/** * Returns {@code true} if the given namespace is one of the CDAP reserved namespaces. */ private boolean isReservedNamespace(NamespaceId namespaceId) { // We don't support custom location for CDAP reserved namespaces. return NamespaceId.DEFAULT.equals(namespaceId) || NamespaceId.SYSTEM.equals(namespaceId) || NamespaceId.CDAP.equals(namespaceId); } }
/** * Return which entity scope this profile is in * * @return entity scope the profile is in */ public EntityScope getScope() { return getNamespaceId().equals(NamespaceId.SYSTEM) ? EntityScope.SYSTEM : EntityScope.USER; }
/** * Return which entity scope this profile is in * * @return entity scope the profile is in */ public EntityScope getScope() { return getNamespaceId().equals(NamespaceId.SYSTEM) ? EntityScope.SYSTEM : EntityScope.USER; }
/** * Return the scoped name. If it is a system profile, the profile name will be prefixed by 'SYSTEM:'. Otherwise, * the profile name will be prefixed by 'USER:'. * * @return the scoped profile name */ public String getScopedName() { EntityScope scope = NamespaceId.SYSTEM.equals(getNamespaceId()) ? EntityScope.SYSTEM : EntityScope.USER; return String.format("%s:%s", scope.name(), profileName); }
/** * Throws an exception if the specified namespace is not the system namespace and does not exist */ private void ensureNamespaceExists(NamespaceId namespaceId) throws Exception { if (!NamespaceId.SYSTEM.equals(namespaceId)) { if (!namespaceQueryAdmin.exists(namespaceId)) { throw new NamespaceNotFoundException(namespaceId); } } }
private void publishAudit(DatasetId datasetInstance, AuditType auditType) { // Don't publish audit for system datasets admin operations, there can be a deadlock if (NamespaceId.SYSTEM.equals(datasetInstance.getParent()) && auditType != AuditType.ACCESS) { return; } AuditPublishers.publishAudit(auditPublisher, datasetInstance, auditType, AuditPayload.EMPTY_PAYLOAD); } }
private void publishAudit(DatasetId datasetInstance, AuditType auditType) { // Don't publish audit for system datasets admin operations, there can be a deadlock if (NamespaceId.SYSTEM.equals(datasetInstance.getParent()) && auditType != AuditType.ACCESS) { return; } AuditPublishers.publishAudit(auditPublisher, datasetInstance, auditType, AuditPayload.EMPTY_PAYLOAD); } }
/** * Throws an exception if the specified namespace is not the system namespace and does not exist */ private void ensureNamespaceExists(NamespaceId namespaceId) throws Exception { if (!NamespaceId.SYSTEM.equals(namespaceId)) { if (!namespaceQueryAdmin.exists(namespaceId)) { throw new NamespaceNotFoundException(namespaceId); } } } }
/** * Throws an exception if the specified namespace is not the system namespace and does not exist */ private void ensureNamespaceExists(NamespaceId namespaceId) throws Exception { if (!NamespaceId.SYSTEM.equals(namespaceId)) { if (!namespaceQueryAdmin.exists(namespaceId)) { throw new NamespaceNotFoundException(namespaceId); } } } }
/** * Throws an exception if the specified namespace is not the system namespace and does not exist */ private void ensureNamespaceExists(NamespaceId namespaceId) throws Exception { if (!NamespaceId.SYSTEM.equals(namespaceId)) { if (!namespaceQueryAdmin.exists(namespaceId)) { throw new NamespaceNotFoundException(namespaceId); } } }
public static boolean isSystemDatasetInUserNamespace(DatasetId datasetInstanceId) { return !NamespaceId.SYSTEM.equals(datasetInstanceId.getParent()) && ("system.queue.config".equals(datasetInstanceId.getEntityName()) || datasetInstanceId.getEntityName().startsWith("system.sharded.queue") || datasetInstanceId.getEntityName().startsWith("system.queue") || datasetInstanceId.getEntityName().startsWith("system.stream")); }
public static boolean isSystemDatasetInUserNamespace(DatasetId datasetInstanceId) { return !NamespaceId.SYSTEM.equals(datasetInstanceId.getParent()) && ("system.queue.config".equals(datasetInstanceId.getEntityName()) || datasetInstanceId.getEntityName().startsWith("system.sharded.queue") || datasetInstanceId.getEntityName().startsWith("system.queue") || datasetInstanceId.getEntityName().startsWith("system.stream")); }
@Override public boolean apply(ArtifactId input) { // should check if the artifact is from SYSTEM namespace, if not, check if it is from the scoped namespace. // by default, the scoped namespace is for USER scope return (((pluginScope == null && NamespaceId.SYSTEM.equals(input.getParent())) || pluginArtifactNamespace.equals(input.getParent())) && (pluginArtifactName == null || pluginArtifactName.equals(input.getArtifact())) && (pluginRange == null || pluginRange.versionIsInRange(new ArtifactVersion(input.getVersion())))); } };
@Override public DatasetTypeMeta getType(DatasetTypeId datasetTypeId) throws Exception { // No authorization for system dataset types if (!NamespaceId.SYSTEM.equals(datasetTypeId.getNamespaceId())) { AuthorizationUtil.ensureOnePrivilege(datasetTypeId, EnumSet.allOf(Action.class), authorizationEnforcer, authenticationContext.getPrincipal()); } return delegate.getType(datasetTypeId); } }
@Override public DatasetModuleMeta getModule(DatasetModuleId datasetModuleId) throws Exception { // No authorization for system modules if (!NamespaceId.SYSTEM.equals(datasetModuleId.getNamespaceId())) { AuthorizationUtil.ensureOnePrivilege(datasetModuleId, EnumSet.allOf(Action.class), authorizationEnforcer, authenticationContext.getPrincipal()); } return delegate.getModule(datasetModuleId); }
@Override public DatasetTypeMeta getType(DatasetTypeId datasetTypeId) throws Exception { // No authorization for system dataset types if (!NamespaceId.SYSTEM.equals(datasetTypeId.getNamespaceId())) { AuthorizationUtil.ensureOnePrivilege(datasetTypeId, EnumSet.allOf(Action.class), authorizationEnforcer, authenticationContext.getPrincipal()); } return delegate.getType(datasetTypeId); } }
@Override protected void publish(TopicId topicId, Iterator<byte[]> payloads) throws IOException, TopicNotFoundException { if (NamespaceId.SYSTEM.equals(topicId.getNamespaceId())) { throw new IllegalArgumentException("Publish to '" + topicId.getNamespace() + "' namespace is not allowed"); } delegate.publish(topicId.getNamespace(), topicId.getTopic(), payloads); } }
@Override public ArtifactDetail getArtifact(Id.Artifact artifactId) throws Exception { ArtifactId artifact = artifactId.toEntityId(); // No authorization for system artifacts if (!NamespaceId.SYSTEM.equals(artifact.getParent())) { // need at least one privilege to get the artifact detail AuthorizationUtil.ensureOnePrivilege(artifact, EnumSet.allOf(Action.class), authorizationEnforcer, authenticationContext.getPrincipal()); } return delegate.getArtifact(artifactId); }
private NamespaceConfig getNamespaceConfig(NamespacedEntityId entityId) throws IOException { try { if (entityId.getNamespaceId().equals(NamespaceId.SYSTEM)) { return NamespaceMeta.SYSTEM.getConfig(); } return namespaceQueryAdmin.get(entityId.getNamespaceId()).getConfig(); } catch (IOException e) { throw e; } catch (Exception e) { throw new IOException(e); } }
@Override public ArtifactDetail getArtifact(Id.Artifact artifactId) throws Exception { ArtifactId artifact = artifactId.toEntityId(); // No authorization for system artifacts if (!NamespaceId.SYSTEM.equals(artifact.getParent())) { // need at least one privilege to get the artifact detail AuthorizationUtil.ensureOnePrivilege(artifact, EnumSet.allOf(Action.class), authorizationEnforcer, authenticationContext.getPrincipal()); } return delegate.getArtifact(artifactId); }