From 315e0153a6705de0dbb460ac08fce9558cfa54b6 Mon Sep 17 00:00:00 2001
From: Suvodeep Pyne <pyne.suvodeep@gmail.com>
Date: Tue, 7 Nov 2023 17:25:01 -0800
Subject: [PATCH] [auth] Renaming AccessControl to ThirdEyeAuthorizer

---
 .../ai/startree/thirdeye/PluginLoader.java    |  6 +--
 .../thirdeye/ThirdEyeServerModule.java        | 12 +++---
 .../thirdeye/auth/AuthorizationManager.java   | 12 +++---
 ...r.java => ThirdEyeAuthorizerProvider.java} | 26 ++++++-------
 .../thirdeye/resources/AlertResourceTest.java | 37 ++++++++++++-------
 .../thirdeye/resources/CrudResourceTest.java  | 27 +++++++-------
 .../resources/DataSourceResourceTest.java     |  4 +-
 .../spi/auth/AccessControlFactory.java        |  3 +-
 .../thirdeye/spi/auth/AuthenticationType.java | 13 +++++++
 .../thirdeye/spi/auth/IThirdEyePrincipal.java | 13 +++++++
 ...ssControl.java => ThirdEyeAuthorizer.java} |  4 +-
 11 files changed, 97 insertions(+), 60 deletions(-)
 rename thirdeye-server/src/main/java/ai/startree/thirdeye/auth/{AccessControlProvider.java => ThirdEyeAuthorizerProvider.java} (73%)
 rename thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/{AccessControl.java => ThirdEyeAuthorizer.java} (92%)

diff --git a/thirdeye-server/src/main/java/ai/startree/thirdeye/PluginLoader.java b/thirdeye-server/src/main/java/ai/startree/thirdeye/PluginLoader.java
index ec5e0136f2..d6d5f94cd3 100644
--- a/thirdeye-server/src/main/java/ai/startree/thirdeye/PluginLoader.java
+++ b/thirdeye-server/src/main/java/ai/startree/thirdeye/PluginLoader.java
@@ -16,8 +16,8 @@
 import static ai.startree.thirdeye.spi.util.SpiUtils.optional;
 import static java.util.Objects.requireNonNull;
 
-import ai.startree.thirdeye.auth.AccessControlProvider;
 import ai.startree.thirdeye.auth.AuthRegistry;
+import ai.startree.thirdeye.auth.ThirdEyeAuthorizerProvider;
 import ai.startree.thirdeye.core.BootstrapResourcesRegistry;
 import ai.startree.thirdeye.datasource.DataSourcesLoader;
 import ai.startree.thirdeye.detectionpipeline.DetectionRegistry;
@@ -71,7 +71,7 @@ public class PluginLoader {
   private final ContributorsFinderRunner contributorsFinderRunner;
   private final BootstrapResourcesRegistry bootstrapResourcesRegistry;
   private final PostProcessorRegistry postProcessorRegistry;
-  private final AccessControlProvider accessControlProvider;
+  private final ThirdEyeAuthorizerProvider accessControlProvider;
 
   private final AtomicBoolean loading = new AtomicBoolean();
   private final File pluginsDir;
@@ -85,7 +85,7 @@ public PluginLoader(
       final ContributorsFinderRunner contributorsFinderRunner,
       final BootstrapResourcesRegistry bootstrapResourcesRegistry,
       final PostProcessorRegistry postProcessorRegistry,
-      final AccessControlProvider accessControlProvider,
+      final ThirdEyeAuthorizerProvider accessControlProvider,
       final PluginLoaderConfiguration config) {
     this.authRegistry = authRegistry;
     this.dataSourcesLoader = dataSourcesLoader;
diff --git a/thirdeye-server/src/main/java/ai/startree/thirdeye/ThirdEyeServerModule.java b/thirdeye-server/src/main/java/ai/startree/thirdeye/ThirdEyeServerModule.java
index 69d22b2dda..d7cf0c1bb5 100644
--- a/thirdeye-server/src/main/java/ai/startree/thirdeye/ThirdEyeServerModule.java
+++ b/thirdeye-server/src/main/java/ai/startree/thirdeye/ThirdEyeServerModule.java
@@ -13,15 +13,15 @@
  */
 package ai.startree.thirdeye;
 
-import ai.startree.thirdeye.auth.AccessControlProvider;
 import ai.startree.thirdeye.auth.AuthConfiguration;
 import ai.startree.thirdeye.auth.ThirdEyeAuthModule;
+import ai.startree.thirdeye.auth.ThirdEyeAuthorizerProvider;
 import ai.startree.thirdeye.config.ThirdEyeServerConfiguration;
 import ai.startree.thirdeye.detectionpipeline.ThirdEyeDetectionPipelineModule;
 import ai.startree.thirdeye.notification.ThirdEyeNotificationModule;
 import ai.startree.thirdeye.scheduler.ThirdEyeSchedulerModule;
 import ai.startree.thirdeye.scheduler.events.MockEventsConfiguration;
-import ai.startree.thirdeye.spi.auth.AccessControl;
+import ai.startree.thirdeye.spi.auth.ThirdEyeAuthorizer;
 import ai.startree.thirdeye.worker.ThirdEyeWorkerModule;
 import com.codahale.metrics.MetricRegistry;
 import com.google.inject.AbstractModule;
@@ -34,7 +34,7 @@ public class ThirdEyeServerModule extends AbstractModule {
   private final ThirdEyeServerConfiguration configuration;
   private final DataSource dataSource;
   private final MetricRegistry metricRegistry;
-  private final AccessControlProvider accessControlProvider;
+  private final ThirdEyeAuthorizerProvider accessControlProvider;
 
   public ThirdEyeServerModule(
       final ThirdEyeServerConfiguration configuration,
@@ -44,7 +44,7 @@ public ThirdEyeServerModule(
     this.dataSource = dataSource;
     this.metricRegistry = metricRegistry;
 
-    this.accessControlProvider = new AccessControlProvider(
+    this.accessControlProvider = new ThirdEyeAuthorizerProvider(
         configuration.getAccessControlConfiguration());
   }
 
@@ -76,13 +76,13 @@ public MockEventsConfiguration getMockEventsLoaderConfiguration() {
 
   @Singleton
   @Provides
-  public AccessControlProvider getAccessControlProvider() {
+  public ThirdEyeAuthorizerProvider getAccessControlProvider() {
     return this.accessControlProvider;
   }
 
   @Singleton
   @Provides
-  public AccessControl getAccessControl() {
+  public ThirdEyeAuthorizer getAccessControl() {
     return this.accessControlProvider;
   }
 }
diff --git a/thirdeye-server/src/main/java/ai/startree/thirdeye/auth/AuthorizationManager.java b/thirdeye-server/src/main/java/ai/startree/thirdeye/auth/AuthorizationManager.java
index c343dab2db..e3229cc81c 100644
--- a/thirdeye-server/src/main/java/ai/startree/thirdeye/auth/AuthorizationManager.java
+++ b/thirdeye-server/src/main/java/ai/startree/thirdeye/auth/AuthorizationManager.java
@@ -19,10 +19,10 @@
 
 import ai.startree.thirdeye.alert.AlertTemplateRenderer;
 import ai.startree.thirdeye.datalayer.dao.SubEntities;
-import ai.startree.thirdeye.spi.auth.AccessControl;
 import ai.startree.thirdeye.spi.auth.AccessType;
 import ai.startree.thirdeye.spi.auth.AuthenticationType;
 import ai.startree.thirdeye.spi.auth.ResourceIdentifier;
+import ai.startree.thirdeye.spi.auth.ThirdEyeAuthorizer;
 import ai.startree.thirdeye.spi.datalayer.dto.AbstractDTO;
 import ai.startree.thirdeye.spi.datalayer.dto.AlertDTO;
 import ai.startree.thirdeye.spi.datalayer.dto.AlertTemplateDTO;
@@ -47,16 +47,16 @@ public class AuthorizationManager {
       "thirdeye-internal", RandomStringUtils.random(1024, true, true), AuthenticationType.INTERNAL);
 
   private final AlertTemplateRenderer alertTemplateRenderer;
-  private final AccessControl accessControl;
+  private final ThirdEyeAuthorizer thirdEyeAuthorizer;
   private final NamespaceResolver namespaceResolver;
 
   @Inject
   public AuthorizationManager(
       final AlertTemplateRenderer alertTemplateRenderer,
-      final AccessControl accessControl,
+      final ThirdEyeAuthorizer thirdEyeAuthorizer,
       final NamespaceResolver namespaceResolver) {
     this.alertTemplateRenderer = alertTemplateRenderer;
-    this.accessControl = accessControl;
+    this.thirdEyeAuthorizer = thirdEyeAuthorizer;
     this.namespaceResolver = namespaceResolver;
   }
 
@@ -117,7 +117,7 @@ public boolean hasAccess(final ThirdEyePrincipal principal,
     } else if (principal.getAuthenticationType() == AuthenticationType.BASIC_AUTH) {
       return true;
     } else {
-      return accessControl.hasAccess(principal.getAuthToken(), identifier, accessType);
+      return thirdEyeAuthorizer.authorize(principal.getAuthToken(), identifier, accessType);
     }
   }
 
@@ -132,7 +132,7 @@ public void ensureHasRootAccess(final ThirdEyePrincipal principal) {
 
   public boolean hasRootAccess(final ThirdEyePrincipal principal) {
     return INTERNAL_VALID_PRINCIPAL.equals(principal) ||
-        accessControl.hasAccess(principal.getAuthToken(), ROOT_RESOURCE_ID, AccessType.WRITE);
+        thirdEyeAuthorizer.authorize(principal.getAuthToken(), ROOT_RESOURCE_ID, AccessType.WRITE);
   }
 
   // Returns the resource identifier for a dto.
diff --git a/thirdeye-server/src/main/java/ai/startree/thirdeye/auth/AccessControlProvider.java b/thirdeye-server/src/main/java/ai/startree/thirdeye/auth/ThirdEyeAuthorizerProvider.java
similarity index 73%
rename from thirdeye-server/src/main/java/ai/startree/thirdeye/auth/AccessControlProvider.java
rename to thirdeye-server/src/main/java/ai/startree/thirdeye/auth/ThirdEyeAuthorizerProvider.java
index 5f33641c03..abac617ac7 100644
--- a/thirdeye-server/src/main/java/ai/startree/thirdeye/auth/AccessControlProvider.java
+++ b/thirdeye-server/src/main/java/ai/startree/thirdeye/auth/ThirdEyeAuthorizerProvider.java
@@ -15,33 +15,33 @@
 
 import static com.google.common.base.Preconditions.checkState;
 
-import ai.startree.thirdeye.spi.auth.AccessControl;
 import ai.startree.thirdeye.spi.auth.AccessControlFactory;
 import ai.startree.thirdeye.spi.auth.AccessType;
 import ai.startree.thirdeye.spi.auth.ResourceIdentifier;
+import ai.startree.thirdeye.spi.auth.ThirdEyeAuthorizer;
 
 /**
  * AccessControlProvider serves as a mutable layer between Guice bindings and the access control
  * implementation from plugins.
  */
-public class AccessControlProvider implements AccessControl {
+public class ThirdEyeAuthorizerProvider implements ThirdEyeAuthorizer {
 
-  public final static AccessControl ALWAYS_ALLOW = (
+  public final static ThirdEyeAuthorizer ALWAYS_ALLOW = (
       final String token,
       final ResourceIdentifier identifiers,
       final AccessType accessType
   ) -> true;
 
-  public final static AccessControl ALWAYS_DENY = (
+  public final static ThirdEyeAuthorizer ALWAYS_DENY = (
       final String token,
       final ResourceIdentifier identifiers,
       final AccessType accessType
   ) -> false;
 
   private final AccessControlConfiguration config;
-  private AccessControl accessControl = null;
+  private ThirdEyeAuthorizer thirdEyeAuthorizer = null;
 
-  public AccessControlProvider(final AccessControlConfiguration config) {
+  public ThirdEyeAuthorizerProvider(final AccessControlConfiguration config) {
     this.config = config;
   }
 
@@ -56,20 +56,20 @@ public void addAccessControlFactory(final AccessControlFactory f) {
       return;
     }
 
-    if (this.accessControl != null) {
+    if (this.thirdEyeAuthorizer != null) {
       throw new RuntimeException("Access control source can only be set once!");
     }
-    this.accessControl = accessControl;
+    this.thirdEyeAuthorizer = accessControl;
   }
 
-  public AccessControl getAccessControl() {
+  public ThirdEyeAuthorizer getAccessControl() {
     if (!config.isEnabled()) {
       return ALWAYS_ALLOW;
     }
 
-    checkState(this.accessControl != null,
+    checkState(this.thirdEyeAuthorizer != null,
         "Access control is enabled, but no provider has been configured!");
-    return this.accessControl;
+    return this.thirdEyeAuthorizer;
   }
 
   public AccessControlConfiguration getConfig() {
@@ -77,8 +77,8 @@ public AccessControlConfiguration getConfig() {
   }
 
   @Override
-  public boolean hasAccess(final String token, final ResourceIdentifier identifier,
+  public boolean authorize(final String token, final ResourceIdentifier identifier,
       final AccessType accessType) {
-    return getAccessControl().hasAccess(token, identifier, accessType);
+    return getAccessControl().authorize(token, identifier, accessType);
   }
 }
diff --git a/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/AlertResourceTest.java b/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/AlertResourceTest.java
index af19cc48d6..f4bd59a943 100644
--- a/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/AlertResourceTest.java
+++ b/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/AlertResourceTest.java
@@ -23,9 +23,9 @@
 import ai.startree.thirdeye.alert.AlertEvaluator;
 import ai.startree.thirdeye.alert.AlertInsightsProvider;
 import ai.startree.thirdeye.alert.AlertTemplateRenderer;
-import ai.startree.thirdeye.auth.AccessControlProvider;
 import ai.startree.thirdeye.auth.AuthorizationManager;
 import ai.startree.thirdeye.auth.NamespaceResolver;
+import ai.startree.thirdeye.auth.ThirdEyeAuthorizerProvider;
 import ai.startree.thirdeye.auth.ThirdEyePrincipal;
 import ai.startree.thirdeye.service.AlertService;
 import ai.startree.thirdeye.service.AppAnalyticsService;
@@ -36,10 +36,10 @@
 import ai.startree.thirdeye.spi.api.DetectionEvaluationApi;
 import ai.startree.thirdeye.spi.api.EnumerationItemApi;
 import ai.startree.thirdeye.spi.api.PlanNodeApi;
-import ai.startree.thirdeye.spi.auth.AccessControl;
 import ai.startree.thirdeye.spi.auth.AccessType;
 import ai.startree.thirdeye.spi.auth.AuthenticationType;
 import ai.startree.thirdeye.spi.auth.ResourceIdentifier;
+import ai.startree.thirdeye.spi.auth.ThirdEyeAuthorizer;
 import ai.startree.thirdeye.spi.datalayer.bao.AlertManager;
 import ai.startree.thirdeye.spi.datalayer.bao.AlertTemplateManager;
 import ai.startree.thirdeye.spi.datalayer.dto.AlertDTO;
@@ -68,8 +68,9 @@ static ThirdEyePrincipal nobody() {
 
   private static AlertResource newAlertResource(final AlertManager alertManager,
       final AlertTemplateRenderer alertTemplateRenderer,
-      final AccessControl accessControl) {
-    final AuthorizationManager authorizationManager = newAuthorizationManager(alertTemplateRenderer, accessControl);
+      final ThirdEyeAuthorizer thirdEyeAuthorizer) {
+    final AuthorizationManager authorizationManager = newAuthorizationManager(alertTemplateRenderer,
+        thirdEyeAuthorizer);
     return new AlertResource(newAlertService(alertManager, authorizationManager));
   }
 
@@ -132,10 +133,12 @@ public void testCreateMultiple_withNoAccessToTemplate() {
     final AlertTemplateRenderer alertTemplateRenderer = new AlertTemplateRenderer(
         mock(AlertManager.class), alertTemplateManager);
 
-    final AccessControl accessControl = (String token, ResourceIdentifier identifier, AccessType accessType)
+    final ThirdEyeAuthorizer thirdEyeAuthorizer = (String token, ResourceIdentifier identifier, AccessType accessType)
         -> identifier.getName().equals("0");
 
-    newAlertResource(mock(AlertManager.class), alertTemplateRenderer, accessControl).createMultiple(
+    newAlertResource(mock(AlertManager.class),
+        alertTemplateRenderer,
+        thirdEyeAuthorizer).createMultiple(
         nobody(),
         Collections.singletonList(
             new AlertApi().setName("alert1").setTemplate(new AlertTemplateApi().setId(2L))
@@ -149,7 +152,9 @@ public void testRunTask_withNoAccess() {
     final AlertTemplateRenderer alertTemplateRenderer = new AlertTemplateRenderer(alertManager,
         mock(AlertTemplateManager.class));
 
-    newAlertResource(alertManager, alertTemplateRenderer, AccessControlProvider.ALWAYS_DENY).runTask(
+    newAlertResource(alertManager,
+        alertTemplateRenderer,
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY).runTask(
         nobody(),
         1L,
         0L,
@@ -160,7 +165,7 @@ public void testRunTask_withNoAccess() {
   public void testValidate_withNoAccess() {
     newAlertResource(mock(AlertManager.class),
         mock(AlertTemplateRenderer.class),
-        AccessControlProvider.ALWAYS_DENY).validateMultiple(
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY).validateMultiple(
         nobody(),
         Collections.singletonList(
             new AlertApi().setTemplate(new AlertTemplateApi().setId(1L)).setName("alert1")
@@ -176,12 +181,12 @@ public void testValidate_withNoAccessToTemplate() {
     final AlertTemplateRenderer alertTemplateRenderer = new AlertTemplateRenderer(
         mock(AlertManager.class), alertTemplateManager);
 
-    final AccessControl accessControl = (String token, ResourceIdentifier identifier, AccessType accessType)
+    final ThirdEyeAuthorizer thirdEyeAuthorizer = (String token, ResourceIdentifier identifier, AccessType accessType)
         -> identifier.getName().equals("alert1");
 
     newAlertResource(mock(AlertManager.class),
         alertTemplateRenderer,
-        accessControl).validateMultiple(
+        thirdEyeAuthorizer).validateMultiple(
         nobody(),
         Collections.singletonList(
             new AlertApi().setTemplate(new AlertTemplateApi().setId(1L)).setName("alert1")
@@ -200,7 +205,7 @@ public void testEvaluate_withNoAccessToTemplate() throws ExecutionException {
 
     newAlertResource(mock(AlertManager.class),
         alertTemplateRenderer,
-        AccessControlProvider.ALWAYS_DENY).evaluate(nobody(),
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY).evaluate(nobody(),
         new AlertEvaluationApi()
             .setAlert(new AlertApi().setTemplate(new AlertTemplateApi().setId(1L)))
             .setStart(new Date())
@@ -403,8 +408,10 @@ public void testEvaluate_withNewAlertAndWriteAccessToAlertAndPartialAccessToEnum
   }
 
   private static AuthorizationManager newAuthorizationManager(
-      final AlertTemplateRenderer alertTemplateRenderer, final AccessControl accessControl) {
-    return new AuthorizationManager(alertTemplateRenderer, accessControl, new NamespaceResolver(null, null, null));
+      final AlertTemplateRenderer alertTemplateRenderer,
+      final ThirdEyeAuthorizer thirdEyeAuthorizer) {
+    return new AuthorizationManager(alertTemplateRenderer,
+        thirdEyeAuthorizer, new NamespaceResolver(null, null, null));
   }
 
   @Test(expectedExceptions = ForbiddenException.class)
@@ -414,7 +421,9 @@ public void testReset_withNoAccess() {
     final AlertTemplateRenderer alertTemplateRenderer = new AlertTemplateRenderer(alertManager,
         mock(AlertTemplateManager.class));
 
-    newAlertResource(alertManager, alertTemplateRenderer, AccessControlProvider.ALWAYS_DENY).reset(
+    newAlertResource(alertManager,
+        alertTemplateRenderer,
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY).reset(
         nobody(),
         1L);
   }
diff --git a/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/CrudResourceTest.java b/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/CrudResourceTest.java
index 7e0febf8bc..a85a57208d 100644
--- a/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/CrudResourceTest.java
+++ b/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/CrudResourceTest.java
@@ -20,18 +20,18 @@
 import static org.mockito.Mockito.when;
 
 import ai.startree.thirdeye.alert.AlertTemplateRenderer;
-import ai.startree.thirdeye.auth.AccessControlProvider;
 import ai.startree.thirdeye.auth.AuthorizationManager;
 import ai.startree.thirdeye.auth.NamespaceResolver;
+import ai.startree.thirdeye.auth.ThirdEyeAuthorizerProvider;
 import ai.startree.thirdeye.auth.ThirdEyePrincipal;
 import ai.startree.thirdeye.datalayer.bao.AbstractManagerImpl;
 import ai.startree.thirdeye.datalayer.dao.GenericPojoDao;
 import ai.startree.thirdeye.service.CrudService;
 import ai.startree.thirdeye.spi.api.ThirdEyeCrudApi;
-import ai.startree.thirdeye.spi.auth.AccessControl;
 import ai.startree.thirdeye.spi.auth.AccessType;
 import ai.startree.thirdeye.spi.auth.AuthenticationType;
 import ai.startree.thirdeye.spi.auth.ResourceIdentifier;
+import ai.startree.thirdeye.spi.auth.ThirdEyeAuthorizer;
 import ai.startree.thirdeye.spi.datalayer.bao.AbstractManager;
 import ai.startree.thirdeye.spi.datalayer.dto.AbstractDTO;
 import com.google.common.collect.ImmutableMap;
@@ -62,7 +62,7 @@ public void createUserInfoTest() {
     });
     when(manager.update(any(DummyDto.class))).thenReturn(1);
     final DummyResource resource = new DummyResource(manager, ImmutableMap.of(),
-        AccessControlProvider.ALWAYS_ALLOW);
+        ThirdEyeAuthorizerProvider.ALWAYS_ALLOW);
 
     final List<String> emails = List.of("tester1@testing.com", "tester2@testing.com");
     final ThirdEyePrincipal owner = getPrincipal(emails.get(0));
@@ -90,7 +90,7 @@ public void updateUserInfoTest() {
     });
     when(manager.update(any(DummyDto.class))).thenReturn(1);
     final DummyResource resource = new DummyResource(manager, ImmutableMap.of(),
-        AccessControlProvider.ALWAYS_ALLOW);
+        ThirdEyeAuthorizerProvider.ALWAYS_ALLOW);
 
     final List<String> emails = List.of("tester1@testing.com", "tester2@testing.com");
     final Timestamp before = new Timestamp(1671476530000L);
@@ -136,7 +136,7 @@ public void testGetAll_withNoAccess() {
     ));
 
     final DummyResource resource = new DummyResource(manager, ImmutableMap.of(),
-        AccessControlProvider.ALWAYS_DENY);
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY);
     try (Response resp = resource.list(nobody(), uriInfo)) {
       assertThat(resp.getStatus()).isEqualTo(200);
 
@@ -174,7 +174,7 @@ public void testGet_withNoAccess() {
     final DummyManager manager = mock(DummyManager.class);
     when(manager.findById(1L)).thenReturn((DummyDto) new DummyDto().setId(1L));
     final DummyResource resource = new DummyResource(manager, ImmutableMap.of(),
-        AccessControlProvider.ALWAYS_DENY);
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY);
     resource.get(nobody(), 1L);
   }
 
@@ -183,7 +183,7 @@ public void testDelete_withNoAccess() {
     final DummyManager manager = mock(DummyManager.class);
     when(manager.findById(1L)).thenReturn((DummyDto) new DummyDto().setId(1L));
     final DummyResource resource = new DummyResource(manager, ImmutableMap.of(),
-        AccessControlProvider.ALWAYS_DENY);
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY);
     resource.delete(nobody(), 1L);
   }
 
@@ -196,7 +196,7 @@ public void testDeleteAll_withNoAccess() {
         (DummyDto) new DummyDto().setId(3L)
     ));
     final DummyResource resource = new DummyResource(manager, ImmutableMap.of(),
-        AccessControlProvider.ALWAYS_DENY);
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY);
     resource.deleteAll(nobody());
   }
 
@@ -220,7 +220,7 @@ public void testDeleteAll_withPartialAccess() {
   public void testCreateMultiple_withNoAccess() {
     final DummyManager manager = mock(DummyManager.class);
     final DummyResource resource = new DummyResource(manager, ImmutableMap.of(),
-        AccessControlProvider.ALWAYS_DENY);
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY);
 
     resource.createMultiple(nobody(),
         Arrays.asList(new DummyApi(), new DummyApi(), new DummyApi()));
@@ -230,7 +230,7 @@ public void testCreateMultiple_withNoAccess() {
   public void testCreateMultiple_withNoAccessToRelatedResources() {
     final DummyManager manager = mock(DummyManager.class);
     final DummyResource resource = new DummyResource(manager, ImmutableMap.of(),
-        AccessControlProvider.ALWAYS_DENY);
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY);
 
     resource.createMultiple(
         nobody(),
@@ -246,7 +246,7 @@ public void testUpdateMultiple_withNoAccess() {
     when(manager.findById(3L)).thenReturn((DummyDto) new DummyDto().setId(3L));
 
     final DummyResource resource = new DummyResource(manager, ImmutableMap.of(),
-        AccessControlProvider.ALWAYS_DENY);
+        ThirdEyeAuthorizerProvider.ALWAYS_DENY);
 
     resource.editMultiple(nobody(), Arrays.asList(
         new DummyApi().setId(1L),
@@ -383,9 +383,10 @@ class DummyResource extends CrudResource<DummyApi, DummyDto> {
   public DummyResource(
       final DummyManager dtoManager,
       final ImmutableMap<String, String> apiToBeanMap,
-      final AccessControl accessControl) {
+      final ThirdEyeAuthorizer thirdEyeAuthorizer) {
     super(new DummyService(
-        new AuthorizationManager(mock(AlertTemplateRenderer.class), accessControl, new NamespaceResolver(null, null, null)),
+        new AuthorizationManager(mock(AlertTemplateRenderer.class),
+            thirdEyeAuthorizer, new NamespaceResolver(null, null, null)),
         dtoManager,
         apiToBeanMap));
   }
diff --git a/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/DataSourceResourceTest.java b/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/DataSourceResourceTest.java
index 059c02a625..6561fb8a12 100644
--- a/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/DataSourceResourceTest.java
+++ b/thirdeye-server/src/test/java/ai/startree/thirdeye/resources/DataSourceResourceTest.java
@@ -18,9 +18,9 @@
 import static org.mockito.Mockito.when;
 
 import ai.startree.thirdeye.alert.AlertTemplateRenderer;
-import ai.startree.thirdeye.auth.AccessControlProvider;
 import ai.startree.thirdeye.auth.AuthorizationManager;
 import ai.startree.thirdeye.auth.NamespaceResolver;
+import ai.startree.thirdeye.auth.ThirdEyeAuthorizerProvider;
 import ai.startree.thirdeye.auth.ThirdEyePrincipal;
 import ai.startree.thirdeye.core.DataSourceOnboarder;
 import ai.startree.thirdeye.datasource.cache.DataSourceCache;
@@ -53,7 +53,7 @@ void setup() {
         mock(DataSourceOnboarder.class),
         new AuthorizationManager(
             mock(AlertTemplateRenderer.class),
-            AccessControlProvider.ALWAYS_ALLOW,
+            ThirdEyeAuthorizerProvider.ALWAYS_ALLOW,
             new NamespaceResolver(null, null, null)
         )));
   }
diff --git a/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AccessControlFactory.java b/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AccessControlFactory.java
index 6353646eb2..9199906969 100644
--- a/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AccessControlFactory.java
+++ b/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AccessControlFactory.java
@@ -16,4 +16,5 @@
 import ai.startree.thirdeye.spi.PluginServiceFactory;
 import java.util.Map;
 
-public interface AccessControlFactory extends PluginServiceFactory<AccessControl, Map<String, Object>> {}
+public interface AccessControlFactory extends
+    PluginServiceFactory<ThirdEyeAuthorizer, Map<String, Object>> {}
diff --git a/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AuthenticationType.java b/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AuthenticationType.java
index 709e01f334..42e1412ae0 100644
--- a/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AuthenticationType.java
+++ b/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AuthenticationType.java
@@ -1,3 +1,16 @@
+/*
+ * Copyright 2023 StarTree Inc
+ *
+ * Licensed under the StarTree Community License (the "License"); you may not use
+ * this file except in compliance with the License. You may obtain a copy of the
+ * License at http://www.startree.ai/legal/startree-community-license
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OF ANY KIND,
+ * either express or implied.
+ * See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
 package ai.startree.thirdeye.spi.auth;
 
 public enum AuthenticationType {
diff --git a/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/IThirdEyePrincipal.java b/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/IThirdEyePrincipal.java
index 924beba8e5..6db0c2a00f 100644
--- a/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/IThirdEyePrincipal.java
+++ b/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/IThirdEyePrincipal.java
@@ -1,3 +1,16 @@
+/*
+ * Copyright 2023 StarTree Inc
+ *
+ * Licensed under the StarTree Community License (the "License"); you may not use
+ * this file except in compliance with the License. You may obtain a copy of the
+ * License at http://www.startree.ai/legal/startree-community-license
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OF ANY KIND,
+ * either express or implied.
+ * See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
 package ai.startree.thirdeye.spi.auth;
 
 import java.security.Principal;
diff --git a/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AccessControl.java b/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/ThirdEyeAuthorizer.java
similarity index 92%
rename from thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AccessControl.java
rename to thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/ThirdEyeAuthorizer.java
index e5f99aacea..c1356d06b7 100644
--- a/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/AccessControl.java
+++ b/thirdeye-spi/src/main/java/ai/startree/thirdeye/spi/auth/ThirdEyeAuthorizer.java
@@ -13,9 +13,9 @@
  */
 package ai.startree.thirdeye.spi.auth;
 
-public interface AccessControl {
+public interface ThirdEyeAuthorizer {
 
-  boolean hasAccess(
+  boolean authorize(
       String token,
       ResourceIdentifier identifier,
       AccessType accessType