Search in sources :

Example 1 with Resource

use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.

the class TestUtils method mockAccessDeniedException.

public static AccessDeniedException mockAccessDeniedException() {
    final Resource resource = mock(Resource.class);
    when(resource.getName()).thenReturn("some-name");
    when(resource.getType()).thenReturn("some-type");
    return new AccessDeniedException(AuthorizationService.Operation.READ, resource);
}
Also used : AccessDeniedException(org.zalando.nakadi.exceptions.runtime.AccessDeniedException) Resource(org.zalando.nakadi.plugin.api.authz.Resource)

Example 2 with Resource

use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.

the class EventTypeAuthorizationTest method whenDELETENotAuthorized200.

@Test
public void whenDELETENotAuthorized200() throws Exception {
    final EventType eventType = EventTypeTestBuilder.builder().build();
    final Resource resource = new EventTypeResource(eventType.getName(), eventType.getAuthorization());
    doReturn(Optional.of(eventType)).when(eventTypeRepository).findByNameO(any());
    doThrow(new AccessDeniedException(AuthorizationService.Operation.ADMIN, resource)).when(authorizationValidator).authorizeEventTypeAdmin(eventType);
    deleteEventType(eventType.getName()).andExpect(status().isForbidden()).andExpect(content().string(matchesProblem(Problem.valueOf(Response.Status.FORBIDDEN, "Access on ADMIN event-type:" + eventType.getName() + " denied"))));
}
Also used : AccessDeniedException(org.zalando.nakadi.exceptions.runtime.AccessDeniedException) EventType(org.zalando.nakadi.domain.EventType) Resource(org.zalando.nakadi.plugin.api.authz.Resource) EventTypeResource(org.zalando.nakadi.domain.EventTypeResource) EventTypeResource(org.zalando.nakadi.domain.EventTypeResource) Test(org.junit.Test)

Example 3 with Resource

use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.

the class AdminService method isAdmin.

public boolean isAdmin(final AuthorizationService.Operation operation) {
    final List<Permission> permissions = getAdmins();
    final Resource resource = new AdminResource(ADMIN_RESOURCE, ResourceAuthorization.fromPermissionsList(permissions));
    return authorizationService.isAuthorized(operation, resource);
}
Also used : Permission(org.zalando.nakadi.domain.Permission) AllDataAccessResource(org.zalando.nakadi.domain.AllDataAccessResource) Resource(org.zalando.nakadi.plugin.api.authz.Resource) AdminResource(org.zalando.nakadi.domain.AdminResource) AdminResource(org.zalando.nakadi.domain.AdminResource)

Example 4 with Resource

use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.

the class EventTypeAuthorizationTest method whenPUTNotAuthorizedThen403.

@Test
public void whenPUTNotAuthorizedThen403() throws Exception {
    final EventType eventType = EventTypeTestBuilder.builder().build();
    final Resource resource = new EventTypeResource(eventType.getName(), eventType.getAuthorization());
    doReturn(eventType).when(eventTypeRepository).findByName(any());
    doThrow(new AccessDeniedException(AuthorizationService.Operation.ADMIN, resource)).when(authorizationValidator).authorizeEventTypeAdmin(eventType);
    putEventType(eventType, eventType.getName()).andExpect(status().isForbidden()).andExpect(content().string(matchesProblem(Problem.valueOf(Response.Status.FORBIDDEN, "Access on ADMIN event-type:" + eventType.getName() + " denied"))));
}
Also used : AccessDeniedException(org.zalando.nakadi.exceptions.runtime.AccessDeniedException) EventType(org.zalando.nakadi.domain.EventType) Resource(org.zalando.nakadi.plugin.api.authz.Resource) EventTypeResource(org.zalando.nakadi.domain.EventTypeResource) EventTypeResource(org.zalando.nakadi.domain.EventTypeResource) Test(org.junit.Test)

Example 5 with Resource

use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.

the class TimelineService method createTimeline.

public void createTimeline(final String eventTypeName, final String storageId) throws AccessDeniedException, TimelineException, TopicRepositoryException, InconsistentStateException, RepositoryProblemException, DbWriteOperationsBlockedException {
    if (featureToggleService.isFeatureEnabled(FeatureToggleService.Feature.DISABLE_DB_WRITE_OPERATIONS)) {
        throw new DbWriteOperationsBlockedException("Cannot create timeline: write operations on DB " + "are blocked by feature flag.");
    }
    try {
        final EventType eventType = eventTypeCache.getEventType(eventTypeName);
        if (!adminService.isAdmin(AuthorizationService.Operation.WRITE)) {
            final Resource resource = new EventTypeResource(eventTypeName, eventType.getAuthorization());
            throw new AccessDeniedException(AuthorizationService.Operation.ADMIN, resource);
        }
        final Storage storage = storageDbRepository.getStorage(storageId).orElseThrow(() -> new UnableProcessException("No storage with id: " + storageId));
        final Timeline activeTimeline = getActiveTimeline(eventType);
        final TopicRepository currentTopicRepo = topicRepositoryHolder.getTopicRepository(activeTimeline.getStorage());
        final TopicRepository nextTopicRepo = topicRepositoryHolder.getTopicRepository(storage);
        final List<PartitionStatistics> partitionStatistics = currentTopicRepo.loadTopicStatistics(Collections.singleton(activeTimeline));
        final String newTopic = nextTopicRepo.createTopic(partitionStatistics.size(), eventType.getOptions().getRetentionTime());
        final Timeline nextTimeline = Timeline.createTimeline(activeTimeline.getEventType(), activeTimeline.getOrder() + 1, storage, newTopic, new Date());
        switchTimelines(activeTimeline, nextTimeline);
    } catch (final TopicCreationException | ServiceUnavailableException | InternalNakadiException e) {
        throw new TimelineException("Internal service error", e);
    } catch (final NoSuchEventTypeException e) {
        throw new NotFoundException("EventType \"" + eventTypeName + "\" does not exist", e);
    }
}
Also used : AccessDeniedException(org.zalando.nakadi.exceptions.runtime.AccessDeniedException) InternalNakadiException(org.zalando.nakadi.exceptions.InternalNakadiException) EventType(org.zalando.nakadi.domain.EventType) Resource(org.zalando.nakadi.plugin.api.authz.Resource) EventTypeResource(org.zalando.nakadi.domain.EventTypeResource) EventTypeResource(org.zalando.nakadi.domain.EventTypeResource) TopicCreationException(org.zalando.nakadi.exceptions.TopicCreationException) NotFoundException(org.zalando.nakadi.exceptions.NotFoundException) ServiceUnavailableException(org.zalando.nakadi.exceptions.ServiceUnavailableException) Date(java.util.Date) TimelineException(org.zalando.nakadi.exceptions.TimelineException) DuplicatedTimelineException(org.zalando.nakadi.exceptions.runtime.DuplicatedTimelineException) Timeline(org.zalando.nakadi.domain.Timeline) DefaultStorage(org.zalando.nakadi.domain.DefaultStorage) Storage(org.zalando.nakadi.domain.Storage) PartitionStatistics(org.zalando.nakadi.domain.PartitionStatistics) TopicRepository(org.zalando.nakadi.repository.TopicRepository) DbWriteOperationsBlockedException(org.zalando.nakadi.exceptions.runtime.DbWriteOperationsBlockedException) UnableProcessException(org.zalando.nakadi.exceptions.UnableProcessException) NoSuchEventTypeException(org.zalando.nakadi.exceptions.NoSuchEventTypeException)

Aggregations

Resource (org.zalando.nakadi.plugin.api.authz.Resource)6 AccessDeniedException (org.zalando.nakadi.exceptions.runtime.AccessDeniedException)4 EventType (org.zalando.nakadi.domain.EventType)3 EventTypeResource (org.zalando.nakadi.domain.EventTypeResource)3 Test (org.junit.Test)2 AdminResource (org.zalando.nakadi.domain.AdminResource)2 AllDataAccessResource (org.zalando.nakadi.domain.AllDataAccessResource)2 Permission (org.zalando.nakadi.domain.Permission)2 Date (java.util.Date)1 ExecutionException (java.util.concurrent.ExecutionException)1 DefaultStorage (org.zalando.nakadi.domain.DefaultStorage)1 PartitionStatistics (org.zalando.nakadi.domain.PartitionStatistics)1 Storage (org.zalando.nakadi.domain.Storage)1 Timeline (org.zalando.nakadi.domain.Timeline)1 InternalNakadiException (org.zalando.nakadi.exceptions.InternalNakadiException)1 NoSuchEventTypeException (org.zalando.nakadi.exceptions.NoSuchEventTypeException)1 NotFoundException (org.zalando.nakadi.exceptions.NotFoundException)1 ServiceUnavailableException (org.zalando.nakadi.exceptions.ServiceUnavailableException)1 TimelineException (org.zalando.nakadi.exceptions.TimelineException)1 TopicCreationException (org.zalando.nakadi.exceptions.TopicCreationException)1