private void testDeployAppWithOwner() throws Exception { NamespaceId namespaceId = new NamespaceId("appImpersonation"); NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId.getNamespace()).build(); // grant ALICE admin on namespace and create namespace grantAndAssertSuccess(namespaceId, ALICE, EnumSet.of(Action.ADMIN)); cleanUpEntities.add(namespaceId); getNamespaceAdmin().create(nsMeta); // deploy dummy app with app impersonation deployDummyAppWithImpersonation(nsMeta, BOB.getName()); }
private void testDeployAppWithoutOwner() throws Exception { NamespaceId namespaceId = new NamespaceId("namespaceImpersonation"); // We will create a namespace as owner bob, the keytab url is provided to pass the check for DefaultNamespaceAdmin // in unit test, it is useless, since impersonation will never happen NamespaceMeta ownerNSMeta = new NamespaceMeta.Builder().setName(namespaceId.getNamespace()) .setPrincipal(BOB.getName()).setKeytabURI("/tmp/").build(); KerberosPrincipalId bobPrincipalId = new KerberosPrincipalId(BOB.getName()); // grant alice admin to the namespace, but creation should still fail since alice needs to have privilege on // principal bob grantAndAssertSuccess(namespaceId, ALICE, EnumSet.of(Action.ADMIN)); cleanUpEntities.add(namespaceId); try { getNamespaceAdmin().create(ownerNSMeta); Assert.fail("Namespace creation should fail since alice does not have privilege on principal bob"); } catch (UnauthorizedException e) { // expected } // grant alice admin on principal bob, now creation of namespace should work grantAndAssertSuccess(bobPrincipalId, ALICE, EnumSet.of(Action.ADMIN)); cleanUpEntities.add(bobPrincipalId); getNamespaceAdmin().create(ownerNSMeta); // deploy dummy app with ns impersonation deployDummyAppWithImpersonation(ownerNSMeta, null); }