@Test public void testCrossNSMapReduce() throws Exception { createAuthNamespace(); ApplicationId appId = AUTH_NAMESPACE.app(DatasetCrossNSAccessWithMAPApp.class.getSimpleName()); Map<EntityId, Set<Action>> neededPrivileges = ImmutableMap.<EntityId, Set<Action>>builder() .put(appId, EnumSet.of(Action.ADMIN)) .put(AUTH_NAMESPACE.artifact(DatasetCrossNSAccessWithMAPApp.class.getSimpleName(), "1.0-SNAPSHOT"), EnumSet.of(Action.ADMIN)) .build(); setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges); ProgramId programId = appId.program(ProgramType.MAPREDUCE, DatasetCrossNSAccessWithMAPApp.MAPREDUCE_PROGRAM); // bob will be executing the program grantAndAssertSuccess(programId, BOB, EnumSet.of(Action.EXECUTE)); cleanUpEntities.add(programId); ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, DatasetCrossNSAccessWithMAPApp.class); MapReduceManager mrManager = appManager.getMapReduceManager(DatasetCrossNSAccessWithMAPApp.MAPREDUCE_PROGRAM); testCrossNSSystemDatasetAccessWithAuthMapReduce(mrManager); testCrossNSDatasetAccessWithAuthMapReduce(mrManager); }
@Test public void testCrossNSSpark() throws Exception { createAuthNamespace(); ApplicationId appId = AUTH_NAMESPACE.app(TestSparkCrossNSDatasetApp.APP_NAME); Map<EntityId, Set<Action>> neededPrivileges = ImmutableMap.<EntityId, Set<Action>>builder() .put(appId, EnumSet.of(Action.ADMIN)) .put(AUTH_NAMESPACE.artifact(TestSparkCrossNSDatasetApp.class.getSimpleName(), "1.0-SNAPSHOT"), EnumSet.of(Action.ADMIN)) .put(AUTH_NAMESPACE.dataset(TestSparkCrossNSDatasetApp.DEFAULT_OUTPUT_DATASET), EnumSet.of(Action.ADMIN)) .put(AUTH_NAMESPACE.datasetType(KeyValueTable.class.getName()), EnumSet.of(Action.ADMIN)) .build(); setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges); ProgramId programId = appId.spark(TestSparkCrossNSDatasetApp.SPARK_PROGRAM_NAME); // bob will be executing the program grantAndAssertSuccess(programId, BOB, EnumSet.of(Action.EXECUTE)); cleanUpEntities.add(programId); ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, TestSparkCrossNSDatasetApp.class); SparkManager sparkManager = appManager.getSparkManager(TestSparkCrossNSDatasetApp.SparkCrossNSDatasetProgram .class.getSimpleName()); testCrossNSSystemDatasetAccessWithAuthSpark(sparkManager); testCrossNSDatasetAccessWithAuthSpark(sparkManager); }
@Test public void testCrossNSService() throws Exception { createAuthNamespace(); ApplicationId appId = AUTH_NAMESPACE.app(CrossNsDatasetAccessApp.APP_NAME); Map<EntityId, Set<Action>> neededPrivileges = ImmutableMap.<EntityId, Set<Action>>builder() .put(appId, EnumSet.of(Action.ADMIN)) .put(AUTH_NAMESPACE.artifact(CrossNsDatasetAccessApp.class.getSimpleName(), "1.0-SNAPSHOT"), EnumSet.of(Action.ADMIN)) .build(); setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges); ProgramId programId = appId.service(CrossNsDatasetAccessApp.SERVICE_NAME); cleanUpEntities.add(programId); // grant bob execute on program and READ/WRITE on stream grantAndAssertSuccess(programId, BOB, EnumSet.of(Action.EXECUTE)); ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, CrossNsDatasetAccessApp.class); // switch to to ALICE SecurityRequestContext.setUserId(ALICE.getName()); ServiceManager serviceManager = appManager.getServiceManager(CrossNsDatasetAccessApp.SERVICE_NAME); testSystemDatasetAccessFromService(serviceManager); testCrossNSDatasetAccessFromService(serviceManager); }
deployApplication(dummyAppId, appRequest); Assert.fail(); } catch (Exception e) { deployApplication(dummyAppId, appRequest);
public void testApps() throws Exception { try { deployApplication(NamespaceId.DEFAULT, DummyApp.class); Assert.fail("App deployment should fail because alice does not have ADMIN privilege on the application"); } catch (UnauthorizedException e) { deployApplication(AUTH_NAMESPACE, DummyApp.class); Assert.fail(); } catch (UnauthorizedException e) { ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, DummyApp.class); deployApplication(AUTH_NAMESPACE, DummyApp.class); setUpPrivilegeAndRegisterForDeletion(BOB, bobProgramPrivileges); deployApplication(AUTH_NAMESPACE, AllProgramsApp.class);
setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges); final ApplicationManager dummyAppManager = deployApplication(AUTH_NAMESPACE, DummyApp.class);
cleanUpEntities.add(datasetId); ApplicationManager appMgr = deployApplication(AUTH_NAMESPACE, PartitionTestApp.class); SecurityRequestContext.setUserId(BOB.getName()); String partition = "p1";
setUpPrivilegeAndRegisterForDeletion(ALICE, neededPrivileges); ApplicationManager appManager = deployApplication(AUTH_NAMESPACE, AppWithSchedule.class); String workflowName = AppWithSchedule.SampleWorkflow.class.getSimpleName(); ProgramId workflowID = new ProgramId(AUTH_NAMESPACE.getNamespace(), AppWithSchedule.class.getSimpleName(),