Examples with AccessControl org.apache.storm.generated.AccessControl used on opensource projects

Example 1 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class BlobStoreTest method testReplication.

// Test for replication.
public void testReplication(String path, BlobStore store) throws Exception {
    SettableBlobMeta metadata = new SettableBlobMeta(BlobStoreAclHandler.WORLD_EVERYTHING);
    metadata.set_replication_factor(4);
    try (AtomicOutputStream out = store.createBlob("test", metadata, null)) {
        out.write(1);
    }
    assertStoreHasExactly(store, "test");
    assertEquals("Blobstore replication not matching", store.getBlobReplication("test", null), 4);
    store.deleteBlob("test", null);
    // Test for replication with NIMBUS as user
    Subject admin = getSubject("admin");
    metadata = new SettableBlobMeta(BlobStoreAclHandler.DEFAULT);
    metadata.set_replication_factor(4);
    try (AtomicOutputStream out = store.createBlob("test", metadata, admin)) {
        out.write(1);
    }
    assertStoreHasExactly(store, "test");
    assertEquals("Blobstore replication not matching", store.getBlobReplication("test", admin), 4);
    store.updateBlobReplication("test", 5, admin);
    assertEquals("Blobstore replication not matching", store.getBlobReplication("test", admin), 5);
    store.deleteBlob("test", admin);
    // Test for replication using SUPERVISOR access
    Subject supervisor = getSubject("supervisor");
    metadata = new SettableBlobMeta(BlobStoreAclHandler.DEFAULT);
    metadata.set_replication_factor(4);
    try (AtomicOutputStream out = store.createBlob("test", metadata, supervisor)) {
        out.write(1);
    }
    assertStoreHasExactly(store, "test");
    assertEquals("Blobstore replication not matching", store.getBlobReplication("test", supervisor), 4);
    store.updateBlobReplication("test", 5, supervisor);
    assertEquals("Blobstore replication not matching", store.getBlobReplication("test", supervisor), 5);
    store.deleteBlob("test", supervisor);
    Subject adminsGroupsUser = getSubject("adminsGroupsUser");
    metadata = new SettableBlobMeta(BlobStoreAclHandler.DEFAULT);
    metadata.set_replication_factor(4);
    try (AtomicOutputStream out = store.createBlob("test", metadata, adminsGroupsUser)) {
        out.write(1);
    }
    assertStoreHasExactly(store, "test");
    assertEquals("Blobstore replication not matching", store.getBlobReplication("test", adminsGroupsUser), 4);
    store.updateBlobReplication("test", 5, adminsGroupsUser);
    assertEquals("Blobstore replication not matching", store.getBlobReplication("test", adminsGroupsUser), 5);
    store.deleteBlob("test", adminsGroupsUser);
    // Test for a user having read or write or admin access to read replication for a blob
    String createSubject = "createSubject";
    String writeSubject = "writeSubject";
    String adminSubject = "adminSubject";
    Subject who = getSubject(createSubject);
    AccessControl writeAccess = new AccessControl(AccessControlType.USER, READ);
    AccessControl adminAccess = new AccessControl(AccessControlType.USER, ADMIN);
    writeAccess.set_name(writeSubject);
    adminAccess.set_name(adminSubject);
    List<AccessControl> acl = Arrays.asList(writeAccess, adminAccess);
    metadata = new SettableBlobMeta(acl);
    metadata.set_replication_factor(4);
    try (AtomicOutputStream out = store.createBlob("test", metadata, who)) {
        out.write(1);
    }
    assertStoreHasExactly(store, "test");
    who = getSubject(writeSubject);
    assertEquals("Blobstore replication not matching", store.getBlobReplication("test", who), 4);
    // Test for a user having WRITE or ADMIN privileges to change replication of a blob
    who = getSubject(adminSubject);
    store.updateBlobReplication("test", 5, who);
    assertEquals("Blobstore replication not matching", store.getBlobReplication("test", who), 5);
    store.deleteBlob("test", getSubject(createSubject));
}

Example 2 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class Blobstore method setAclCli.

private static void setAclCli(String[] args) throws Exception {
    Map<String, Object> cl = CLI.opt("s", "set", Collections.emptyList(), new AsAclParser()).arg("key", CLI.FIRST_WINS).parse(args);
    final String key = (String) cl.get("key");
    final List<AccessControl> setAcl = (List<AccessControl>) cl.get("s");
    ClientBlobStore.withConfiguredClient(new ClientBlobStore.WithBlobstore() {

        @Override
        public void run(ClientBlobStore blobStore) throws Exception {
            ReadableBlobMeta meta = blobStore.getBlobMeta(key);
            List<AccessControl> acl = meta.get_settable().get_acl();
            List<AccessControl> newAcl;
            if (setAcl != null && !setAcl.isEmpty()) {
                newAcl = setAcl;
            } else {
                newAcl = acl;
            }
            SettableBlobMeta newMeta = new SettableBlobMeta(newAcl);
            LOG.info("Setting ACL for {} to {}", key, generateAccessControlsInfo(newAcl));
            blobStore.setBlobMeta(key, newMeta);
        }
    });
}

Example 3 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class BlobStoreAPIWordCountTopology method createBlobWithContent.

// Equivalent create command on command line
// storm blobstore create --file blacklist.txt --acl o::rwa key
private static void createBlobWithContent(String blobKey, ClientBlobStore clientBlobStore, File file) throws AuthorizationException, KeyAlreadyExistsException, IOException, KeyNotFoundException {
    String stringBlobAcl = "o::rwa";
    AccessControl blobAcl = BlobStoreAclHandler.parseAccessControl(stringBlobAcl);
    List<AccessControl> acls = new LinkedList<AccessControl>();
    // more ACLs can be added here
    acls.add(blobAcl);
    SettableBlobMeta settableBlobMeta = new SettableBlobMeta(acls);
    AtomicOutputStream blobStream = clientBlobStore.createBlob(blobKey, settableBlobMeta);
    blobStream.write(readFile(file).toString().getBytes());
    blobStream.close();
}

Example 4 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class TopoCache method addTopology.

/**
 * Add a new topology.
 * @param topoId the id of the topology
 * @param who who is doing it
 * @param topo the topology itself
 * @throws AuthorizationException if who is not allowed to add a topology
 * @throws KeyAlreadyExistsException if the topology already exists
 * @throws IOException on any error interacting with the blob store
 */
public void addTopology(final String topoId, final Subject who, final StormTopology topo) throws AuthorizationException, KeyAlreadyExistsException, IOException {
    final String key = ConfigUtils.masterStormCodeKey(topoId);
    final List<AccessControl> acl = BlobStoreAclHandler.DEFAULT;
    SettableBlobMeta meta = new SettableBlobMeta(acl);
    store.createBlob(key, Utils.serialize(topo), meta, who);
    topos.put(topoId, new WithAcl<>(meta.get_acl(), topo));
}

Example 5 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class AsyncLocalizerTest method testFailAcls.

@Test(expected = AuthorizationException.class)
public void testFailAcls() throws Exception {
    try (TmpPath tmp = new TmpPath()) {
        Map<String, Object> conf = new HashMap();
        // set clean time really high so doesn't kick in
        conf.put(DaemonConfig.SUPERVISOR_LOCALIZER_CACHE_CLEANUP_INTERVAL_MS, 60 * 60 * 1000);
        // enable blobstore acl validation
        conf.put(Config.STORM_BLOBSTORE_ACL_VALIDATION_ENABLED, true);
        String topo1 = "topo1";
        String key1 = "key1";
        TestLocalizer localizer = new TestLocalizer(conf, tmp.getPath());
        ReadableBlobMeta rbm = new ReadableBlobMeta();
        // set acl so user doesn't have read access
        AccessControl acl = new AccessControl(AccessControlType.USER, BlobStoreAclHandler.ADMIN);
        acl.set_name(user1);
        rbm.set_settable(new SettableBlobMeta(Arrays.asList(acl)));
        when(mockBlobStore.getBlobMeta(anyString())).thenReturn(rbm);
        when(mockBlobStore.getBlob(key1)).thenReturn(new TestInputStreamWithMeta(1));
        File user1Dir = localizer.getLocalUserFileCacheDir(user1);
        assertTrue("failed to create user dir", user1Dir.mkdirs());
        LocalAssignment topo1Assignment = constructLocalAssignment(topo1, user1, Collections.emptyList());
        PortAndAssignment topo1Pna = new PortAndAssignmentImpl(1, topo1Assignment);
        // This should throw AuthorizationException because auth failed
        localizer.getBlob(new LocalResource(key1, false, false), topo1Pna, null);
    }
}