Examples with AlreadyExistsException - co.cask.cdap.security.spi.authorization.AlreadyExistsException

Example 1 with AlreadyExistsException

use of co.cask.cdap.security.spi.authorization.AlreadyExistsException in project cdap by caskdata.

the class AuthorizationHandlerTest method testRBAC.

@Test
public void testRBAC() throws Exception {
    Role admins = new Role("admins");
    Role engineers = new Role("engineers");
    // create a role
    client.createRole(admins);
    // add another role
    client.createRole(engineers);
    // listing role should show the added role
    Set<Role> roles = client.listAllRoles();
    Assert.assertEquals(Sets.newHashSet(admins, engineers), roles);
    // creating a role which already exists should throw an exception
    try {
        client.createRole(admins);
        Assert.fail(String.format("Created a role %s which already exists. Should have failed.", admins.getName()));
    } catch (AlreadyExistsException expected) {
    // expected
    }
    // drop an existing role
    client.dropRole(admins);
    // the list should not have the dropped role
    roles = client.listAllRoles();
    Assert.assertEquals(Sets.newHashSet(engineers), roles);
    // dropping a non-existing role should throw exception
    try {
        client.dropRole(admins);
        Assert.fail(String.format("Dropped a role %s which does not exists. Should have failed.", admins.getName()));
    } catch (co.cask.cdap.security.spi.authorization.NotFoundException expected) {
    // expected
    }
    // add an user to an existing role
    Principal spiderman = new Principal("spiderman", Principal.PrincipalType.USER);
    client.addRoleToPrincipal(engineers, spiderman);
    // add an user to an non-existing role should throw an exception
    try {
        client.addRoleToPrincipal(admins, spiderman);
        Assert.fail(String.format("Added role %s to principal %s. Should have failed.", admins, spiderman));
    } catch (co.cask.cdap.security.spi.authorization.NotFoundException expected) {
    // expected
    }
    // check listing roles for spiderman have engineers role
    Assert.assertEquals(Sets.newHashSet(engineers), client.listRoles(spiderman));
    // check that spiderman who has engineers roles cannot read from ns1
    verifyAuthFailure(ns1, spiderman, Action.READ);
    // give a permission to engineers role
    client.grant(Authorizable.fromEntityId(ns1), engineers, ImmutableSet.of(Action.READ));
    // check that a spiderman who has engineers role has access
    verifyAuthSuccess(ns1, spiderman, Action.READ);
    // list privileges for spiderman should have read action on ns1
    Assert.assertEquals(Sets.newHashSet(new Privilege(ns1, Action.READ)), client.listPrivileges(spiderman));
    // revoke action from the role
    client.revoke(Authorizable.fromEntityId(ns1), engineers, ImmutableSet.of(Action.READ));
    // now the privileges for spiderman should be empty
    Assert.assertEquals(new HashSet<>(), client.listPrivileges(spiderman));
    // check that the user of this role is not authorized to do the revoked operation
    verifyAuthFailure(ns1, spiderman, Action.READ);
    // remove an user from a existing role
    client.removeRoleFromPrincipal(engineers, spiderman);
    // check listing roles for spiderman should be empty
    Assert.assertEquals(new HashSet<>(), client.listRoles(spiderman));
    // remove an user from a non-existing role should throw exception
    try {
        client.removeRoleFromPrincipal(admins, spiderman);
        Assert.fail(String.format("Removed non-existing role %s from principal %s. Should have failed.", admins, spiderman));
    } catch (co.cask.cdap.security.spi.authorization.NotFoundException expected) {
    // expected
    }
}

Also used : Role(co.cask.cdap.proto.security.Role) AlreadyExistsException(co.cask.cdap.security.spi.authorization.AlreadyExistsException) Privilege(co.cask.cdap.proto.security.Privilege) Principal(co.cask.cdap.proto.security.Principal) Test(org.junit.Test)

Example 2 with AlreadyExistsException

use of co.cask.cdap.security.spi.authorization.AlreadyExistsException in project cdap by caskdata.

the class AuthorizationClient method createRole.

@Override
public void createRole(Role role) throws IOException, FeatureDisabledException, UnauthenticatedException, UnauthorizedException, AlreadyExistsException, NotFoundException {
    URL url = config.resolveURLV3(String.format(AUTHORIZATION_BASE + "roles/%s", role.getName()));
    HttpRequest request = HttpRequest.put(url).build();
    HttpResponse httpResponse = doExecuteRequest(request, HttpURLConnection.HTTP_CONFLICT);
    if (httpResponse.getResponseCode() == HttpURLConnection.HTTP_CONFLICT) {
        throw new AlreadyExistsException(role);
    }
}

Also used : HttpRequest(co.cask.common.http.HttpRequest) AlreadyExistsException(co.cask.cdap.security.spi.authorization.AlreadyExistsException) HttpResponse(co.cask.common.http.HttpResponse) URL(java.net.URL)

Aggregations

AlreadyExistsException (co.cask.cdap.security.spi.authorization.AlreadyExistsException)2 Principal (co.cask.cdap.proto.security.Principal)1 Privilege (co.cask.cdap.proto.security.Privilege)1 Role (co.cask.cdap.proto.security.Role)1 HttpRequest (co.cask.common.http.HttpRequest)1 HttpResponse (co.cask.common.http.HttpResponse)1 URL (java.net.URL)1 Test (org.junit.Test)1