use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class AuthorizationTest method testCrossNSSpark.
@Test
public void testCrossNSSpark() throws Exception {
createAuthNamespace();
ApplicationId appId = AUTH_NAMESPACE.app(TestSparkCrossNSDatasetApp.APP_NAME);
Map<EntityId, Set<Action>> neededPrivileges = ImmutableMap.<EntityId, Set<Action>>builder().put(appId, EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.artifact(TestSparkCrossNSDatasetApp.class.getSimpleName(), "1.0-SNAPSHOT"), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset(TestSparkCrossNSDatasetApp.DEFAULT_OUTPUT_DATASET), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.datasetType(KeyValueTable.class.getName()), EnumSet.of(Action.ADMIN)).build();
setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges);
ProgramId programId = appId.spark(TestSparkCrossNSDatasetApp.SPARK_PROGRAM_NAME);
// bob will be executing the program
grantAndAssertSuccess(programId, BOB, EnumSet.of(Action.EXECUTE));
cleanUpEntities.add(programId);
ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, TestSparkCrossNSDatasetApp.class);
SparkManager sparkManager = appManager.getSparkManager(TestSparkCrossNSDatasetApp.SparkCrossNSDatasetProgram.class.getSimpleName());
testCrossNSSystemDatasetAccessWithAuthSpark(sparkManager);
testCrossNSDatasetAccessWithAuthSpark(sparkManager);
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class AuthorizationTest method afterTest.
@After
@Override
public void afterTest() throws Exception {
Authorizer authorizer = getAuthorizer();
SecurityRequestContext.setUserId(ALICE.getName());
grantAndAssertSuccess(AUTH_NAMESPACE, SecurityRequestContext.toPrincipal(), EnumSet.of(Action.ADMIN));
// clean up. remove the namespace if it exists
if (getNamespaceAdmin().exists(AUTH_NAMESPACE)) {
getNamespaceAdmin().delete(AUTH_NAMESPACE);
Assert.assertFalse(getNamespaceAdmin().exists(AUTH_NAMESPACE));
}
revokeAndAssertSuccess(AUTH_NAMESPACE);
for (EntityId entityId : cleanUpEntities) {
revokeAndAssertSuccess(entityId);
}
Assert.assertEquals(Collections.emptySet(), authorizer.listPrivileges(ALICE));
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class RemotePrivilegesHandler method isVisible.
@POST
@Path("/isVisible")
public void isVisible(FullHttpRequest request, HttpResponder responder) throws Exception {
VisibilityRequest visibilityRequest = GSON.fromJson(request.content().toString(StandardCharsets.UTF_8), VisibilityRequest.class);
Principal principal = visibilityRequest.getPrincipal();
Set<EntityId> entityIds = visibilityRequest.getEntityIds();
LOG.trace("Checking visibility for principal {} on entities {}", principal, entityIds);
Set<? extends EntityId> visiableEntities = authorizationEnforcer.isVisible(entityIds, principal);
LOG.debug("Returning entities visible for principal {} as {}", principal, visiableEntities);
responder.sendJson(HttpResponseStatus.OK, GSON.toJson(visiableEntities));
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class AuthorizationArtifactRepository method getArtifactDetails.
@Override
public List<ArtifactDetail> getArtifactDetails(final ArtifactRange range, int limit, ArtifactSortOrder order) throws Exception {
List<ArtifactDetail> artifacts = delegate.getArtifactDetails(range, limit, order);
// No authorization for system artifacts
if (NamespaceId.SYSTEM.getNamespace().equals(range.getNamespace())) {
return artifacts;
}
final NamespaceId namespaceId = new NamespaceId(range.getNamespace());
return AuthorizationUtil.isVisible(artifacts, authorizationEnforcer, authenticationContext.getPrincipal(), new Function<ArtifactDetail, EntityId>() {
@Override
public EntityId apply(ArtifactDetail input) {
co.cask.cdap.api.artifact.ArtifactId artifactId = input.getDescriptor().getArtifactId();
return namespaceId.artifact(artifactId.getName(), artifactId.getVersion().getVersion());
}
}, null);
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class ConsumerSupplier method open.
/**
* Updates number of instances for the consumer group that this instance belongs to. It'll close existing
* consumer and create a new one with the new group size.
*
* @param groupSize New group size.
*/
void open(int groupSize) {
try {
close();
ConsumerConfig config = consumerConfig;
if (groupSize != config.getGroupSize()) {
config = new ConsumerConfig(consumerConfig.getGroupId(), consumerConfig.getInstanceId(), groupSize, consumerConfig.getDequeueStrategy(), consumerConfig.getHashKey());
}
if (queueName.isQueue()) {
QueueConsumer queueConsumer = dataFabricFacade.createConsumer(queueName, config, numGroups);
consumerConfig = queueConsumer.getConfig();
consumer = queueConsumer;
} else {
StreamId queueStream = queueName.toStreamId();
for (EntityId owner : owners) {
try {
runtimeUsageRegistry.register(owner, queueStream);
} catch (Exception e) {
LOG.warn("Failed to register usage of {} -> {}", owner, queueStream, e);
}
}
StreamConsumer streamConsumer = dataFabricFacade.createStreamConsumer(queueName.toStreamId(), config);
consumerConfig = streamConsumer.getConsumerConfig();
consumer = streamConsumer;
}
} catch (Exception e) {
throw Throwables.propagate(e);
}
}
Aggregations