Search in sources :

Example 36 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class ListRolesCommand method perform.

@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
    String principalType = arguments.getOptional(ArgumentName.PRINCIPAL_TYPE.toString());
    String principalName = arguments.getOptional(ArgumentName.PRINCIPAL_NAME.toString());
    Set<Role> roles;
    if (!(Strings.isNullOrEmpty(principalType) && Strings.isNullOrEmpty(principalName))) {
        roles = client.listRoles(new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())));
    } else {
        roles = client.listAllRoles();
    }
    Table table = Table.builder().setHeader("Role").setRows(Lists.newArrayList(roles), new RowMaker<Role>() {

        @Override
        public List<?> makeRow(Role role) {
            return Lists.newArrayList(role.getName());
        }
    }).build();
    cliConfig.getTableRenderer().render(cliConfig, output, table);
}
Also used : Role(co.cask.cdap.proto.security.Role) Table(co.cask.cdap.cli.util.table.Table) RowMaker(co.cask.cdap.cli.util.RowMaker) Principal(co.cask.cdap.proto.security.Principal)

Example 37 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class RevokeActionCommand method perform.

@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
    Authorizable authorizable = Authorizable.fromString(arguments.get(ArgumentName.ENTITY.toString()));
    String principalName = arguments.getOptional("principal-name", null);
    String type = arguments.getOptional("principal-type", null);
    Principal.PrincipalType principalType = type != null ? Principal.PrincipalType.valueOf(type.toUpperCase()) : null;
    Principal principal = type != null ? new Principal(principalName, principalType) : null;
    String actionsString = arguments.getOptional("actions", null);
    Set<Action> actions = actionsString == null ? null : ACTIONS_STRING_TO_SET.apply(actionsString);
    client.revoke(authorizable, principal, actions);
    if (principal == null && actions == null) {
        // Revoked all actions for all principals on the entity
        output.printf("Successfully revoked all actions on entity '%s' for all principals", authorizable.toString());
    } else {
        // currently, the CLI only supports 2 scenarios:
        // 1. both actions and principal are null - supported in the if block.
        // 2. both actions and principal are non-null - supported here. So it should be ok to have preconditions here to
        // enforce that both are non-null. In fact, if only one of them is null, the CLI will fail to parse the command.
        Preconditions.checkNotNull(actions, "Actions cannot be null when principal is not null in the revoke command");
        Preconditions.checkNotNull(principal, "Principal cannot be null when actions is not null in the revoke command");
        output.printf("Successfully revoked action(s) '%s' on entity '%s' for %s '%s'\n", Joiner.on(",").join(actions), authorizable.toString(), principal.getType(), principal.getName());
    }
}
Also used : Action(co.cask.cdap.proto.security.Action) Authorizable(co.cask.cdap.proto.security.Authorizable) Principal(co.cask.cdap.proto.security.Principal)

Example 38 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class ListPrivilegesCommand method perform.

@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
    String principalType = arguments.get(ArgumentName.PRINCIPAL_TYPE.toString());
    String principalName = arguments.get(ArgumentName.PRINCIPAL_NAME.toString());
    Table table = Table.builder().setHeader("Authorizable", "Action").setRows(Lists.newArrayList(client.listPrivileges(new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())))), new RowMaker<Privilege>() {

        @Override
        public List<?> makeRow(Privilege privilege) {
            return Lists.newArrayList(privilege.getAuthorizable().toString(), privilege.getAction().name());
        }
    }).build();
    cliConfig.getTableRenderer().render(cliConfig, output, table);
}
Also used : Table(co.cask.cdap.cli.util.table.Table) RowMaker(co.cask.cdap.cli.util.RowMaker) Privilege(co.cask.cdap.proto.security.Privilege) Principal(co.cask.cdap.proto.security.Principal)

Example 39 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class AddRoleToPrincipalCommand method perform.

@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
    String roleName = arguments.get("role-name");
    String principalType = arguments.get("principal-type");
    String principalName = arguments.get("principal-name");
    client.addRoleToPrincipal(new Role(roleName), new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())));
    output.printf("Successfully added role '%s' to '%s' '%s'\n", roleName, principalType, principalName);
}
Also used : Role(co.cask.cdap.proto.security.Role) Principal(co.cask.cdap.proto.security.Principal)

Example 40 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class AuthorizationHandler method listPrivileges.

@Path("{principal-type}/{principal-name}/privileges")
@GET
public void listPrivileges(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("principal-type") String principalType, @PathParam("principal-name") String principalName) throws Exception {
    ensureSecurityEnabled();
    Principal principal = new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase()));
    httpResponder.sendJson(HttpResponseStatus.OK, GSON.toJson(authorizer.listPrivileges(principal), PRIVILEGE_SET_TYPE));
    createLogEntry(httpRequest, HttpResponseStatus.OK);
}
Also used : Principal(co.cask.cdap.proto.security.Principal) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Aggregations

Principal (co.cask.cdap.proto.security.Principal)76 EntityId (co.cask.cdap.proto.id.EntityId)22 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)16 Action (co.cask.cdap.proto.security.Action)13 NamespaceId (co.cask.cdap.proto.id.NamespaceId)12 IOException (java.io.IOException)12 Path (javax.ws.rs.Path)11 Test (org.junit.Test)9 Role (co.cask.cdap.proto.security.Role)8 POST (javax.ws.rs.POST)7 MethodArgument (co.cask.cdap.common.internal.remote.MethodArgument)6 DatasetModuleMeta (co.cask.cdap.proto.DatasetModuleMeta)5 KerberosPrincipalId (co.cask.cdap.proto.id.KerberosPrincipalId)5 Privilege (co.cask.cdap.proto.security.Privilege)5 DatasetManagementException (co.cask.cdap.api.dataset.DatasetManagementException)4 NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)4 SecureKeyId (co.cask.cdap.proto.id.SecureKeyId)4 DatasetSpecification (co.cask.cdap.api.dataset.DatasetSpecification)3 DatasetModuleConflictException (co.cask.cdap.data2.datafabric.dataset.type.DatasetModuleConflictException)3 DatasetTypeMeta (co.cask.cdap.proto.DatasetTypeMeta)3