Examples with EntityId co.cask.cdap.proto.id.EntityId used on opensource projects

Example 21 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class AuthorizationTest method testFlowStreamAuth.

@Test
@Category(SlowTests.class)
public void testFlowStreamAuth() throws Exception {
    createAuthNamespace();
    Authorizer authorizer = getAuthorizer();
    // set up privilege to deploy the app
    setUpPrivilegeToDeployStreamAuthApp();
    StreamId streamId1 = AUTH_NAMESPACE.stream(StreamAuthApp.STREAM);
    StreamId streamId2 = AUTH_NAMESPACE.stream(StreamAuthApp.STREAM2);
    Map<EntityId, Set<Action>> additionalPrivileges = ImmutableMap.<EntityId, Set<Action>>builder().put(streamId1, EnumSet.of(Action.READ, Action.WRITE)).put(streamId2, EnumSet.of(Action.READ, Action.WRITE)).put(AUTH_NAMESPACE.dataset(StreamAuthApp.KVTABLE), EnumSet.of(Action.READ, Action.WRITE)).put(AUTH_NAMESPACE.app(StreamAuthApp.APP).flow(StreamAuthApp.FLOW), EnumSet.of(Action.EXECUTE)).build();
    setUpPrivilegeAndRegisterForDeletion(ALICE, additionalPrivileges);
    ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, StreamAuthApp.class);
    final FlowManager flowManager = appManager.getFlowManager(StreamAuthApp.FLOW);
    StreamManager streamManager = getStreamManager(streamId1);
    StreamManager streamManager2 = getStreamManager(streamId2);
    streamManager.send("Auth");
    flowManager.start();
    Tasks.waitFor(true, new Callable<Boolean>() {

        @Override
        public Boolean call() throws Exception {
            DataSetManager<KeyValueTable> kvTable = getDataset(AUTH_NAMESPACE.dataset(StreamAuthApp.KVTABLE));
            return kvTable.get().read("Auth") != null;
        }
    }, 5, TimeUnit.SECONDS);
    flowManager.stop();
    flowManager.waitForRun(ProgramRunStatus.KILLED, 60, TimeUnit.SECONDS);
    // Now revoke the privileges for ALICE on the stream and grant her ADMIN and WRITE
    authorizer.revoke(Authorizable.fromEntityId(streamId1), ALICE, EnumSet.allOf(Action.class));
    authorizer.grant(Authorizable.fromEntityId(streamId1), ALICE, EnumSet.of(Action.WRITE, Action.ADMIN));
    streamManager.send("Security");
    streamManager2.send("Safety");
    try {
        flowManager.start();
    } catch (UnauthorizedException e) {
    // Expected
    }
    flowManager.waitForStatus(false);
    authorizer.grant(Authorizable.fromEntityId(streamId1), ALICE, ImmutableSet.of(Action.READ));
    flowManager.start();
    Tasks.waitFor(true, new Callable<Boolean>() {

        @Override
        public Boolean call() throws Exception {
            DataSetManager<KeyValueTable> kvTable = getDataset(AUTH_NAMESPACE.dataset(StreamAuthApp.KVTABLE));
            return kvTable.get().read("Security") != null;
        }
    }, 5, TimeUnit.SECONDS);
    TimeUnit.MILLISECONDS.sleep(10);
    flowManager.stop();
    flowManager.waitForRuns(ProgramRunStatus.KILLED, 2, 5, TimeUnit.SECONDS);
    appManager.delete();
}

Example 22 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class AuthorizationTest method testWorkerStreamAuth.

@Test
@Category(SlowTests.class)
public void testWorkerStreamAuth() throws Exception {
    createAuthNamespace();
    Authorizer authorizer = getAuthorizer();
    setUpPrivilegeToDeployStreamAuthApp();
    StreamId streamId = AUTH_NAMESPACE.stream(StreamAuthApp.STREAM);
    Map<EntityId, Set<Action>> additionalPrivileges = ImmutableMap.<EntityId, Set<Action>>builder().put(streamId, EnumSet.of(Action.READ, Action.WRITE)).put(AUTH_NAMESPACE.app(StreamAuthApp.APP).worker(StreamAuthApp.WORKER), EnumSet.of(Action.EXECUTE)).build();
    setUpPrivilegeAndRegisterForDeletion(ALICE, additionalPrivileges);
    ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, StreamAuthApp.class);
    WorkerManager workerManager = appManager.getWorkerManager(StreamAuthApp.WORKER);
    workerManager.start();
    workerManager.waitForRun(ProgramRunStatus.COMPLETED, 60, TimeUnit.SECONDS);
    StreamManager streamManager = getStreamManager(AUTH_NAMESPACE.stream(StreamAuthApp.STREAM));
    Assert.assertEquals(5, streamManager.getEvents(0, Long.MAX_VALUE, Integer.MAX_VALUE).size());
    // Now revoke write permission for Alice on that stream
    authorizer.revoke(Authorizable.fromEntityId(streamId), ALICE, EnumSet.of(Action.WRITE));
    workerManager.start();
    workerManager.waitForRuns(ProgramRunStatus.FAILED, 1, 60, TimeUnit.SECONDS);
    Assert.assertEquals(5, streamManager.getEvents(0, Long.MAX_VALUE, Integer.MAX_VALUE).size());
    appManager.delete();
}

Example 23 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class DefaultAuthorizationEnforcer method isVisible.

@Override
public Set<? extends EntityId> isVisible(Set<? extends EntityId> entityIds, Principal principal) throws Exception {
    if (!isSecurityAuthorizationEnabled()) {
        return entityIds;
    }
    Set<EntityId> visibleEntities = new HashSet<>();
    // filter out entity id which is in system namespace and principal is the master user
    for (EntityId entityId : entityIds) {
        if (isAccessingSystemNSAsMasterUser(entityId, principal) || isEnforcingOnSamePrincipalId(entityId, principal)) {
            visibleEntities.add(entityId);
        }
    }
    Set<? extends EntityId> difference = Sets.difference(entityIds, visibleEntities);
    LOG.trace("Checking visibility of {} for principal {}.", difference, principal);
    // create new stopwatch instance every time enforce is called since the DefaultAuthorizationEnforcer is binded as
    // singleton we don't want the stopwatch instance to get re-used across multiple calls.
    StopWatch watch = new StopWatch();
    watch.start();
    Set<? extends EntityId> moreVisibleEntities;
    try {
        moreVisibleEntities = authorizerInstantiator.get().isVisible(difference, principal);
    } finally {
        watch.stop();
        long timeTaken = watch.getTime();
        String logLine = "Checked visibility of {} for principal {}. Time spent in visibility check was {} ms.";
        if (timeTaken > logTimeTakenAsWarn) {
            LOG.warn(logLine, difference, principal, timeTaken);
        } else {
            LOG.trace(logLine, difference, principal, timeTaken);
        }
    }
    visibleEntities.addAll(moreVisibleEntities);
    LOG.trace("Getting {} as visible entities", visibleEntities);
    return Collections.unmodifiableSet(visibleEntities);
}

Example 24 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class DatasetInstanceServiceTest method testInstanceMetaCache.

@Test
public void testInstanceMetaCache() throws Exception {
    // deploy a dataset
    instanceService.create(NamespaceId.DEFAULT.getEntityName(), "testds", new DatasetInstanceConfiguration("table", new HashMap<String, String>()));
    // get the dataset meta for two different owners, assert it is the same
    DatasetMeta meta = instanceService.get(NamespaceId.DEFAULT.dataset("testds"), ImmutableList.<EntityId>of(new ProgramId(NamespaceId.DEFAULT.getNamespace(), "app1", ProgramType.FLOW, "flow1")));
    DatasetMeta met2 = instanceService.get(NamespaceId.DEFAULT.dataset("testds"), ImmutableList.<EntityId>of(new ProgramId(NamespaceId.DEFAULT.getNamespace(), "app2", ProgramType.FLOW, "flow2")));
    Assert.assertSame(meta, met2);
    // update the dataset
    instanceService.update(NamespaceId.DEFAULT.dataset("testds"), ImmutableMap.of("ttl", "12345678"));
    // get the dataset meta, validate it changed
    met2 = instanceService.get(NamespaceId.DEFAULT.dataset("testds"), ImmutableList.<EntityId>of(new ProgramId(NamespaceId.DEFAULT.getNamespace(), "app2", ProgramType.FLOW, "flow2")));
    Assert.assertNotSame(meta, met2);
    Assert.assertEquals("12345678", met2.getSpec().getProperty("ttl"));
    // delete the dataset
    instanceService.drop(NamespaceId.DEFAULT.dataset("testds"));
    // get the dataset meta, validate not found
    try {
        instanceService.get(NamespaceId.DEFAULT.dataset("testds"), ImmutableList.<EntityId>of(new ProgramId(NamespaceId.DEFAULT.getNamespace(), "app1", ProgramType.FLOW, "flow2")));
        Assert.fail("get() should have thrown NotFoundException");
    } catch (NotFoundException e) {
    // expected
    }
    // recreate the dataset
    instanceService.create(NamespaceId.DEFAULT.getNamespace(), "testds", new DatasetInstanceConfiguration("table", new HashMap<String, String>()));
    // get the dataset meta, validate it is up to date
    met2 = instanceService.get(NamespaceId.DEFAULT.dataset("testds"), ImmutableList.<EntityId>of(new ProgramId(NamespaceId.DEFAULT.getNamespace(), "app2", ProgramType.FLOW, "flow2")));
    Assert.assertEquals(meta.getSpec(), met2.getSpec());
}

Example 25 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class DefaultNamespaceAdmin method list.

/**
 * Lists all namespaces
 *
 * @return a list of {@link NamespaceMeta} for all namespaces
 */
@Override
public List<NamespaceMeta> list() throws Exception {
    List<NamespaceMeta> namespaces = nsStore.list();
    final Principal principal = authenticationContext.getPrincipal();
    return AuthorizationUtil.isVisible(namespaces, authorizationEnforcer, principal, new Function<NamespaceMeta, EntityId>() {

        @Override
        public EntityId apply(NamespaceMeta input) {
            return input.getNamespaceId();
        }
    }, new Predicate<NamespaceMeta>() {

        @Override
        public boolean apply(NamespaceMeta input) {
            return principal.getName().equals(input.getConfig().getPrincipal());
        }
    });
}