@Test
public void testGetEntityListFilterBy() throws Exception {
Entity process2 =
buildProcess("processAuthUserFilterBy", System.getProperty("user.name"), "", "USER-DATA");
configStore.publish(EntityType.PROCESS, process2);
EntityList entityList =
this.getEntityList("", "", "", "process", "", "PIPELINES:USER-DATA", "", "asc", 0, 10, "");
Assert.assertNotNull(entityList.getElements());
Assert.assertEquals(entityList.getElements().length, 1);
Assert.assertNotNull(entityList.getElements()[0].pipeline);
Assert.assertEquals(entityList.getElements()[0].pipeline.get(0), "USER-DATA");
/*
* Both entities should be returned when the user is SuperUser.
*/
StartupProperties.get().setProperty("falcon.security.authorization.enabled", "true");
CurrentUser.authenticate(System.getProperty("user.name"));
entityList =
this.getEntityList("", "", "", "process", "", "PIPELINES:USER-DATA", "", "desc", 0, 10, "");
Assert.assertNotNull(entityList.getElements());
Assert.assertEquals(entityList.getElements().length, 1);
Assert.assertNotNull(entityList.getElements()[0].pipeline);
Assert.assertEquals(entityList.getElements()[0].pipeline.get(0), "USER-DATA");
// reset values
StartupProperties.get().setProperty("falcon.security.authorization.enabled", "false");
CurrentUser.authenticate(System.getProperty("user.name"));
}
@Test
public void testGetEntityListBadUser() throws Exception {
CurrentUser.authenticate("fakeUser");
try {
Entity process1 = buildProcess("processFakeUser", "fakeUser", "", "");
configStore.publish(EntityType.PROCESS, process1);
Assert.fail();
} catch (Throwable ignore) {
// do nothing
}
/*
* Only one entity should be returned when the auth is enabled.
*/
try {
getEntityList("", "", "", "process", "", "", "", "", 0, 10, "");
Assert.fail();
} catch (Throwable ignore) {
// do nothing
}
// reset values
StartupProperties.get().setProperty("falcon.security.authorization.enabled", "false");
CurrentUser.authenticate(System.getProperty("user.name"));
}
/**
* KLUDGE - Until ACL is mandated entity passed should be decorated for equals check to pass.
* existingEntity in config store will have teh decoration and equals check fails if entity passed
* is not decorated for checking if entity already exists.
*
* @param entity entity
*/
private void decorateEntityWithACL(Entity entity) {
if (SecurityUtil.isAuthorizationEnabled() || entity.getACL() != null) {
return; // not necessary to decorate
}
final String proxyUser = CurrentUser.getUser();
final String defaultGroupName = CurrentUser.getPrimaryGroupName();
switch (entity.getEntityType()) {
case CLUSTER:
org.apache.falcon.entity.v0.cluster.ACL clusterACL =
new org.apache.falcon.entity.v0.cluster.ACL();
clusterACL.setOwner(proxyUser);
clusterACL.setGroup(defaultGroupName);
((org.apache.falcon.entity.v0.cluster.Cluster) entity).setACL(clusterACL);
break;
case FEED:
org.apache.falcon.entity.v0.feed.ACL feedACL = new org.apache.falcon.entity.v0.feed.ACL();
feedACL.setOwner(proxyUser);
feedACL.setGroup(defaultGroupName);
((org.apache.falcon.entity.v0.feed.Feed) entity).setACL(feedACL);
break;
case PROCESS:
org.apache.falcon.entity.v0.process.ACL processACL =
new org.apache.falcon.entity.v0.process.ACL();
processACL.setOwner(proxyUser);
processACL.setGroup(defaultGroupName);
((org.apache.falcon.entity.v0.process.Process) entity).setACL(processACL);
break;
default:
break;
}
}
protected boolean isEntityAuthorized(Entity entity) {
try {
SecurityUtil.getAuthorizationProvider()
.authorizeEntity(
entity.getName(),
entity.getEntityType().toString(),
entity.getACL(),
"list",
CurrentUser.getAuthenticatedUGI());
} catch (Exception e) {
LOG.info(
"Authorization failed for entity="
+ entity.getName()
+ " for user="
+ CurrentUser.getUser(),
e);
return false;
}
return true;
}
@BeforeClass
public void setUp() throws Exception {
CurrentUser.authenticate(FALCON_USER);
configStore = ConfigurationStore.get();
Services.get().register(new WorkflowJobEndNotificationService());
StartupProperties.get()
.setProperty(
"falcon.graph.storage.directory", "target/graphdb-" + System.currentTimeMillis());
StartupProperties.get().setProperty("falcon.graph.preserve.history", "true");
service = new MetadataMappingService();
service.init();
Set<String> vertexPropertyKeys = service.getVertexIndexedKeys();
System.out.println("Got vertex property keys: " + vertexPropertyKeys);
Set<String> edgePropertyKeys = service.getEdgeIndexedKeys();
System.out.println("Got edge property keys: " + edgePropertyKeys);
}