Search in sources :

Example 1 with AppWithSchedule

use of co.cask.cdap.test.app.AppWithSchedule in project cdap by caskdata.

the class AuthorizationTest method testScheduleAuth.

@Test
public void testScheduleAuth() throws Exception {
    createAuthNamespace();
    ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, AppWithSchedule.class);
    ProgramId workflowID = new ProgramId(AUTH_NAMESPACE.getNamespace(), AppWithSchedule.class.getSimpleName(), ProgramType.WORKFLOW, AppWithSchedule.SampleWorkflow.class.getSimpleName());
    final WorkflowManager workflowManager = appManager.getWorkflowManager(AppWithSchedule.SampleWorkflow.class.getSimpleName());
    ScheduleManager scheduleManager = workflowManager.getSchedule(AppWithSchedule.SCHEDULE_NAME);
    // switch to BOB
    SecurityRequestContext.setUserId(BOB.getName());
    // try to resume schedule as BOB. It should fail since BOB does not have privileges on the programs
    try {
        scheduleManager.resume();
        Assert.fail("Resuming schedule should have failed since BOB does not have EXECUTE on the program");
    } catch (Exception e) {
        Assert.assertTrue(e.getCause() instanceof UnauthorizedException);
    }
    // bob should also not be able see the status of the schedule
    try {
        scheduleManager.status(HttpURLConnection.HTTP_FORBIDDEN);
        Assert.fail("Getting schedule status should have failed since BOB does not have READ on the program");
    } catch (Exception e) {
        Assert.assertTrue(e.getCause() instanceof UnauthorizedException);
    }
    // switch to Alice
    SecurityRequestContext.setUserId(ALICE.getName());
    // give BOB READ permission in the workflow
    grantAndAssertSuccess(workflowID, BOB, EnumSet.of(Action.READ));
    // switch to BOB
    SecurityRequestContext.setUserId(BOB.getName());
    // try to resume schedule as BOB. It should fail since BOB has READ and not EXECUTE on the workflow
    try {
        scheduleManager.resume();
        Assert.fail("Resuming schedule should have failed since BOB does not have EXECUTE on the program");
    } catch (Exception e) {
        Assert.assertTrue(e.getCause() instanceof UnauthorizedException);
    }
    // but BOB should be able to get schedule status now
    Assert.assertEquals(ProgramScheduleStatus.SUSPENDED.name(), scheduleManager.status(HttpURLConnection.HTTP_OK));
    // switch to Alice
    SecurityRequestContext.setUserId(ALICE.getName());
    // give BOB EXECUTE permission in the workflow
    grantAndAssertSuccess(workflowID, BOB, EnumSet.of(Action.EXECUTE));
    // switch to BOB
    SecurityRequestContext.setUserId(BOB.getName());
    // try to resume the schedule. This should pass and workflow should run
    scheduleManager.resume();
    Assert.assertEquals(ProgramScheduleStatus.SCHEDULED.name(), scheduleManager.status(HttpURLConnection.HTTP_OK));
    // wait for workflow to start
    workflowManager.waitForStatus(true);
    // suspend the schedule so that it does not start running again
    scheduleManager.suspend();
    // wait for scheduled runs of workflow to run to end
    workflowManager.waitForStatus(false, 2, 3);
    // since the schedule in AppWithSchedule is to  run every second its possible that it will trigger more than one
    // run before the schedule was suspended so check for greater than 0 rather than equal to 1
    Assert.assertTrue(0 < workflowManager.getHistory().size());
    // assert that all run completed
    for (RunRecord runRecord : workflowManager.getHistory()) {
        Assert.assertEquals(ProgramRunStatus.COMPLETED, runRecord.getStatus());
    }
    // switch to Alice
    SecurityRequestContext.setUserId(ALICE.getName());
}
Also used : ScheduleManager(co.cask.cdap.test.ScheduleManager) RunRecord(co.cask.cdap.proto.RunRecord) ApplicationManager(co.cask.cdap.test.ApplicationManager) WorkflowManager(co.cask.cdap.test.WorkflowManager) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) ProgramId(co.cask.cdap.proto.id.ProgramId) AppWithSchedule(co.cask.cdap.test.app.AppWithSchedule) TimeoutException(java.util.concurrent.TimeoutException) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) Test(org.junit.Test)

Aggregations

RunRecord (co.cask.cdap.proto.RunRecord)1 ProgramId (co.cask.cdap.proto.id.ProgramId)1 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)1 ApplicationManager (co.cask.cdap.test.ApplicationManager)1 ScheduleManager (co.cask.cdap.test.ScheduleManager)1 WorkflowManager (co.cask.cdap.test.WorkflowManager)1 AppWithSchedule (co.cask.cdap.test.app.AppWithSchedule)1 IOException (java.io.IOException)1 ExecutionException (java.util.concurrent.ExecutionException)1 TimeoutException (java.util.concurrent.TimeoutException)1 Test (org.junit.Test)1