org.apache.kylin.rest.security.AclPermission Java Examples
The following examples show how to use
org.apache.kylin.rest.security.AclPermission.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AclServiceTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
@Test
public void testBatchUpsertAce() {
switchToAdmin();
ObjectIdentity oid = oid("acl");
MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
aclService.batchUpsertAce(acl, sidToPerm);
for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
List<AccessControlEntry> e = a.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
}
Example #2
| Source File: ValidateUtilTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
@Test
public void testGetAndValidateIdentifiers() throws IOException {
RootPersistentEntity ae = accessService.getAclEntity("ProjectInstance", "1eaca32a-a33e-4b69-83dd-0bb8b1f8c91b");
accessService.init(ae, AclPermission.ADMINISTRATION);
accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("u1", true));
accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("g1", false));
Assert.assertEquals(Lists.newArrayList("ADMIN", "u1"),
Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_USER)));
Assert.assertEquals(Lists.newArrayList("g1"),
Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_GROUP)));
validateUtil.validateIdentifiers(PROJECT, "u1", TYPE_USER);
try {
validateUtil.validateIdentifiers(PROJECT, NOT_EXISTS, TYPE_USER);
Assert.fail();
} catch (Exception e) {
Assert.assertEquals("Operation failed, user:not_exists not exists in project.", e.getMessage());
}
}
Example #3
| Source File: ProjectService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public ProjectInstance createProject(ProjectInstance newProject) throws IOException {
Message msg = MsgPicker.getMsg();
String projectName = newProject.getName();
String description = newProject.getDescription();
LinkedHashMap<String, String> overrideProps = newProject.getOverrideKylinProps();
ProjectInstance currentProject = getProjectManager().getProject(projectName);
if (currentProject != null) {
throw new BadRequestException(String.format(Locale.ROOT, msg.getPROJECT_ALREADY_EXIST(), projectName));
}
String owner = SecurityContextHolder.getContext().getAuthentication().getName();
ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description,
overrideProps);
accessService.init(createdProject, AclPermission.ADMINISTRATION);
logger.debug("New project created.");
return createdProject;
}
Example #4
| Source File: AclServiceTest.java From kylin with Apache License 2.0 | 6 votes |
|
@Test
public void testBatchUpsertAce() {
switchToAdmin();
ObjectIdentity oid = oid("acl");
MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
aclService.batchUpsertAce(acl, sidToPerm);
for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
List<AccessControlEntry> e = a.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
}
Example #5
| Source File: ValidateUtilTest.java From kylin with Apache License 2.0 | 6 votes |
|
@Test
public void testGetAndValidateIdentifiers() throws IOException {
RootPersistentEntity ae = accessService.getAclEntity("ProjectInstance", "1eaca32a-a33e-4b69-83dd-0bb8b1f8c91b");
accessService.init(ae, AclPermission.ADMINISTRATION);
accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("u1", true));
accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("g1", false));
Assert.assertEquals(Lists.newArrayList("ADMIN", "u1"),
Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_USER)));
Assert.assertEquals(Lists.newArrayList("g1"),
Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_GROUP)));
validateUtil.validateIdentifiers(PROJECT, "u1", TYPE_USER);
try {
validateUtil.validateIdentifiers(PROJECT, NOT_EXISTS, TYPE_USER);
Assert.fail();
} catch (Exception e) {
Assert.assertEquals("Operation failed, user:not_exists not exists in project.", e.getMessage());
}
}
Example #6
| Source File: ProjectService.java From kylin with Apache License 2.0 | 6 votes |
|
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public ProjectInstance createProject(ProjectInstance newProject) throws IOException {
Message msg = MsgPicker.getMsg();
String projectName = newProject.getName();
String description = newProject.getDescription();
LinkedHashMap<String, String> overrideProps = newProject.getOverrideKylinProps();
ProjectInstance currentProject = getProjectManager().getProject(projectName);
if (currentProject != null) {
throw new BadRequestException(String.format(Locale.ROOT, msg.getPROJECT_ALREADY_EXIST(), projectName));
}
String owner = SecurityContextHolder.getContext().getAuthentication().getName();
ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description,
overrideProps);
accessService.init(createdProject, AclPermission.ADMINISTRATION);
logger.debug("New project created.");
return createdProject;
}
Example #7
| Source File: AccessServiceTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
@Test
public void testRevokeProjectPermission() throws IOException {
List<ProjectInstance> projects = projectService.listProjects(10000, 0);
assertTrue(projects.size() > 0);
ProjectInstance project = projects.get(0);
PrincipalSid sid = new PrincipalSid("ANALYST");
RootPersistentEntity ae = accessService.getAclEntity(PROJECT_INSTANCE, project.getUuid());
accessService.grant(ae, AclPermission.ADMINISTRATION, sid);
Assert.assertEquals(1, accessService.getAcl(ae).getEntries().size());
accessService.revokeProjectPermission("ANALYST", MetadataConstants.TYPE_USER);
Assert.assertEquals(0, accessService.getAcl(ae).getEntries().size());
}
Example #8
| Source File: AccessServiceTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
@Test
public void testBatchGrant() {
AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
accessService.batchGrant(ae, sidToPerm);
MutableAclRecord acl = accessService.getAcl(ae);
List<AccessControlEntry> e = acl.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
Example #9
| Source File: AccessServiceTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
@Ignore
@Test
public void test100000Entries() throws JsonProcessingException {
MockAclEntity ae = new MockAclEntity("100000Entries");
long time = System.currentTimeMillis();
for (int i = 0; i < 100000; i++) {
if (i % 10 == 0) {
long now = System.currentTimeMillis();
System.out.println((now - time) + " ms for last 10 entries, total " + i);
time = now;
}
Sid sid = accessService.getSid("USER" + i, true);
accessService.grant(ae, AclPermission.OPERATION, sid);
}
}
Example #10
| Source File: AccessServiceTest.java From kylin with Apache License 2.0 | 5 votes |
|
@Test
public void testRevokeProjectPermission() throws IOException {
List<ProjectInstance> projects = projectService.listProjects(10000, 0);
assertTrue(projects.size() > 0);
ProjectInstance project = projects.get(0);
PrincipalSid sid = new PrincipalSid("ANALYST");
RootPersistentEntity ae = accessService.getAclEntity(PROJECT_INSTANCE, project.getUuid());
accessService.grant(ae, AclPermission.ADMINISTRATION, sid);
Assert.assertEquals(1, accessService.getAcl(ae).getEntries().size());
accessService.revokeProjectPermission("ANALYST", MetadataConstants.TYPE_USER);
Assert.assertEquals(0, accessService.getAcl(ae).getEntries().size());
}
Example #11
| Source File: AccessServiceTest.java From kylin with Apache License 2.0 | 5 votes |
|
@Test
public void testBatchGrant() {
AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
accessService.batchGrant(ae, sidToPerm);
MutableAclRecord acl = accessService.getAcl(ae);
List<AccessControlEntry> e = acl.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
Example #12
| Source File: AccessServiceTest.java From kylin with Apache License 2.0 | 5 votes |
|
@Ignore
@Test
public void test100000Entries() throws JsonProcessingException {
MockAclEntity ae = new MockAclEntity("100000Entries");
long time = System.currentTimeMillis();
for (int i = 0; i < 100000; i++) {
if (i % 10 == 0) {
long now = System.currentTimeMillis();
System.out.println((now - time) + " ms for last 10 entries, total " + i);
time = now;
}
Sid sid = accessService.getSid("USER" + i, true);
accessService.grant(ae, AclPermission.OPERATION, sid);
}
}
Example #13
| Source File: ProjectService.java From Kylin with Apache License 2.0 | 5 votes |
|
public ProjectInstance createProject(CreateProjectRequest projectRequest) throws IOException {
String projectName = projectRequest.getName();
String description = projectRequest.getDescription();
ProjectInstance currentProject = getProjectManager().getProject(projectName);
if (currentProject != null) {
throw new InternalErrorException("The project named " + projectName + " already exists");
}
String owner = SecurityContextHolder.getContext().getAuthentication().getName();
ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description);
accessService.init(createdProject, AclPermission.ADMINISTRATION);
logger.debug("New project created.");
return createdProject;
}
Example #14
| Source File: RangerKylinAuthorizer.java From ranger with Apache License 2.0 | 4 votes |
|
@Override
public List<Pair<String, AclPermission>> getAcl(String entityType, String entityUuid) {
// No need to implement
return null;
}
Example #15
| Source File: RangerKylinAuthorizer.java From ranger with Apache License 2.0 | 4 votes |
|
@Override
public List<Pair<String, AclPermission>> getAcl(String entityType, String entityUuid) {
// No need to implement
return null;
}
Example #16
| Source File: CubeService.java From Kylin with Apache License 2.0 | 4 votes |
|
public CubeInstance createCubeAndDesc(String cubeName, String projectName, CubeDesc desc) throws IOException {
if (getCubeManager().getCube(cubeName) != null) {
throw new InternalErrorException("The cube named " + cubeName + " already exists");
}
String owner = SecurityContextHolder.getContext().getAuthentication().getName();
CubeDesc createdDesc = null;
CubeInstance createdCube = null;
boolean isNew = false;
if (getCubeDescManager().getCubeDesc(desc.getName()) == null) {
createdDesc = getCubeDescManager().createCubeDesc(desc);
isNew = true;
} else {
createdDesc = getCubeDescManager().updateCubeDesc(desc);
}
if (!createdDesc.getError().isEmpty()) {
if (isNew) {
getCubeDescManager().removeCubeDesc(createdDesc);
}
throw new InternalErrorException(createdDesc.getError().get(0));
}
try {
int cuboidCount = CuboidCLI.simulateCuboidGeneration(createdDesc);
logger.info("New cube " + cubeName + " has " + cuboidCount + " cuboids");
} catch (Exception e) {
getCubeDescManager().removeCubeDesc(createdDesc);
throw new InternalErrorException("Failed to deal with the request.", e);
}
createdCube = getCubeManager().createCube(cubeName, projectName, createdDesc, owner);
accessService.init(createdCube, AclPermission.ADMINISTRATION);
ProjectInstance project = getProjectManager().getProject(projectName);
accessService.inherit(createdCube, project);
return createdCube;
}
