org.apache.kylin.rest.security.AclPermission Java Examples

@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 

@Test
public void testGetAndValidateIdentifiers() throws IOException {
    RootPersistentEntity ae = accessService.getAclEntity("ProjectInstance", "1eaca32a-a33e-4b69-83dd-0bb8b1f8c91b");
    accessService.init(ae, AclPermission.ADMINISTRATION);
    accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("u1", true));
    accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("g1", false));

    Assert.assertEquals(Lists.newArrayList("ADMIN", "u1"),
            Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_USER)));
    Assert.assertEquals(Lists.newArrayList("g1"),
            Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_GROUP)));

    validateUtil.validateIdentifiers(PROJECT, "u1", TYPE_USER);
    try {
        validateUtil.validateIdentifiers(PROJECT, NOT_EXISTS, TYPE_USER);
        Assert.fail();
    } catch (Exception e) {
        Assert.assertEquals("Operation failed, user:not_exists not exists in project.", e.getMessage());
    }
}
 

@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public ProjectInstance createProject(ProjectInstance newProject) throws IOException {
    Message msg = MsgPicker.getMsg();

    String projectName = newProject.getName();
    String description = newProject.getDescription();
    LinkedHashMap<String, String> overrideProps = newProject.getOverrideKylinProps();

    ProjectInstance currentProject = getProjectManager().getProject(projectName);

    if (currentProject != null) {
        throw new BadRequestException(String.format(Locale.ROOT, msg.getPROJECT_ALREADY_EXIST(), projectName));
    }
    String owner = SecurityContextHolder.getContext().getAuthentication().getName();
    ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description,
            overrideProps);
    accessService.init(createdProject, AclPermission.ADMINISTRATION);
    logger.debug("New project created.");

    return createdProject;
}
 

@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 

@Test
public void testGetAndValidateIdentifiers() throws IOException {
    RootPersistentEntity ae = accessService.getAclEntity("ProjectInstance", "1eaca32a-a33e-4b69-83dd-0bb8b1f8c91b");
    accessService.init(ae, AclPermission.ADMINISTRATION);
    accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("u1", true));
    accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("g1", false));

    Assert.assertEquals(Lists.newArrayList("ADMIN", "u1"),
            Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_USER)));
    Assert.assertEquals(Lists.newArrayList("g1"),
            Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_GROUP)));

    validateUtil.validateIdentifiers(PROJECT, "u1", TYPE_USER);
    try {
        validateUtil.validateIdentifiers(PROJECT, NOT_EXISTS, TYPE_USER);
        Assert.fail();
    } catch (Exception e) {
        Assert.assertEquals("Operation failed, user:not_exists not exists in project.", e.getMessage());
    }
}
 

@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public ProjectInstance createProject(ProjectInstance newProject) throws IOException {
    Message msg = MsgPicker.getMsg();

    String projectName = newProject.getName();
    String description = newProject.getDescription();
    LinkedHashMap<String, String> overrideProps = newProject.getOverrideKylinProps();

    ProjectInstance currentProject = getProjectManager().getProject(projectName);

    if (currentProject != null) {
        throw new BadRequestException(String.format(Locale.ROOT, msg.getPROJECT_ALREADY_EXIST(), projectName));
    }
    String owner = SecurityContextHolder.getContext().getAuthentication().getName();
    ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description,
            overrideProps);
    accessService.init(createdProject, AclPermission.ADMINISTRATION);
    logger.debug("New project created.");

    return createdProject;
}
 

@Test
public void testRevokeProjectPermission() throws IOException {
    List<ProjectInstance> projects = projectService.listProjects(10000, 0);
    assertTrue(projects.size() > 0);
    ProjectInstance project = projects.get(0);
    PrincipalSid sid = new PrincipalSid("ANALYST");
    RootPersistentEntity ae = accessService.getAclEntity(PROJECT_INSTANCE, project.getUuid());
    accessService.grant(ae, AclPermission.ADMINISTRATION, sid);
    Assert.assertEquals(1, accessService.getAcl(ae).getEntries().size());
    accessService.revokeProjectPermission("ANALYST", MetadataConstants.TYPE_USER);
    Assert.assertEquals(0, accessService.getAcl(ae).getEntries().size());
}
 

@Test
public void testBatchGrant() {
    AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    accessService.batchGrant(ae, sidToPerm);
    MutableAclRecord acl = accessService.getAcl(ae);
    List<AccessControlEntry> e = acl.getEntries();
    Assert.assertEquals(10, e.size());
    for (int i = 0; i < e.size(); i++) {
        Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
    }
}
 

@Ignore
@Test
public void test100000Entries() throws JsonProcessingException {
    MockAclEntity ae = new MockAclEntity("100000Entries");
    long time = System.currentTimeMillis();
    for (int i = 0; i < 100000; i++) {
        if (i % 10 == 0) {
            long now = System.currentTimeMillis();
            System.out.println((now - time) + " ms for last 10 entries, total " + i);
            time = now;
        }
        Sid sid = accessService.getSid("USER" + i, true);
        accessService.grant(ae, AclPermission.OPERATION, sid);
    }
}
 

@Test
public void testRevokeProjectPermission() throws IOException {
    List<ProjectInstance> projects = projectService.listProjects(10000, 0);
    assertTrue(projects.size() > 0);
    ProjectInstance project = projects.get(0);
    PrincipalSid sid = new PrincipalSid("ANALYST");
    RootPersistentEntity ae = accessService.getAclEntity(PROJECT_INSTANCE, project.getUuid());
    accessService.grant(ae, AclPermission.ADMINISTRATION, sid);
    Assert.assertEquals(1, accessService.getAcl(ae).getEntries().size());
    accessService.revokeProjectPermission("ANALYST", MetadataConstants.TYPE_USER);
    Assert.assertEquals(0, accessService.getAcl(ae).getEntries().size());
}
 

@Test
public void testBatchGrant() {
    AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    accessService.batchGrant(ae, sidToPerm);
    MutableAclRecord acl = accessService.getAcl(ae);
    List<AccessControlEntry> e = acl.getEntries();
    Assert.assertEquals(10, e.size());
    for (int i = 0; i < e.size(); i++) {
        Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
    }
}
 

@Ignore
@Test
public void test100000Entries() throws JsonProcessingException {
    MockAclEntity ae = new MockAclEntity("100000Entries");
    long time = System.currentTimeMillis();
    for (int i = 0; i < 100000; i++) {
        if (i % 10 == 0) {
            long now = System.currentTimeMillis();
            System.out.println((now - time) + " ms for last 10 entries, total " + i);
            time = now;
        }
        Sid sid = accessService.getSid("USER" + i, true);
        accessService.grant(ae, AclPermission.OPERATION, sid);
    }
}
 

public ProjectInstance createProject(CreateProjectRequest projectRequest) throws IOException {
    String projectName = projectRequest.getName();
    String description = projectRequest.getDescription();
    ProjectInstance currentProject = getProjectManager().getProject(projectName);

    if (currentProject != null) {
        throw new InternalErrorException("The project named " + projectName + " already exists");
    }
    String owner = SecurityContextHolder.getContext().getAuthentication().getName();
    ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description);
    accessService.init(createdProject, AclPermission.ADMINISTRATION);
    logger.debug("New project created.");

    return createdProject;
}
 

@Override
public List<Pair<String, AclPermission>> getAcl(String entityType, String entityUuid) {
	// No need to implement
	return null;
}
 

@Override
public List<Pair<String, AclPermission>> getAcl(String entityType, String entityUuid) {
	// No need to implement
	return null;
}
 

public CubeInstance createCubeAndDesc(String cubeName, String projectName, CubeDesc desc) throws IOException {
    if (getCubeManager().getCube(cubeName) != null) {
        throw new InternalErrorException("The cube named " + cubeName + " already exists");
    }

    String owner = SecurityContextHolder.getContext().getAuthentication().getName();
    CubeDesc createdDesc = null;
    CubeInstance createdCube = null;

    boolean isNew = false;
    if (getCubeDescManager().getCubeDesc(desc.getName()) == null) {
        createdDesc = getCubeDescManager().createCubeDesc(desc);
        isNew = true;
    } else {
        createdDesc = getCubeDescManager().updateCubeDesc(desc);
    }


    if (!createdDesc.getError().isEmpty()) {
        if (isNew) {
            getCubeDescManager().removeCubeDesc(createdDesc);
        }
        throw new InternalErrorException(createdDesc.getError().get(0));
    }

    try {
        int cuboidCount = CuboidCLI.simulateCuboidGeneration(createdDesc);
        logger.info("New cube " + cubeName + " has " + cuboidCount + " cuboids");
    } catch (Exception e) {
        getCubeDescManager().removeCubeDesc(createdDesc);
        throw new InternalErrorException("Failed to deal with the request.", e);
    }

    createdCube = getCubeManager().createCube(cubeName, projectName, createdDesc, owner);
    accessService.init(createdCube, AclPermission.ADMINISTRATION);

    ProjectInstance project = getProjectManager().getProject(projectName);
    accessService.inherit(createdCube, project);

    return createdCube;
}