@Override public void revoke(Authorizable authorizable, Principal principal, Set<Action> actions) throws Exception { delegateAuthorizer.revoke(authorizable, principal, actions); }
@Override public void revoke(Authorizable authorizable) throws Exception { delegateAuthorizer.revoke(authorizable); }
@After public void cleanup() throws Exception { authorizer.revoke(Authorizable.fromEntityId(NamespaceId.DEFAULT)); }
private void revokeAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception { Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal); authorizer.revoke(Authorizable.fromEntityId(entityId), principal, actions); Set<Privilege> revokedPrivileges = new HashSet<>(); for (Action action : actions) { revokedPrivileges.add(new Privilege(entityId, action)); } Assert.assertEquals(Sets.difference(existingPrivileges, revokedPrivileges), authorizer.listPrivileges(principal)); } }
private void revokeAndAssertSuccess(final EntityId entityId) throws Exception { Authorizer authorizer = getAuthorizer(); authorizer.revoke(Authorizable.fromEntityId(entityId)); assertNoAccess(entityId); }
@AfterClass public static void cleanup() throws Exception { authorizer.revoke(Authorizable.fromEntityId(NamespaceId.SYSTEM)); Assert.assertEquals(Collections.emptySet(), authorizer.listPrivileges(ALICE)); SecurityRequestContext.setUserId(OLD_USER_ID); }
@Test public void testSimple() throws Exception { Authorizer authorizer = get(); verifyAuthFailure(namespace, user, Action.READ); authorizer.grant(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ)); authorizer.enforce(namespace, user, Action.READ); Set<Privilege> expectedPrivileges = new HashSet<>(); expectedPrivileges.add(new Privilege(namespace, Action.READ)); Assert.assertEquals(expectedPrivileges, authorizer.listPrivileges(user)); authorizer.revoke(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ)); verifyAuthFailure(namespace, user, Action.READ); }
@BeforeClass public static void setup() throws Exception { cConf = createCConf(); final Injector injector = AppFabricTestHelper.getInjector(cConf); metadataAdmin = injector.getInstance(MetadataAdmin.class); authorizer = injector.getInstance(AuthorizerInstantiator.class).get(); appFabricServer = injector.getInstance(AppFabricServer.class); appFabricServer.startAndWait(); // Wait for the default namespace creation String user = AuthorizationUtil.getEffectiveMasterUser(cConf); authorizer.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER), Collections.singleton(Action.ADMIN)); // Starting the Appfabric server will create the default namespace Tasks.waitFor(true, () -> injector.getInstance(NamespaceAdmin.class).exists(NamespaceId.DEFAULT), 5, TimeUnit.SECONDS); authorizer.revoke(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER), Collections.singleton(Action.ADMIN)); }
@BeforeClass public static void setup() throws Exception { cConf = createCConf(); final Injector injector = AppFabricTestHelper.getInjector(cConf); authorizer = injector.getInstance(AuthorizerInstantiator.class).get(); appFabricServer = injector.getInstance(AppFabricServer.class); appFabricServer.startAndWait(); programLifecycleService = injector.getInstance(ProgramLifecycleService.class); // Wait for the default namespace creation String user = AuthorizationUtil.getEffectiveMasterUser(cConf); authorizer.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER), Collections.singleton(Action.ADMIN)); // Starting the Appfabric server will create the default namespace Tasks.waitFor(true, new Callable<Boolean>() { @Override public Boolean call() throws Exception { return injector.getInstance(NamespaceAdmin.class).exists(NamespaceId.DEFAULT); } }, 5, TimeUnit.SECONDS); authorizer.revoke(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER), Collections.singleton(Action.ADMIN)); }
@Test public void testWildcard() throws Exception { Authorizer authorizer = get(); verifyAuthFailure(namespace, user, Action.READ); authorizer.grant(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class)); authorizer.enforce(namespace, user, Action.READ); authorizer.enforce(namespace, user, Action.WRITE); authorizer.enforce(namespace, user, Action.ADMIN); authorizer.enforce(namespace, user, Action.EXECUTE); authorizer.revoke(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class)); verifyAuthFailure(namespace, user, Action.READ); }
authorizer.revoke(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER), Collections.singleton(Action.ADMIN));
@Test public void testAll() throws Exception { Authorizer authorizer = get(); verifyAuthFailure(namespace, user, Action.READ); authorizer.grant(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class)); authorizer.enforce(namespace, user, Action.READ); authorizer.enforce(namespace, user, Action.WRITE); authorizer.enforce(namespace, user, Action.ADMIN); authorizer.enforce(namespace, user, Action.EXECUTE); authorizer.revoke(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class)); verifyAuthFailure(namespace, user, Action.READ); Principal role = new Principal("admins", Principal.PrincipalType.ROLE); authorizer.grant(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ)); authorizer.grant(Authorizable.fromEntityId(namespace), role, EnumSet.allOf(Action.class)); authorizer.revoke(Authorizable.fromEntityId(namespace)); verifyAuthFailure(namespace, user, Action.READ); verifyAuthFailure(namespace, role, Action.ADMIN); verifyAuthFailure(namespace, role, Action.READ); verifyAuthFailure(namespace, role, Action.WRITE); verifyAuthFailure(namespace, role, Action.EXECUTE); }
authorizer.revoke(Authorizable.fromEntityId(ns1), engineers, Collections.singleton(Action.READ));
getAuthorizer().revoke(Authorizable.fromEntityId(appId), BOB, EnumSet.of(Action.ADMIN));