Search in sources :

Example 11 with AuthenticationContextModules

use of co.cask.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.

the class LocalStreamFileJanitorTest method init.

@BeforeClass
public static void init() throws IOException {
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath());
    Injector injector = Guice.createInjector(new ConfigModule(cConf), new NonCustomLocationUnitTestModule().getModule(), new SystemDatasetRuntimeModule().getInMemoryModules(), Modules.override(new DataSetsModules().getInMemoryModules()).with(new AbstractModule() {

        @Override
        protected void configure() {
            // bind to an in mem implementation for this test since the DefaultOwnerStore uses transaction and in this
            // test we are not starting a transaction service
            bind(OwnerStore.class).to(InMemoryOwnerStore.class).in(Scopes.SINGLETON);
        }
    }), new TransactionMetricsModule(), new DataFabricLevelDBModule(), new DiscoveryRuntimeModule().getInMemoryModules(), new NamespaceClientRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new ViewAdminModules().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getNoOpModule(), Modules.override(new StreamAdminModules().getStandaloneModules()).with(new AbstractModule() {

        @Override
        protected void configure() {
            bind(StreamMetaStore.class).to(InMemoryStreamMetaStore.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
        }
    }), new AbstractModule() {

        @Override
        protected void configure() {
            // We don't need notification in this test, hence inject an no-op one
            bind(NotificationFeedManager.class).to(NoOpNotificationFeedManager.class);
            bind(NamespaceStore.class).to(InMemoryNamespaceStore.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    });
    locationFactory = injector.getInstance(LocationFactory.class);
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
    namespacedLocationFactory = injector.getInstance(NamespacedLocationFactory.class);
    namespaceStore = injector.getInstance(NamespaceStore.class);
    streamAdmin = injector.getInstance(StreamAdmin.class);
    fileWriterFactory = injector.getInstance(StreamFileWriterFactory.class);
    streamCoordinatorClient = injector.getInstance(StreamCoordinatorClient.class);
    streamCoordinatorClient.startAndWait();
}
Also used : NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) ConfigModule(co.cask.cdap.common.guice.ConfigModule) UGIProvider(co.cask.cdap.security.impersonation.UGIProvider) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) NamespacedLocationFactory(co.cask.cdap.common.namespace.NamespacedLocationFactory) TransactionMetricsModule(co.cask.cdap.data.runtime.TransactionMetricsModule) DataFabricLevelDBModule(co.cask.cdap.data.runtime.DataFabricLevelDBModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) Injector(com.google.inject.Injector) InMemoryStreamMetaStore(co.cask.cdap.data.stream.service.InMemoryStreamMetaStore) StreamMetaStore(co.cask.cdap.data.stream.service.StreamMetaStore) SystemDatasetRuntimeModule(co.cask.cdap.data.runtime.SystemDatasetRuntimeModule) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) NamespaceStore(co.cask.cdap.store.NamespaceStore) InMemoryNamespaceStore(co.cask.cdap.store.InMemoryNamespaceStore) NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) InMemoryOwnerStore(co.cask.cdap.security.impersonation.InMemoryOwnerStore) AbstractModule(com.google.inject.AbstractModule) NamespacedLocationFactory(co.cask.cdap.common.namespace.NamespacedLocationFactory) LocationFactory(org.apache.twill.filesystem.LocationFactory) StreamAdmin(co.cask.cdap.data2.transaction.stream.StreamAdmin) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) NoOpNotificationFeedManager(co.cask.cdap.notifications.feeds.service.NoOpNotificationFeedManager) InMemoryNamespaceStore(co.cask.cdap.store.InMemoryNamespaceStore) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) BeforeClass(org.junit.BeforeClass)

Example 12 with AuthenticationContextModules

use of co.cask.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.

the class DefaultOwnerStoreTest method createInjector.

@BeforeClass
public static void createInjector() {
    Injector injector = Guice.createInjector(new ConfigModule(), new DataSetsModules().getInMemoryModules(), new LocationRuntimeModule().getInMemoryModules(), new TransactionInMemoryModule(), new SystemDatasetRuntimeModule().getInMemoryModules(), new NamespaceClientRuntimeModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule());
    TransactionManager txManager = injector.getInstance(TransactionManager.class);
    txManager.startAndWait();
    ownerStore = injector.getInstance(OwnerStore.class);
}
Also used : NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) TransactionInMemoryModule(org.apache.tephra.runtime.TransactionInMemoryModule) Injector(com.google.inject.Injector) ConfigModule(co.cask.cdap.common.guice.ConfigModule) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) TransactionManager(org.apache.tephra.TransactionManager) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) LocationRuntimeModule(co.cask.cdap.common.guice.LocationRuntimeModule) SystemDatasetRuntimeModule(co.cask.cdap.data.runtime.SystemDatasetRuntimeModule) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) OwnerStore(co.cask.cdap.security.impersonation.OwnerStore) BeforeClass(org.junit.BeforeClass)

Example 13 with AuthenticationContextModules

use of co.cask.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.

the class BaseHiveExploreServiceTest method createInMemoryModules.

private static List<Module> createInMemoryModules(CConfiguration configuration, Configuration hConf, TemporaryFolder tmpFolder) throws IOException {
    configuration.set(Constants.CFG_DATA_INMEMORY_PERSISTENCE, Constants.InMemoryPersistenceType.MEMORY.name());
    configuration.set(Constants.CFG_LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath());
    configuration.set(Constants.Explore.LOCAL_DATA_DIR, tmpFolder.newFolder("hive").getAbsolutePath());
    configuration.set(TxConstants.Manager.CFG_TX_SNAPSHOT_LOCAL_DIR, tmpFolder.newFolder("tx").getAbsolutePath());
    configuration.setBoolean(TxConstants.Manager.CFG_DO_PERSIST, true);
    return ImmutableList.of(new ConfigModule(configuration, hConf), new IOModule(), new DiscoveryRuntimeModule().getInMemoryModules(), new NonCustomLocationUnitTestModule().getModule(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new MetricsClientRuntimeModule().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new StreamServiceRuntimeModule().getInMemoryModules(), new ViewAdminModules().getInMemoryModules(), new StreamAdminModules().getInMemoryModules(), new NotificationServiceRuntimeModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new NamespaceClientUnitTestModule().getModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(NotificationFeedManager.class).to(NoOpNotificationFeedManager.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
            Multibinder<HttpHandler> handlerBinder = Multibinder.newSetBinder(binder(), HttpHandler.class, Names.named(Constants.Stream.STREAM_HANDLER));
            handlerBinder.addBinding().to(StreamHandler.class);
            handlerBinder.addBinding().to(StreamFetchHandler.class);
            handlerBinder.addBinding().to(StreamViewHttpHandler.class);
            CommonHandlers.add(handlerBinder);
            bind(StreamHttpService.class).in(Scopes.SINGLETON);
            // Use LocalFileTransactionStateStorage, so that we can use transaction snapshots for assertions in test
            install(Modules.override(new DataFabricModules().getInMemoryModules()).with(new AbstractModule() {

                @Override
                protected void configure() {
                    bind(TransactionStateStorage.class).annotatedWith(Names.named("persist")).to(LocalFileTransactionStateStorage.class).in(Scopes.SINGLETON);
                    bind(TransactionStateStorage.class).toProvider(TransactionStateStorageProvider.class).in(Singleton.class);
                }
            }));
        }
    });
}
Also used : IOModule(co.cask.cdap.common.guice.IOModule) DataSetServiceModules(co.cask.cdap.data.runtime.DataSetServiceModules) ConfigModule(co.cask.cdap.common.guice.ConfigModule) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) NotificationServiceRuntimeModule(co.cask.cdap.notifications.guice.NotificationServiceRuntimeModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) StreamViewHttpHandler(co.cask.cdap.data.stream.StreamViewHttpHandler) StreamHandler(co.cask.cdap.data.stream.service.StreamHandler) StreamFetchHandler(co.cask.cdap.data.stream.service.StreamFetchHandler) StreamServiceRuntimeModule(co.cask.cdap.data.stream.service.StreamServiceRuntimeModule) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) HttpHandler(co.cask.http.HttpHandler) StreamViewHttpHandler(co.cask.cdap.data.stream.StreamViewHttpHandler) NamespaceClientUnitTestModule(co.cask.cdap.common.guice.NamespaceClientUnitTestModule) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) Multibinder(com.google.inject.multibindings.Multibinder) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) ExploreRuntimeModule(co.cask.cdap.explore.guice.ExploreRuntimeModule) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) StreamAdminModules(co.cask.cdap.data.stream.StreamAdminModules) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) Singleton(com.google.inject.Singleton) LocalFileTransactionStateStorage(org.apache.tephra.persist.LocalFileTransactionStateStorage) TransactionStateStorage(org.apache.tephra.persist.TransactionStateStorage) NoOpNotificationFeedManager(co.cask.cdap.notifications.feeds.service.NoOpNotificationFeedManager) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule)

Example 14 with AuthenticationContextModules

use of co.cask.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.

the class BaseHiveExploreServiceTest method createStandaloneModules.

// these are needed if we actually want to query streams, as the stream input format looks at the filesystem
// to figure out splits.
private static List<Module> createStandaloneModules(CConfiguration cConf, Configuration hConf, TemporaryFolder tmpFolder) throws IOException {
    File localDataDir = tmpFolder.newFolder();
    cConf.set(Constants.CFG_LOCAL_DATA_DIR, localDataDir.getAbsolutePath());
    cConf.set(Constants.CFG_DATA_INMEMORY_PERSISTENCE, Constants.InMemoryPersistenceType.LEVELDB.name());
    cConf.set(Constants.Explore.LOCAL_DATA_DIR, tmpFolder.newFolder("hive").getAbsolutePath());
    hConf.set(Constants.CFG_LOCAL_DATA_DIR, localDataDir.getAbsolutePath());
    hConf.set(Constants.AppFabric.OUTPUT_DIR, cConf.get(Constants.AppFabric.OUTPUT_DIR));
    hConf.set("hadoop.tmp.dir", new File(localDataDir, cConf.get(Constants.AppFabric.TEMP_DIR)).getAbsolutePath());
    return ImmutableList.of(new ConfigModule(cConf, hConf), new IOModule(), new DiscoveryRuntimeModule().getStandaloneModules(), new NonCustomLocationUnitTestModule().getModule(), new DataFabricModules().getStandaloneModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getStandaloneModules(), new MetricsClientRuntimeModule().getStandaloneModules(), new ExploreRuntimeModule().getStandaloneModules(), new ExploreClientModule(), new StreamServiceRuntimeModule().getStandaloneModules(), new ViewAdminModules().getStandaloneModules(), new StreamAdminModules().getStandaloneModules(), new NotificationServiceRuntimeModule().getStandaloneModules(), // unit tests. Since this explore standalone module needs persistent of files this should not affect the tests.
    new NamespaceClientRuntimeModule().getInMemoryModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(NotificationFeedManager.class).to(NoOpNotificationFeedManager.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            Multibinder<HttpHandler> handlerBinder = Multibinder.newSetBinder(binder(), HttpHandler.class, Names.named(Constants.Stream.STREAM_HANDLER));
            handlerBinder.addBinding().to(StreamHandler.class);
            handlerBinder.addBinding().to(StreamFetchHandler.class);
            CommonHandlers.add(handlerBinder);
            bind(StreamHttpService.class).in(Scopes.SINGLETON);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    });
}
Also used : IOModule(co.cask.cdap.common.guice.IOModule) NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) DataSetServiceModules(co.cask.cdap.data.runtime.DataSetServiceModules) ConfigModule(co.cask.cdap.common.guice.ConfigModule) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) NotificationServiceRuntimeModule(co.cask.cdap.notifications.guice.NotificationServiceRuntimeModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) StreamHandler(co.cask.cdap.data.stream.service.StreamHandler) StreamFetchHandler(co.cask.cdap.data.stream.service.StreamFetchHandler) StreamServiceRuntimeModule(co.cask.cdap.data.stream.service.StreamServiceRuntimeModule) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) HttpHandler(co.cask.http.HttpHandler) StreamViewHttpHandler(co.cask.cdap.data.stream.StreamViewHttpHandler) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) Multibinder(com.google.inject.multibindings.Multibinder) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) ExploreRuntimeModule(co.cask.cdap.explore.guice.ExploreRuntimeModule) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) StreamAdminModules(co.cask.cdap.data.stream.StreamAdminModules) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) NoOpNotificationFeedManager(co.cask.cdap.notifications.feeds.service.NoOpNotificationFeedManager) File(java.io.File) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule)

Example 15 with AuthenticationContextModules

use of co.cask.cdap.security.auth.context.AuthenticationContextModules in project cdap by caskdata.

the class InMemoryExploreServiceTest method start.

@BeforeClass
public static void start() throws Exception {
    CConfiguration configuration = CConfiguration.create();
    Configuration hConf = new Configuration();
    configuration.set(Constants.CFG_DATA_INMEMORY_PERSISTENCE, Constants.InMemoryPersistenceType.MEMORY.name());
    configuration.set(Constants.Explore.LOCAL_DATA_DIR, tmpFolder.newFolder().getAbsolutePath());
    Injector injector = Guice.createInjector(new ConfigModule(configuration, hConf), new IOModule(), new DiscoveryRuntimeModule().getInMemoryModules(), new NonCustomLocationUnitTestModule().getModule(), new DataFabricModules().getInMemoryModules(), new DataSetsModules().getStandaloneModules(), new DataSetServiceModules().getInMemoryModules(), new MetricsClientRuntimeModule().getInMemoryModules(), new ExploreRuntimeModule().getInMemoryModules(), new ExploreClientModule(), new ViewAdminModules().getInMemoryModules(), new StreamAdminModules().getInMemoryModules(), new NamespaceClientRuntimeModule().getInMemoryModules(), new NamespaceStoreModule().getStandaloneModules(), new AuthorizationTestModule(), new AuthorizationEnforcementModule().getInMemoryModules(), new AuthenticationContextModules().getMasterModule(), new AbstractModule() {

        @Override
        protected void configure() {
            bind(NotificationFeedManager.class).to(NoOpNotificationFeedManager.class);
            bind(UGIProvider.class).to(UnsupportedUGIProvider.class);
            bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
        }
    });
    transactionManager = injector.getInstance(TransactionManager.class);
    transactionManager.startAndWait();
    dsOpService = injector.getInstance(DatasetOpExecutor.class);
    dsOpService.startAndWait();
    datasetService = injector.getInstance(DatasetService.class);
    datasetService.startAndWait();
    exploreService = injector.getInstance(ExploreService.class);
    exploreService.startAndWait();
    namespaceAdmin = injector.getInstance(NamespaceAdmin.class);
}
Also used : IOModule(co.cask.cdap.common.guice.IOModule) NamespaceClientRuntimeModule(co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule) DataSetServiceModules(co.cask.cdap.data.runtime.DataSetServiceModules) CConfiguration(co.cask.cdap.common.conf.CConfiguration) Configuration(org.apache.hadoop.conf.Configuration) ConfigModule(co.cask.cdap.common.guice.ConfigModule) NamespaceStoreModule(co.cask.cdap.store.guice.NamespaceStoreModule) DatasetService(co.cask.cdap.data2.datafabric.dataset.service.DatasetService) MetricsClientRuntimeModule(co.cask.cdap.metrics.guice.MetricsClientRuntimeModule) ViewAdminModules(co.cask.cdap.data.view.ViewAdminModules) Injector(com.google.inject.Injector) DiscoveryRuntimeModule(co.cask.cdap.common.guice.DiscoveryRuntimeModule) UnsupportedUGIProvider(co.cask.cdap.security.impersonation.UnsupportedUGIProvider) AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules) DataSetsModules(co.cask.cdap.data.runtime.DataSetsModules) NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin) ExploreRuntimeModule(co.cask.cdap.explore.guice.ExploreRuntimeModule) DatasetOpExecutor(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor) NonCustomLocationUnitTestModule(co.cask.cdap.common.guice.NonCustomLocationUnitTestModule) DefaultOwnerAdmin(co.cask.cdap.security.impersonation.DefaultOwnerAdmin) CConfiguration(co.cask.cdap.common.conf.CConfiguration) AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule) AbstractModule(com.google.inject.AbstractModule) StreamAdminModules(co.cask.cdap.data.stream.StreamAdminModules) ExploreClientModule(co.cask.cdap.explore.guice.ExploreClientModule) TransactionManager(org.apache.tephra.TransactionManager) NoOpNotificationFeedManager(co.cask.cdap.notifications.feeds.service.NoOpNotificationFeedManager) DataFabricModules(co.cask.cdap.data.runtime.DataFabricModules) AuthorizationEnforcementModule(co.cask.cdap.security.authorization.AuthorizationEnforcementModule) BeforeClass(org.junit.BeforeClass)

Aggregations

AuthenticationContextModules (co.cask.cdap.security.auth.context.AuthenticationContextModules)52 ConfigModule (co.cask.cdap.common.guice.ConfigModule)51 AuthorizationEnforcementModule (co.cask.cdap.security.authorization.AuthorizationEnforcementModule)51 AuthorizationTestModule (co.cask.cdap.security.authorization.AuthorizationTestModule)49 DataSetsModules (co.cask.cdap.data.runtime.DataSetsModules)48 AbstractModule (com.google.inject.AbstractModule)45 DiscoveryRuntimeModule (co.cask.cdap.common.guice.DiscoveryRuntimeModule)38 NonCustomLocationUnitTestModule (co.cask.cdap.common.guice.NonCustomLocationUnitTestModule)37 UnsupportedUGIProvider (co.cask.cdap.security.impersonation.UnsupportedUGIProvider)35 BeforeClass (org.junit.BeforeClass)35 DefaultOwnerAdmin (co.cask.cdap.security.impersonation.DefaultOwnerAdmin)32 CConfiguration (co.cask.cdap.common.conf.CConfiguration)30 Injector (com.google.inject.Injector)30 DataFabricModules (co.cask.cdap.data.runtime.DataFabricModules)28 SystemDatasetRuntimeModule (co.cask.cdap.data.runtime.SystemDatasetRuntimeModule)26 ExploreClientModule (co.cask.cdap.explore.guice.ExploreClientModule)26 TransactionManager (org.apache.tephra.TransactionManager)25 TransactionMetricsModule (co.cask.cdap.data.runtime.TransactionMetricsModule)24 NamespaceClientRuntimeModule (co.cask.cdap.common.namespace.guice.NamespaceClientRuntimeModule)22 OwnerAdmin (co.cask.cdap.security.impersonation.OwnerAdmin)22