Example 31 with Action
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class AuthorizationHandler method grant.
@Path("/privileges/grant")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void grant(FullHttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
ensureSecurityEnabled();
GrantRequest request = parseBody(httpRequest, GrantRequest.class);
if (request == null) {
throw new BadRequestException("Missing request body");
}
Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
privilegesManager.grant(request.getAuthorizable(), request.getPrincipal(), actions);
httpResponder.sendStatus(HttpResponseStatus.OK);
createLogEntry(httpRequest, HttpResponseStatus.OK);
}
Also used :
Action(co.cask.cdap.proto.security.Action)
GrantRequest(co.cask.cdap.proto.security.GrantRequest)
BadRequestException(co.cask.cdap.common.BadRequestException)
Path(javax.ws.rs.Path)
AuditPolicy(co.cask.cdap.common.security.AuditPolicy)
POST(javax.ws.rs.POST)
Example 32 with Action
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class DefaultSecureStoreServiceTest method revokeAndAssertSuccess.
private void revokeAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.revoke(Authorizable.fromEntityId(entityId), principal, actions);
Set<Privilege> revokedPrivileges = new HashSet<>();
for (Action action : actions) {
revokedPrivileges.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.difference(existingPrivileges, revokedPrivileges), authorizer.listPrivileges(principal));
}Example 33 with Action
use of co.cask.cdap.proto.security.Action in project cdap by caskdata.
the class DefaultSecureStoreServiceTest method grantAndAssertSuccess.
private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
authorizer.grant(Authorizable.fromEntityId(entityId), principal, actions);
ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
for (Action action : actions) {
expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
}
Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal));
}
Also used :
Action(co.cask.cdap.proto.security.Action)
ImmutableSet(com.google.common.collect.ImmutableSet)
Privilege(co.cask.cdap.proto.security.Privilege)
Aggregations
Action (co.cask.cdap.proto.security.Action)33
HashSet (java.util.HashSet)14
ImmutableSet (com.google.common.collect.ImmutableSet)13
EntityId (co.cask.cdap.proto.id.EntityId)12
Privilege (co.cask.cdap.proto.security.Privilege)9
PrivilegedAction (java.security.PrivilegedAction)9
PartitionedFileSet (co.cask.cdap.api.dataset.lib.PartitionedFileSet)8
EnumSet (java.util.EnumSet)8
Set (java.util.Set)8
POST (javax.ws.rs.POST)8
Path (javax.ws.rs.Path)8
Test (org.junit.Test)8
Principal (co.cask.cdap.proto.security.Principal)7
UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)7
InMemoryAuthorizer (co.cask.cdap.security.authorization.InMemoryAuthorizer)6
Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)6
ApplicationManager (co.cask.cdap.test.ApplicationManager)6
MethodArgument (co.cask.cdap.common.internal.remote.MethodArgument)4
AuditPolicy (co.cask.cdap.common.security.AuditPolicy)4
ApplicationId (co.cask.cdap.proto.id.ApplicationId)4
