Example 16 with AccessControl
use of org.apache.storm.generated.AccessControl in project storm by apache.
the class ClientBlobStoreTest method testDuplicateACLsForSetBlobMeta.
@Test(expected = AuthorizationException.class)
public void testDuplicateACLsForSetBlobMeta() throws Exception {
String testKey = "testDuplicateACLsBlobKey";
SettableBlobMeta meta = new SettableBlobMeta();
createTestBlob(testKey, meta);
AccessControl duplicateAcl = BlobStoreAclHandler.parseAccessControl("u:tester:r--");
meta.add_to_acl(duplicateAcl);
client.setBlobMeta(testKey, meta);
}
Also used :
SettableBlobMeta(org.apache.storm.generated.SettableBlobMeta)
AccessControl(org.apache.storm.generated.AccessControl)
Test(org.junit.Test)
Example 17 with AccessControl
use of org.apache.storm.generated.AccessControl in project storm by apache.
the class ClientBlobStoreTest method testGoodACLsForCreate.
@Test
public void testGoodACLsForCreate() throws Exception {
SettableBlobMeta meta = new SettableBlobMeta();
AccessControl submitterAcl = BlobStoreAclHandler.parseAccessControl("u:tester:rwa");
meta.add_to_acl(submitterAcl);
String testKey = "testBlobKey";
client.createBlob(testKey, meta);
validatedBlobAcls(testKey);
}
Also used :
SettableBlobMeta(org.apache.storm.generated.SettableBlobMeta)
AccessControl(org.apache.storm.generated.AccessControl)
Test(org.junit.Test)
Example 18 with AccessControl
use of org.apache.storm.generated.AccessControl in project storm by apache.
the class BlobStoreAclHandler method validateSettableACLs.
@SuppressWarnings("checkstyle:AbbreviationAsWordInName")
public static void validateSettableACLs(String key, List<AccessControl> acls) throws AuthorizationException {
Set<String> aclUsers = new HashSet<>();
List<String> duplicateUsers = new ArrayList<>();
for (AccessControl acl : acls) {
String aclUser = acl.get_name();
if (!StringUtils.isEmpty(aclUser) && !aclUsers.add(aclUser)) {
LOG.error("'{}' user can't appear more than once in the ACLs", aclUser);
duplicateUsers.add(aclUser);
}
}
if (duplicateUsers.size() > 0) {
String errorMessage = "user " + Arrays.toString(duplicateUsers.toArray()) + " can't appear more than once in the ACLs for key [" + key + "].";
throw new WrappedAuthorizationException(errorMessage);
}
}
Also used :
WrappedAuthorizationException(org.apache.storm.utils.WrappedAuthorizationException)
ArrayList(java.util.ArrayList)
AccessControl(org.apache.storm.generated.AccessControl)
HashSet(java.util.HashSet)
Example 19 with AccessControl
use of org.apache.storm.generated.AccessControl in project storm by apache.
the class BlobStoreAclHandler method hasPermissions.
/**
* Validates if the user has at least the set of permissions mentioned in the mask.
*
* @param acl ACL for the key.
* @param mask mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask =
* 5 implies READ and ADMIN privileges.
* @param who Is the user against whom the permissions are validated for a key using the ACL and the mask.
* @param key Key used to identify the blob.
*/
public void hasPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException {
if (!doAclValidation) {
return;
}
Set<String> user = constructUserFromPrincipals(who);
LOG.debug("user {}", user);
if (checkForValidUsers(who, mask)) {
return;
}
for (AccessControl ac : acl) {
int allowed = getAllowed(ac, user);
mask = ~allowed & mask;
LOG.debug(" user: {} allowed: {} disallowed: {} key: {}", user, allowed, mask, key);
}
if (mask == 0) {
return;
}
throw new WrappedAuthorizationException(user + " does not have " + namedPerms(mask) + " access to " + key);
}
Also used :
WrappedAuthorizationException(org.apache.storm.utils.WrappedAuthorizationException)
AccessControl(org.apache.storm.generated.AccessControl)
Example 20 with AccessControl
use of org.apache.storm.generated.AccessControl in project storm by apache.
the class TopoCache method addTopoConf.
/**
* Add a new topology config.
* @param topoId the id of the topology
* @param who who is doing it
* @param topoConf the topology conf itself
* @throws AuthorizationException if who is not allowed to add a topology conf
* @throws KeyAlreadyExistsException if the toplogy conf already exists in the blob store
* @throws IOException on any error interacting with the blob store.
*/
public void addTopoConf(final String topoId, final Subject who, final Map<String, Object> topoConf) throws AuthorizationException, KeyAlreadyExistsException, IOException {
final String key = ConfigUtils.masterStormConfKey(topoId);
final List<AccessControl> acl = BlobStoreAclHandler.DEFAULT;
SettableBlobMeta meta = new SettableBlobMeta(acl);
store.createBlob(key, Utils.toCompressedJsonConf(topoConf), meta, who);
confs.put(topoId, new WithAcl<>(meta.get_acl(), topoConf));
}
Also used :
SettableBlobMeta(org.apache.storm.generated.SettableBlobMeta)
AccessControl(org.apache.storm.generated.AccessControl)
Aggregations
AccessControl (org.apache.storm.generated.AccessControl)20
SettableBlobMeta (org.apache.storm.generated.SettableBlobMeta)12
Test (org.junit.Test)6
ArrayList (java.util.ArrayList)5
File (java.io.File)3
AtomicOutputStream (org.apache.storm.blobstore.AtomicOutputStream)3
ReadableBlobMeta (org.apache.storm.generated.ReadableBlobMeta)3
WrappedAuthorizationException (org.apache.storm.utils.WrappedAuthorizationException)3
List (java.util.List)2
KeyNotFoundException (org.apache.storm.generated.KeyNotFoundException)2
BufferedInputStream (java.io.BufferedInputStream)1
FileInputStream (java.io.FileInputStream)1
IOException (java.io.IOException)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
LinkedList (java.util.LinkedList)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1
Subject (javax.security.auth.Subject)1
ClientBlobStore (org.apache.storm.blobstore.ClientBlobStore)1
