use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class ExploreExecutorHttpHandler method enableStream.
@POST
@Path("streams/{stream}/tables/{table}/enable")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void enableStream(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("stream") String streamName, @PathParam("table") final String tableName) throws Exception {
final StreamId streamId = new StreamId(namespace, streamName);
try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()))) {
final FormatSpecification format = GSON.fromJson(reader, FormatSpecification.class);
if (format == null) {
throw new BadRequestException("Expected format in the body");
}
QueryHandle handle = impersonator.doAs(streamId, new Callable<QueryHandle>() {
@Override
public QueryHandle call() throws Exception {
return exploreTableManager.enableStream(tableName, streamId, format);
}
});
JsonObject json = new JsonObject();
json.addProperty("handle", handle.getHandle());
responder.sendJson(HttpResponseStatus.OK, json);
} catch (UnsupportedTypeException e) {
LOG.error("Exception while generating create statement for stream {}", streamName, e);
responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
}
}
use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class AppLifecycleHttpHandler method updateApp.
/**
* Updates an existing application.
*/
@POST
@Path("/apps/{app-id}/update")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void updateApp(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") final String namespaceId, @PathParam("app-id") final String appName) throws NotFoundException, BadRequestException, UnauthorizedException, IOException {
ApplicationId appId = validateApplicationId(namespaceId, appName);
AppRequest appRequest;
try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()), Charsets.UTF_8)) {
appRequest = GSON.fromJson(reader, AppRequest.class);
} catch (IOException e) {
LOG.error("Error reading request to update app {} in namespace {}.", appName, namespaceId, e);
throw new IOException("Error reading request body.");
} catch (JsonSyntaxException e) {
throw new BadRequestException("Request body is invalid json: " + e.getMessage());
}
try {
applicationLifecycleService.updateApp(appId, appRequest, createProgramTerminator());
responder.sendString(HttpResponseStatus.OK, "Update complete.");
} catch (InvalidArtifactException e) {
throw new BadRequestException(e.getMessage());
} catch (ConflictException e) {
responder.sendString(HttpResponseStatus.CONFLICT, e.getMessage());
} catch (NotFoundException | UnauthorizedException e) {
throw e;
} catch (Exception e) {
// this is the same behavior as deploy app pipeline, but this is bad behavior. Error handling needs improvement.
LOG.error("Deploy failure", e);
responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
}
}
use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class ArtifactHttpHandler method writeProperties.
@PUT
@Path("/namespaces/{namespace-id}/artifacts/{artifact-name}/versions/{artifact-version}/properties")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void writeProperties(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("artifact-name") String artifactName, @PathParam("artifact-version") String artifactVersion) throws Exception {
NamespaceId namespace = NamespaceId.SYSTEM.getNamespace().equalsIgnoreCase(namespaceId) ? NamespaceId.SYSTEM : validateAndGetNamespace(namespaceId);
Id.Artifact artifactId = validateAndGetArtifactId(namespace, artifactName, artifactVersion);
Map<String, String> properties;
try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()), Charsets.UTF_8)) {
properties = GSON.fromJson(reader, MAP_STRING_STRING_TYPE);
} catch (JsonSyntaxException e) {
throw new BadRequestException("Json Syntax Error while parsing properties from request. " + "Please check that the properties are a json map from string to string.", e);
} catch (IOException e) {
throw new BadRequestException("Unable to read properties from the request.", e);
}
try {
artifactRepository.writeArtifactProperties(artifactId, properties);
responder.sendStatus(HttpResponseStatus.OK);
} catch (IOException e) {
LOG.error("Exception writing properties for artifact {}.", artifactId, e);
responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error adding properties to artifact.");
}
}
use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class DashboardHttpHandler method set.
@Path("/{dashboard-id}")
@PUT
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void set(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("dashboard-id") String id) throws Exception {
try {
String data = request.getContent().toString(Charsets.UTF_8);
if (!isValidJSON(data)) {
responder.sendJson(HttpResponseStatus.BAD_REQUEST, "Invalid JSON in body");
return;
}
Map<String, String> propMap = ImmutableMap.of(CONFIG_PROPERTY, data);
dashboardStore.put(namespace, new Config(id, propMap));
responder.sendStatus(HttpResponseStatus.OK);
} catch (ConfigNotFoundException e) {
responder.sendString(HttpResponseStatus.NOT_FOUND, "Dashboard not found");
}
}
use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class AuthorizationHandler method grant.
@Path("/privileges/grant")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void grant(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
ensureSecurityEnabled();
GrantRequest request = parseBody(httpRequest, GrantRequest.class);
verifyAuthRequest(request);
Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
// enforce that the user granting access has admin privileges on the entity
authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
privilegesManager.grant(request.getEntity(), request.getPrincipal(), actions);
httpResponder.sendStatus(HttpResponseStatus.OK);
createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}
Aggregations