You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by ma...@apache.org on 2018/07/23 16:47:57 UTC

[incubator-openwhisk] branch master updated: Unify Entitlement SPI signatures. (#3895)

This is an automated email from the ASF dual-hosted git repository.

markusthoemmes pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git


The following commit(s) were added to refs/heads/master by this push:
     new 2db1b67  Unify Entitlement SPI signatures. (#3895)
2db1b67 is described below

commit 2db1b67ef6cc16b1f19336ed23992fae32a7d9d5
Author: Martin Henke <ma...@web.de>
AuthorDate: Mon Jul 23 18:47:54 2018 +0200

    Unify Entitlement SPI signatures. (#3895)
---
 .../src/main/scala/whisk/core/entitlement/Entitlement.scala   |  8 ++++----
 .../main/scala/whisk/core/entitlement/LocalEntitlement.scala  | 11 +++++++----
 .../whisk/core/controller/test/EntitlementProviderTests.scala |  8 ++++----
 .../whisk/core/controller/test/PackageActionsApiTests.scala   |  4 ++--
 .../scala/whisk/core/controller/test/WebActionsApiTests.scala |  6 +++---
 5 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala b/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
index f65ebda..078530a 100644
--- a/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
+++ b/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
@@ -162,7 +162,7 @@ protected[core] abstract class EntitlementProvider(
    * @param resource the resource to grant the subject access to
    * @return a promise that completes with true iff the subject is granted the right to access the requested resource
    */
-  protected[core] def grant(subject: Subject, right: Privilege, resource: Resource)(
+  protected[core] def grant(user: Identity, right: Privilege, resource: Resource)(
     implicit transid: TransactionId): Future[Boolean]
 
   /**
@@ -173,7 +173,7 @@ protected[core] abstract class EntitlementProvider(
    * @param resource the resource to revoke the subject access to
    * @return a promise that completes with true iff the subject is revoked the right to access the requested resource
    */
-  protected[core] def revoke(subject: Subject, right: Privilege, resource: Resource)(
+  protected[core] def revoke(user: Identity, right: Privilege, resource: Resource)(
     implicit transid: TransactionId): Future[Boolean]
 
   /**
@@ -184,7 +184,7 @@ protected[core] abstract class EntitlementProvider(
    * @param resource the resource the subject requests access to
    * @return a promise that completes with true iff the subject is permitted to access the request resource
    */
-  protected def entitled(subject: Subject, right: Privilege, resource: Resource)(
+  protected def entitled(user: Identity, right: Privilege, resource: Resource)(
     implicit transid: TransactionId): Future[Boolean]
 
   /**
@@ -305,7 +305,7 @@ protected[core] abstract class EntitlementProvider(
           case true => Future.successful(resource -> true)
           case false =>
             logging.debug(this, "checking explicit grants")
-            entitled(user.subject, right, resource).flatMap(b => Future.successful(resource -> b))
+            entitled(user, right, resource).flatMap(b => Future.successful(resource -> b))
         }
       }
     }
diff --git a/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala b/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
index d344427..179437f 100644
--- a/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
+++ b/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
@@ -23,7 +23,7 @@ import akka.actor.ActorSystem
 import whisk.common.Logging
 import whisk.common.TransactionId
 import whisk.core.WhiskConfig
-import whisk.core.entity.{ControllerInstanceId, Subject}
+import whisk.core.entity.{ControllerInstanceId, Identity, Subject}
 import whisk.core.loadBalancer.LoadBalancer
 
 protected[core] class LocalEntitlementProvider(
@@ -37,8 +37,9 @@ protected[core] class LocalEntitlementProvider(
   private val matrix = LocalEntitlementProvider.matrix
 
   /** Grants subject right to resource by adding them to the entitlement matrix. */
-  protected[core] override def grant(subject: Subject, right: Privilege, resource: Resource)(
+  protected[core] override def grant(user: Identity, right: Privilege, resource: Resource)(
     implicit transid: TransactionId) = Future {
+    val subject = user.subject
     synchronized {
       val key = (subject, resource.id)
       matrix.put(key, matrix.get(key) map { _ + right } getOrElse Set(right))
@@ -48,8 +49,9 @@ protected[core] class LocalEntitlementProvider(
   }
 
   /** Revokes subject right to resource by removing them from the entitlement matrix. */
-  protected[core] override def revoke(subject: Subject, right: Privilege, resource: Resource)(
+  protected[core] override def revoke(user: Identity, right: Privilege, resource: Resource)(
     implicit transid: TransactionId) = Future {
+    val subject = user.subject
     synchronized {
       val key = (subject, resource.id)
       val newrights = matrix.get(key) map { _ - right } map { matrix.put(key, _) }
@@ -59,8 +61,9 @@ protected[core] class LocalEntitlementProvider(
   }
 
   /** Checks if subject has explicit grant for a resource. */
-  protected override def entitled(subject: Subject, right: Privilege, resource: Resource)(
+  protected override def entitled(user: Identity, right: Privilege, resource: Resource)(
     implicit transid: TransactionId) = Future.successful {
+    val subject = user.subject
     lazy val one = matrix.get((subject, resource.id)) map { _ contains right } getOrElse false
     lazy val any = matrix.get((subject, resource.parent)) map { _ contains right } getOrElse false
     one || any
diff --git a/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala b/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
index 5a77b14..cd163df 100644
--- a/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
@@ -229,10 +229,10 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
     val one = Resource(someUser.namespace.name.toPath, ACTIONS, Some("xyz"))
     Await.ready(entitlementProvider.check(adminUser, READ, all), requestTimeout).eitherValue.get should not be Right({})
     Await.ready(entitlementProvider.check(adminUser, READ, one), requestTimeout).eitherValue.get should not be Right({})
-    Await.result(entitlementProvider.grant(adminUser.subject, READ, all), requestTimeout) // granted
+    Await.result(entitlementProvider.grant(adminUser, READ, all), requestTimeout) // granted
     Await.ready(entitlementProvider.check(adminUser, READ, all), requestTimeout).eitherValue.get shouldBe Right({})
     Await.ready(entitlementProvider.check(adminUser, READ, one), requestTimeout).eitherValue.get shouldBe Right({})
-    Await.result(entitlementProvider.revoke(adminUser.subject, READ, all), requestTimeout) // revoked
+    Await.result(entitlementProvider.revoke(adminUser, READ, all), requestTimeout) // revoked
   }
 
   it should "grant access to specific resource to a user" in {
@@ -245,14 +245,14 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
       .ready(entitlementProvider.check(adminUser, DELETE, one), requestTimeout)
       .eitherValue
       .get should not be Right({})
-    Await.result(entitlementProvider.grant(adminUser.subject, READ, one), requestTimeout) // granted
+    Await.result(entitlementProvider.grant(adminUser, READ, one), requestTimeout) // granted
     Await.ready(entitlementProvider.check(adminUser, READ, all), requestTimeout).eitherValue.get should not be Right({})
     Await.ready(entitlementProvider.check(adminUser, READ, one), requestTimeout).eitherValue.get shouldBe Right({})
     Await
       .ready(entitlementProvider.check(adminUser, DELETE, one), requestTimeout)
       .eitherValue
       .get should not be Right({})
-    Await.result(entitlementProvider.revoke(adminUser.subject, READ, one), requestTimeout) // revoked
+    Await.result(entitlementProvider.revoke(adminUser, READ, one), requestTimeout) // revoked
   }
 
   behavior of "Package Collection"
diff --git a/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala b/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
index e8082af..18ff0a8 100644
--- a/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
@@ -348,7 +348,7 @@ class PackageActionsApiTests extends ControllerTestCommon with WhiskActionsApi {
     put(entityStore, binding)
     put(entityStore, action)
     val pkgaccess = Resource(provider.namespace, PACKAGES, Some(provider.name.asString))
-    Await.result(entitlementProvider.grant(auser.subject, READ, pkgaccess), 1 second)
+    Await.result(entitlementProvider.grant(auser, READ, pkgaccess), 1 second)
     Get(s"$collectionPath/${binding.name}/${action.name}") ~> Route.seal(routes(auser)) ~> check {
       status should be(OK)
       val response = responseAs[WhiskAction]
@@ -492,7 +492,7 @@ class PackageActionsApiTests extends ControllerTestCommon with WhiskActionsApi {
     put(entityStore, reference)
     put(entityStore, action)
     val pkgaccess = Resource(provider.namespace, PACKAGES, Some(provider.name.asString))
-    Await.result(entitlementProvider.grant(auser.subject, ACTIVATE, pkgaccess), 1 second)
+    Await.result(entitlementProvider.grant(auser, ACTIVATE, pkgaccess), 1 second)
     Post(s"$collectionPath/${reference.name}/${action.name}", content) ~> Route.seal(routes(auser)) ~> check {
       status should be(Accepted)
       val response = responseAs[JsObject]
diff --git a/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala b/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
index 301cdf7..b500fce 100644
--- a/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
@@ -1768,15 +1768,15 @@ trait WebActionsApiBaseTests extends ControllerTestCommon with BeforeAndAfterEac
       }
     }
 
-    protected[core] override def grant(subject: Subject, right: Privilege, resource: Resource)(
+    protected[core] override def grant(user: Identity, right: Privilege, resource: Resource)(
       implicit transid: TransactionId) = ???
 
     /** Revokes subject right to resource by removing them from the entitlement matrix. */
-    protected[core] override def revoke(subject: Subject, right: Privilege, resource: Resource)(
+    protected[core] override def revoke(user: Identity, right: Privilege, resource: Resource)(
       implicit transid: TransactionId) = ???
 
     /** Checks if subject has explicit grant for a resource. */
-    protected override def entitled(subject: Subject, right: Privilege, resource: Resource)(
+    protected override def entitled(user: Identity, right: Privilege, resource: Resource)(
       implicit transid: TransactionId) = ???
   }