Search in sources :

Example 6 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class DatasetInstanceService method list.

/**
   * Lists all dataset instances in a namespace. If perimeter security and authorization are enabled, only returns the
   * dataset instances that the current user has access to.
   *
   * @param namespace the namespace to list datasets for
   * @return the dataset instances in the provided namespace
   * @throws NotFoundException if the namespace was not found
   * @throws IOException if there is a problem in making an HTTP request to check if the namespace exists
   */
Collection<DatasetSpecification> list(final NamespaceId namespace) throws Exception {
    Principal principal = authenticationContext.getPrincipal();
    ensureNamespaceExists(namespace);
    Collection<DatasetSpecification> datasets = instanceManager.getAll(namespace);
    final Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
    return Lists.newArrayList(Iterables.filter(datasets, new com.google.common.base.Predicate<DatasetSpecification>() {

        @Override
        public boolean apply(DatasetSpecification spec) {
            return filter.apply(namespace.dataset(spec.getName()));
        }
    }));
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) DatasetSpecification(co.cask.cdap.api.dataset.DatasetSpecification) Principal(co.cask.cdap.proto.security.Principal) Predicate(co.cask.cdap.api.Predicate)

Example 7 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class DatasetTypeService method getModule.

/**
   * Returns the {@link DatasetModuleMeta metadata} of the specified {@link DatasetModuleId}.
   */
DatasetModuleMeta getModule(DatasetModuleId datasetModuleId) throws Exception {
    ensureNamespaceExists(datasetModuleId.getParent());
    DatasetModuleMeta moduleMeta = typeManager.getModule(datasetModuleId);
    if (moduleMeta == null) {
        throw new DatasetModuleNotFoundException(datasetModuleId);
    }
    Principal principal = authenticationContext.getPrincipal();
    final Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
    if (!filter.apply(datasetModuleId)) {
        throw new UnauthorizedException(principal, datasetModuleId);
    }
    return moduleMeta;
}
Also used : DatasetModuleNotFoundException(co.cask.cdap.common.DatasetModuleNotFoundException) EntityId(co.cask.cdap.proto.id.EntityId) DatasetModuleMeta(co.cask.cdap.proto.DatasetModuleMeta) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) Principal(co.cask.cdap.proto.security.Principal)

Example 8 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class DatasetTypeService method listTypes.

/**
   * Lists all {@link DatasetType dataset types} in the specified {@link NamespaceId}.
   */
List<DatasetTypeMeta> listTypes(final NamespaceId namespaceId) throws Exception {
    ensureNamespaceExists(namespaceId);
    // Sorting by name for convenience
    List<DatasetTypeMeta> allTypes = Lists.newArrayList(typeManager.getTypes(namespaceId));
    Collections.sort(allTypes, new Comparator<DatasetTypeMeta>() {

        @Override
        public int compare(DatasetTypeMeta o1, DatasetTypeMeta o2) {
            return o1.getName().compareTo(o2.getName());
        }
    });
    Principal principal = authenticationContext.getPrincipal();
    final Predicate<EntityId> authFilter = authorizationEnforcer.createFilter(principal);
    Iterable<DatasetTypeMeta> authorizedDatasetTypes = Iterables.filter(allTypes, new com.google.common.base.Predicate<DatasetTypeMeta>() {

        @Override
        public boolean apply(DatasetTypeMeta datasetTypeMeta) {
            DatasetTypeId datasetTypeId = namespaceId.datasetType(datasetTypeMeta.getName());
            return authFilter.apply(datasetTypeId);
        }
    });
    return Lists.newArrayList(authorizedDatasetTypes);
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) DatasetTypeId(co.cask.cdap.proto.id.DatasetTypeId) DatasetTypeMeta(co.cask.cdap.proto.DatasetTypeMeta) Principal(co.cask.cdap.proto.security.Principal)

Example 9 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class DatasetTypeService method getType.

/**
   * Returns details of the specified {@link DatasetTypeId dataset type}.
   */
DatasetTypeMeta getType(DatasetTypeId datasetTypeId) throws Exception {
    ensureNamespaceExists(datasetTypeId.getParent());
    DatasetTypeMeta typeMeta = typeManager.getTypeInfo(datasetTypeId);
    if (typeMeta == null) {
        throw new DatasetTypeNotFoundException(datasetTypeId);
    }
    // TODO: Test if this can be removed
    if (NamespaceId.SYSTEM.equals(datasetTypeId.getParent())) {
        return typeMeta;
    }
    // only return the type if the user has some privileges on it
    Principal principal = authenticationContext.getPrincipal();
    Predicate<EntityId> authFilter = authorizationEnforcer.createFilter(principal);
    if (!authFilter.apply(datasetTypeId)) {
        throw new UnauthorizedException(principal, datasetTypeId);
    }
    return typeMeta;
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) DatasetTypeMeta(co.cask.cdap.proto.DatasetTypeMeta) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) DatasetTypeNotFoundException(co.cask.cdap.common.DatasetTypeNotFoundException) Principal(co.cask.cdap.proto.security.Principal)

Example 10 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class DatasetTypeService method listModules.

/**
   * Returns all {@link DatasetModuleMeta dataset modules} in the specified {@link NamespaceId namespace}.
   */
List<DatasetModuleMeta> listModules(final NamespaceId namespaceId) throws Exception {
    ensureNamespaceExists(namespaceId);
    // Sorting by name for convenience
    List<DatasetModuleMeta> allModules = Lists.newArrayList(typeManager.getModules(namespaceId));
    Collections.sort(allModules, new Comparator<DatasetModuleMeta>() {

        @Override
        public int compare(DatasetModuleMeta o1, DatasetModuleMeta o2) {
            return o1.getName().compareTo(o2.getName());
        }
    });
    Principal principal = authenticationContext.getPrincipal();
    final Predicate<EntityId> authFilter = authorizationEnforcer.createFilter(principal);
    Iterable<DatasetModuleMeta> authorizedDatasetModules = Iterables.filter(allModules, new com.google.common.base.Predicate<DatasetModuleMeta>() {

        @Override
        public boolean apply(DatasetModuleMeta datasetModuleMeta) {
            return authFilter.apply(namespaceId.datasetModule(datasetModuleMeta.getName()));
        }
    });
    return Lists.newArrayList(authorizedDatasetModules);
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) DatasetModuleMeta(co.cask.cdap.proto.DatasetModuleMeta) Principal(co.cask.cdap.proto.security.Principal)

Aggregations

EntityId (co.cask.cdap.proto.id.EntityId)62 Principal (co.cask.cdap.proto.security.Principal)21 EnumSet (java.util.EnumSet)18 HashSet (java.util.HashSet)18 Set (java.util.Set)18 PartitionedFileSet (co.cask.cdap.api.dataset.lib.PartitionedFileSet)17 ImmutableSet (com.google.common.collect.ImmutableSet)17 Test (org.junit.Test)17 Action (co.cask.cdap.proto.security.Action)14 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)13 DatasetId (co.cask.cdap.proto.id.DatasetId)12 ProgramId (co.cask.cdap.proto.id.ProgramId)11 ApplicationManager (co.cask.cdap.test.ApplicationManager)11 ApplicationId (co.cask.cdap.proto.id.ApplicationId)10 StreamId (co.cask.cdap.proto.id.StreamId)9 NamespaceId (co.cask.cdap.proto.id.NamespaceId)8 PrivilegedAction (java.security.PrivilegedAction)8 KeyValueTable (co.cask.cdap.api.dataset.lib.KeyValueTable)7 NamespaceMeta (co.cask.cdap.proto.NamespaceMeta)7 Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)7