@Test public void testSystemUser() throws Exception { CConfiguration cConfCopy = CConfiguration.copy(CCONF); Principal systemUser = new Principal(UserGroupInformation.getCurrentUser().getShortUserName(), Principal.PrincipalType.USER); try (AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(cConfCopy, AUTH_CONTEXT_FACTORY)) { Authorizer authorizer = authorizerInstantiator.get(); DefaultAuthorizationEnforcer authorizationEnforcer = new DefaultAuthorizationEnforcer(cConfCopy, authorizerInstantiator); NamespaceId ns1 = new NamespaceId("ns1"); authorizationEnforcer.enforce(NamespaceId.SYSTEM, systemUser, EnumSet.allOf(Action.class)); Assert.assertEquals(ImmutableSet.of(NamespaceId.SYSTEM), authorizationEnforcer.isVisible(ImmutableSet.of(ns1, NamespaceId.SYSTEM), systemUser)); } }
private void verifyDisabled(CConfiguration cConf) throws Exception { try (AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(cConf, AUTH_CONTEXT_FACTORY)) { DefaultAuthorizationEnforcer authEnforcementService = new DefaultAuthorizationEnforcer(cConf, authorizerInstantiator); DatasetId ds = NS.dataset("ds"); // All enforcement operations should succeed, since authorization is disabled authorizerInstantiator.get().grant(Authorizable.fromEntityId(ds), BOB, ImmutableSet.of(Action.ADMIN)); authEnforcementService.enforce(NS, ALICE, Action.ADMIN); authEnforcementService.enforce(ds, BOB, Action.ADMIN); Assert.assertEquals(2, authEnforcementService.isVisible(ImmutableSet.<EntityId>of(NS, ds), BOB).size()); } }
authorizer.grant(Authorizable.fromEntityId(ds22), BOB, Collections.singleton(Action.ADMIN)); DefaultAuthorizationEnforcer authEnforcementService = new DefaultAuthorizationEnforcer(CCONF, authorizerInstantiator); Assert.assertEquals(namespaces.size(), authEnforcementService.isVisible(namespaces, ALICE).size());
@Test public void testPropagationDisabled() throws Exception { CConfiguration cConfCopy = CConfiguration.copy(CCONF); try (AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(cConfCopy, AUTH_CONTEXT_FACTORY)) { DefaultAuthorizationEnforcer authorizationEnforcer = new DefaultAuthorizationEnforcer(cConfCopy, authorizerInstantiator); authorizerInstantiator.get().grant(Authorizable.fromEntityId(NS), ALICE, ImmutableSet.of(Action.ADMIN)); authorizationEnforcer.enforce(NS, ALICE, Action.ADMIN); try { authorizationEnforcer.enforce(APP, ALICE, Action.ADMIN); Assert.fail("Alice should not have ADMIN privilege on the APP."); } catch (UnauthorizedException ignored) { // expected } } }
Authorizer authorizer = authorizerInstantiator.get(); DefaultAuthorizationEnforcer authEnforcementService = new DefaultAuthorizationEnforcer(CCONF, authorizerInstantiator);