Examples with NamespaceMeta io.cdap.cdap.proto.NamespaceMeta used on opensource projects

Search in sources :

Example 26 with NamespaceMeta

use of io.cdap.cdap.proto.NamespaceMeta in project cdap by caskdata.

the class AuthorizationUtilTest method testGetAppAuthorizingUse.

@Test
public void testGetAppAuthorizingUse() throws Exception {
    OwnerAdmin ownerAdmin = getOwnerAdmin();
    // test with complete principal (alice/somehost.net@somerealm.net)
    String principal = username + "/" + InetAddress.getLocalHost().getHostName() + "@REALM.net";
    NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal).setKeytabURI("doesnotmatter").build();
    namespaceClient.create(nsMeta);
    Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null));
    // test with principal which is just username (alice)
    namespaceClient.delete(namespaceId);
    principal = username;
    nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal).setKeytabURI("doesnotmatter").build();
    namespaceClient.create(nsMeta);
    Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null));
    // test with principal and realm (alice@somerealm.net)
    namespaceClient.delete(namespaceId);
    principal = username + "@REALM.net";
    nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal).setKeytabURI("doesnotmatter").build();
    namespaceClient.create(nsMeta);
    Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null));
    // clean up
    namespaceClient.delete(namespaceId);
}
Also used : NamespaceMeta(io.cdap.cdap.proto.NamespaceMeta) DefaultOwnerAdmin(io.cdap.cdap.security.impersonation.DefaultOwnerAdmin) OwnerAdmin(io.cdap.cdap.security.impersonation.OwnerAdmin) Test(org.junit.Test)

Example 27 with NamespaceMeta

use of io.cdap.cdap.proto.NamespaceMeta in project cdap by caskdata.

the class FileSecureStoreServiceTest method setUp.

@Before
public void setUp() throws Exception {
    CConfiguration conf = CConfiguration.create();
    conf.set(Constants.Security.Store.FILE_PATH, TEMP_FOLDER.newFolder().getAbsolutePath());
    SConfiguration sConf = SConfiguration.create();
    sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret");
    InMemoryNamespaceAdmin namespaceClient = new InMemoryNamespaceAdmin();
    NamespaceMeta namespaceMeta = new NamespaceMeta.Builder().setName(NAMESPACE1).build();
    namespaceClient.create(namespaceMeta);
    namespaceMeta = new NamespaceMeta.Builder().setName(NAMESPACE2).build();
    namespaceClient.create(namespaceMeta);
    namespaceMeta = new NamespaceMeta.Builder().setName(CAPS_NAMESPACE2).build();
    namespaceClient.create(namespaceMeta);
    FileSecureStoreService fileSecureStoreService = new FileSecureStoreService(conf, sConf, namespaceClient, FileSecureStoreService.CURRENT_CODEC.newInstance());
    secureStoreManager = fileSecureStoreService;
    secureStore = fileSecureStoreService;
}
Also used : InMemoryNamespaceAdmin(io.cdap.cdap.common.namespace.InMemoryNamespaceAdmin) NamespaceMeta(io.cdap.cdap.proto.NamespaceMeta) SConfiguration(io.cdap.cdap.common.conf.SConfiguration) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) Before(org.junit.Before)

Example 28 with NamespaceMeta

use of io.cdap.cdap.proto.NamespaceMeta in project cdap by caskdata.

the class AuthorizationTest method testDeployAppWithOwner.

private void testDeployAppWithOwner() throws Exception {
    NamespaceId namespaceId = new NamespaceId("appImpersonation");
    NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId.getNamespace()).build();
    // grant ALICE admin on namespace and create namespace
    grantAndAssertSuccess(namespaceId, ALICE, EnumSet.of(StandardPermission.GET, StandardPermission.CREATE));
    cleanUpEntities.add(namespaceId);
    getNamespaceAdmin().create(nsMeta);
    // deploy dummy app with app impersonation
    deployDummyAppWithImpersonation(nsMeta, BOB.getName());
}
Also used : NamespaceMeta(io.cdap.cdap.proto.NamespaceMeta) NamespaceId(io.cdap.cdap.proto.id.NamespaceId)

Example 29 with NamespaceMeta

use of io.cdap.cdap.proto.NamespaceMeta in project cdap by caskdata.

the class AuthorizationTest method testCrossNSSystemDatasetAccessWithAuthMapReduce.

private void testCrossNSSystemDatasetAccessWithAuthMapReduce(MapReduceManager mrManager) throws Exception {
    addDatasetInstance(NamespaceId.SYSTEM.dataset("table1"), "keyValueTable").create();
    addDatasetInstance(NamespaceId.SYSTEM.dataset("table2"), "keyValueTable").create();
    NamespaceMeta otherNS = new NamespaceMeta.Builder().setName("otherNS").build();
    NamespaceId otherNsId = otherNS.getNamespaceId();
    DatasetId datasetId = otherNsId.dataset("otherTable");
    Map<EntityId, Set<? extends Permission>> neededPrivileges = ImmutableMap.<EntityId, Set<? extends Permission>>builder().put(otherNsId, EnumSet.of(StandardPermission.GET, StandardPermission.CREATE, StandardPermission.DELETE)).put(datasetId, EnumSet.of(StandardPermission.GET, StandardPermission.CREATE, StandardPermission.DELETE)).put(otherNsId.datasetType("keyValueTable"), EnumSet.of(StandardPermission.UPDATE)).build();
    setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges);
    getNamespaceAdmin().create(otherNS);
    addDatasetInstance(datasetId, "keyValueTable").create();
    addDummyData(NamespaceId.SYSTEM, "table1");
    // first test that reading system namespace fails with valid table as output
    Map<String, String> argsForMR = ImmutableMap.of(DatasetCrossNSAccessWithMAPApp.INPUT_DATASET_NS, NamespaceId.SYSTEM.getNamespace(), DatasetCrossNSAccessWithMAPApp.INPUT_DATASET_NAME, "table1", DatasetCrossNSAccessWithMAPApp.OUTPUT_DATASET_NS, otherNS.getNamespaceId().getNamespace(), DatasetCrossNSAccessWithMAPApp.OUTPUT_DATASET_NAME, "otherTable");
    // give privilege to BOB on all the datasets
    grantAndAssertSuccess(NamespaceId.SYSTEM.dataset("table1"), BOB, EnumSet.of(StandardPermission.GET));
    grantAndAssertSuccess(NamespaceId.SYSTEM.dataset("table2"), BOB, EnumSet.of(StandardPermission.UPDATE));
    grantAndAssertSuccess(otherNS.getNamespaceId().dataset("otherTable"), BOB, ALL_STANDARD_PERMISSIONS);
    // Switch to BOB and run the  mapreduce job. The job will fail at the runtime since BOB is trying to read from
    // system namespace
    SecurityRequestContext.setUserId(BOB.getName());
    assertProgramFailure(argsForMR, mrManager);
    assertDatasetIsEmpty(otherNS.getNamespaceId(), "otherTable");
    // now try reading a table from valid namespace and writing to system namespace
    argsForMR = ImmutableMap.of(DatasetCrossNSAccessWithMAPApp.INPUT_DATASET_NS, otherNS.getName(), DatasetCrossNSAccessWithMAPApp.INPUT_DATASET_NAME, "otherTable", DatasetCrossNSAccessWithMAPApp.OUTPUT_DATASET_NS, NamespaceId.SYSTEM.getNamespace(), DatasetCrossNSAccessWithMAPApp.OUTPUT_DATASET_NAME, "table2");
    addDummyData(otherNS.getNamespaceId(), "otherTable");
    // verify that the program fails
    assertProgramFailure(argsForMR, mrManager);
    assertDatasetIsEmpty(NamespaceId.SYSTEM, "table2");
    // switch to back to ALICE
    SecurityRequestContext.setUserId(ALICE.getName());
    // cleanup
    deleteDatasetInstance(NamespaceId.SYSTEM.dataset("table1"));
    deleteDatasetInstance(NamespaceId.SYSTEM.dataset("table2"));
    getNamespaceAdmin().delete(otherNS.getNamespaceId());
}
Also used : EntityId(io.cdap.cdap.proto.id.EntityId) PartitionedFileSet(io.cdap.cdap.api.dataset.lib.PartitionedFileSet) EnumSet(java.util.EnumSet) Set(java.util.Set) ImmutableSet(com.google.common.collect.ImmutableSet) HashSet(java.util.HashSet) NamespaceMeta(io.cdap.cdap.proto.NamespaceMeta) GrantedPermission(io.cdap.cdap.proto.security.GrantedPermission) ApplicationPermission(io.cdap.cdap.proto.security.ApplicationPermission) AccessPermission(io.cdap.cdap.proto.security.AccessPermission) Permission(io.cdap.cdap.proto.security.Permission) StandardPermission(io.cdap.cdap.proto.security.StandardPermission) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) DatasetId(io.cdap.cdap.proto.id.DatasetId)

Example 30 with NamespaceMeta

use of io.cdap.cdap.proto.NamespaceMeta in project cdap by caskdata.

the class AuthorizationTest method testCrossNSDatasetAccessFromService.

private void testCrossNSDatasetAccessFromService(ServiceManager serviceManager) throws Exception {
    NamespaceMeta outputDatasetNS = new NamespaceMeta.Builder().setName("outputNS").build();
    NamespaceId outputDatasetNSId = outputDatasetNS.getNamespaceId();
    DatasetId datasetId = outputDatasetNSId.dataset("store");
    Map<EntityId, Set<? extends Permission>> neededPrivileges = ImmutableMap.<EntityId, Set<? extends Permission>>builder().put(outputDatasetNSId, EnumSet.of(StandardPermission.GET, StandardPermission.CREATE, StandardPermission.DELETE)).put(datasetId, EnumSet.of(StandardPermission.CREATE, StandardPermission.GET, StandardPermission.DELETE)).put(outputDatasetNSId.datasetType("keyValueTable"), EnumSet.of(StandardPermission.UPDATE)).build();
    setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges);
    getNamespaceAdmin().create(outputDatasetNS);
    addDatasetInstance(datasetId, "keyValueTable");
    // switch to BOB
    SecurityRequestContext.setUserId(BOB.getName());
    Map<String, String> args = ImmutableMap.of(CrossNsDatasetAccessApp.OUTPUT_DATASET_NS, outputDatasetNS.getNamespaceId().getNamespace(), CrossNsDatasetAccessApp.OUTPUT_DATASET_NAME, "store");
    // Start the service as BOB
    serviceManager.start(args);
    // Call to the service would result in failure due to BOB doesn't have permission on the namespace as set in args
    URL url = new URL(serviceManager.getServiceURL(5, TimeUnit.SECONDS), "write/data");
    HttpResponse response = executeAuthenticated(HttpRequest.put(url));
    Assert.assertEquals(500, response.getResponseCode());
    // This is a hack that works around the fact that we cannot properly catch exceptions in the service handler.
    // TODO: Figure out a way to stop checking error messages.
    Assert.assertTrue("Wrong message " + response.getResponseBodyAsString(), response.getResponseBodyAsString().contains("'" + BOB + "' has insufficient privileges"));
    serviceManager.stop();
    serviceManager.waitForStopped(10, TimeUnit.SECONDS);
    SecurityRequestContext.setUserId(ALICE.getName());
    assertDatasetIsEmpty(outputDatasetNS.getNamespaceId(), "store");
    // Give BOB permission to write to the dataset in another namespace
    grantAndAssertSuccess(datasetId, BOB, EnumSet.of(StandardPermission.GET, StandardPermission.UPDATE));
    // switch back to BOB to run service again
    SecurityRequestContext.setUserId(BOB.getName());
    // Write data in another namespace should be successful now
    serviceManager.start(args);
    for (int i = 0; i < 10; i++) {
        url = new URL(serviceManager.getServiceURL(5, TimeUnit.SECONDS), "write/" + i);
        response = executeAuthenticated(HttpRequest.put(url));
        Assert.assertEquals(200, response.getResponseCode());
    }
    serviceManager.stop();
    serviceManager.waitForStopped(10, TimeUnit.SECONDS);
    // switch back to alice and verify the data its fine now to verify.
    SecurityRequestContext.setUserId(ALICE.getName());
    DataSetManager<KeyValueTable> dataSetManager = getDataset(outputDatasetNS.getNamespaceId().dataset("store"));
    KeyValueTable results = dataSetManager.get();
    for (int i = 0; i < 10; i++) {
        byte[] key = String.valueOf(i).getBytes(Charsets.UTF_8);
        Assert.assertArrayEquals(key, results.read(key));
    }
    getNamespaceAdmin().delete(outputDatasetNS.getNamespaceId());
}
Also used : PartitionedFileSet(io.cdap.cdap.api.dataset.lib.PartitionedFileSet) EnumSet(java.util.EnumSet) Set(java.util.Set) ImmutableSet(com.google.common.collect.ImmutableSet) HashSet(java.util.HashSet) HttpResponse(io.cdap.common.http.HttpResponse) URL(java.net.URL) Constraint(io.cdap.cdap.internal.schedule.constraint.Constraint) DatasetId(io.cdap.cdap.proto.id.DatasetId) EntityId(io.cdap.cdap.proto.id.EntityId) NamespaceMeta(io.cdap.cdap.proto.NamespaceMeta) KeyValueTable(io.cdap.cdap.api.dataset.lib.KeyValueTable) GrantedPermission(io.cdap.cdap.proto.security.GrantedPermission) ApplicationPermission(io.cdap.cdap.proto.security.ApplicationPermission) AccessPermission(io.cdap.cdap.proto.security.AccessPermission) Permission(io.cdap.cdap.proto.security.Permission) StandardPermission(io.cdap.cdap.proto.security.StandardPermission) NamespaceId(io.cdap.cdap.proto.id.NamespaceId)

Aggregations

NamespaceMeta (io.cdap.cdap.proto.NamespaceMeta)144 NamespaceId (io.cdap.cdap.proto.id.NamespaceId)76 Test (org.junit.Test)54 IOException (java.io.IOException)30 NamespaceNotFoundException (io.cdap.cdap.common.NamespaceNotFoundException)18 BadRequestException (io.cdap.cdap.common.BadRequestException)14 NotFoundException (io.cdap.cdap.common.NotFoundException)14 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)14 DatasetId (io.cdap.cdap.proto.id.DatasetId)14 HashMap (java.util.HashMap)14 HashSet (java.util.HashSet)14 EntityId (io.cdap.cdap.proto.id.EntityId)12 GrantedPermission (io.cdap.cdap.proto.security.GrantedPermission)12 Location (org.apache.twill.filesystem.Location)12 Set (java.util.Set)11 ImmutableSet (com.google.common.collect.ImmutableSet)10 KeyValueTable (io.cdap.cdap.api.dataset.lib.KeyValueTable)10 PartitionedFileSet (io.cdap.cdap.api.dataset.lib.PartitionedFileSet)10 ApplicationId (io.cdap.cdap.proto.id.ApplicationId)10 AccessPermission (io.cdap.cdap.proto.security.AccessPermission)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial