/*
* Copyright © 2015-2016 Cask Data, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package co.cask.cdap.cli.command.security;
import co.cask.cdap.cli.ArgumentName;
import co.cask.cdap.cli.CLIConfig;
import co.cask.cdap.cli.util.AbstractAuthCommand;
import co.cask.cdap.client.AuthorizationClient;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Principal;
import co.cask.common.cli.Arguments;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import java.io.PrintStream;
import java.util.Set;
/**
* Revoke command base class
*/
public abstract class RevokeActionCommand extends AbstractAuthCommand {
private final AuthorizationClient client;
@Inject
RevokeActionCommand(AuthorizationClient client, CLIConfig cliConfig) {
super(cliConfig);
this.client = client;
}
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
EntityId entity = EntityId.fromString(arguments.get(ArgumentName.ENTITY.toString()));
String principalName = arguments.getOptional("principal-name", null);
String type = arguments.getOptional("principal-type", null);
Principal.PrincipalType principalType =
type != null ? Principal.PrincipalType.valueOf(type.toUpperCase()) : null;
Principal principal = type != null ? new Principal(principalName, principalType) : null;
String actionsString = arguments.getOptional("actions", null);
Set<Action> actions = actionsString == null ? null : ACTIONS_STRING_TO_SET.apply(actionsString);
client.revoke(entity, principal, actions);
if (principal == null && actions == null) {
// Revoked all actions for all principals on the entity
output.printf("Successfully revoked all actions on entity '%s' for all principals", entity.toString());
} else {
// currently, the CLI only supports 2 scenarios:
// 1. both actions and principal are null - supported in the if block.
// 2. both actions and principal are non-null - supported here. So it should be ok to have preconditions here to
// enforce that both are non-null. In fact, if only one of them is null, the CLI will fail to parse the command.
Preconditions.checkNotNull(actions, "Actions cannot be null when principal is not null in the revoke command");
Preconditions.checkNotNull(principal, "Principal cannot be null when actions is not null in the revoke command");
output.printf("Successfully revoked action(s) '%s' on entity '%s' for %s '%s'\n",
Joiner.on(",").join(actions), entity.toString(), principal.getType(), principal.getName());
}
}
}