markusthoemmes closed pull request #3895: Unify Entitlement SPI signatures
URL: https://github.com/apache/incubator-openwhisk/pull/3895
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
b/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
index f65ebdad00..078530a679 100644
--- a/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
+++ b/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
@@ -162,7 +162,7 @@ protected[core] abstract class EntitlementProvider(
* @param resource the resource to grant the subject access to
* @return a promise that completes with true iff the subject is granted the
right to access the requested resource
*/
- protected[core] def grant(subject: Subject, right: Privilege, resource:
Resource)(
+ protected[core] def grant(user: Identity, right: Privilege, resource:
Resource)(
implicit transid: TransactionId): Future[Boolean]
/**
@@ -173,7 +173,7 @@ protected[core] abstract class EntitlementProvider(
* @param resource the resource to revoke the subject access to
* @return a promise that completes with true iff the subject is revoked the
right to access the requested resource
*/
- protected[core] def revoke(subject: Subject, right: Privilege, resource:
Resource)(
+ protected[core] def revoke(user: Identity, right: Privilege, resource:
Resource)(
implicit transid: TransactionId): Future[Boolean]
/**
@@ -184,7 +184,7 @@ protected[core] abstract class EntitlementProvider(
* @param resource the resource the subject requests access to
* @return a promise that completes with true iff the subject is permitted
to access the request resource
*/
- protected def entitled(subject: Subject, right: Privilege, resource:
Resource)(
+ protected def entitled(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId): Future[Boolean]
/**
@@ -305,7 +305,7 @@ protected[core] abstract class EntitlementProvider(
case true => Future.successful(resource -> true)
case false =>
logging.debug(this, "checking explicit grants")
- entitled(user.subject, right, resource).flatMap(b =>
Future.successful(resource -> b))
+ entitled(user, right, resource).flatMap(b =>
Future.successful(resource -> b))
}
}
}
diff --git
a/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
b/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
index d344427775..179437fdf2 100644
---
a/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
+++
b/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
@@ -23,7 +23,7 @@ import akka.actor.ActorSystem
import whisk.common.Logging
import whisk.common.TransactionId
import whisk.core.WhiskConfig
-import whisk.core.entity.{ControllerInstanceId, Subject}
+import whisk.core.entity.{ControllerInstanceId, Identity, Subject}
import whisk.core.loadBalancer.LoadBalancer
protected[core] class LocalEntitlementProvider(
@@ -37,8 +37,9 @@ protected[core] class LocalEntitlementProvider(
private val matrix = LocalEntitlementProvider.matrix
/** Grants subject right to resource by adding them to the entitlement
matrix. */
- protected[core] override def grant(subject: Subject, right: Privilege,
resource: Resource)(
+ protected[core] override def grant(user: Identity, right: Privilege,
resource: Resource)(
implicit transid: TransactionId) = Future {
+ val subject = user.subject
synchronized {
val key = (subject, resource.id)
matrix.put(key, matrix.get(key) map { _ + right } getOrElse Set(right))
@@ -48,8 +49,9 @@ protected[core] class LocalEntitlementProvider(
}
/** Revokes subject right to resource by removing them from the entitlement
matrix. */
- protected[core] override def revoke(subject: Subject, right: Privilege,
resource: Resource)(
+ protected[core] override def revoke(user: Identity, right: Privilege,
resource: Resource)(
implicit transid: TransactionId) = Future {
+ val subject = user.subject
synchronized {
val key = (subject, resource.id)
val newrights = matrix.get(key) map { _ - right } map { matrix.put(key,
_) }
@@ -59,8 +61,9 @@ protected[core] class LocalEntitlementProvider(
}
/** Checks if subject has explicit grant for a resource. */
- protected override def entitled(subject: Subject, right: Privilege,
resource: Resource)(
+ protected override def entitled(user: Identity, right: Privilege, resource:
Resource)(
implicit transid: TransactionId) = Future.successful {
+ val subject = user.subject
lazy val one = matrix.get((subject, resource.id)) map { _ contains right }
getOrElse false
lazy val any = matrix.get((subject, resource.parent)) map { _ contains
right } getOrElse false
one || any
diff --git
a/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
b/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
index 5a77b149fb..cd163df671 100644
---
a/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
+++
b/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
@@ -229,10 +229,10 @@ class EntitlementProviderTests extends
ControllerTestCommon with ScalaFutures {
val one = Resource(someUser.namespace.name.toPath, ACTIONS, Some("xyz"))
Await.ready(entitlementProvider.check(adminUser, READ, all),
requestTimeout).eitherValue.get should not be Right({})
Await.ready(entitlementProvider.check(adminUser, READ, one),
requestTimeout).eitherValue.get should not be Right({})
- Await.result(entitlementProvider.grant(adminUser.subject, READ, all),
requestTimeout) // granted
+ Await.result(entitlementProvider.grant(adminUser, READ, all),
requestTimeout) // granted
Await.ready(entitlementProvider.check(adminUser, READ, all),
requestTimeout).eitherValue.get shouldBe Right({})
Await.ready(entitlementProvider.check(adminUser, READ, one),
requestTimeout).eitherValue.get shouldBe Right({})
- Await.result(entitlementProvider.revoke(adminUser.subject, READ, all),
requestTimeout) // revoked
+ Await.result(entitlementProvider.revoke(adminUser, READ, all),
requestTimeout) // revoked
}
it should "grant access to specific resource to a user" in {
@@ -245,14 +245,14 @@ class EntitlementProviderTests extends
ControllerTestCommon with ScalaFutures {
.ready(entitlementProvider.check(adminUser, DELETE, one), requestTimeout)
.eitherValue
.get should not be Right({})
- Await.result(entitlementProvider.grant(adminUser.subject, READ, one),
requestTimeout) // granted
+ Await.result(entitlementProvider.grant(adminUser, READ, one),
requestTimeout) // granted
Await.ready(entitlementProvider.check(adminUser, READ, all),
requestTimeout).eitherValue.get should not be Right({})
Await.ready(entitlementProvider.check(adminUser, READ, one),
requestTimeout).eitherValue.get shouldBe Right({})
Await
.ready(entitlementProvider.check(adminUser, DELETE, one), requestTimeout)
.eitherValue
.get should not be Right({})
- Await.result(entitlementProvider.revoke(adminUser.subject, READ, one),
requestTimeout) // revoked
+ Await.result(entitlementProvider.revoke(adminUser, READ, one),
requestTimeout) // revoked
}
behavior of "Package Collection"
diff --git
a/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
b/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
index e8082af58c..18ff0a8321 100644
---
a/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
+++
b/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
@@ -348,7 +348,7 @@ class PackageActionsApiTests extends ControllerTestCommon
with WhiskActionsApi {
put(entityStore, binding)
put(entityStore, action)
val pkgaccess = Resource(provider.namespace, PACKAGES,
Some(provider.name.asString))
- Await.result(entitlementProvider.grant(auser.subject, READ, pkgaccess), 1
second)
+ Await.result(entitlementProvider.grant(auser, READ, pkgaccess), 1 second)
Get(s"$collectionPath/${binding.name}/${action.name}") ~>
Route.seal(routes(auser)) ~> check {
status should be(OK)
val response = responseAs[WhiskAction]
@@ -492,7 +492,7 @@ class PackageActionsApiTests extends ControllerTestCommon
with WhiskActionsApi {
put(entityStore, reference)
put(entityStore, action)
val pkgaccess = Resource(provider.namespace, PACKAGES,
Some(provider.name.asString))
- Await.result(entitlementProvider.grant(auser.subject, ACTIVATE,
pkgaccess), 1 second)
+ Await.result(entitlementProvider.grant(auser, ACTIVATE, pkgaccess), 1
second)
Post(s"$collectionPath/${reference.name}/${action.name}", content) ~>
Route.seal(routes(auser)) ~> check {
status should be(Accepted)
val response = responseAs[JsObject]
diff --git
a/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
b/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
index 301cdf74b3..b500fce265 100644
--- a/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
@@ -1768,15 +1768,15 @@ trait WebActionsApiBaseTests extends
ControllerTestCommon with BeforeAndAfterEac
}
}
- protected[core] override def grant(subject: Subject, right: Privilege,
resource: Resource)(
+ protected[core] override def grant(user: Identity, right: Privilege,
resource: Resource)(
implicit transid: TransactionId) = ???
/** Revokes subject right to resource by removing them from the
entitlement matrix. */
- protected[core] override def revoke(subject: Subject, right: Privilege,
resource: Resource)(
+ protected[core] override def revoke(user: Identity, right: Privilege,
resource: Resource)(
implicit transid: TransactionId) = ???
/** Checks if subject has explicit grant for a resource. */
- protected override def entitled(subject: Subject, right: Privilege,
resource: Resource)(
+ protected override def entitled(user: Identity, right: Privilege,
resource: Resource)(
implicit transid: TransactionId) = ???
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
