Example 1 with ArtifactManager
use of co.cask.cdap.test.ArtifactManager in project cdap by caskdata.
the class AuthorizationTest method testArtifacts.
@Test
public void testArtifacts() throws Exception {
String appArtifactName = "app-artifact";
String appArtifactVersion = "1.1.1";
try {
ArtifactId defaultNsArtifact = NamespaceId.DEFAULT.artifact(appArtifactName, appArtifactVersion);
addAppArtifact(defaultNsArtifact, ConfigTestApp.class);
Assert.fail("Should not be able to add an app artifact to the default namespace because alice does not have " + "write privileges on the default namespace.");
} catch (UnauthorizedException expected) {
// expected
}
String pluginArtifactName = "plugin-artifact";
String pluginArtifactVersion = "1.2.3";
try {
ArtifactId defaultNsArtifact = NamespaceId.DEFAULT.artifact(pluginArtifactName, pluginArtifactVersion);
addAppArtifact(defaultNsArtifact, ToStringPlugin.class);
Assert.fail("Should not be able to add a plugin artifact to the default namespace because alice does not have " + "write privileges on the default namespace.");
} catch (UnauthorizedException expected) {
// expected
}
// create a new namespace, alice should get ALL privileges on the namespace
createAuthNamespace();
// artifact deployment in this namespace should now succeed, and alice should have ALL privileges on the artifacts
ArtifactId appArtifactId = AUTH_NAMESPACE.artifact(appArtifactName, appArtifactVersion);
ArtifactManager appArtifactManager = addAppArtifact(appArtifactId, ConfigTestApp.class);
ArtifactId pluginArtifactId = AUTH_NAMESPACE.artifact(pluginArtifactName, pluginArtifactVersion);
ArtifactManager pluginArtifactManager = addPluginArtifact(pluginArtifactId, appArtifactId, ToStringPlugin.class);
assertAllAccess(ALICE, AUTH_NAMESPACE, appArtifactId, pluginArtifactId);
// Bob should not be able to delete artifacts that he does not have ADMIN permission on
SecurityRequestContext.setUserId(BOB.getName());
try {
appArtifactManager.writeProperties(ImmutableMap.of("authorized", "no"));
Assert.fail("Writing properties to artifact should have failed because Bob does not have admin privileges on " + "the artifact");
} catch (UnauthorizedException expected) {
// expected
}
try {
appArtifactManager.delete();
Assert.fail("Deleting artifact should have failed because Bob does not have admin privileges on the artifact");
} catch (UnauthorizedException expected) {
// expected
}
try {
pluginArtifactManager.writeProperties(ImmutableMap.of("authorized", "no"));
Assert.fail("Writing properties to artifact should have failed because Bob does not have admin privileges on " + "the artifact");
} catch (UnauthorizedException expected) {
// expected
}
try {
pluginArtifactManager.removeProperties();
Assert.fail("Removing properties to artifact should have failed because Bob does not have admin privileges on " + "the artifact");
} catch (UnauthorizedException expected) {
// expected
}
try {
pluginArtifactManager.delete();
Assert.fail("Deleting artifact should have failed because Bob does not have admin privileges on the artifact");
} catch (UnauthorizedException expected) {
// expected
}
// alice should be permitted to update properties/delete artifact
SecurityRequestContext.setUserId(ALICE.getName());
appArtifactManager.writeProperties(ImmutableMap.of("authorized", "yes"));
appArtifactManager.removeProperties();
appArtifactManager.delete();
pluginArtifactManager.delete();
// upon successful deletion, alice should lose all privileges on the artifact
assertNoAccess(appArtifactId);
assertNoAccess(pluginArtifactId);
}
Also used :
ArtifactManager(co.cask.cdap.test.ArtifactManager)
ArtifactId(co.cask.cdap.proto.id.ArtifactId)
UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException)
Test(org.junit.Test)
Aggregations
ArtifactId (co.cask.cdap.proto.id.ArtifactId)1
UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)1
ArtifactManager (co.cask.cdap.test.ArtifactManager)1
Test (org.junit.Test)1
