Examples with Principal io.cdap.cdap.proto.security.Principal used on opensource projects

Search in sources :

Example 86 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class DefaultSecureStoreServiceTest method setup.

@BeforeClass
public static void setup() throws Exception {
    SConfiguration sConf = SConfiguration.create();
    sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret");
    CConfiguration cConf = createCConf();
    final Injector injector = AppFabricTestHelper.getInjector(cConf, sConf);
    discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
    appFabricServer = injector.getInstance(AppFabricServer.class);
    appFabricServer.startAndWait();
    waitForService(Constants.Service.DATASET_MANAGER);
    secureStore = injector.getInstance(SecureStore.class);
    secureStoreManager = injector.getInstance(SecureStoreManager.class);
    accessController = injector.getInstance(AccessControllerInstantiator.class).get();
    // Wait for the default namespace creation
    String user = AuthorizationUtil.getEffectiveMasterUser(cConf);
    accessController.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER), EnumSet.allOf(StandardPermission.class));
    // Starting the Appfabric server will create the default namespace
    Tasks.waitFor(true, new Callable<Boolean>() {

        @Override
        public Boolean call() throws Exception {
            return injector.getInstance(NamespaceAdmin.class).exists(NamespaceId.DEFAULT);
        }
    }, 5, TimeUnit.SECONDS);
    accessController.revoke(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER), Collections.singleton(StandardPermission.UPDATE));
}
Also used : DiscoveryServiceClient(org.apache.twill.discovery.DiscoveryServiceClient) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) SecureStore(io.cdap.cdap.api.security.store.SecureStore) StandardPermission(io.cdap.cdap.proto.security.StandardPermission) UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException) Injector(com.google.inject.Injector) SConfiguration(io.cdap.cdap.common.conf.SConfiguration) SecureStoreManager(io.cdap.cdap.api.security.store.SecureStoreManager) Principal(io.cdap.cdap.proto.security.Principal) BeforeClass(org.junit.BeforeClass)

Example 87 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class ProgramLifecycleServiceAuthorizationTest method setup.

@BeforeClass
public static void setup() throws Exception {
    cConf = createCConf();
    final Injector injector = AppFabricTestHelper.getInjector(cConf);
    accessController = injector.getInstance(AccessControllerInstantiator.class).get();
    appFabricServer = injector.getInstance(AppFabricServer.class);
    appFabricServer.startAndWait();
    programLifecycleService = injector.getInstance(ProgramLifecycleService.class);
    // Wait for the default namespace creation
    String user = AuthorizationUtil.getEffectiveMasterUser(cConf);
    accessController.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER), EnumSet.allOf(StandardPermission.class));
    // Starting the Appfabric server will create the default namespace
    Tasks.waitFor(true, new Callable<Boolean>() {

        @Override
        public Boolean call() throws Exception {
            return injector.getInstance(NamespaceAdmin.class).exists(NamespaceId.DEFAULT);
        }
    }, 5, TimeUnit.SECONDS);
    accessController.revoke(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER), Collections.singleton(StandardPermission.UPDATE));
}
Also used : Injector(com.google.inject.Injector) Principal(io.cdap.cdap.proto.security.Principal) StandardPermission(io.cdap.cdap.proto.security.StandardPermission) IOException(java.io.IOException) BeforeClass(org.junit.BeforeClass)

Example 88 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class DirectRuntimeRequestValidatorTest method testUnauthorized.

@Test(expected = UnauthorizedException.class)
public void testUnauthorized() throws BadRequestException {
    ProgramRunId programRunId = NamespaceId.DEFAULT.app("app").spark("spark").run(RunIds.generate());
    RuntimeRequestValidator validator = new DirectRuntimeRequestValidator(cConf, txRunner, new MockProgramRunRecordFetcher(), accessEnforcer, authenticationContext);
    Principal principal = new Principal("test", Principal.PrincipalType.USER);
    Mockito.when(authenticationContext.getPrincipal()).thenReturn(principal);
    Mockito.doThrow(new UnauthorizedException("Unauthorized")).when(accessEnforcer).enforce(programRunId, principal, StandardPermission.GET);
    validator.getProgramRunStatus(programRunId, new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "/"));
}
Also used : DefaultHttpRequest(io.netty.handler.codec.http.DefaultHttpRequest) UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException) ProgramRunId(io.cdap.cdap.proto.id.ProgramRunId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 89 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class GrantPermissionCommand method perform.

@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
    Authorizable authorizable = Authorizable.fromString(arguments.get(ArgumentName.ENTITY.toString()));
    String principalName = arguments.get("principal-name");
    Principal.PrincipalType principalType = Principal.PrincipalType.valueOf(arguments.get("principal-type").toUpperCase());
    Principal principal = new Principal(principalName, principalType);
    Set<Permission> permissions = PERMISSION_STRING_TO_SET.apply(arguments.get("permissions"));
    // permissions is not an optional argument so should never be null
    Preconditions.checkNotNull(permissions, "Permissions can never be null in the grant command.");
    client.grant(authorizable, principal, permissions);
    output.printf("Successfully granted permission(s) '%s' on entity '%s' to %s '%s'\n", Joiner.on(",").join(permissions), authorizable.toString(), principal.getType(), principal.getName());
}
Also used : Permission(io.cdap.cdap.proto.security.Permission) Authorizable(io.cdap.cdap.proto.security.Authorizable) Principal(io.cdap.cdap.proto.security.Principal)

Example 90 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class ListPrivilegesCommand method perform.

@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
    String principalType = arguments.get(ArgumentName.PRINCIPAL_TYPE.toString());
    String principalName = arguments.get(ArgumentName.PRINCIPAL_NAME.toString());
    Table table = Table.builder().setHeader("Authorizable", "Action").setRows(Lists.newArrayList(client.listGrants(new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())))), grantedPermission -> Lists.newArrayList(grantedPermission.getAuthorizable().toString(), grantedPermission.getPermission().name())).build();
    cliConfig.getTableRenderer().render(cliConfig, output, table);
}
Also used : PrintStream(java.io.PrintStream) Principal(io.cdap.cdap.proto.security.Principal) Lists(com.google.common.collect.Lists) ArgumentName(io.cdap.cdap.cli.ArgumentName) Table(io.cdap.cdap.cli.util.table.Table) Inject(com.google.inject.Inject) CLIConfig(io.cdap.cdap.cli.CLIConfig) AuthorizationClient(io.cdap.cdap.client.AuthorizationClient) Privilege(io.cdap.cdap.proto.security.Privilege) AbstractAuthCommand(io.cdap.cdap.cli.util.AbstractAuthCommand) Arguments(io.cdap.common.cli.Arguments) Table(io.cdap.cdap.cli.util.table.Table) Principal(io.cdap.cdap.proto.security.Principal)

Aggregations

Principal (io.cdap.cdap.proto.security.Principal)172 Test (org.junit.Test)70 Credential (io.cdap.cdap.proto.security.Credential)58 NamespaceId (io.cdap.cdap.proto.id.NamespaceId)56 UserIdentity (io.cdap.cdap.security.auth.UserIdentity)26 EntityId (io.cdap.cdap.proto.id.EntityId)24 IOException (java.io.IOException)24 StandardPermission (io.cdap.cdap.proto.security.StandardPermission)18 Role (io.cdap.cdap.proto.security.Role)16 Path (javax.ws.rs.Path)16 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)14 UnauthorizedException (io.cdap.cdap.security.spi.authorization.UnauthorizedException)14 AccessController (io.cdap.cdap.security.spi.authorization.AccessController)12 NoOpAccessController (io.cdap.cdap.security.spi.authorization.NoOpAccessController)12 SConfiguration (io.cdap.cdap.common.conf.SConfiguration)10 ApplicationId (io.cdap.cdap.proto.id.ApplicationId)10 KerberosPrincipalId (io.cdap.cdap.proto.id.KerberosPrincipalId)10 DatasetManagementException (io.cdap.cdap.api.dataset.DatasetManagementException)8 DatasetSpecification (io.cdap.cdap.api.dataset.DatasetSpecification)8 DatasetNotFoundException (io.cdap.cdap.common.DatasetNotFoundException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial