...
Streams
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| Create | ADMIN | BasicAuthorizationTestBase.testStreamPrivileges |
| Retrieving events | READ | BasicAuthorizationTestBase.testStreamPrivileges |
| Sending events to a stream (sync, async, or batch) | WRITE | BasicAuthorizationTestBase.testStreamPrivileges |
| Drop | ADMIN | BasicAuthorizationTestBase.testStreamPrivileges |
| Drop-all in the namespace | ADMIN on all the streams in the namespace | |
| Update | ADMIN | |
| Truncate | ADMIN | |
| View/List | Easy to add | |
| Get stream property | ADMIN | READ | Easy to add |
Principal
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| Deploy an app to impersonate a principal | ADMIN | AppImpersonationAuthorizationTest(in pr) |
| Create a namespace with owner prinicpal | ADMIN | NamespaceImpersonationBasicAuthorizationTest |
| Create a dataset with owner prinicpal | ADMIN | AppImpersonationAuthorizationTest(in pr) |
| Create a stream with owner prinicpal | ADMIN |
More in integration tests:
- Test creating namespaces with two different clients and try to delete them to test the explore user name issue(in pr)
- test namespace creation with different owners and make sure the owner is correct(in pr)
- all basic tests with ns/app impersonation, custom mapping
- role based auth test(in pr)
More to do list:
- test create dataset with an unauthorized dataset type
- test CDAP-8568 with minimal privilege required