use of io.cdap.cdap.security.spi.authorization.PermissionManager in project cdap by caskdata.
the class ProfileHttpHandlerTest method beforeClass.
@BeforeClass
public static void beforeClass() throws Exception {
CConfiguration cConf = AppFabricTestHelper.enableAuthorization(createBasicCConf(), TEMPORARY_FOLDER);
initializeAndStartServices(cConf);
PermissionManager permissionManager = getInjector().getInstance(PermissionManager.class);
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.SYSTEM, EntityType.PROFILE), READ_WRITE_USER, ImmutableSet.of(StandardPermission.LIST));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT, EntityType.PROFILE), READ_WRITE_USER, ImmutableSet.of(StandardPermission.LIST));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), READ_WRITE_USER, EnumSet.allOf(StandardPermission.class));
permissionManager.grant(Authorizable.fromString("profile:system.p1"), READ_WRITE_USER, EnumSet.allOf(StandardPermission.class));
permissionManager.grant(Authorizable.fromString("profile:default.MyProfile"), READ_WRITE_USER, EnumSet.allOf(StandardPermission.class));
permissionManager.grant(Authorizable.fromString("profile:system." + Profile.NATIVE_NAME), READ_WRITE_USER, EnumSet.allOf(StandardPermission.class));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.SYSTEM, EntityType.PROFILE), READ_ONLY_SYSTEM_USER, ImmutableSet.of(StandardPermission.LIST));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT, EntityType.PROFILE), READ_ONLY_SYSTEM_USER, ImmutableSet.of(StandardPermission.LIST));
permissionManager.grant(Authorizable.fromString("profile:system." + Profile.NATIVE_NAME), READ_ONLY_SYSTEM_USER, EnumSet.of(StandardPermission.GET));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT, EntityType.PROFILE), READ_ONLY_USER, ImmutableSet.of(StandardPermission.LIST));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT.profile("p1")), READ_ONLY_USER, EnumSet.of(StandardPermission.GET));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT.profile(PERMISSIONS_TEST_PROFILE)), CREATE_PROFILE_USER, EnumSet.of(StandardPermission.CREATE));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT.profile(PERMISSIONS_TEST_PROFILE)), UPDATE_PROFILE_USER, EnumSet.of(StandardPermission.UPDATE));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT.profile(PERMISSIONS_TEST_PROFILE)), DELETE_PROFILE_USER, EnumSet.of(StandardPermission.DELETE));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.SYSTEM.profile(PERMISSIONS_TEST_PROFILE)), CREATE_PROFILE_USER, EnumSet.of(StandardPermission.CREATE));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.SYSTEM.profile(PERMISSIONS_TEST_PROFILE)), UPDATE_PROFILE_USER, EnumSet.of(StandardPermission.UPDATE));
permissionManager.grant(Authorizable.fromEntityId(NamespaceId.SYSTEM.profile(PERMISSIONS_TEST_PROFILE)), DELETE_PROFILE_USER, EnumSet.of(StandardPermission.DELETE));
}
use of io.cdap.cdap.security.spi.authorization.PermissionManager in project cdap by caskdata.
the class PreviewRunnerModule method configure.
@Override
protected void configure() {
Boolean artifactLocalizerEnabled = cConf.getBoolean(Constants.Preview.ARTIFACT_LOCALIZER_ENABLED, false);
if (artifactLocalizerEnabled) {
// Use remote implementation to fetch artifact metadata from AppFab.
// Remote implementation internally uses artifact localizer to fetch and cache artifacts locally.
bind(ArtifactRepositoryReader.class).to(RemoteArtifactRepositoryReaderWithLocalization.class);
bind(ArtifactRepository.class).to(RemoteArtifactRepositoryWithLocalization.class);
expose(ArtifactRepository.class);
bind(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO)).to(RemoteArtifactRepositoryWithLocalization.class).in(Scopes.SINGLETON);
expose(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO));
// Use remote implementation to fetch plugin metadata from AppFab.
// Remote implementation internally uses artifact localizer to fetch and cache artifacts locally.
bind(PluginFinder.class).to(RemoteWorkerPluginFinder.class);
expose(PluginFinder.class);
// Use remote implementation to fetch preferences from AppFab.
bind(PreferencesFetcher.class).to(RemotePreferencesFetcherInternal.class);
expose(PreferencesFetcher.class);
} else {
bind(ArtifactRepositoryReader.class).toProvider(artifactRepositoryReaderProvider);
bind(ArtifactRepository.class).to(DefaultArtifactRepository.class);
expose(ArtifactRepository.class);
bind(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO)).to(DefaultArtifactRepository.class).in(Scopes.SINGLETON);
expose(ArtifactRepository.class).annotatedWith(Names.named(AppFabricServiceRuntimeModule.NOAUTH_ARTIFACT_REPO));
bind(PluginFinder.class).toProvider(pluginFinderProvider);
expose(PluginFinder.class);
bind(PreferencesFetcher.class).toProvider(preferencesFetcherProvider);
expose(PreferencesFetcher.class);
}
bind(ArtifactStore.class).toInstance(artifactStore);
expose(ArtifactStore.class);
bind(MessagingService.class).annotatedWith(Names.named(PreviewConfigModule.GLOBAL_TMS)).toInstance(messagingService);
expose(MessagingService.class).annotatedWith(Names.named(PreviewConfigModule.GLOBAL_TMS));
bind(AccessEnforcer.class).toInstance(accessEnforcer);
expose(AccessEnforcer.class);
bind(ContextAccessEnforcer.class).toInstance(contextAccessEnforcer);
expose(ContextAccessEnforcer.class);
bind(AccessControllerInstantiator.class).toInstance(accessControllerInstantiator);
expose(AccessControllerInstantiator.class);
bind(PermissionManager.class).toInstance(permissionManager);
expose(PermissionManager.class);
bind(PreferencesService.class).toInstance(preferencesService);
// bind explore client to mock.
bind(ExploreClient.class).to(MockExploreClient.class);
expose(ExploreClient.class);
bind(ProgramRuntimeProviderLoader.class).toInstance(programRuntimeProviderLoader);
expose(ProgramRuntimeProviderLoader.class);
bind(StorageProviderNamespaceAdmin.class).to(LocalStorageProviderNamespaceAdmin.class);
bind(PipelineFactory.class).to(SynchronousPipelineFactory.class);
install(new FactoryModuleBuilder().implement(Configurator.class, InMemoryConfigurator.class).build(ConfiguratorFactory.class));
// expose this binding so program runner modules can use
expose(ConfiguratorFactory.class);
install(new FactoryModuleBuilder().implement(new TypeLiteral<Manager<AppDeploymentInfo, ApplicationWithPrograms>>() {
}, new TypeLiteral<PreviewApplicationManager<AppDeploymentInfo, ApplicationWithPrograms>>() {
}).build(new TypeLiteral<ManagerFactory<AppDeploymentInfo, ApplicationWithPrograms>>() {
}));
bind(Store.class).to(DefaultStore.class);
bind(SecretStore.class).to(DefaultSecretStore.class).in(Scopes.SINGLETON);
bind(UGIProvider.class).to(DefaultUGIProvider.class);
expose(UGIProvider.class);
bind(WorkflowStateWriter.class).to(BasicWorkflowStateWriter.class);
expose(WorkflowStateWriter.class);
// we don't delete namespaces in preview as we just delete preview directory when its done
bind(NamespaceResourceDeleter.class).to(NoopNamespaceResourceDeleter.class).in(Scopes.SINGLETON);
bind(NamespaceAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
bind(NamespaceQueryAdmin.class).to(DefaultNamespaceAdmin.class).in(Scopes.SINGLETON);
expose(NamespaceAdmin.class);
expose(NamespaceQueryAdmin.class);
bind(MetadataAdmin.class).to(DefaultMetadataAdmin.class);
expose(MetadataAdmin.class);
bindPreviewRunner(binder());
expose(PreviewRunner.class);
bind(Scheduler.class).to(NoOpScheduler.class);
bind(DataTracerFactory.class).to(DefaultDataTracerFactory.class);
expose(DataTracerFactory.class);
bind(PreviewDataPublisher.class).to(MessagingPreviewDataPublisher.class);
bind(OwnerStore.class).to(DefaultOwnerStore.class);
expose(OwnerStore.class);
bind(OwnerAdmin.class).to(DefaultOwnerAdmin.class);
expose(OwnerAdmin.class);
bind(CapabilityReader.class).to(CapabilityStatusStore.class);
}
use of io.cdap.cdap.security.spi.authorization.PermissionManager in project cdap by caskdata.
the class RemotePermissionsTestBase method setup.
protected static void setup() throws IOException, InterruptedException {
AppFabricTestHelper.enableAuthorization(cConf, TEMPORARY_FOLDER);
cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMPORARY_FOLDER.newFolder().getAbsolutePath());
cConf.setInt(Constants.Security.Authorization.CACHE_TTL_SECS, CACHE_TIMEOUT);
Injector injector = AppFabricTestHelper.getInjector(cConf);
discoveryService = injector.getInstance(DiscoveryServiceClient.class);
appFabricServer = injector.getInstance(AppFabricServer.class);
appFabricServer.startAndWait();
waitForService(Constants.Service.APP_FABRIC_HTTP);
accessEnforcer = injector.getInstance(RemoteAccessEnforcer.class);
permissionManager = injector.getInstance(PermissionManager.class);
}
Aggregations