Example 16 with Action
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class DefaultSecureStoreServiceTest method revokeAndAssertSuccess.
private void revokeAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.revoke(entityId, principal, actions);
Set<Privilege> revokedPrivileges = new HashSet<>();
for (Action action : actions) {
revokedPrivileges.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.difference(existingPrivileges, revokedPrivileges), authorizer.listPrivileges(principal));
}Example 17 with Action
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class DefaultSecureStoreServiceTest method grantAndAssertSuccess.
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.grant(entityId, principal, actions);
ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
for (Action action : actions) {
expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal));
}
Also used :
Action(co.cask.cdap.proto.security.Action)
ImmutableSet(com.google.common.collect.ImmutableSet)
Privilege(co.cask.cdap.proto.security.Privilege)
Example 18 with Action
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class DatasetServiceAuthorizationTest method grantAndAssertSuccess.
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.grant(entityId, principal, actions);
ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
for (Action action : actions) {
expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal));
}
Also used :
Action(co.cask.cdap.proto.security.Action)
ImmutableSet(com.google.common.collect.ImmutableSet)
Privilege(co.cask.cdap.proto.security.Privilege)
Example 19 with Action
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class InMemoryAuthorizer method enforce.
@Override
public void enforce(EntityId entity, Principal principal, Set<Action> actions) throws UnauthorizedException {
// super users do not have any enforcement
if (superUsers.contains(principal) || superUsers.contains(allSuperUsers)) {
return;
}
// actions allowed for this principal
Set<Action> allowed = getActions(entity, principal);
if (allowed.containsAll(actions)) {
return;
}
Set<Action> allowedForRoles = new HashSet<>();
// actions allowed for any of the roles to which this principal belongs if its not a role
if (principal.getType() != Principal.PrincipalType.ROLE) {
for (Role role : getRoles(principal)) {
allowedForRoles.addAll(getActions(entity, role));
}
}
if (!allowedForRoles.containsAll(actions)) {
throw new UnauthorizedException(principal, Sets.difference(actions, allowed), entity);
}
}
Also used :
Role(co.cask.cdap.proto.security.Role)
Action(co.cask.cdap.proto.security.Action)
UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException)
HashSet(java.util.HashSet)
Example 20 with Action
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class AuthorizationTest method grantAndAssertSuccess.
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Authorizer authorizer = getAuthorizer();
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.grant(entityId, principal, actions);
ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
for (Action action : actions) {
expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal));
}
Also used :
Action(co.cask.cdap.proto.security.Action)
ImmutableSet(com.google.common.collect.ImmutableSet)
InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer)
Authorizer(co.cask.cdap.security.spi.authorization.Authorizer)
Privilege(co.cask.cdap.proto.security.Privilege)
Aggregations
Action (co.cask.cdap.proto.security.Action)21
Privilege (co.cask.cdap.proto.security.Privilege)9
Principal (co.cask.cdap.proto.security.Principal)6
HashSet (java.util.HashSet)6
EntityId (co.cask.cdap.proto.id.EntityId)5
UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)5
ImmutableSet (com.google.common.collect.ImmutableSet)5
POST (javax.ws.rs.POST)4
Path (javax.ws.rs.Path)4
InMemoryAuthorizer (co.cask.cdap.security.authorization.InMemoryAuthorizer)3
Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)3
MethodArgument (co.cask.cdap.common.internal.remote.MethodArgument)2
AuditPolicy (co.cask.cdap.common.security.AuditPolicy)2
NamespaceId (co.cask.cdap.proto.id.NamespaceId)2
StreamId (co.cask.cdap.proto.id.StreamId)2
Test (org.junit.Test)2
DatasetSpecification (co.cask.cdap.api.dataset.DatasetSpecification)1
DatasetAlreadyExistsException (co.cask.cdap.common.DatasetAlreadyExistsException)1
DatasetNotFoundException (co.cask.cdap.common.DatasetNotFoundException)1
DatasetTypeNotFoundException (co.cask.cdap.common.DatasetTypeNotFoundException)1
