Search in sources :

Example 1 with ArtifactManager

use of co.cask.cdap.test.ArtifactManager in project cdap by caskdata.

the class AuthorizationTest method testArtifacts.

@Test
public void testArtifacts() throws Exception {
    String appArtifactName = "app-artifact";
    String appArtifactVersion = "1.1.1";
    try {
        ArtifactId defaultNsArtifact = NamespaceId.DEFAULT.artifact(appArtifactName, appArtifactVersion);
        addAppArtifact(defaultNsArtifact, ConfigTestApp.class);
        Assert.fail("Should not be able to add an app artifact to the default namespace because alice does not have " + "write privileges on the default namespace.");
    } catch (UnauthorizedException expected) {
    // expected
    }
    String pluginArtifactName = "plugin-artifact";
    String pluginArtifactVersion = "1.2.3";
    try {
        ArtifactId defaultNsArtifact = NamespaceId.DEFAULT.artifact(pluginArtifactName, pluginArtifactVersion);
        addAppArtifact(defaultNsArtifact, ToStringPlugin.class);
        Assert.fail("Should not be able to add a plugin artifact to the default namespace because alice does not have " + "write privileges on the default namespace.");
    } catch (UnauthorizedException expected) {
    // expected
    }
    // create a new namespace, alice should get ALL privileges on the namespace
    createAuthNamespace();
    // artifact deployment in this namespace should now succeed, and alice should have ALL privileges on the artifacts
    ArtifactId appArtifactId = AUTH_NAMESPACE.artifact(appArtifactName, appArtifactVersion);
    ArtifactManager appArtifactManager = addAppArtifact(appArtifactId, ConfigTestApp.class);
    ArtifactId pluginArtifactId = AUTH_NAMESPACE.artifact(pluginArtifactName, pluginArtifactVersion);
    ArtifactManager pluginArtifactManager = addPluginArtifact(pluginArtifactId, appArtifactId, ToStringPlugin.class);
    assertAllAccess(ALICE, AUTH_NAMESPACE, appArtifactId, pluginArtifactId);
    // Bob should not be able to delete artifacts that he does not have ADMIN permission on
    SecurityRequestContext.setUserId(BOB.getName());
    try {
        appArtifactManager.writeProperties(ImmutableMap.of("authorized", "no"));
        Assert.fail("Writing properties to artifact should have failed because Bob does not have admin privileges on " + "the artifact");
    } catch (UnauthorizedException expected) {
    // expected
    }
    try {
        appArtifactManager.delete();
        Assert.fail("Deleting artifact should have failed because Bob does not have admin privileges on the artifact");
    } catch (UnauthorizedException expected) {
    // expected
    }
    try {
        pluginArtifactManager.writeProperties(ImmutableMap.of("authorized", "no"));
        Assert.fail("Writing properties to artifact should have failed because Bob does not have admin privileges on " + "the artifact");
    } catch (UnauthorizedException expected) {
    // expected
    }
    try {
        pluginArtifactManager.removeProperties();
        Assert.fail("Removing properties to artifact should have failed because Bob does not have admin privileges on " + "the artifact");
    } catch (UnauthorizedException expected) {
    // expected
    }
    try {
        pluginArtifactManager.delete();
        Assert.fail("Deleting artifact should have failed because Bob does not have admin privileges on the artifact");
    } catch (UnauthorizedException expected) {
    // expected
    }
    // alice should be permitted to update properties/delete artifact
    SecurityRequestContext.setUserId(ALICE.getName());
    appArtifactManager.writeProperties(ImmutableMap.of("authorized", "yes"));
    appArtifactManager.removeProperties();
    appArtifactManager.delete();
    pluginArtifactManager.delete();
    // upon successful deletion, alice should lose all privileges on the artifact
    assertNoAccess(appArtifactId);
    assertNoAccess(pluginArtifactId);
}
Also used : ArtifactManager(co.cask.cdap.test.ArtifactManager) ArtifactId(co.cask.cdap.proto.id.ArtifactId) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) Test(org.junit.Test)

Aggregations

ArtifactId (co.cask.cdap.proto.id.ArtifactId)1 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)1 ArtifactManager (co.cask.cdap.test.ArtifactManager)1 Test (org.junit.Test)1