Examples with AuditPolicy co.cask.cdap.common.security.AuditPolicy used on opensource projects

Example 1 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ExploreExecutorHttpHandler method enableStream.

@POST
@Path("streams/{stream}/tables/{table}/enable")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void enableStream(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("stream") String streamName, @PathParam("table") final String tableName) throws Exception {
    final StreamId streamId = new StreamId(namespace, streamName);
    try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()))) {
        final FormatSpecification format = GSON.fromJson(reader, FormatSpecification.class);
        if (format == null) {
            throw new BadRequestException("Expected format in the body");
        }
        QueryHandle handle = impersonator.doAs(streamId, new Callable<QueryHandle>() {

            @Override
            public QueryHandle call() throws Exception {
                return exploreTableManager.enableStream(tableName, streamId, format);
            }
        });
        JsonObject json = new JsonObject();
        json.addProperty("handle", handle.getHandle());
        responder.sendJson(HttpResponseStatus.OK, json);
    } catch (UnsupportedTypeException e) {
        LOG.error("Exception while generating create statement for stream {}", streamName, e);
        responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
    }
}

Example 2 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class AppLifecycleHttpHandler method updateApp.

/**
   * Updates an existing application.
   */
@POST
@Path("/apps/{app-id}/update")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void updateApp(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") final String namespaceId, @PathParam("app-id") final String appName) throws NotFoundException, BadRequestException, UnauthorizedException, IOException {
    ApplicationId appId = validateApplicationId(namespaceId, appName);
    AppRequest appRequest;
    try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()), Charsets.UTF_8)) {
        appRequest = GSON.fromJson(reader, AppRequest.class);
    } catch (IOException e) {
        LOG.error("Error reading request to update app {} in namespace {}.", appName, namespaceId, e);
        throw new IOException("Error reading request body.");
    } catch (JsonSyntaxException e) {
        throw new BadRequestException("Request body is invalid json: " + e.getMessage());
    }
    try {
        applicationLifecycleService.updateApp(appId, appRequest, createProgramTerminator());
        responder.sendString(HttpResponseStatus.OK, "Update complete.");
    } catch (InvalidArtifactException e) {
        throw new BadRequestException(e.getMessage());
    } catch (ConflictException e) {
        responder.sendString(HttpResponseStatus.CONFLICT, e.getMessage());
    } catch (NotFoundException | UnauthorizedException e) {
        throw e;
    } catch (Exception e) {
        // this is the same behavior as deploy app pipeline, but this is bad behavior. Error handling needs improvement.
        LOG.error("Deploy failure", e);
        responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
    }
}

Example 3 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ArtifactHttpHandler method writeProperties.

@PUT
@Path("/namespaces/{namespace-id}/artifacts/{artifact-name}/versions/{artifact-version}/properties")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void writeProperties(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("artifact-name") String artifactName, @PathParam("artifact-version") String artifactVersion) throws Exception {
    NamespaceId namespace = NamespaceId.SYSTEM.getNamespace().equalsIgnoreCase(namespaceId) ? NamespaceId.SYSTEM : validateAndGetNamespace(namespaceId);
    Id.Artifact artifactId = validateAndGetArtifactId(namespace, artifactName, artifactVersion);
    Map<String, String> properties;
    try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()), Charsets.UTF_8)) {
        properties = GSON.fromJson(reader, MAP_STRING_STRING_TYPE);
    } catch (JsonSyntaxException e) {
        throw new BadRequestException("Json Syntax Error while parsing properties from request. " + "Please check that the properties are a json map from string to string.", e);
    } catch (IOException e) {
        throw new BadRequestException("Unable to read properties from the request.", e);
    }
    try {
        artifactRepository.writeArtifactProperties(artifactId, properties);
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (IOException e) {
        LOG.error("Exception writing properties for artifact {}.", artifactId, e);
        responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error adding properties to artifact.");
    }
}

Example 4 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class DashboardHttpHandler method set.

@Path("/{dashboard-id}")
@PUT
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void set(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("dashboard-id") String id) throws Exception {
    try {
        String data = request.getContent().toString(Charsets.UTF_8);
        if (!isValidJSON(data)) {
            responder.sendJson(HttpResponseStatus.BAD_REQUEST, "Invalid JSON in body");
            return;
        }
        Map<String, String> propMap = ImmutableMap.of(CONFIG_PROPERTY, data);
        dashboardStore.put(namespace, new Config(id, propMap));
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (ConfigNotFoundException e) {
        responder.sendString(HttpResponseStatus.NOT_FOUND, "Dashboard not found");
    }
}

Example 5 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class AuthorizationHandler method grant.

@Path("/privileges/grant")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void grant(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
    ensureSecurityEnabled();
    GrantRequest request = parseBody(httpRequest, GrantRequest.class);
    verifyAuthRequest(request);
    Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
    // enforce that the user granting access has admin privileges on the entity
    authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
    privilegesManager.grant(request.getEntity(), request.getPrincipal(), actions);
    httpResponder.sendStatus(HttpResponseStatus.OK);
    createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}