Examples with Privilege co.cask.cdap.proto.security.Privilege used on opensource projects

Search in sources :

Example 11 with Privilege

use of co.cask.cdap.proto.security.Privilege in project cdap by caskdata.

the class InMemoryAuthorizer method getPrivileges.

private Set<Privilege> getPrivileges(Principal principal) {
    Set<Privilege> result = new HashSet<>();
    for (Map.Entry<EntityId, ConcurrentMap<Principal, Set<Action>>> entry : privileges.entrySet()) {
        EntityId entityId = entry.getKey();
        Set<Action> actions = getActions(entityId, principal);
        for (Action action : actions) {
            result.add(new Privilege(entityId, action));
        }
    }
    return Collections.unmodifiableSet(result);
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) Action(co.cask.cdap.proto.security.Action) ConcurrentMap(java.util.concurrent.ConcurrentMap) Privilege(co.cask.cdap.proto.security.Privilege) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) ConcurrentMap(java.util.concurrent.ConcurrentMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 12 with Privilege

use of co.cask.cdap.proto.security.Privilege in project cdap by caskdata.

the class AuthorizationTest method testNamespaces.

@Test
public void testNamespaces() throws Exception {
    NamespaceAdmin namespaceAdmin = getNamespaceAdmin();
    Authorizer authorizer = getAuthorizer();
    try {
        namespaceAdmin.create(AUTH_NAMESPACE_META);
        Assert.fail("Namespace create should have failed because alice is not authorized on " + instance);
    } catch (UnauthorizedException expected) {
    // expected
    }
    createAuthNamespace();
    // No authorization currently for listing and retrieving namespace
    namespaceAdmin.list();
    namespaceAdmin.get(AUTH_NAMESPACE);
    // revoke privileges
    revokeAndAssertSuccess(AUTH_NAMESPACE);
    try {
        namespaceAdmin.deleteDatasets(AUTH_NAMESPACE);
        Assert.fail("Namespace delete datasets should have failed because alice's privileges on the namespace have " + "been revoked");
    } catch (UnauthorizedException expected) {
    // expected
    }
    // grant privileges again
    grantAndAssertSuccess(AUTH_NAMESPACE, ALICE, ImmutableSet.of(Action.ADMIN));
    namespaceAdmin.deleteDatasets(AUTH_NAMESPACE);
    // deleting datasets does not revoke privileges.
    Assert.assertEquals(ImmutableSet.of(new Privilege(instance, Action.ADMIN), new Privilege(AUTH_NAMESPACE, Action.ADMIN)), authorizer.listPrivileges(ALICE));
    NamespaceMeta updated = new NamespaceMeta.Builder(AUTH_NAMESPACE_META).setDescription("new desc").build();
    namespaceAdmin.updateProperties(AUTH_NAMESPACE, updated);
}
Also used : NamespaceMeta(co.cask.cdap.proto.NamespaceMeta) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) Privilege(co.cask.cdap.proto.security.Privilege) Test(org.junit.Test)

Example 13 with Privilege

use of co.cask.cdap.proto.security.Privilege in project cdap by caskdata.

the class StreamAdminTest method revokeAndAssertSuccess.

private void revokeAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
    Authorizer authorizer = getAuthorizer();
    Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
    authorizer.revoke(entityId, principal, actions);
    Set<Privilege> revokedPrivileges = new HashSet<>();
    for (Action action : actions) {
        revokedPrivileges.add(new Privilege(entityId, action));
    }
    Assert.assertEquals(Sets.difference(existingPrivileges, revokedPrivileges), authorizer.listPrivileges(principal));
}
Also used : Action(co.cask.cdap.proto.security.Action) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) Privilege(co.cask.cdap.proto.security.Privilege) HashSet(java.util.HashSet)

Example 14 with Privilege

use of co.cask.cdap.proto.security.Privilege in project cdap by caskdata.

the class RemotePrivilegesHandler method listPrivileges.

@POST
@Path("/listPrivileges")
public void listPrivileges(HttpRequest request, HttpResponder responder) throws Exception {
    Iterator<MethodArgument> arguments = parseArguments(request);
    Principal principal = deserializeNext(arguments);
    LOG.trace("Listing privileges for principal {}", principal);
    Set<Privilege> privileges = privilegesManager.listPrivileges(principal);
    LOG.debug("Returning privileges for principal {} as {}", principal, privileges);
    responder.sendJson(HttpResponseStatus.OK, privileges);
}
Also used : MethodArgument(co.cask.cdap.common.internal.remote.MethodArgument) AuthorizationPrivilege(co.cask.cdap.proto.security.AuthorizationPrivilege) Privilege(co.cask.cdap.proto.security.Privilege) Principal(co.cask.cdap.proto.security.Principal) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 15 with Privilege

use of co.cask.cdap.proto.security.Privilege in project cdap by caskdata.

the class DefaultSecureStoreServiceTest method revokeAndAssertSuccess.

private void revokeAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
    Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
    authorizer.revoke(entityId, principal, actions);
    Set<Privilege> revokedPrivileges = new HashSet<>();
    for (Action action : actions) {
        revokedPrivileges.add(new Privilege(entityId, action));
    }
    Assert.assertEquals(Sets.difference(existingPrivileges, revokedPrivileges), authorizer.listPrivileges(principal));
}
Also used : Action(co.cask.cdap.proto.security.Action) Privilege(co.cask.cdap.proto.security.Privilege) HashSet(java.util.HashSet)

Aggregations

Privilege (co.cask.cdap.proto.security.Privilege)24 Action (co.cask.cdap.proto.security.Action)12 HashSet (java.util.HashSet)8 InMemoryAuthorizer (co.cask.cdap.security.authorization.InMemoryAuthorizer)7 Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)7 Test (org.junit.Test)7 ImmutableSet (com.google.common.collect.ImmutableSet)5 Principal (co.cask.cdap.proto.security.Principal)4 Role (co.cask.cdap.proto.security.Role)3 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)3 NamespaceMeta (co.cask.cdap.proto.NamespaceMeta)2 NamespaceId (co.cask.cdap.proto.id.NamespaceId)2 Predicate (com.google.common.base.Predicate)2 ArtifactSummary (co.cask.cdap.api.artifact.ArtifactSummary)1 RowMaker (co.cask.cdap.cli.util.RowMaker)1 Table (co.cask.cdap.cli.util.table.Table)1 MethodArgument (co.cask.cdap.common.internal.remote.MethodArgument)1 NamespaceAdmin (co.cask.cdap.common.namespace.NamespaceAdmin)1 TopLevelDirectDataset (co.cask.cdap.data2.dataset2.customds.TopLevelDirectDataset)1 ByteCodeClassLoader (co.cask.cdap.internal.asm.ByteCodeClassLoader)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial