.COMPLETED, 5, TimeUnit.MINUTES);
// Verify results as alice
SecurityRequestContext.setUserId(ALICE.getName());
verifyDummyData(outputDatasetNS.getNamespaceId(), "table2");
getNamespaceAdmin().delete(inputDatasetNS.getNamespaceId());
getNamespaceAdmin().delete(outputDatasetNS.getNamespaceId());
}
Also used :
NamespaceMeta(co.cask.cdap.proto.NamespaceMeta)
Aggregations
NamespaceMeta (co.cask.cdap.proto.NamespaceMeta)58
NamespaceId (co.cask.cdap.proto.id.NamespaceId)26
Test (org.junit.Test)22
IOException (java.io.IOException)12
Location (org.apache.twill.filesystem.Location)6
KeyValueTable (co.cask.cdap.api.dataset.lib.KeyValueTable)5
BadRequestException (co.cask.cdap.common.BadRequestException)5
NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)5
ApplicationManager (co.cask.cdap.test.ApplicationManager)5
ExecutionException (java.util.concurrent.ExecutionException)5
NamespaceConfig (co.cask.cdap.proto.NamespaceConfig)4
UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)4
DatasetManagementException (co.cask.cdap.api.dataset.DatasetManagementException)3
RowMaker (co.cask.cdap.cli.util.RowMaker)3
Table (co.cask.cdap.cli.util.table.Table)3
NotFoundException (co.cask.cdap.common.NotFoundException)3
CConfiguration (co.cask.cdap.common.conf.CConfiguration)3
NamespaceAdmin (co.cask.cdap.common.namespace.NamespaceAdmin)3
Id (co.cask.cdap.proto.Id)3
ApplicationId (co.cask.cdap.proto.id.ApplicationId)3
