@Override public BodyConsumer addModule(DatasetModuleId datasetModuleId, String className, boolean forceUpdate) throws Exception { final Principal principal = authenticationContext.getPrincipal(); // enforce that the principal has ADMIN access on the dataset module authorizationEnforcer.enforce(datasetModuleId, principal, Action.ADMIN); return delegate.addModule(datasetModuleId, className, forceUpdate); }
@Override public void addSystemArtifacts() throws Exception { // to add system artifacts, users should have admin privileges on the system namespace Principal principal = authenticationContext.getPrincipal(); authorizationEnforcer.enforce(NamespaceId.SYSTEM, principal, Action.ADMIN); delegate.addSystemArtifacts(); }
@Override public void testAuthorizationEnforcer() throws Exception { super.testAuthorizationEnforcer(); // The super class revokes all privileges after test is done. Since cache is enabled, enforce should still work. authorizationEnforcer.enforce(APP, ALICE, Action.ADMIN); authorizationEnforcer.enforce(PROGRAM, ALICE, Action.EXECUTE); }
@Override public BodyConsumer addModule(DatasetModuleId datasetModuleId, String className, boolean forceUpdate) throws Exception { final Principal principal = authenticationContext.getPrincipal(); // enforce that the principal has ADMIN access on the dataset module authorizationEnforcer.enforce(datasetModuleId, principal, Action.ADMIN); return delegate.addModule(datasetModuleId, className, forceUpdate); }
public <T> QueueReader<T> createStreamReader(StreamId streamId, Supplier<StreamConsumer> consumerSupplier, int batchSize, Function<StreamEvent, T> transformer) throws Exception { authorizationEnforcer.enforce(streamId, authenticationContext.getPrincipal(), Action.READ); return new StreamQueueReader<>(streamId, consumerSupplier, batchSize, transformer, authenticationContext, authorizationEnforcer); } }
@Override public void addSystemArtifacts() throws Exception { // to add system artifacts, users should have admin privileges on the system namespace Principal principal = authenticationContext.getPrincipal(); authorizationEnforcer.enforce(NamespaceId.SYSTEM, principal, Action.ADMIN); delegate.addSystemArtifacts(); }
@Override public void delete(DatasetModuleId datasetModuleId) throws Exception { Principal principal = authenticationContext.getPrincipal(); authorizationEnforcer.enforce(datasetModuleId, principal, Action.ADMIN); delegate.delete(datasetModuleId); }
@POST @Path("/enforce") public void enforce(FullHttpRequest request, HttpResponder responder) throws Exception { AuthorizationPrivilege authorizationPrivilege = GSON.fromJson(request.content().toString(StandardCharsets.UTF_8), AuthorizationPrivilege.class); LOG.debug("Enforcing for {}", authorizationPrivilege); authorizationEnforcer.enforce(authorizationPrivilege.getEntity(), authorizationPrivilege.getPrincipal(), authorizationPrivilege.getAction()); responder.sendStatus(HttpResponseStatus.OK); }
@Override public void deleteArtifactProperties(Id.Artifact artifactId) throws Exception { authorizationEnforcer.enforce(artifactId.toEntityId(), authenticationContext.getPrincipal(), Action.ADMIN); delegate.deleteArtifactProperties(artifactId); }
private void assertAuthorizationFailure(AuthorizationEnforcer authEnforcementService, EntityId entityId, Principal principal, Action action) throws Exception { try { authEnforcementService.enforce(entityId, principal, action); Assert.fail(String.format("Expected %s to not have '%s' privilege on %s but it does.", principal, action, entityId)); } catch (UnauthorizedException expected) { // expected } }
private void assertAuthorizationFailure(AuthorizationEnforcer authEnforcementService, EntityId entityId, Principal principal, Set<Action> actions) throws Exception { try { authEnforcementService.enforce(entityId, principal, actions); Assert.fail(String.format("Expected %s to not have '%s' privileges on %s but it does.", principal, actions, entityId)); } catch (UnauthorizedException expected) { // expected } } }
@Override public void deleteArtifactProperty(Id.Artifact artifactId, String key) throws Exception { authorizationEnforcer.enforce(artifactId.toEntityId(), authenticationContext.getPrincipal(), Action.ADMIN); delegate.deleteArtifactProperty(artifactId, key); }
@Override public void deleteArtifact(Id.Artifact artifactId) throws Exception { // for deleting artifacts, users need admin privileges on the artifact being deleted. Principal principal = authenticationContext.getPrincipal(); authorizationEnforcer.enforce(artifactId.toEntityId(), principal, Action.ADMIN); delegate.deleteArtifact(artifactId); }
@Override public void writeArtifactProperties(Id.Artifact artifactId, Map<String, String> properties) throws Exception { authorizationEnforcer.enforce(artifactId.toEntityId(), authenticationContext.getPrincipal(), Action.ADMIN); delegate.writeArtifactProperties(artifactId, properties); }
@Override public void writeArtifactProperties(Id.Artifact artifactId, Map<String, String> properties) throws Exception { authorizationEnforcer.enforce(artifactId.toEntityId(), authenticationContext.getPrincipal(), Action.ADMIN); delegate.writeArtifactProperties(artifactId, properties); }
@Override public void writeArtifactProperty(Id.Artifact artifactId, String key, String value) throws Exception { authorizationEnforcer.enforce(artifactId.toEntityId(), authenticationContext.getPrincipal(), Action.ADMIN); delegate.writeArtifactProperty(artifactId, key, value); }
@Override public void deleteArtifact(Id.Artifact artifactId) throws Exception { // for deleting artifacts, users need admin privileges on the artifact being deleted. Principal principal = authenticationContext.getPrincipal(); authorizationEnforcer.enforce(artifactId.toEntityId(), principal, Action.ADMIN); delegate.deleteArtifact(artifactId); }
@Override public void deleteAll(NamespaceId namespaceId) throws Exception { Principal principal = authenticationContext.getPrincipal(); for (DatasetModuleMeta meta : delegate.listModules(namespaceId)) { DatasetModuleId datasetModuleId = namespaceId.datasetModule(meta.getName()); authorizationEnforcer.enforce(datasetModuleId, principal, Action.ADMIN); } delegate.deleteAll(namespaceId); }
@Override public void deleteAll(NamespaceId namespaceId) throws Exception { Principal principal = authenticationContext.getPrincipal(); for (DatasetModuleMeta meta : delegate.listModules(namespaceId)) { DatasetModuleId datasetModuleId = namespaceId.datasetModule(meta.getName()); authorizationEnforcer.enforce(datasetModuleId, principal, Action.ADMIN); } delegate.deleteAll(namespaceId); }
@Override public void clear(NamespaceId namespace) throws Exception { List<ArtifactSummary> artifacts = delegate.getArtifactSummaries(namespace, false); for (ArtifactSummary artifactSummary : artifacts) { authorizationEnforcer.enforce(namespace.artifact(artifactSummary.getName(), artifactSummary.getVersion()), authenticationContext.getPrincipal(), Action.ADMIN); } delegate.clear(namespace); }