AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, appId, ownerPrincipal); DatasetSpecification existingSpec = AuthorizationUtil.authorizeAs(authorizingUser, new Callable<DatasetSpecification>() {
/** * Receives an input containing application specification and location * and verifies both. * * @param input An instance of {@link ApplicationDeployable} */ @Override public void process(ApplicationDeployable input) throws Exception { // create stream instances ApplicationSpecification specification = input.getSpecification(); NamespaceId namespaceId = input.getApplicationId().getParent(); KerberosPrincipalId ownerPrincipal = input.getOwnerPrincipal(); // get the authorizing user String authorizingUser = AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, input.getApplicationId(), ownerPrincipal); streamCreator.createStreams(namespaceId, specification.getStreams().values(), ownerPrincipal, authorizingUser); // Emit the input to next stage. emit(input); } }
/** * Receives an input containing application specification and location * and verifies both. * * @param input An instance of {@link ApplicationDeployable} */ @Override public void process(ApplicationDeployable input) throws Exception { // create dataset instances ApplicationSpecification specification = input.getSpecification(); NamespaceId namespaceId = input.getApplicationId().getParent(); KerberosPrincipalId ownerPrincipal = input.getOwnerPrincipal(); // get the authorizing user String authorizingUser = AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, input.getApplicationId(), ownerPrincipal); datasetInstanceCreator.createInstances(namespaceId, specification.getDatasets(), ownerPrincipal, authorizingUser); // Emit the input to next stage. emit(input); } }
/** * Receives an input containing application specification and location * and verifies both. * * @param input An instance of {@link ApplicationDeployable} */ @Override public void process(ApplicationDeployable input) throws Exception { // create dataset instances ApplicationSpecification specification = input.getSpecification(); NamespaceId namespaceId = input.getApplicationId().getParent(); KerberosPrincipalId ownerPrincipal = input.getOwnerPrincipal(); // get the authorizing user String authorizingUser = AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, input.getApplicationId(), ownerPrincipal); datasetInstanceCreator.createInstances(namespaceId, specification.getDatasets(), ownerPrincipal, authorizingUser); // Emit the input to next stage. emit(input); } }
AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, appId, ownerPrincipal); DatasetSpecification existingSpec = AuthorizationUtil.authorizeAs(authorizingUser, new Callable<DatasetSpecification>() {
/** * Deploys dataset modules specified in the given application spec. * * @param input An instance of {@link ApplicationDeployable} */ @Override public void process(ApplicationDeployable input) throws Exception { KerberosPrincipalId ownerPrincipal = input.getOwnerPrincipal(); // get the authorizing user String authorizingUser = AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, input.getApplicationId(), ownerPrincipal); ClassLoader classLoader = getContext().getProperty(LocalApplicationManager.ARTIFACT_CLASSLOADER_KEY); datasetModulesDeployer.deployModules(input.getApplicationId().getParent(), input.getSpecification().getDatasetModules(), input.getArtifactLocation(), classLoader, authorizingUser); // Emit the input to next stage. emit(input); } }
/** * Deploys dataset modules specified in the given application spec. * * @param input An instance of {@link ApplicationDeployable} */ @Override public void process(ApplicationDeployable input) throws Exception { KerberosPrincipalId ownerPrincipal = input.getOwnerPrincipal(); // get the authorizing user String authorizingUser = AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, input.getApplicationId(), ownerPrincipal); ClassLoader classLoader = getContext().getProperty(LocalApplicationManager.ARTIFACT_CLASSLOADER_KEY); datasetModulesDeployer.deployModules(input.getApplicationId().getParent(), input.getSpecification().getDatasetModules(), input.getArtifactLocation(), classLoader, authorizingUser); // Emit the input to next stage. emit(input); } }
@Test public void testGetAppAuthorizingUse() throws Exception { OwnerAdmin ownerAdmin = getOwnerAdmin(); // test with complete principal (alice/somehost.net@somerealm.net) String principal = username + "/" + InetAddress.getLocalHost().getHostName() + "@REALM.net"; NamespaceMeta nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // test with principal which is just username (alice) namespaceClient.delete(namespaceId); principal = username; nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // test with principal and realm (alice@somerealm.net) namespaceClient.delete(namespaceId); principal = username + "@REALM.net"; nsMeta = new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(principal) .setKeytabURI("doesnotmatter").build(); namespaceClient.create(nsMeta); Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, null)); // clean up namespaceClient.delete(namespaceId); }