Example 56 with EntityId
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class AuthorizationTest method testCrossNSSpark.
@Test
public void testCrossNSSpark() throws Exception {
createAuthNamespace();
ApplicationId appId = AUTH_NAMESPACE.app(TestSparkCrossNSDatasetApp.APP_NAME);
Map<EntityId, Set<Action>> neededPrivileges = ImmutableMap.<EntityId, Set<Action>>builder().put(appId, EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.artifact(TestSparkCrossNSDatasetApp.class.getSimpleName(), "1.0-SNAPSHOT"), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.dataset(TestSparkCrossNSDatasetApp.DEFAULT_OUTPUT_DATASET), EnumSet.of(Action.ADMIN)).put(AUTH_NAMESPACE.datasetType(KeyValueTable.class.getName()), EnumSet.of(Action.ADMIN)).build();
setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges);
ProgramId programId = appId.spark(TestSparkCrossNSDatasetApp.SPARK_PROGRAM_NAME);
// bob will be executing the program
grantAndAssertSuccess(programId, BOB, EnumSet.of(Action.EXECUTE));
cleanUpEntities.add(programId);
ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, TestSparkCrossNSDatasetApp.class);
SparkManager sparkManager = appManager.getSparkManager(TestSparkCrossNSDatasetApp.SparkCrossNSDatasetProgram.class.getSimpleName());
testCrossNSSystemDatasetAccessWithAuthSpark(sparkManager);
testCrossNSDatasetAccessWithAuthSpark(sparkManager);
}
Also used :
EntityId(co.cask.cdap.proto.id.EntityId)
PrivilegedAction(java.security.PrivilegedAction)
Action(co.cask.cdap.proto.security.Action)
ApplicationManager(co.cask.cdap.test.ApplicationManager)
EnumSet(java.util.EnumSet)
Set(java.util.Set)
ImmutableSet(com.google.common.collect.ImmutableSet)
HashSet(java.util.HashSet)
PartitionedFileSet(co.cask.cdap.api.dataset.lib.PartitionedFileSet)
SparkManager(co.cask.cdap.test.SparkManager)
KeyValueTable(co.cask.cdap.api.dataset.lib.KeyValueTable)
TestSparkCrossNSDatasetApp(co.cask.cdap.spark.stream.TestSparkCrossNSDatasetApp)
ApplicationId(co.cask.cdap.proto.id.ApplicationId)
ProgramId(co.cask.cdap.proto.id.ProgramId)
Test(org.junit.Test)
Example 57 with EntityId
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class AuthorizationTest method afterTest.
@After
@Override
public void afterTest() throws Exception {
Authorizer authorizer = getAuthorizer();
SecurityRequestContext.setUserId(ALICE.getName());
grantAndAssertSuccess(AUTH_NAMESPACE, SecurityRequestContext.toPrincipal(), EnumSet.of(Action.ADMIN));
// clean up. remove the namespace if it exists
if (getNamespaceAdmin().exists(AUTH_NAMESPACE)) {
getNamespaceAdmin().delete(AUTH_NAMESPACE);
Assert.assertFalse(getNamespaceAdmin().exists(AUTH_NAMESPACE));
}
revokeAndAssertSuccess(AUTH_NAMESPACE);
for (EntityId entityId : cleanUpEntities) {
revokeAndAssertSuccess(entityId);
}
Assert.assertEquals(Collections.emptySet(), authorizer.listPrivileges(ALICE));
}
Also used :
EntityId(co.cask.cdap.proto.id.EntityId)
InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer)
Authorizer(co.cask.cdap.security.spi.authorization.Authorizer)
After(org.junit.After)
Example 58 with EntityId
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class RemotePrivilegesHandler method isVisible.
@POST
@Path("/isVisible")
public void isVisible(FullHttpRequest request, HttpResponder responder) throws Exception {
VisibilityRequest visibilityRequest = GSON.fromJson(request.content().toString(StandardCharsets.UTF_8), VisibilityRequest.class);
Principal principal = visibilityRequest.getPrincipal();
Set<EntityId> entityIds = visibilityRequest.getEntityIds();
LOG.trace("Checking visibility for principal {} on entities {}", principal, entityIds);
Set<? extends EntityId> visiableEntities = authorizationEnforcer.isVisible(entityIds, principal);
LOG.debug("Returning entities visible for principal {} as {}", principal, visiableEntities);
responder.sendJson(HttpResponseStatus.OK, GSON.toJson(visiableEntities));
}
Also used :
EntityId(co.cask.cdap.proto.id.EntityId)
VisibilityRequest(co.cask.cdap.proto.security.VisibilityRequest)
Principal(co.cask.cdap.proto.security.Principal)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 59 with EntityId
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class AuthorizationArtifactRepository method getArtifactDetails.
@Override
public List<ArtifactDetail> getArtifactDetails(final ArtifactRange range, int limit, ArtifactSortOrder order) throws Exception {
List<ArtifactDetail> artifacts = delegate.getArtifactDetails(range, limit, order);
// No authorization for system artifacts
if (NamespaceId.SYSTEM.getNamespace().equals(range.getNamespace())) {
return artifacts;
}
final NamespaceId namespaceId = new NamespaceId(range.getNamespace());
return AuthorizationUtil.isVisible(artifacts, authorizationEnforcer, authenticationContext.getPrincipal(), new Function<ArtifactDetail, EntityId>() {
@Override
public EntityId apply(ArtifactDetail input) {
co.cask.cdap.api.artifact.ArtifactId artifactId = input.getDescriptor().getArtifactId();
return namespaceId.artifact(artifactId.getName(), artifactId.getVersion().getVersion());
}
}, null);
}
Also used :
EntityId(co.cask.cdap.proto.id.EntityId)
ArtifactId(co.cask.cdap.proto.id.ArtifactId)
NamespaceId(co.cask.cdap.proto.id.NamespaceId)
Example 60 with EntityId
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class ConsumerSupplier method open.
/**
* Updates number of instances for the consumer group that this instance belongs to. It'll close existing
* consumer and create a new one with the new group size.
*
* @param groupSize New group size.
*/
void open(int groupSize) {
try {
close();
ConsumerConfig config = consumerConfig;
if (groupSize != config.getGroupSize()) {
config = new ConsumerConfig(consumerConfig.getGroupId(), consumerConfig.getInstanceId(), groupSize, consumerConfig.getDequeueStrategy(), consumerConfig.getHashKey());
}
if (queueName.isQueue()) {
QueueConsumer queueConsumer = dataFabricFacade.createConsumer(queueName, config, numGroups);
consumerConfig = queueConsumer.getConfig();
consumer = queueConsumer;
} else {
StreamId queueStream = queueName.toStreamId();
for (EntityId owner : owners) {
try {
runtimeUsageRegistry.register(owner, queueStream);
} catch (Exception e) {
LOG.warn("Failed to register usage of {} -> {}", owner, queueStream, e);
}
}
StreamConsumer streamConsumer = dataFabricFacade.createStreamConsumer(queueName.toStreamId(), config);
consumerConfig = streamConsumer.getConsumerConfig();
consumer = streamConsumer;
}
} catch (Exception e) {
throw Throwables.propagate(e);
}
}
Also used :
EntityId(co.cask.cdap.proto.id.EntityId)
StreamConsumer(co.cask.cdap.data2.transaction.stream.StreamConsumer)
StreamId(co.cask.cdap.proto.id.StreamId)
QueueConsumer(co.cask.cdap.data2.queue.QueueConsumer)
ConsumerConfig(co.cask.cdap.data2.queue.ConsumerConfig)
IOException(java.io.IOException)
Aggregations
EntityId (co.cask.cdap.proto.id.EntityId)62
Principal (co.cask.cdap.proto.security.Principal)21
EnumSet (java.util.EnumSet)18
HashSet (java.util.HashSet)18
Set (java.util.Set)18
PartitionedFileSet (co.cask.cdap.api.dataset.lib.PartitionedFileSet)17
ImmutableSet (com.google.common.collect.ImmutableSet)17
Test (org.junit.Test)17
Action (co.cask.cdap.proto.security.Action)14
UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)13
DatasetId (co.cask.cdap.proto.id.DatasetId)12
ProgramId (co.cask.cdap.proto.id.ProgramId)11
ApplicationManager (co.cask.cdap.test.ApplicationManager)11
ApplicationId (co.cask.cdap.proto.id.ApplicationId)10
StreamId (co.cask.cdap.proto.id.StreamId)9
NamespaceId (co.cask.cdap.proto.id.NamespaceId)8
PrivilegedAction (java.security.PrivilegedAction)8
KeyValueTable (co.cask.cdap.api.dataset.lib.KeyValueTable)7
NamespaceMeta (co.cask.cdap.proto.NamespaceMeta)7
Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)7
