Examples with Authorizer co.cask.cdap.security.spi.authorization.Authorizer used on opensource projects

Search in sources :

Example 6 with Authorizer

use of co.cask.cdap.security.spi.authorization.Authorizer in project cdap by caskdata.

the class AuthorizationTest method testFlowStreamAuth.

@Test
@Category(SlowTests.class)
public void testFlowStreamAuth() throws Exception {
    createAuthNamespace();
    Authorizer authorizer = getAuthorizer();
    ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, StreamAuthApp.class);
    // After deploy, change Alice from ALL to ADMIN on the namespace
    authorizer.revoke(AUTH_NAMESPACE, ALICE, EnumSet.allOf(Action.class));
    authorizer.grant(AUTH_NAMESPACE, ALICE, EnumSet.of(Action.ADMIN));
    final FlowManager flowManager = appManager.getFlowManager(StreamAuthApp.FLOW);
    StreamId streamId = AUTH_NAMESPACE.stream(StreamAuthApp.STREAM);
    StreamManager streamManager = getStreamManager(AUTH_NAMESPACE.stream(StreamAuthApp.STREAM));
    StreamManager streamManager2 = getStreamManager(AUTH_NAMESPACE.stream(StreamAuthApp.STREAM2));
    streamManager.send("Auth");
    flowManager.start();
    Tasks.waitFor(true, new Callable<Boolean>() {

        @Override
        public Boolean call() throws Exception {
            DataSetManager<KeyValueTable> kvTable = getDataset(AUTH_NAMESPACE.dataset(StreamAuthApp.KVTABLE));
            return kvTable.get().read("Auth") != null;
        }
    }, 5, TimeUnit.SECONDS);
    flowManager.stop();
    flowManager.waitForRun(ProgramRunStatus.KILLED, 60, TimeUnit.SECONDS);
    // Now revoke read permission for Alice on that stream (revoke ALL and then grant everything other than READ)
    authorizer.revoke(streamId, ALICE, EnumSet.allOf(Action.class));
    authorizer.grant(streamId, ALICE, EnumSet.of(Action.WRITE, Action.ADMIN, Action.EXECUTE));
    streamManager.send("Security");
    streamManager2.send("Safety");
    try {
        flowManager.start();
    } catch (RuntimeException e) {
        Assert.assertTrue(e.getCause() instanceof UnauthorizedException);
    }
    authorizer.grant(streamId, ALICE, ImmutableSet.of(Action.READ));
    flowManager.start();
    Tasks.waitFor(true, new Callable<Boolean>() {

        @Override
        public Boolean call() throws Exception {
            DataSetManager<KeyValueTable> kvTable = getDataset(AUTH_NAMESPACE.dataset(StreamAuthApp.KVTABLE));
            return kvTable.get().read("Security") != null;
        }
    }, 5, TimeUnit.SECONDS);
    authorizer.revoke(streamId, ALICE, ImmutableSet.of(Action.READ));
    TimeUnit.MILLISECONDS.sleep(10);
    flowManager.stop();
    flowManager.waitForRuns(ProgramRunStatus.KILLED, 2, 5, TimeUnit.SECONDS);
    appManager.delete();
}
Also used : FlowManager(co.cask.cdap.test.FlowManager) ApplicationManager(co.cask.cdap.test.ApplicationManager) Action(co.cask.cdap.proto.security.Action) StreamId(co.cask.cdap.proto.id.StreamId) TimeoutException(java.util.concurrent.TimeoutException) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) StreamManager(co.cask.cdap.test.StreamManager) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) DataSetManager(co.cask.cdap.test.DataSetManager) Category(org.junit.experimental.categories.Category) Test(org.junit.Test)

Example 7 with Authorizer

use of co.cask.cdap.security.spi.authorization.Authorizer in project cdap by caskdata.

the class StreamAdminTest method grantAndAssertSuccess.

private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
    Authorizer authorizer = getAuthorizer();
    Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
    authorizer.grant(entityId, principal, actions);
    ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
    for (Action action : actions) {
        expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
    }
    Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal));
}
Also used : Action(co.cask.cdap.proto.security.Action) ImmutableSet(com.google.common.collect.ImmutableSet) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) Privilege(co.cask.cdap.proto.security.Privilege)

Example 8 with Authorizer

use of co.cask.cdap.security.spi.authorization.Authorizer in project cdap by caskdata.

the class StreamAdminTest method revokeAndAssertSuccess.

private void revokeAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
    Authorizer authorizer = getAuthorizer();
    Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
    authorizer.revoke(entityId, principal, actions);
    Set<Privilege> revokedPrivileges = new HashSet<>();
    for (Action action : actions) {
        revokedPrivileges.add(new Privilege(entityId, action));
    }
    Assert.assertEquals(Sets.difference(existingPrivileges, revokedPrivileges), authorizer.listPrivileges(principal));
}
Also used : Action(co.cask.cdap.proto.security.Action) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) Privilege(co.cask.cdap.proto.security.Privilege) HashSet(java.util.HashSet)

Example 9 with Authorizer

use of co.cask.cdap.security.spi.authorization.Authorizer in project cdap by caskdata.

the class AuthorizationTest method grantAndAssertSuccess.

private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
    Authorizer authorizer = getAuthorizer();
    Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
    authorizer.grant(entityId, principal, actions);
    ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
    for (Action action : actions) {
        expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
    }
    Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()), authorizer.listPrivileges(principal));
}
Also used : Action(co.cask.cdap.proto.security.Action) ImmutableSet(com.google.common.collect.ImmutableSet) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) Privilege(co.cask.cdap.proto.security.Privilege)

Example 10 with Authorizer

use of co.cask.cdap.security.spi.authorization.Authorizer in project cdap by caskdata.

the class AuthorizationTest method cleanupTest.

@After
public void cleanupTest() throws Exception {
    Authorizer authorizer = getAuthorizer();
    grantAndAssertSuccess(AUTH_NAMESPACE, SecurityRequestContext.toPrincipal(), EnumSet.allOf(Action.class));
    // clean up. remove the namespace. all privileges on the namespace should be revoked
    getNamespaceAdmin().delete(AUTH_NAMESPACE);
    Assert.assertEquals(ImmutableSet.of(new Privilege(instance, Action.ADMIN)), authorizer.listPrivileges(ALICE));
    // revoke privileges on the instance
    revokeAndAssertSuccess(instance);
}
Also used : Action(co.cask.cdap.proto.security.Action) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) Privilege(co.cask.cdap.proto.security.Privilege) After(org.junit.After)

Aggregations

Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)19 InMemoryAuthorizer (co.cask.cdap.security.authorization.InMemoryAuthorizer)13 Action (co.cask.cdap.proto.security.Action)12 Test (org.junit.Test)10 Privilege (co.cask.cdap.proto.security.Privilege)7 ApplicationManager (co.cask.cdap.test.ApplicationManager)5 Category (org.junit.experimental.categories.Category)5 StreamId (co.cask.cdap.proto.id.StreamId)4 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)4 StreamManager (co.cask.cdap.test.StreamManager)4 DatasetId (co.cask.cdap.proto.id.DatasetId)3 NoOpAuthorizer (co.cask.cdap.security.spi.authorization.NoOpAuthorizer)3 IOException (java.io.IOException)3 ArtifactSummary (co.cask.cdap.api.artifact.ArtifactSummary)2 KeyValueTable (co.cask.cdap.api.dataset.lib.KeyValueTable)2 CConfiguration (co.cask.cdap.common.conf.CConfiguration)2 ArtifactId (co.cask.cdap.proto.id.ArtifactId)2 EntityId (co.cask.cdap.proto.id.EntityId)2 NamespaceId (co.cask.cdap.proto.id.NamespaceId)2 ProgramId (co.cask.cdap.proto.id.ProgramId)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial