falcon-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pall...@apache.org
Subject falcon git commit: FALCON-2035 Entity list operation without type parameter doesn't work when authorization is enabled
Date Tue, 21 Jun 2016 06:24:43 GMT
Repository: falcon
Updated Branches:
  refs/heads/0.10 820052464 -> 641d57afa


FALCON-2035 Entity list operation without type parameter doesn't work when authorization is
enabled

Test entity list operation without type parameter works when authorization is enabled.

Author: yzheng-hortonworks <yzheng@hortonworks.com>

Reviewers: @pallavi-rao, @bvellanki

Closes #189 from yzheng-hortonworks/FALCON-2035 and squashes the following commits:

0cbd7a4 [yzheng-hortonworks] review by pallavi
4f7c4a4 [yzheng-hortonworks] review by balu
7aa034b [yzheng-hortonworks] FALCON-2035 Entity list operation without type parameter doesn't
work when authorization is enabled

(cherry picked from commit aaf33261f32ba87d95c268e09a593f9ebae1f46b)
Signed-off-by: Pallavi Rao <pallavi.rao@inmobi.com>


Project: http://git-wip-us.apache.org/repos/asf/falcon/repo
Commit: http://git-wip-us.apache.org/repos/asf/falcon/commit/641d57af
Tree: http://git-wip-us.apache.org/repos/asf/falcon/tree/641d57af
Diff: http://git-wip-us.apache.org/repos/asf/falcon/diff/641d57af

Branch: refs/heads/0.10
Commit: 641d57afa68b0d8ae091595f7eca560ec1d13f1b
Parents: 8200524
Author: yzheng-hortonworks <yzheng@hortonworks.com>
Authored: Tue Jun 21 11:54:09 2016 +0530
Committer: Pallavi Rao <pallavi.rao@inmobi.com>
Committed: Tue Jun 21 11:54:32 2016 +0530

----------------------------------------------------------------------
 .../apache/falcon/security/DefaultAuthorizationProvider.java | 8 ++++++--
 .../falcon/security/DefaultAuthorizationProviderTest.java    | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/falcon/blob/641d57af/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
b/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
index 5eb6a25..a4410af 100644
--- a/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
+++ b/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
@@ -59,6 +59,7 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider
{
 
     private static final Set<String> RESOURCES = new HashSet<String>(
             Arrays.asList(new String[]{"admin", "entities", "instance", "metadata", "extension",
}));
+    private static final String LIST_OPERATION = "list";
 
     /**
      * Constant for the configuration property that indicates the prefix.
@@ -170,7 +171,11 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider
{
                     authorizeAdminResource(authenticatedUGI, action);
                 }
             } else if ("entities".equals(resource) || "instance".equals(resource)) {
-                authorizeEntityResource(authenticatedUGI, entityName, entityType, action);
+                if ("entities".equals(resource) && LIST_OPERATION.equals(action))
{
+                    LOG.info("Skipping authorization for entity list operations");
+                } else {
+                    authorizeEntityResource(authenticatedUGI, entityName, entityType, action);
+                }
             } else if ("metadata".equals(resource)) {
                 authorizeMetadataResource(authenticatedUGI, action);
             }
@@ -296,7 +301,6 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider
{
                                            String entityName, String entityType,
                                            String action)
         throws AuthorizationException, EntityNotRegisteredException {
-
         Validate.notEmpty(entityType, "Entity type cannot be empty or null");
         LOG.debug("Authorizing authenticatedUser={} against entity/instance action={}, "
                 + "entity name={}, entity type={}",

http://git-wip-us.apache.org/repos/asf/falcon/blob/641d57af/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
----------------------------------------------------------------------
diff --git a/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
b/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
index 3a6d8c0..2196ad1 100644
--- a/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
+++ b/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
@@ -315,7 +315,7 @@ public class DefaultAuthorizationProviderTest {
                 "admin", realUser, new String[]{"admin", });
 
         DefaultAuthorizationProvider provider = new DefaultAuthorizationProvider();
-        provider.authorizeResource("entities", "list", null, "primary-cluster", proxyUgi);
+        provider.authorizeResource("instance", "list", null, "sample-process", proxyUgi);
         Assert.fail("Bad entity type");
     }
 
@@ -328,7 +328,7 @@ public class DefaultAuthorizationProviderTest {
                 "admin", realUser, new String[]{"admin", });
 
         DefaultAuthorizationProvider provider = new DefaultAuthorizationProvider();
-        provider.authorizeResource("entities", "list", "clusterz", "primary-cluster", proxyUgi);
+        provider.authorizeResource("instance", "list", "processz", "sample-process", proxyUgi);
         Assert.fail("Bad entity type");
     }
 


Mime
View raw message