Example 1 with Authorizable
use of co.cask.cdap.proto.security.Authorizable in project cdap by caskdata.
the class InMemoryAuthorizer method getPrivileges.
private Set<Privilege> getPrivileges(Principal principal) {
Set<Privilege> result = new HashSet<>();
for (Map.Entry<Authorizable, ConcurrentMap<Principal, Set<Action>>> entry : privileges.entrySet()) {
Authorizable authorizable = entry.getKey();
Set<Action> actions = getActions(authorizable, principal);
for (Action action : actions) {
result.add(new Privilege(authorizable, action));
}
}
return Collections.unmodifiableSet(result);
}
Also used :
Action(co.cask.cdap.proto.security.Action)
ConcurrentMap(java.util.concurrent.ConcurrentMap)
Authorizable(co.cask.cdap.proto.security.Authorizable)
Privilege(co.cask.cdap.proto.security.Privilege)
ConcurrentMap(java.util.concurrent.ConcurrentMap)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashSet(java.util.HashSet)
Example 2 with Authorizable
use of co.cask.cdap.proto.security.Authorizable in project cdap by caskdata.
the class GrantActionCommand method perform.
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
Authorizable authorizable = Authorizable.fromString(arguments.get(ArgumentName.ENTITY.toString()));
String principalName = arguments.get("principal-name");
Principal.PrincipalType principalType = Principal.PrincipalType.valueOf(arguments.get("principal-type").toUpperCase());
Principal principal = new Principal(principalName, principalType);
Set<Action> actions = ACTIONS_STRING_TO_SET.apply(arguments.get("actions"));
// actions is not an optional argument so should never be null
Preconditions.checkNotNull(actions, "Actions can never be null in the grant command.");
client.grant(authorizable, principal, actions);
output.printf("Successfully granted action(s) '%s' on entity '%s' to %s '%s'\n", Joiner.on(",").join(actions), authorizable.toString(), principal.getType(), principal.getName());
}
Also used :
Action(co.cask.cdap.proto.security.Action)
Authorizable(co.cask.cdap.proto.security.Authorizable)
Principal(co.cask.cdap.proto.security.Principal)
Example 3 with Authorizable
use of co.cask.cdap.proto.security.Authorizable in project cdap by caskdata.
the class RevokeActionCommand method perform.
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
Authorizable authorizable = Authorizable.fromString(arguments.get(ArgumentName.ENTITY.toString()));
String principalName = arguments.getOptional("principal-name", null);
String type = arguments.getOptional("principal-type", null);
Principal.PrincipalType principalType = type != null ? Principal.PrincipalType.valueOf(type.toUpperCase()) : null;
Principal principal = type != null ? new Principal(principalName, principalType) : null;
String actionsString = arguments.getOptional("actions", null);
Set<Action> actions = actionsString == null ? null : ACTIONS_STRING_TO_SET.apply(actionsString);
client.revoke(authorizable, principal, actions);
if (principal == null && actions == null) {
// Revoked all actions for all principals on the entity
output.printf("Successfully revoked all actions on entity '%s' for all principals", authorizable.toString());
} else {
// currently, the CLI only supports 2 scenarios:
// 1. both actions and principal are null - supported in the if block.
// 2. both actions and principal are non-null - supported here. So it should be ok to have preconditions here to
// enforce that both are non-null. In fact, if only one of them is null, the CLI will fail to parse the command.
Preconditions.checkNotNull(actions, "Actions cannot be null when principal is not null in the revoke command");
Preconditions.checkNotNull(principal, "Principal cannot be null when actions is not null in the revoke command");
output.printf("Successfully revoked action(s) '%s' on entity '%s' for %s '%s'\n", Joiner.on(",").join(actions), authorizable.toString(), principal.getType(), principal.getName());
}
}
Also used :
Action(co.cask.cdap.proto.security.Action)
Authorizable(co.cask.cdap.proto.security.Authorizable)
Principal(co.cask.cdap.proto.security.Principal)
Aggregations
Action (co.cask.cdap.proto.security.Action)3
Authorizable (co.cask.cdap.proto.security.Authorizable)3
Principal (co.cask.cdap.proto.security.Principal)2
Privilege (co.cask.cdap.proto.security.Privilege)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
ConcurrentMap (java.util.concurrent.ConcurrentMap)1
