falcon git commit: FALCON-2035 Entity list operation without type parameter doesn't work when authorization is enabled

Mon, 20 Jun 2016 23:24:57 -0700 

Repository: falcon
Updated Branches:
  refs/heads/master 3abefccf5 -> aaf33261f


FALCON-2035 Entity list operation without type parameter doesn't work when 
authorization is enabled

Test entity list operation without type parameter works when authorization is 
enabled.

Author: yzheng-hortonworks <[email protected]>

Reviewers: @pallavi-rao, @bvellanki

Closes #189 from yzheng-hortonworks/FALCON-2035 and squashes the following 
commits:

0cbd7a4 [yzheng-hortonworks] review by pallavi
4f7c4a4 [yzheng-hortonworks] review by balu
7aa034b [yzheng-hortonworks] FALCON-2035 Entity list operation without type 
parameter doesn't work when authorization is enabled


Project: http://git-wip-us.apache.org/repos/asf/falcon/repo
Commit: http://git-wip-us.apache.org/repos/asf/falcon/commit/aaf33261
Tree: http://git-wip-us.apache.org/repos/asf/falcon/tree/aaf33261
Diff: http://git-wip-us.apache.org/repos/asf/falcon/diff/aaf33261

Branch: refs/heads/master
Commit: aaf33261f32ba87d95c268e09a593f9ebae1f46b
Parents: 3abefcc
Author: yzheng-hortonworks <[email protected]>
Authored: Tue Jun 21 11:54:09 2016 +0530
Committer: Pallavi Rao <[email protected]>
Committed: Tue Jun 21 11:54:09 2016 +0530

----------------------------------------------------------------------
 .../apache/falcon/security/DefaultAuthorizationProvider.java | 8 ++++++--
 .../falcon/security/DefaultAuthorizationProviderTest.java    | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/falcon/blob/aaf33261/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
----------------------------------------------------------------------
diff --git 
a/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
 
b/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
index 5eb6a25..a4410af 100644
--- 
a/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
+++ 
b/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
@@ -59,6 +59,7 @@ public class DefaultAuthorizationProvider implements 
AuthorizationProvider {
 
     private static final Set<String> RESOURCES = new HashSet<String>(
             Arrays.asList(new String[]{"admin", "entities", "instance", 
"metadata", "extension", }));
+    private static final String LIST_OPERATION = "list";
 
     /**
      * Constant for the configuration property that indicates the prefix.
@@ -170,7 +171,11 @@ public class DefaultAuthorizationProvider implements 
AuthorizationProvider {
                     authorizeAdminResource(authenticatedUGI, action);
                 }
             } else if ("entities".equals(resource) || 
"instance".equals(resource)) {
-                authorizeEntityResource(authenticatedUGI, entityName, 
entityType, action);
+                if ("entities".equals(resource) && 
LIST_OPERATION.equals(action)) {
+                    LOG.info("Skipping authorization for entity list 
operations");
+                } else {
+                    authorizeEntityResource(authenticatedUGI, entityName, 
entityType, action);
+                }
             } else if ("metadata".equals(resource)) {
                 authorizeMetadataResource(authenticatedUGI, action);
             }
@@ -296,7 +301,6 @@ public class DefaultAuthorizationProvider implements 
AuthorizationProvider {
                                            String entityName, String 
entityType,
                                            String action)
         throws AuthorizationException, EntityNotRegisteredException {
-
         Validate.notEmpty(entityType, "Entity type cannot be empty or null");
         LOG.debug("Authorizing authenticatedUser={} against entity/instance 
action={}, "
                 + "entity name={}, entity type={}",

http://git-wip-us.apache.org/repos/asf/falcon/blob/aaf33261/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
----------------------------------------------------------------------
diff --git 
a/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
 
b/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
index 3a6d8c0..2196ad1 100644
--- 
a/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
+++ 
b/common/src/test/java/org/apache/falcon/security/DefaultAuthorizationProviderTest.java
@@ -315,7 +315,7 @@ public class DefaultAuthorizationProviderTest {
                 "admin", realUser, new String[]{"admin", });
 
         DefaultAuthorizationProvider provider = new 
DefaultAuthorizationProvider();
-        provider.authorizeResource("entities", "list", null, 
"primary-cluster", proxyUgi);
+        provider.authorizeResource("instance", "list", null, "sample-process", 
proxyUgi);
         Assert.fail("Bad entity type");
     }
 
@@ -328,7 +328,7 @@ public class DefaultAuthorizationProviderTest {
                 "admin", realUser, new String[]{"admin", });
 
         DefaultAuthorizationProvider provider = new 
DefaultAuthorizationProvider();
-        provider.authorizeResource("entities", "list", "clusterz", 
"primary-cluster", proxyUgi);
+        provider.authorizeResource("instance", "list", "processz", 
"sample-process", proxyUgi);
         Assert.fail("Bad entity type");
     }

Reply via email to