Authorization 4.3 - Integration tests
- Yaojie Feng
- Chester Cheng
Owned by Yaojie Feng
Namespaces
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| Create | ADMIN | BasicAuthorizationTestBase.testNamespcePrivileges |
| Update | Â | Â |
| Delete | ADMIN on the namespace, and all entities in the namespace | BasicAuthorizationTestBase.testNamespcePrivileges |
| View/List | Any privilege on the namespace or any of its descendants. | BasicAuthorizationTestBase.testCreatedDeletedPrivileges This needs to have a more comprehensive test to cover the list of as many entities as possible. |
| Get Namespace Meta | Any privilege on the namespace or any of its descendants. | This can be easily added to test and this is covered in unit test. |
Artifacts
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| Add | ADMIN | Integration tests only tests deploy app with artifact |
| Add a property | ADMIN | Â |
| Remove a property | ADMIN | Â |
| Use to deploy an app | ADMIN | READ | AppAuthorizationTestBase.testDeployApp |
| Delete | ADMIN | Â |
| View/List | Any privilege on the artifact | Â |
| Get artifact info/summary/detail | ADMIN | READ | Â |
| Â | Â | We have tests in unit test but not in integration tests |
Â
Applications
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| Add | ADMIN *Also see artifact privileges and principal privileges | AppAuthorizationTestBase.testDeployApp |
| Delete | ADMIN | AppAuthorizationTestBase.testDeployApp |
| View/List | Any privilege on the application or any of its descendants. | can easily add |
| Get application detail | ADMIN | READ | can easily add |
| Â | Â | Â |
Â
Programs
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| Start, Stop, or Debug | EXECUTE | AppAuthorizationTestBase.testDatasetInProgram |
| Set instances | ADMIN | Â |
| Set runtime arguments | ADMIN | Â |
| Retrieve runtime arguments | READ |Â EXECUTEÂ | ADMIN | Â |
| Retrieve status | Â | AppAuthorizationTestBase.testDatasetInProgram |
| View/List | Â | easily add |
| Get program specification | ADMIN | READ | Â |
Â
Datasets
Operation | Privileges Required (Proposed) | Integration Test Name |
|---|---|---|
| Create | ADMIN | BasicAuthorizationTestBase.testDatasetPrivileges |
| Read | READ | AppAuthorizationTestBase.testDatasetInProgram |
| Retrieving properties | Any of READ, WRITE, ADMIN, or EXECUTE | easily add |
| Write | WRITE | AppAuthorizationTestBase.testDatasetInProgram |
| Update | ADMIN | BasicAuthorizationTestBase.testDatasetPrivileges |
| Upgrade | ADMIN | Â |
| Truncate | ADMIN | BasicAuthorizationTestBase.testDatasetPrivileges |
| Drop | ADMIN | BasicAuthorizationTestBase.testDatasetPrivileges |
| View/List | Â | BasicAuthorizationTestBase.testDatasetPrivileges |
| Get dataset meta | ADMIN | READ | WRITE | BasicAuthorizationTestBase.testDatasetPrivileges |
Â
Dataset Modules
Operation | Privileges Required (Proposed) | Integration Test Name |
|---|---|---|
| Deploy | ADMIN | Â |
| Delete | ADMIN | Â |
| Delete-all in the namespace | ADMINÂ on all dataset modules in the namespace | Â |
| View/List | Â | Â |
| Get module meta | ADMIN | READ | Â |
| Â | Â | Unit test covers add module during app deployment |
Â
Dataset Types
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| View/List | Â | easy to add |
| Get dataset type meta | ADMIN | READ | BasicAuthorizationTestBase.testDatasetPrivileges |
Â
Secure Keys
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| Create | ADMIN | Â |
| Delete | ADMIN | Â |
| View/List | Â | Â |
| Read | READ (on the key) | Â |
| Â | Â | We dont have test for any of them |
Â
Streams
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| Create | ADMIN | BasicAuthorizationTestBase.testStreamPrivileges |
| Retrieving events | READ | BasicAuthorizationTestBase.testStreamPrivileges |
| Sending events to a stream (sync, async, or batch) | WRITE | BasicAuthorizationTestBase.testStreamPrivileges |
| Drop | ADMIN | BasicAuthorizationTestBase.testStreamPrivileges |
| Drop-all in the namespace | ADMIN on all the streams in the namespace | Â |
| Update | ADMIN | Â |
| Truncate | ADMIN | Â |
| View/List | Â | Easy to add |
| Get stream property | ADMIN | READ | Easy to add |
Â
Principal
Operation | Privileges Required (Proposed) | Integration test name |
|---|---|---|
| Deploy an app to impersonate a principal | ADMIN | AppImpersonationAuthorizationTest(in pr) |
| Create a namespace with owner prinicpal | ADMIN | NamespaceImpersonationBasicAuthorizationTest |
| Create a dataset with owner prinicpal | ADMIN | AppImpersonationAuthorizationTest(in pr) |
| Create a stream with owner prinicpal | ADMIN | Â |
Â
More in integration tests:
- Test creating namespaces with two different clients and try to delete them to test the explore user name issue(in pr)
- test namespace creation with different owners and make sure the owner is correct(in pr)
- all basic tests with ns/app impersonation, custom mappingÂ
- role based auth test(in pr)
Â
More to do list:
- test create dataset with an unauthorized dataset type
- test CDAP-8568 with minimal privilege required
Â
Â
Â