Authorization 4.3 - Integration tests
Namespaces
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
Create | ADMIN | BasicAuthorizationTestBase.testNamespcePrivileges |
Update |
|
|
Delete | ADMIN on the namespace, and all entities in the namespace | BasicAuthorizationTestBase.testNamespcePrivileges |
View/List | Any privilege on the namespace or any of its descendants. | BasicAuthorizationTestBase.testCreatedDeletedPrivileges This needs to have a more comprehensive test to cover the list of as many entities as possible. |
Get Namespace Meta | Any privilege on the namespace or any of its descendants. | This can be easily added to test and this is covered in unit test. |
Artifacts
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
Add | ADMIN | Integration tests only tests deploy app with artifact |
Add a property | ADMIN |
|
Remove a property | ADMIN |
|
Use to deploy an app | ADMIN | READ | AppAuthorizationTestBase.testDeployApp |
Delete | ADMIN |
|
View/List | Any privilege on the artifact |
|
Get artifact info/summary/detail | ADMIN | READ |
|
|
| We have tests in unit test but not in integration tests |
Applications
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
Add | ADMIN *Also see artifact privileges and principal privileges | AppAuthorizationTestBase.testDeployApp |
Delete | ADMIN | AppAuthorizationTestBase.testDeployApp |
View/List | Any privilege on the application or any of its descendants. | can easily add |
Get application detail | ADMIN | READ | can easily add |
|
|
|
Programs
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
Start, Stop, or Debug | EXECUTE | AppAuthorizationTestBase.testDatasetInProgram |
Set instances | ADMIN |
|
Set runtime arguments | ADMIN |
|
Retrieve runtime arguments | READ | EXECUTE | ADMIN |
|
Retrieve status |
| AppAuthorizationTestBase.testDatasetInProgram |
View/List |
| easily add |
Get program specification | ADMIN | READ |
|
Datasets
Operation | Privileges Required (Proposed) | Integration Test Name |
|---|---|---|
Create | ADMIN | BasicAuthorizationTestBase.testDatasetPrivileges |
Read | READ | AppAuthorizationTestBase.testDatasetInProgram |
Retrieving properties | Any of READ, WRITE, ADMIN, or EXECUTE | easily add |
Write | WRITE | AppAuthorizationTestBase.testDatasetInProgram |
Update | ADMIN | BasicAuthorizationTestBase.testDatasetPrivileges |
Upgrade | ADMIN |
|
Truncate | ADMIN | BasicAuthorizationTestBase.testDatasetPrivileges |
Drop | ADMIN | BasicAuthorizationTestBase.testDatasetPrivileges |
View/List |
| BasicAuthorizationTestBase.testDatasetPrivileges |
Get dataset meta | ADMIN | READ | WRITE | BasicAuthorizationTestBase.testDatasetPrivileges |
Dataset Modules
Operation | Privileges Required (Proposed) | Integration Test Name |
|---|---|---|
Deploy | ADMIN |
|
Delete | ADMIN |
|
Delete-all in the namespace | ADMIN on all dataset modules in the namespace |
|
View/List |
|
|
Get module meta | ADMIN | READ |
|
|
| Unit test covers add module during app deployment |
Dataset Types
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
View/List |
| easy to add |
Get dataset type meta | ADMIN | READ | BasicAuthorizationTestBase.testDatasetPrivileges |
Secure Keys
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
Create | ADMIN |
|
Delete | ADMIN |
|
View/List |
|
|
Read | READ (on the key) |
|
|
| We dont have test for any of them |
Streams
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
Create | ADMIN | BasicAuthorizationTestBase.testStreamPrivileges |
Retrieving events | READ | BasicAuthorizationTestBase.testStreamPrivileges |
Sending events to a stream (sync, async, or batch) | WRITE | BasicAuthorizationTestBase.testStreamPrivileges |
Drop | ADMIN | BasicAuthorizationTestBase.testStreamPrivileges |
Drop-all in the namespace | ADMIN on all the streams in the namespace |
|
Update | ADMIN |
|
Truncate | ADMIN |
|
View/List |
| Easy to add |
Get stream property | ADMIN | READ | Easy to add |
Principal
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
Deploy an app to impersonate a principal | ADMIN | AppImpersonationAuthorizationTest(in pr) |
Create a namespace with owner prinicpal | ADMIN | NamespaceImpersonationBasicAuthorizationTest |
Create a dataset with owner prinicpal | ADMIN | AppImpersonationAuthorizationTest(in pr) |
Create a stream with owner prinicpal | ADMIN |
|
More in integration tests:
Test creating namespaces with two different clients and try to delete them to test the explore user name issue(in pr)
test namespace creation with different owners and make sure the owner is correct(in pr)
all basic tests with ns/app impersonation, custom mapping
role based auth test(in pr)
More to do list:
test create dataset with an unauthorized dataset type
test CDAP-8568 with minimal privilege required