예제 #1
0
  @Test
  public void testGetEntityListFilterBy() throws Exception {

    Entity process2 =
        buildProcess("processAuthUserFilterBy", System.getProperty("user.name"), "", "USER-DATA");
    configStore.publish(EntityType.PROCESS, process2);

    EntityList entityList =
        this.getEntityList("", "", "", "process", "", "PIPELINES:USER-DATA", "", "asc", 0, 10, "");
    Assert.assertNotNull(entityList.getElements());
    Assert.assertEquals(entityList.getElements().length, 1);
    Assert.assertNotNull(entityList.getElements()[0].pipeline);
    Assert.assertEquals(entityList.getElements()[0].pipeline.get(0), "USER-DATA");

    /*
     * Both entities should be returned when the user is SuperUser.
     */
    StartupProperties.get().setProperty("falcon.security.authorization.enabled", "true");
    CurrentUser.authenticate(System.getProperty("user.name"));
    entityList =
        this.getEntityList("", "", "", "process", "", "PIPELINES:USER-DATA", "", "desc", 0, 10, "");
    Assert.assertNotNull(entityList.getElements());
    Assert.assertEquals(entityList.getElements().length, 1);
    Assert.assertNotNull(entityList.getElements()[0].pipeline);
    Assert.assertEquals(entityList.getElements()[0].pipeline.get(0), "USER-DATA");

    // reset values
    StartupProperties.get().setProperty("falcon.security.authorization.enabled", "false");
    CurrentUser.authenticate(System.getProperty("user.name"));
  }
예제 #2
0
  @Test
  public void testGetEntityListBadUser() throws Exception {
    CurrentUser.authenticate("fakeUser");
    try {
      Entity process1 = buildProcess("processFakeUser", "fakeUser", "", "");
      configStore.publish(EntityType.PROCESS, process1);
      Assert.fail();
    } catch (Throwable ignore) {
      // do nothing
    }

    /*
     * Only one entity should be returned when the auth is enabled.
     */
    try {
      getEntityList("", "", "", "process", "", "", "", "", 0, 10, "");
      Assert.fail();
    } catch (Throwable ignore) {
      // do nothing
    }

    // reset values
    StartupProperties.get().setProperty("falcon.security.authorization.enabled", "false");
    CurrentUser.authenticate(System.getProperty("user.name"));
  }
예제 #3
0
  /**
   * KLUDGE - Until ACL is mandated entity passed should be decorated for equals check to pass.
   * existingEntity in config store will have teh decoration and equals check fails if entity passed
   * is not decorated for checking if entity already exists.
   *
   * @param entity entity
   */
  private void decorateEntityWithACL(Entity entity) {
    if (SecurityUtil.isAuthorizationEnabled() || entity.getACL() != null) {
      return; // not necessary to decorate
    }

    final String proxyUser = CurrentUser.getUser();
    final String defaultGroupName = CurrentUser.getPrimaryGroupName();
    switch (entity.getEntityType()) {
      case CLUSTER:
        org.apache.falcon.entity.v0.cluster.ACL clusterACL =
            new org.apache.falcon.entity.v0.cluster.ACL();
        clusterACL.setOwner(proxyUser);
        clusterACL.setGroup(defaultGroupName);
        ((org.apache.falcon.entity.v0.cluster.Cluster) entity).setACL(clusterACL);
        break;

      case FEED:
        org.apache.falcon.entity.v0.feed.ACL feedACL = new org.apache.falcon.entity.v0.feed.ACL();
        feedACL.setOwner(proxyUser);
        feedACL.setGroup(defaultGroupName);
        ((org.apache.falcon.entity.v0.feed.Feed) entity).setACL(feedACL);
        break;

      case PROCESS:
        org.apache.falcon.entity.v0.process.ACL processACL =
            new org.apache.falcon.entity.v0.process.ACL();
        processACL.setOwner(proxyUser);
        processACL.setGroup(defaultGroupName);
        ((org.apache.falcon.entity.v0.process.Process) entity).setACL(processACL);
        break;

      default:
        break;
    }
  }
예제 #4
0
  protected boolean isEntityAuthorized(Entity entity) {
    try {
      SecurityUtil.getAuthorizationProvider()
          .authorizeEntity(
              entity.getName(),
              entity.getEntityType().toString(),
              entity.getACL(),
              "list",
              CurrentUser.getAuthenticatedUGI());
    } catch (Exception e) {
      LOG.info(
          "Authorization failed for entity="
              + entity.getName()
              + " for user="
              + CurrentUser.getUser(),
          e);
      return false;
    }

    return true;
  }
  @BeforeClass
  public void setUp() throws Exception {
    CurrentUser.authenticate(FALCON_USER);

    configStore = ConfigurationStore.get();

    Services.get().register(new WorkflowJobEndNotificationService());
    StartupProperties.get()
        .setProperty(
            "falcon.graph.storage.directory", "target/graphdb-" + System.currentTimeMillis());
    StartupProperties.get().setProperty("falcon.graph.preserve.history", "true");
    service = new MetadataMappingService();
    service.init();

    Set<String> vertexPropertyKeys = service.getVertexIndexedKeys();
    System.out.println("Got vertex property keys: " + vertexPropertyKeys);

    Set<String> edgePropertyKeys = service.getEdgeIndexedKeys();
    System.out.println("Got edge property keys: " + edgePropertyKeys);
  }