Package com.linkedin.venice.controller

Class MockVeniceAuthorizer

java.lang.Object

com.linkedin.venice.controller.MockVeniceAuthorizer

All Implemented Interfaces:

AuthorizerService

public class MockVeniceAuthorizer
extends Object
implements AuthorizerService

A mock AuthorizerService implementation to help in unit test.

Field Summary

Fields

Modifier and Type	Field	Description
int	clearAclCounter
int	setAclsCounter

Constructor Summary

Constructors

Constructor	Description
MockVeniceAuthorizer()

Method Summary

Modifier and Type	Method	Description
void	addAce(Resource resource, AceEntry aceEntry)	This will add a single AceEntry to the existing AceEntries for a resource.
boolean	canAccess(Method method, Resource resource, Principal principal)	Check if the principal has the permission to perform the method on the resource.
boolean	canAccess(Method method, Resource resource, X509Certificate accessorCert)	Check if the principal has the permission to perform the method on the resource.
void	clearAcls(Resource resource)	This will clear the existing AceEntries for a resource.
AclBinding	describeAcls(Resource resource)	Return a list of existing AceEntries present for the given resource.
void	removeAce(Resource resource, AceEntry aceEntry)	This will remove a single AceEntry from the existing AceEntries for a resource.
void	setAcls(AclBinding aclBinding)	This will set the AceEntries in provided AclBinding object to be the current set of ACL's for the resource.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.linkedin.venice.authorization.AuthorizerService

clearResource, setupResource

Field Details

setAclsCounter

public int setAclsCounter

clearAclCounter

public int clearAclCounter

Constructor Details

MockVeniceAuthorizer

public MockVeniceAuthorizer()

Method Details

canAccess

public boolean canAccess(Method method,
 Resource resource,
 Principal principal)

Description copied from interface: AuthorizerService

Check if the principal has the permission to perform the method on the resource. Implementation should define how to handle duplicate/conflicting ACE entries present for the resource and also how to handle presence of no AceEntries for a resource.

Specified by:

canAccess in interface AuthorizerService

Parameters:

method - what method is being performed.

resource - what resource the method is being performed

principal - who is performing the method on the resource.

Returns:

true if principal has the permission to perform the method on the resource, otherwise return false.

canAccess

public boolean canAccess(Method method,
 Resource resource,
 X509Certificate accessorCert)

Description copied from interface: AuthorizerService

Check if the principal has the permission to perform the method on the resource. Implementation should define how to handle duplicate/conflicting ACE entries present for the resource and also how to handle presence of no AceEntries for a resource.

Specified by:

canAccess in interface AuthorizerService

Parameters:

method - what method is being performed.

resource - what resource the method is being performed

accessorCert - who is performing the method on the resource.

Returns:

true if principal has the permission to perform the method on the resource, otherwise return false.

describeAcls

public AclBinding describeAcls(Resource resource)

Description copied from interface: AuthorizerService

Return a list of existing AceEntries present for the given resource. Implementations should return an empty AclBinding object when no acl's are present for the resource.

Specified by:

describeAcls in interface AuthorizerService

Returns:

AclBinding object containg the list of existing aceEntries. The AceEntry list may be empty if there is no existing ACL's provisioned.

setAcls

public void setAcls(AclBinding aclBinding)

Description copied from interface: AuthorizerService

This will set the AceEntries in provided AclBinding object to be the current set of ACL's for the resource. This performs an overwrite operation. An empty AceEntries list will clear all acls and achieve a similar result like AuthorizerService.clearAcls(Resource).

Specified by:

setAcls in interface AuthorizerService

Parameters:

aclBinding - A fully contained object having a list of AceEntries associated with the resource.

clearAcls

public void clearAcls(Resource resource)

Description copied from interface: AuthorizerService

This will clear the existing AceEntries for a resource.

Specified by:

clearAcls in interface AuthorizerService

Parameters:

resource - the resource for which all ACl's will be cleared.

addAce

public void addAce(Resource resource,
 AceEntry aceEntry)

Description copied from interface: AuthorizerService

This will add a single AceEntry to the existing AceEntries for a resource. Implementation may or may not allow duplicate/conflicting entries. Implementation may throw any necessary error/exception.

Specified by:

addAce in interface AuthorizerService

Parameters:

resource - The resource for which an AceEntry is getting added.

aceEntry - The AceEntry to be removed.

removeAce

public void removeAce(Resource resource,
 AceEntry aceEntry)

Description copied from interface: AuthorizerService

This will remove a single AceEntry from the existing AceEntries for a resource. Implementation should define how to handle removal in case duplicate AceEntries are allowed. The equivalence check should do exact match of all fields of the AceEntry object. Implementation may throw any necessary error/exception.

Specified by:

removeAce in interface AuthorizerService

Parameters:

resource - The resource for which an AceEntry is getting removed.

aceEntry - The AceEntry to be removed.