Examples with NoOpAccessController io.cdap.cdap.security.spi.authorization.NoOpAccessController used on opensource projects

Search in sources :

Example 1 with NoOpAccessController

use of io.cdap.cdap.security.spi.authorization.NoOpAccessController in project cdap by caskdata.

the class AbstractDatasetFrameworkTest method testAuditPublish.

@Test
public void testAuditPublish() throws Exception {
    // Clear all audit messages
    inMemoryAuditPublisher.popMessages();
    List<AuditMessage> expectedMessages = new ArrayList<>();
    // Adding modules
    DatasetFramework framework = getFramework();
    framework.addModule(IN_MEMORY, new InMemoryTableModule());
    // Creating instances
    framework.addInstance(Table.class.getName(), MY_TABLE, DatasetProperties.EMPTY);
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.CREATE, AuditPayload.EMPTY_PAYLOAD));
    framework.addInstance(Table.class.getName(), MY_TABLE2, DatasetProperties.EMPTY);
    expectedMessages.add(new AuditMessage(0, MY_TABLE2, "", AuditType.CREATE, AuditPayload.EMPTY_PAYLOAD));
    // Update instance
    framework.updateInstance(MY_TABLE, DatasetProperties.EMPTY);
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.UPDATE, AuditPayload.EMPTY_PAYLOAD));
    // Access instance
    ProgramRunId runId = new ProgramId("ns", "app", ProgramType.WORKER, "worker").run(RunIds.generate().getId());
    LineageWriterDatasetFramework lineageFramework = new LineageWriterDatasetFramework(framework, new NoOpLineageWriter(), new NoOpUsageRegistry(), new AuthenticationTestContext(), new NoOpAccessController());
    lineageFramework.setContext(new TestProgramContext(runId));
    lineageFramework.setAuditPublisher(inMemoryAuditPublisher);
    lineageFramework.getDataset(MY_TABLE, ImmutableMap.<String, String>of(), getClass().getClassLoader());
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.ACCESS, new AccessPayload(AccessType.UNKNOWN, runId)));
    // Truncate instance
    framework.truncateInstance(MY_TABLE);
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.TRUNCATE, AuditPayload.EMPTY_PAYLOAD));
    // Delete instance
    framework.deleteInstance(MY_TABLE);
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.DELETE, AuditPayload.EMPTY_PAYLOAD));
    // Delete all instances in a namespace
    framework.deleteAllInstances(MY_TABLE2.getParent());
    expectedMessages.add(new AuditMessage(0, MY_TABLE2, "", AuditType.DELETE, AuditPayload.EMPTY_PAYLOAD));
    Assert.assertEquals(expectedMessages, inMemoryAuditPublisher.popMessages());
    // cleanup
    framework.deleteModule(IN_MEMORY);
}
Also used : AuditMessage(io.cdap.cdap.proto.audit.AuditMessage) Table(io.cdap.cdap.api.dataset.table.Table) ArrayList(java.util.ArrayList) AuthenticationTestContext(io.cdap.cdap.security.auth.context.AuthenticationTestContext) NoOpUsageRegistry(io.cdap.cdap.data2.registry.NoOpUsageRegistry) ProgramId(io.cdap.cdap.proto.id.ProgramId) LineageWriterDatasetFramework(io.cdap.cdap.data2.metadata.writer.LineageWriterDatasetFramework) LineageWriterDatasetFramework(io.cdap.cdap.data2.metadata.writer.LineageWriterDatasetFramework) InMemoryTableModule(io.cdap.cdap.data2.dataset2.module.lib.inmemory.InMemoryTableModule) AccessPayload(io.cdap.cdap.proto.audit.payload.access.AccessPayload) NoOpLineageWriter(io.cdap.cdap.data2.metadata.writer.NoOpLineageWriter) ProgramRunId(io.cdap.cdap.proto.id.ProgramRunId) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) Test(org.junit.Test)

Example 2 with NoOpAccessController

use of io.cdap.cdap.security.spi.authorization.NoOpAccessController in project cdap by caskdata.

the class DefaultAccessEnforcerTest method testInternalIsVisible.

@Test
public void testInternalIsVisible() throws IOException, AccessException {
    Principal userWithInternalCred = new Principal("system", Principal.PrincipalType.USER, null, new Credential("credential", Credential.CredentialType.INTERNAL));
    CConfiguration cConfCopy = CConfiguration.copy(CCONF);
    cConfCopy.setBoolean(Constants.Security.INTERNAL_AUTH_ENABLED, true);
    ControllerWrapper controllerWrapper = createControllerWrapper(cConfCopy, SCONF, new NoOpAccessController());
    AccessController accessController = controllerWrapper.accessController;
    DefaultAccessEnforcer accessEnforcer = controllerWrapper.defaultAccessEnforcer;
    Set<EntityId> namespaces = ImmutableSet.of(NS);
    // Make sure that the actual access controller does not have access.
    Assert.assertEquals(Collections.emptySet(), accessController.isVisible(namespaces, userWithInternalCred));
    // The no-op access enforcer allows all requests through, so this should succeed if it is using the right
    // access controller.
    Assert.assertEquals(namespaces, accessEnforcer.isVisible(namespaces, userWithInternalCred));
    // Verify the metrics context was called with correct metrics
    verify(controllerWrapper.mockMetricsContext, times(1)).increment(Constants.Metrics.Authorization.INTERNAL_VISIBILITY_CHECK_COUNT, 1);
}
Also used : EntityId(io.cdap.cdap.proto.id.EntityId) Credential(io.cdap.cdap.proto.security.Credential) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 3 with NoOpAccessController

use of io.cdap.cdap.security.spi.authorization.NoOpAccessController in project cdap by caskdata.

the class AccessControllerInstantiator method get.

/**
 * Returns an instance of the configured {@link AccessController} extension, or of {@link NoOpAccessController}, if
 * authorization is disabled.
 */
@Override
public AccessController get() {
    if (!cConf.getBoolean(Constants.Security.Authorization.ENABLED)) {
        LOG.debug("Authorization is disabled. Authorization can be enabled  by setting " + Constants.Security.Authorization.ENABLED + " to true.");
        return NOOP_ACCESS_CONTROLLER;
    }
    if (!cConf.getBoolean(Constants.Security.ENABLED)) {
        LOG.warn("Authorization is enabled. However, authentication is disabled. Authorization policies will not be " + "enforced. To enforce authorization policies please enable both authorization, by setting " + Constants.Security.Authorization.ENABLED + " to true and authentication, by setting " + Constants.Security.ENABLED + "to true.");
        return NOOP_ACCESS_CONTROLLER;
    }
    // Authorization is enabled
    AccessController accessController = this.accessController;
    if (accessController != null) {
        return accessController;
    }
    synchronized (this) {
        accessController = this.accessController;
        if (accessController != null) {
            return accessController;
        }
        if (closed) {
            throw new RuntimeException("Cannot create AccessController due to resources were closed");
        }
        String accessControllerExtensionJarPath = cConf.get(Constants.Security.Authorization.EXTENSION_JAR_PATH);
        String accessControllerExtraClasspath = cConf.get(Constants.Security.Authorization.EXTENSION_EXTRA_CLASSPATH);
        if (Strings.isNullOrEmpty(accessControllerExtensionJarPath)) {
            throw new IllegalArgumentException(String.format("Access control extension jar path not found in configuration. Please set %s in " + "cdap-site.xml to the fully qualified path of the jar file to use as the authorization " + "backend.", Constants.Security.Authorization.EXTENSION_JAR_PATH));
        }
        try {
            File accessControllerExtensionJar = new File(accessControllerExtensionJarPath);
            ensureValidAuthExtensionJar(accessControllerExtensionJar);
            accessControllerClassLoader = createAccessControllerClassLoader(accessControllerExtensionJar, accessControllerExtraClasspath);
            this.accessController = accessController = createAccessController(accessControllerClassLoader);
            return accessController;
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }
}
Also used : AccessController(io.cdap.cdap.security.spi.authorization.AccessController) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) File(java.io.File) IOException(java.io.IOException)

Example 4 with NoOpAccessController

use of io.cdap.cdap.security.spi.authorization.NoOpAccessController in project cdap by caskdata.

the class DefaultAccessEnforcerTest method testInternalAuthEnforce.

@Test
public void testInternalAuthEnforce() throws IOException, AccessException {
    Principal userWithInternalCred = new Principal("system", Principal.PrincipalType.USER, null, new Credential("credential", Credential.CredentialType.INTERNAL));
    CConfiguration cConfCopy = CConfiguration.copy(CCONF);
    cConfCopy.setBoolean(Constants.Security.INTERNAL_AUTH_ENABLED, true);
    ControllerWrapper controllerWrapper = createControllerWrapper(cConfCopy, SCONF, new NoOpAccessController());
    AccessController accessController = controllerWrapper.accessController;
    DefaultAccessEnforcer accessEnforcer = controllerWrapper.defaultAccessEnforcer;
    // Make sure that the actual access controller does not have access.
    assertAuthorizationFailure(accessController, NS, userWithInternalCred, StandardPermission.GET);
    assertAuthorizationFailure(accessController, NS, userWithInternalCred, StandardPermission.UPDATE);
    // The no-op access enforcer allows all requests through, so this should succeed if it is using the right
    // access controller.
    accessEnforcer.enforce(NS, userWithInternalCred, StandardPermission.GET);
    accessEnforcer.enforce(NS, userWithInternalCred, StandardPermission.UPDATE);
    // Verify the metrics context was called with correct metrics
    verify(controllerWrapper.mockMetricsContext, times(2)).increment(Constants.Metrics.Authorization.INTERNAL_CHECK_SUCCESS_COUNT, 1);
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 5 with NoOpAccessController

use of io.cdap.cdap.security.spi.authorization.NoOpAccessController in project cdap by caskdata.

the class AccessControllerInstantiatorTest method assertDisabled.

private void assertDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature) throws IOException {
    try (AccessControllerInstantiator instantiator = new AccessControllerInstantiator(cConf, AUTH_CONTEXT_FACTORY)) {
        AccessController accessController = instantiator.get();
        Assert.assertTrue(String.format("When %s is disabled, a %s must be returned, but got %s.", feature.name().toLowerCase(), NoOpAccessController.class.getSimpleName(), accessController.getClass().getName()), accessController instanceof NoOpAccessController);
    }
}
Also used : AccessController(io.cdap.cdap.security.spi.authorization.AccessController) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController)

Aggregations

NoOpAccessController (io.cdap.cdap.security.spi.authorization.NoOpAccessController)5 AccessController (io.cdap.cdap.security.spi.authorization.AccessController)4 Test (org.junit.Test)3 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)2 Credential (io.cdap.cdap.proto.security.Credential)2 Principal (io.cdap.cdap.proto.security.Principal)2 Table (io.cdap.cdap.api.dataset.table.Table)1 InMemoryTableModule (io.cdap.cdap.data2.dataset2.module.lib.inmemory.InMemoryTableModule)1 LineageWriterDatasetFramework (io.cdap.cdap.data2.metadata.writer.LineageWriterDatasetFramework)1 NoOpLineageWriter (io.cdap.cdap.data2.metadata.writer.NoOpLineageWriter)1 NoOpUsageRegistry (io.cdap.cdap.data2.registry.NoOpUsageRegistry)1 AuditMessage (io.cdap.cdap.proto.audit.AuditMessage)1 AccessPayload (io.cdap.cdap.proto.audit.payload.access.AccessPayload)1 EntityId (io.cdap.cdap.proto.id.EntityId)1 ProgramId (io.cdap.cdap.proto.id.ProgramId)1 ProgramRunId (io.cdap.cdap.proto.id.ProgramRunId)1 AuthenticationTestContext (io.cdap.cdap.security.auth.context.AuthenticationTestContext)1 File (java.io.File)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial