You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by ma...@apache.org on 2018/07/23 16:47:57 UTC
[incubator-openwhisk] branch master updated: Unify Entitlement SPI
signatures. (#3895)
This is an automated email from the ASF dual-hosted git repository.
markusthoemmes pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new 2db1b67 Unify Entitlement SPI signatures. (#3895)
2db1b67 is described below
commit 2db1b67ef6cc16b1f19336ed23992fae32a7d9d5
Author: Martin Henke <ma...@web.de>
AuthorDate: Mon Jul 23 18:47:54 2018 +0200
Unify Entitlement SPI signatures. (#3895)
---
.../src/main/scala/whisk/core/entitlement/Entitlement.scala | 8 ++++----
.../main/scala/whisk/core/entitlement/LocalEntitlement.scala | 11 +++++++----
.../whisk/core/controller/test/EntitlementProviderTests.scala | 8 ++++----
.../whisk/core/controller/test/PackageActionsApiTests.scala | 4 ++--
.../scala/whisk/core/controller/test/WebActionsApiTests.scala | 6 +++---
5 files changed, 20 insertions(+), 17 deletions(-)
diff --git a/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala b/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
index f65ebda..078530a 100644
--- a/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
+++ b/core/controller/src/main/scala/whisk/core/entitlement/Entitlement.scala
@@ -162,7 +162,7 @@ protected[core] abstract class EntitlementProvider(
* @param resource the resource to grant the subject access to
* @return a promise that completes with true iff the subject is granted the right to access the requested resource
*/
- protected[core] def grant(subject: Subject, right: Privilege, resource: Resource)(
+ protected[core] def grant(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId): Future[Boolean]
/**
@@ -173,7 +173,7 @@ protected[core] abstract class EntitlementProvider(
* @param resource the resource to revoke the subject access to
* @return a promise that completes with true iff the subject is revoked the right to access the requested resource
*/
- protected[core] def revoke(subject: Subject, right: Privilege, resource: Resource)(
+ protected[core] def revoke(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId): Future[Boolean]
/**
@@ -184,7 +184,7 @@ protected[core] abstract class EntitlementProvider(
* @param resource the resource the subject requests access to
* @return a promise that completes with true iff the subject is permitted to access the request resource
*/
- protected def entitled(subject: Subject, right: Privilege, resource: Resource)(
+ protected def entitled(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId): Future[Boolean]
/**
@@ -305,7 +305,7 @@ protected[core] abstract class EntitlementProvider(
case true => Future.successful(resource -> true)
case false =>
logging.debug(this, "checking explicit grants")
- entitled(user.subject, right, resource).flatMap(b => Future.successful(resource -> b))
+ entitled(user, right, resource).flatMap(b => Future.successful(resource -> b))
}
}
}
diff --git a/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala b/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
index d344427..179437f 100644
--- a/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
+++ b/core/controller/src/main/scala/whisk/core/entitlement/LocalEntitlement.scala
@@ -23,7 +23,7 @@ import akka.actor.ActorSystem
import whisk.common.Logging
import whisk.common.TransactionId
import whisk.core.WhiskConfig
-import whisk.core.entity.{ControllerInstanceId, Subject}
+import whisk.core.entity.{ControllerInstanceId, Identity, Subject}
import whisk.core.loadBalancer.LoadBalancer
protected[core] class LocalEntitlementProvider(
@@ -37,8 +37,9 @@ protected[core] class LocalEntitlementProvider(
private val matrix = LocalEntitlementProvider.matrix
/** Grants subject right to resource by adding them to the entitlement matrix. */
- protected[core] override def grant(subject: Subject, right: Privilege, resource: Resource)(
+ protected[core] override def grant(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId) = Future {
+ val subject = user.subject
synchronized {
val key = (subject, resource.id)
matrix.put(key, matrix.get(key) map { _ + right } getOrElse Set(right))
@@ -48,8 +49,9 @@ protected[core] class LocalEntitlementProvider(
}
/** Revokes subject right to resource by removing them from the entitlement matrix. */
- protected[core] override def revoke(subject: Subject, right: Privilege, resource: Resource)(
+ protected[core] override def revoke(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId) = Future {
+ val subject = user.subject
synchronized {
val key = (subject, resource.id)
val newrights = matrix.get(key) map { _ - right } map { matrix.put(key, _) }
@@ -59,8 +61,9 @@ protected[core] class LocalEntitlementProvider(
}
/** Checks if subject has explicit grant for a resource. */
- protected override def entitled(subject: Subject, right: Privilege, resource: Resource)(
+ protected override def entitled(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId) = Future.successful {
+ val subject = user.subject
lazy val one = matrix.get((subject, resource.id)) map { _ contains right } getOrElse false
lazy val any = matrix.get((subject, resource.parent)) map { _ contains right } getOrElse false
one || any
diff --git a/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala b/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
index 5a77b14..cd163df 100644
--- a/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/EntitlementProviderTests.scala
@@ -229,10 +229,10 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
val one = Resource(someUser.namespace.name.toPath, ACTIONS, Some("xyz"))
Await.ready(entitlementProvider.check(adminUser, READ, all), requestTimeout).eitherValue.get should not be Right({})
Await.ready(entitlementProvider.check(adminUser, READ, one), requestTimeout).eitherValue.get should not be Right({})
- Await.result(entitlementProvider.grant(adminUser.subject, READ, all), requestTimeout) // granted
+ Await.result(entitlementProvider.grant(adminUser, READ, all), requestTimeout) // granted
Await.ready(entitlementProvider.check(adminUser, READ, all), requestTimeout).eitherValue.get shouldBe Right({})
Await.ready(entitlementProvider.check(adminUser, READ, one), requestTimeout).eitherValue.get shouldBe Right({})
- Await.result(entitlementProvider.revoke(adminUser.subject, READ, all), requestTimeout) // revoked
+ Await.result(entitlementProvider.revoke(adminUser, READ, all), requestTimeout) // revoked
}
it should "grant access to specific resource to a user" in {
@@ -245,14 +245,14 @@ class EntitlementProviderTests extends ControllerTestCommon with ScalaFutures {
.ready(entitlementProvider.check(adminUser, DELETE, one), requestTimeout)
.eitherValue
.get should not be Right({})
- Await.result(entitlementProvider.grant(adminUser.subject, READ, one), requestTimeout) // granted
+ Await.result(entitlementProvider.grant(adminUser, READ, one), requestTimeout) // granted
Await.ready(entitlementProvider.check(adminUser, READ, all), requestTimeout).eitherValue.get should not be Right({})
Await.ready(entitlementProvider.check(adminUser, READ, one), requestTimeout).eitherValue.get shouldBe Right({})
Await
.ready(entitlementProvider.check(adminUser, DELETE, one), requestTimeout)
.eitherValue
.get should not be Right({})
- Await.result(entitlementProvider.revoke(adminUser.subject, READ, one), requestTimeout) // revoked
+ Await.result(entitlementProvider.revoke(adminUser, READ, one), requestTimeout) // revoked
}
behavior of "Package Collection"
diff --git a/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala b/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
index e8082af..18ff0a8 100644
--- a/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/PackageActionsApiTests.scala
@@ -348,7 +348,7 @@ class PackageActionsApiTests extends ControllerTestCommon with WhiskActionsApi {
put(entityStore, binding)
put(entityStore, action)
val pkgaccess = Resource(provider.namespace, PACKAGES, Some(provider.name.asString))
- Await.result(entitlementProvider.grant(auser.subject, READ, pkgaccess), 1 second)
+ Await.result(entitlementProvider.grant(auser, READ, pkgaccess), 1 second)
Get(s"$collectionPath/${binding.name}/${action.name}") ~> Route.seal(routes(auser)) ~> check {
status should be(OK)
val response = responseAs[WhiskAction]
@@ -492,7 +492,7 @@ class PackageActionsApiTests extends ControllerTestCommon with WhiskActionsApi {
put(entityStore, reference)
put(entityStore, action)
val pkgaccess = Resource(provider.namespace, PACKAGES, Some(provider.name.asString))
- Await.result(entitlementProvider.grant(auser.subject, ACTIVATE, pkgaccess), 1 second)
+ Await.result(entitlementProvider.grant(auser, ACTIVATE, pkgaccess), 1 second)
Post(s"$collectionPath/${reference.name}/${action.name}", content) ~> Route.seal(routes(auser)) ~> check {
status should be(Accepted)
val response = responseAs[JsObject]
diff --git a/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala b/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
index 301cdf7..b500fce 100644
--- a/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
+++ b/tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
@@ -1768,15 +1768,15 @@ trait WebActionsApiBaseTests extends ControllerTestCommon with BeforeAndAfterEac
}
}
- protected[core] override def grant(subject: Subject, right: Privilege, resource: Resource)(
+ protected[core] override def grant(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId) = ???
/** Revokes subject right to resource by removing them from the entitlement matrix. */
- protected[core] override def revoke(subject: Subject, right: Privilege, resource: Resource)(
+ protected[core] override def revoke(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId) = ???
/** Checks if subject has explicit grant for a resource. */
- protected override def entitled(subject: Subject, right: Privilege, resource: Resource)(
+ protected override def entitled(user: Identity, right: Privilege, resource: Resource)(
implicit transid: TransactionId) = ???
}