use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class ListRolesCommand method perform.
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
String principalType = arguments.getOptional(ArgumentName.PRINCIPAL_TYPE.toString());
String principalName = arguments.getOptional(ArgumentName.PRINCIPAL_NAME.toString());
Set<Role> roles;
if (!(Strings.isNullOrEmpty(principalType) && Strings.isNullOrEmpty(principalName))) {
roles = client.listRoles(new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())));
} else {
roles = client.listAllRoles();
}
Table table = Table.builder().setHeader("Role").setRows(Lists.newArrayList(roles), new RowMaker<Role>() {
@Override
public List<?> makeRow(Role role) {
return Lists.newArrayList(role.getName());
}
}).build();
cliConfig.getTableRenderer().render(cliConfig, output, table);
}
use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class RevokeActionCommand method perform.
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
Authorizable authorizable = Authorizable.fromString(arguments.get(ArgumentName.ENTITY.toString()));
String principalName = arguments.getOptional("principal-name", null);
String type = arguments.getOptional("principal-type", null);
Principal.PrincipalType principalType = type != null ? Principal.PrincipalType.valueOf(type.toUpperCase()) : null;
Principal principal = type != null ? new Principal(principalName, principalType) : null;
String actionsString = arguments.getOptional("actions", null);
Set<Action> actions = actionsString == null ? null : ACTIONS_STRING_TO_SET.apply(actionsString);
client.revoke(authorizable, principal, actions);
if (principal == null && actions == null) {
// Revoked all actions for all principals on the entity
output.printf("Successfully revoked all actions on entity '%s' for all principals", authorizable.toString());
} else {
// currently, the CLI only supports 2 scenarios:
// 1. both actions and principal are null - supported in the if block.
// 2. both actions and principal are non-null - supported here. So it should be ok to have preconditions here to
// enforce that both are non-null. In fact, if only one of them is null, the CLI will fail to parse the command.
Preconditions.checkNotNull(actions, "Actions cannot be null when principal is not null in the revoke command");
Preconditions.checkNotNull(principal, "Principal cannot be null when actions is not null in the revoke command");
output.printf("Successfully revoked action(s) '%s' on entity '%s' for %s '%s'\n", Joiner.on(",").join(actions), authorizable.toString(), principal.getType(), principal.getName());
}
}
use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class ListPrivilegesCommand method perform.
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
String principalType = arguments.get(ArgumentName.PRINCIPAL_TYPE.toString());
String principalName = arguments.get(ArgumentName.PRINCIPAL_NAME.toString());
Table table = Table.builder().setHeader("Authorizable", "Action").setRows(Lists.newArrayList(client.listPrivileges(new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())))), new RowMaker<Privilege>() {
@Override
public List<?> makeRow(Privilege privilege) {
return Lists.newArrayList(privilege.getAuthorizable().toString(), privilege.getAction().name());
}
}).build();
cliConfig.getTableRenderer().render(cliConfig, output, table);
}
use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class AddRoleToPrincipalCommand method perform.
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
String roleName = arguments.get("role-name");
String principalType = arguments.get("principal-type");
String principalName = arguments.get("principal-name");
client.addRoleToPrincipal(new Role(roleName), new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())));
output.printf("Successfully added role '%s' to '%s' '%s'\n", roleName, principalType, principalName);
}
use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class AuthorizationHandler method listPrivileges.
@Path("{principal-type}/{principal-name}/privileges")
@GET
public void listPrivileges(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("principal-type") String principalType, @PathParam("principal-name") String principalName) throws Exception {
ensureSecurityEnabled();
Principal principal = new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase()));
httpResponder.sendJson(HttpResponseStatus.OK, GSON.toJson(authorizer.listPrivileges(principal), PRIVILEGE_SET_TYPE));
createLogEntry(httpRequest, HttpResponseStatus.OK);
}
Aggregations