use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class DefaultSecureStoreServiceTest method revokeAndAssertSuccess.
private void revokeAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.revoke(entityId, principal, actions);
Set<Privilege> revokedPrivileges = new HashSet<>();
for (Action action : actions) {
revokedPrivileges.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.difference(existingPrivileges, revokedPrivileges), authorizer.listPrivileges(principal));
}
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class DefaultSecureStoreServiceTest method grantAndAssertSuccess.
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.grant(entityId, principal, actions);
ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
for (Action action : actions) {
expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal));
}
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class DatasetServiceAuthorizationTest method grantAndAssertSuccess.
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.grant(entityId, principal, actions);
ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
for (Action action : actions) {
expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal));
}
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class InMemoryAuthorizer method enforce.
@Override
public void enforce(EntityId entity, Principal principal, Set<Action> actions) throws UnauthorizedException {
// super users do not have any enforcement
if (superUsers.contains(principal) || superUsers.contains(allSuperUsers)) {
return;
}
// actions allowed for this principal
Set<Action> allowed = getActions(entity, principal);
if (allowed.containsAll(actions)) {
return;
}
Set<Action> allowedForRoles = new HashSet<>();
// actions allowed for any of the roles to which this principal belongs if its not a role
if (principal.getType() != Principal.PrincipalType.ROLE) {
for (Role role : getRoles(principal)) {
allowedForRoles.addAll(getActions(entity, role));
}
}
if (!allowedForRoles.containsAll(actions)) {
throw new UnauthorizedException(principal, Sets.difference(actions, allowed), entity);
}
}
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class AuthorizationTest method grantAndAssertSuccess.
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Authorizer authorizer = getAuthorizer();
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.grant(entityId, principal, actions);
ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
for (Action action : actions) {
expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal));
}
Aggregations