Search in sources :

Example 56 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class AuthorizationTest method testCrossNSSpark.

@Test
public void testCrossNSSpark() throws Exception {
    createAuthNamespace();
    ApplicationId appId = AUTH_NAMESPACE.app(TestSparkCrossNSDatasetApp.APP_NAME);
    Map<EntityId, Set<Action>> neededPrivileges = ImmutableMap.<EntityId, Set<Action>>builder().put(appId, EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.artifact(TestSparkCrossNSDatasetApp.class.getSimpleName(), "1.0-SNAPSHOT"), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset(TestSparkCrossNSDatasetApp.DEFAULT_OUTPUT_DATASET), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.datasetType(KeyValueTable.class.getName()), EnumSet.of(Action.ADMIN)).build();
    setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges);
    ProgramId programId = appId.spark(TestSparkCrossNSDatasetApp.SPARK_PROGRAM_NAME);
    // bob will be executing the program
    grantAndAssertSuccess(programId, BOB, EnumSet.of(Action.EXECUTE));
    cleanUpEntities.add(programId);
    ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, TestSparkCrossNSDatasetApp.class);
    SparkManager sparkManager = appManager.getSparkManager(TestSparkCrossNSDatasetApp.SparkCrossNSDatasetProgram.class.getSimpleName());
    testCrossNSSystemDatasetAccessWithAuthSpark(sparkManager);
    testCrossNSDatasetAccessWithAuthSpark(sparkManager);
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) PrivilegedAction(java.security.PrivilegedAction) Action(co.cask.cdap.proto.security.Action) ApplicationManager(co.cask.cdap.test.ApplicationManager) EnumSet(java.util.EnumSet) Set(java.util.Set) ImmutableSet(com.google.common.collect.ImmutableSet) HashSet(java.util.HashSet) PartitionedFileSet(co.cask.cdap.api.dataset.lib.PartitionedFileSet) SparkManager(co.cask.cdap.test.SparkManager) KeyValueTable(co.cask.cdap.api.dataset.lib.KeyValueTable) TestSparkCrossNSDatasetApp(co.cask.cdap.spark.stream.TestSparkCrossNSDatasetApp) ApplicationId(co.cask.cdap.proto.id.ApplicationId) ProgramId(co.cask.cdap.proto.id.ProgramId) Test(org.junit.Test)

Example 57 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class AuthorizationTest method afterTest.

@After
@Override
public void afterTest() throws Exception {
    Authorizer authorizer = getAuthorizer();
    SecurityRequestContext.setUserId(ALICE.getName());
    grantAndAssertSuccess(AUTH_NAMESPACE, SecurityRequestContext.toPrincipal(), EnumSet.of(Action.ADMIN));
    // clean up. remove the namespace if it exists
    if (getNamespaceAdmin().exists(AUTH_NAMESPACE)) {
        getNamespaceAdmin().delete(AUTH_NAMESPACE);
        Assert.assertFalse(getNamespaceAdmin().exists(AUTH_NAMESPACE));
    }
    revokeAndAssertSuccess(AUTH_NAMESPACE);
    for (EntityId entityId : cleanUpEntities) {
        revokeAndAssertSuccess(entityId);
    }
    Assert.assertEquals(Collections.emptySet(), authorizer.listPrivileges(ALICE));
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) After(org.junit.After)

Example 58 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class RemotePrivilegesHandler method isVisible.

@POST
@Path("/isVisible")
public void isVisible(FullHttpRequest request, HttpResponder responder) throws Exception {
    VisibilityRequest visibilityRequest = GSON.fromJson(request.content().toString(StandardCharsets.UTF_8), VisibilityRequest.class);
    Principal principal = visibilityRequest.getPrincipal();
    Set<EntityId> entityIds = visibilityRequest.getEntityIds();
    LOG.trace("Checking visibility for principal {} on entities {}", principal, entityIds);
    Set<? extends EntityId> visiableEntities = authorizationEnforcer.isVisible(entityIds, principal);
    LOG.debug("Returning entities visible for principal {} as {}", principal, visiableEntities);
    responder.sendJson(HttpResponseStatus.OK, GSON.toJson(visiableEntities));
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) VisibilityRequest(co.cask.cdap.proto.security.VisibilityRequest) Principal(co.cask.cdap.proto.security.Principal) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 59 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class AuthorizationArtifactRepository method getArtifactDetails.

@Override
public List<ArtifactDetail> getArtifactDetails(final ArtifactRange range, int limit, ArtifactSortOrder order) throws Exception {
    List<ArtifactDetail> artifacts = delegate.getArtifactDetails(range, limit, order);
    // No authorization for system artifacts
    if (NamespaceId.SYSTEM.getNamespace().equals(range.getNamespace())) {
        return artifacts;
    }
    final NamespaceId namespaceId = new NamespaceId(range.getNamespace());
    return AuthorizationUtil.isVisible(artifacts, authorizationEnforcer, authenticationContext.getPrincipal(), new Function<ArtifactDetail, EntityId>() {

        @Override
        public EntityId apply(ArtifactDetail input) {
            co.cask.cdap.api.artifact.ArtifactId artifactId = input.getDescriptor().getArtifactId();
            return namespaceId.artifact(artifactId.getName(), artifactId.getVersion().getVersion());
        }
    }, null);
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) ArtifactId(co.cask.cdap.proto.id.ArtifactId) NamespaceId(co.cask.cdap.proto.id.NamespaceId)

Example 60 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class ConsumerSupplier method open.

/**
 * Updates number of instances for the consumer group that this instance belongs to. It'll close existing
 * consumer and create a new one with the new group size.
 *
 * @param groupSize New group size.
 */
void open(int groupSize) {
    try {
        close();
        ConsumerConfig config = consumerConfig;
        if (groupSize != config.getGroupSize()) {
            config = new ConsumerConfig(consumerConfig.getGroupId(), consumerConfig.getInstanceId(), groupSize, consumerConfig.getDequeueStrategy(), consumerConfig.getHashKey());
        }
        if (queueName.isQueue()) {
            QueueConsumer queueConsumer = dataFabricFacade.createConsumer(queueName, config, numGroups);
            consumerConfig = queueConsumer.getConfig();
            consumer = queueConsumer;
        } else {
            StreamId queueStream = queueName.toStreamId();
            for (EntityId owner : owners) {
                try {
                    runtimeUsageRegistry.register(owner, queueStream);
                } catch (Exception e) {
                    LOG.warn("Failed to register usage of {} -> {}", owner, queueStream, e);
                }
            }
            StreamConsumer streamConsumer = dataFabricFacade.createStreamConsumer(queueName.toStreamId(), config);
            consumerConfig = streamConsumer.getConsumerConfig();
            consumer = streamConsumer;
        }
    } catch (Exception e) {
        throw Throwables.propagate(e);
    }
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) StreamConsumer(co.cask.cdap.data2.transaction.stream.StreamConsumer) StreamId(co.cask.cdap.proto.id.StreamId) QueueConsumer(co.cask.cdap.data2.queue.QueueConsumer) ConsumerConfig(co.cask.cdap.data2.queue.ConsumerConfig) IOException(java.io.IOException)

Aggregations

EntityId (co.cask.cdap.proto.id.EntityId)62 Principal (co.cask.cdap.proto.security.Principal)21 EnumSet (java.util.EnumSet)18 HashSet (java.util.HashSet)18 Set (java.util.Set)18 PartitionedFileSet (co.cask.cdap.api.dataset.lib.PartitionedFileSet)17 ImmutableSet (com.google.common.collect.ImmutableSet)17 Test (org.junit.Test)17 Action (co.cask.cdap.proto.security.Action)14 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)13 DatasetId (co.cask.cdap.proto.id.DatasetId)12 ProgramId (co.cask.cdap.proto.id.ProgramId)11 ApplicationManager (co.cask.cdap.test.ApplicationManager)11 ApplicationId (co.cask.cdap.proto.id.ApplicationId)10 StreamId (co.cask.cdap.proto.id.StreamId)9 NamespaceId (co.cask.cdap.proto.id.NamespaceId)8 PrivilegedAction (java.security.PrivilegedAction)8 KeyValueTable (co.cask.cdap.api.dataset.lib.KeyValueTable)7 NamespaceMeta (co.cask.cdap.proto.NamespaceMeta)7 Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)7