use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.
the class TestUtils method mockAccessDeniedException.
public static AccessDeniedException mockAccessDeniedException() {
final Resource resource = mock(Resource.class);
when(resource.getName()).thenReturn("some-name");
when(resource.getType()).thenReturn("some-type");
return new AccessDeniedException(AuthorizationService.Operation.READ, resource);
}
use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.
the class EventTypeAuthorizationTest method whenDELETENotAuthorized200.
@Test
public void whenDELETENotAuthorized200() throws Exception {
final EventType eventType = EventTypeTestBuilder.builder().build();
final Resource resource = new EventTypeResource(eventType.getName(), eventType.getAuthorization());
doReturn(Optional.of(eventType)).when(eventTypeRepository).findByNameO(any());
doThrow(new AccessDeniedException(AuthorizationService.Operation.ADMIN, resource)).when(authorizationValidator).authorizeEventTypeAdmin(eventType);
deleteEventType(eventType.getName()).andExpect(status().isForbidden()).andExpect(content().string(matchesProblem(Problem.valueOf(Response.Status.FORBIDDEN, "Access on ADMIN event-type:" + eventType.getName() + " denied"))));
}
use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.
the class AdminService method isAdmin.
public boolean isAdmin(final AuthorizationService.Operation operation) {
final List<Permission> permissions = getAdmins();
final Resource resource = new AdminResource(ADMIN_RESOURCE, ResourceAuthorization.fromPermissionsList(permissions));
return authorizationService.isAuthorized(operation, resource);
}
use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.
the class EventTypeAuthorizationTest method whenPUTNotAuthorizedThen403.
@Test
public void whenPUTNotAuthorizedThen403() throws Exception {
final EventType eventType = EventTypeTestBuilder.builder().build();
final Resource resource = new EventTypeResource(eventType.getName(), eventType.getAuthorization());
doReturn(eventType).when(eventTypeRepository).findByName(any());
doThrow(new AccessDeniedException(AuthorizationService.Operation.ADMIN, resource)).when(authorizationValidator).authorizeEventTypeAdmin(eventType);
putEventType(eventType, eventType.getName()).andExpect(status().isForbidden()).andExpect(content().string(matchesProblem(Problem.valueOf(Response.Status.FORBIDDEN, "Access on ADMIN event-type:" + eventType.getName() + " denied"))));
}
use of org.zalando.nakadi.plugin.api.authz.Resource in project nakadi by zalando.
the class TimelineService method createTimeline.
public void createTimeline(final String eventTypeName, final String storageId) throws AccessDeniedException, TimelineException, TopicRepositoryException, InconsistentStateException, RepositoryProblemException, DbWriteOperationsBlockedException {
if (featureToggleService.isFeatureEnabled(FeatureToggleService.Feature.DISABLE_DB_WRITE_OPERATIONS)) {
throw new DbWriteOperationsBlockedException("Cannot create timeline: write operations on DB " + "are blocked by feature flag.");
}
try {
final EventType eventType = eventTypeCache.getEventType(eventTypeName);
if (!adminService.isAdmin(AuthorizationService.Operation.WRITE)) {
final Resource resource = new EventTypeResource(eventTypeName, eventType.getAuthorization());
throw new AccessDeniedException(AuthorizationService.Operation.ADMIN, resource);
}
final Storage storage = storageDbRepository.getStorage(storageId).orElseThrow(() -> new UnableProcessException("No storage with id: " + storageId));
final Timeline activeTimeline = getActiveTimeline(eventType);
final TopicRepository currentTopicRepo = topicRepositoryHolder.getTopicRepository(activeTimeline.getStorage());
final TopicRepository nextTopicRepo = topicRepositoryHolder.getTopicRepository(storage);
final List<PartitionStatistics> partitionStatistics = currentTopicRepo.loadTopicStatistics(Collections.singleton(activeTimeline));
final String newTopic = nextTopicRepo.createTopic(partitionStatistics.size(), eventType.getOptions().getRetentionTime());
final Timeline nextTimeline = Timeline.createTimeline(activeTimeline.getEventType(), activeTimeline.getOrder() + 1, storage, newTopic, new Date());
switchTimelines(activeTimeline, nextTimeline);
} catch (final TopicCreationException | ServiceUnavailableException | InternalNakadiException e) {
throw new TimelineException("Internal service error", e);
} catch (final NoSuchEventTypeException e) {
throw new NotFoundException("EventType \"" + eventTypeName + "\" does not exist", e);
}
}
Aggregations