Search in sources :

Example 1 with AuthorizationResourceType

use of com.sequenceiq.authorization.resource.AuthorizationResourceType in project cloudbreak by hortonworks.

the class EnforcePropertyProviderTestUtil method validationAnnotationByProvider.

private static <T extends ResourcePropertyProvider> Optional<Class<? extends ResourcePropertyProvider>> validationAnnotationByProvider(Class<T> propertyProviderClass, Set<Predicate<Annotation>> validationPredicates, Annotation annotation) {
    AuthorizationResourceAction action = getAction(annotation);
    AuthorizationResourceType authorizationResourceType = action.getAuthorizationResourceType();
    if (validationPredicates.stream().allMatch(predicate -> predicate.test(annotation))) {
        return PROVIDER_SUBTYPES_MAP.get(propertyProviderClass).stream().filter(type -> {
            ResourcePropertyProvider resourcePropertyProvider = (T) EnforceAuthorizationTestUtil.getSampleObjectFactory().manufacturePojo(type);
            return authorizationResourceType.equals(resourcePropertyProvider.getSupportedAuthorizationResourceType());
        }).findFirst();
    }
    return Optional.of(propertyProviderClass);
}
Also used : Arrays(java.util.Arrays) AuthorizationResourceCrnListProvider(com.sequenceiq.authorization.service.AuthorizationResourceCrnListProvider) LoggerFactory(org.slf4j.LoggerFactory) CheckPermissionByRequestProperty(com.sequenceiq.authorization.annotation.CheckPermissionByRequestProperty) CRN_LIST(com.sequenceiq.authorization.resource.AuthorizationVariableType.CRN_LIST) CheckPermissionByResourceCrnList(com.sequenceiq.authorization.annotation.CheckPermissionByResourceCrnList) Map(java.util.Map) AuthorizationResourceType(com.sequenceiq.authorization.resource.AuthorizationResourceType) ResourcePropertyProvider(com.sequenceiq.authorization.service.ResourcePropertyProvider) AuthorizationResourceCrnProvider(com.sequenceiq.authorization.service.AuthorizationResourceCrnProvider) CheckPermissionByResourceName(com.sequenceiq.authorization.annotation.CheckPermissionByResourceName) Lists(com.google.api.client.util.Lists) AuthorizationEnvironmentCrnProvider(com.sequenceiq.authorization.service.AuthorizationEnvironmentCrnProvider) Method(java.lang.reflect.Method) EnforceAuthorizationTestUtil.validateMethodByFunction(com.sequenceiq.authorization.EnforceAuthorizationTestUtil.validateMethodByFunction) AuthorizationEnvironmentCrnListProvider(com.sequenceiq.authorization.service.AuthorizationEnvironmentCrnListProvider) NAME(com.sequenceiq.authorization.resource.AuthorizationVariableType.NAME) CRN(com.sequenceiq.authorization.resource.AuthorizationVariableType.CRN) Logger(org.slf4j.Logger) CheckPermissionByCompositeRequestProperty(com.sequenceiq.authorization.annotation.CheckPermissionByCompositeRequestProperty) ImmutableMap(com.google.common.collect.ImmutableMap) NAME_LIST(com.sequenceiq.authorization.resource.AuthorizationVariableType.NAME_LIST) Predicate(java.util.function.Predicate) CheckPermissionByResourceNameList(com.sequenceiq.authorization.annotation.CheckPermissionByResourceNameList) Set(java.util.Set) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) InvocationTargetException(java.lang.reflect.InvocationTargetException) List(java.util.List) CheckPermissionByResourceCrn(com.sequenceiq.authorization.annotation.CheckPermissionByResourceCrn) AuthorizationVariableType(com.sequenceiq.authorization.resource.AuthorizationVariableType) Annotation(java.lang.annotation.Annotation) Optional(java.util.Optional) AuthorizationResourceAction(com.sequenceiq.authorization.resource.AuthorizationResourceAction) AuthorizationResourceType(com.sequenceiq.authorization.resource.AuthorizationResourceType) ResourcePropertyProvider(com.sequenceiq.authorization.service.ResourcePropertyProvider) AuthorizationResourceAction(com.sequenceiq.authorization.resource.AuthorizationResourceAction)

Example 2 with AuthorizationResourceType

use of com.sequenceiq.authorization.resource.AuthorizationResourceType in project cloudbreak by hortonworks.

the class EnforcePropertyProviderTestUtil method addErrorIfNeeded.

private static void addErrorIfNeeded(Method method, List<String> errors, Class<? extends ResourcePropertyProvider> providerClass, Annotation annotation, Optional<Class<? extends ResourcePropertyProvider>> providerClassPresent) {
    if (providerClassPresent.isEmpty()) {
        AuthorizationResourceAction action = getAction(annotation);
        AuthorizationResourceType authorizationResourceType = action.getAuthorizationResourceType();
        errors.add(String.format("Provider with interface %s implemented is needed to authorize using action %s and resource type %s (method: %s)", providerClass.getSimpleName(), action, authorizationResourceType, method.getDeclaringClass().getSimpleName() + "#" + method.getName()));
    }
}
Also used : AuthorizationResourceType(com.sequenceiq.authorization.resource.AuthorizationResourceType) AuthorizationResourceAction(com.sequenceiq.authorization.resource.AuthorizationResourceAction)

Example 3 with AuthorizationResourceType

use of com.sequenceiq.authorization.resource.AuthorizationResourceType in project cloudbreak by hortonworks.

the class ImageCatalogServiceTest method supportedAuthorizationResourceTypeShouldBeImageCatalog.

@Test
public void supportedAuthorizationResourceTypeShouldBeImageCatalog() {
    AuthorizationResourceType actual = victim.getSupportedAuthorizationResourceType();
    assertEquals(AuthorizationResourceType.IMAGE_CATALOG, actual);
}
Also used : AuthorizationResourceType(com.sequenceiq.authorization.resource.AuthorizationResourceType) Test(org.junit.jupiter.api.Test)

Example 4 with AuthorizationResourceType

use of com.sequenceiq.authorization.resource.AuthorizationResourceType in project cloudbreak by hortonworks.

the class DefaultResourceAuthorizationProvider method authorizeDefaultOrElseCompute.

public Optional<AuthorizationRule> authorizeDefaultOrElseCompute(String resourceCrn, AuthorizationResourceAction action, Supplier<Optional<AuthorizationRule>> supplier) {
    AuthorizationResourceType authorizationResourceType = action.getAuthorizationResourceType();
    DefaultResourceChecker defaultResourceChecker = null;
    if (authorizationResourceType != null) {
        defaultResourceChecker = defaultResourceCheckerMap.get(authorizationResourceType);
    }
    if (defaultResourceChecker != null && defaultResourceChecker.isDefault(resourceCrn)) {
        commonPermissionCheckingUtils.throwAccessDeniedIfActionNotAllowed(action, List.of(resourceCrn), defaultResourceChecker);
        return Optional.empty();
    } else {
        return supplier.get();
    }
}
Also used : AuthorizationResourceType(com.sequenceiq.authorization.resource.AuthorizationResourceType) DefaultResourceChecker(com.sequenceiq.authorization.service.defaults.DefaultResourceChecker)

Aggregations

AuthorizationResourceType (com.sequenceiq.authorization.resource.AuthorizationResourceType)4 AuthorizationResourceAction (com.sequenceiq.authorization.resource.AuthorizationResourceAction)2 Lists (com.google.api.client.util.Lists)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 Sets (com.google.common.collect.Sets)1 EnforceAuthorizationTestUtil.validateMethodByFunction (com.sequenceiq.authorization.EnforceAuthorizationTestUtil.validateMethodByFunction)1 CheckPermissionByCompositeRequestProperty (com.sequenceiq.authorization.annotation.CheckPermissionByCompositeRequestProperty)1 CheckPermissionByRequestProperty (com.sequenceiq.authorization.annotation.CheckPermissionByRequestProperty)1 CheckPermissionByResourceCrn (com.sequenceiq.authorization.annotation.CheckPermissionByResourceCrn)1 CheckPermissionByResourceCrnList (com.sequenceiq.authorization.annotation.CheckPermissionByResourceCrnList)1 CheckPermissionByResourceName (com.sequenceiq.authorization.annotation.CheckPermissionByResourceName)1 CheckPermissionByResourceNameList (com.sequenceiq.authorization.annotation.CheckPermissionByResourceNameList)1 AuthorizationVariableType (com.sequenceiq.authorization.resource.AuthorizationVariableType)1 CRN (com.sequenceiq.authorization.resource.AuthorizationVariableType.CRN)1 CRN_LIST (com.sequenceiq.authorization.resource.AuthorizationVariableType.CRN_LIST)1 NAME (com.sequenceiq.authorization.resource.AuthorizationVariableType.NAME)1 NAME_LIST (com.sequenceiq.authorization.resource.AuthorizationVariableType.NAME_LIST)1 AuthorizationEnvironmentCrnListProvider (com.sequenceiq.authorization.service.AuthorizationEnvironmentCrnListProvider)1 AuthorizationEnvironmentCrnProvider (com.sequenceiq.authorization.service.AuthorizationEnvironmentCrnProvider)1 AuthorizationResourceCrnListProvider (com.sequenceiq.authorization.service.AuthorizationResourceCrnListProvider)1