Search in sources :

Example 1 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ExploreExecutorHttpHandler method enableStream.

@POST
@Path("streams/{stream}/tables/{table}/enable")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void enableStream(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("stream") String streamName, @PathParam("table") final String tableName) throws Exception {
    final StreamId streamId = new StreamId(namespace, streamName);
    try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()))) {
        final FormatSpecification format = GSON.fromJson(reader, FormatSpecification.class);
        if (format == null) {
            throw new BadRequestException("Expected format in the body");
        }
        QueryHandle handle = impersonator.doAs(streamId, new Callable<QueryHandle>() {

            @Override
            public QueryHandle call() throws Exception {
                return exploreTableManager.enableStream(tableName, streamId, format);
            }
        });
        JsonObject json = new JsonObject();
        json.addProperty("handle", handle.getHandle());
        responder.sendJson(HttpResponseStatus.OK, json);
    } catch (UnsupportedTypeException e) {
        LOG.error("Exception while generating create statement for stream {}", streamName, e);
        responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
    }
}
Also used : StreamId(co.cask.cdap.proto.id.StreamId) InputStreamReader(java.io.InputStreamReader) FormatSpecification(co.cask.cdap.api.data.format.FormatSpecification) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) BadRequestException(co.cask.cdap.common.BadRequestException) JsonObject(com.google.gson.JsonObject) UnsupportedTypeException(co.cask.cdap.api.data.schema.UnsupportedTypeException) ChannelBufferInputStream(org.jboss.netty.buffer.ChannelBufferInputStream) QueryHandle(co.cask.cdap.proto.QueryHandle) BadRequestException(co.cask.cdap.common.BadRequestException) ExploreException(co.cask.cdap.explore.service.ExploreException) SQLException(java.sql.SQLException) DatasetManagementException(co.cask.cdap.api.dataset.DatasetManagementException) JsonSyntaxException(com.google.gson.JsonSyntaxException) UnsupportedTypeException(co.cask.cdap.api.data.schema.UnsupportedTypeException) IOException(java.io.IOException) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) POST(javax.ws.rs.POST)

Example 2 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class AppLifecycleHttpHandler method updateApp.

/**
   * Updates an existing application.
   */
@POST
@Path("/apps/{app-id}/update")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void updateApp(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") final String namespaceId, @PathParam("app-id") final String appName) throws NotFoundException, BadRequestException, UnauthorizedException, IOException {
    ApplicationId appId = validateApplicationId(namespaceId, appName);
    AppRequest appRequest;
    try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()), Charsets.UTF_8)) {
        appRequest = GSON.fromJson(reader, AppRequest.class);
    } catch (IOException e) {
        LOG.error("Error reading request to update app {} in namespace {}.", appName, namespaceId, e);
        throw new IOException("Error reading request body.");
    } catch (JsonSyntaxException e) {
        throw new BadRequestException("Request body is invalid json: " + e.getMessage());
    }
    try {
        applicationLifecycleService.updateApp(appId, appRequest, createProgramTerminator());
        responder.sendString(HttpResponseStatus.OK, "Update complete.");
    } catch (InvalidArtifactException e) {
        throw new BadRequestException(e.getMessage());
    } catch (ConflictException e) {
        responder.sendString(HttpResponseStatus.CONFLICT, e.getMessage());
    } catch (NotFoundException | UnauthorizedException e) {
        throw e;
    } catch (Exception e) {
        // this is the same behavior as deploy app pipeline, but this is bad behavior. Error handling needs improvement.
        LOG.error("Deploy failure", e);
        responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
    }
}
Also used : InputStreamReader(java.io.InputStreamReader) ConflictException(co.cask.cdap.common.ConflictException) WriteConflictException(co.cask.cdap.internal.app.runtime.artifact.WriteConflictException) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) FileReader(java.io.FileReader) ApplicationNotFoundException(co.cask.cdap.common.ApplicationNotFoundException) NamespaceNotFoundException(co.cask.cdap.common.NamespaceNotFoundException) ArtifactNotFoundException(co.cask.cdap.common.ArtifactNotFoundException) NotFoundException(co.cask.cdap.common.NotFoundException) IOException(java.io.IOException) ApplicationNotFoundException(co.cask.cdap.common.ApplicationNotFoundException) NamespaceNotFoundException(co.cask.cdap.common.NamespaceNotFoundException) ArtifactNotFoundException(co.cask.cdap.common.ArtifactNotFoundException) ArtifactAlreadyExistsException(co.cask.cdap.common.ArtifactAlreadyExistsException) ConflictException(co.cask.cdap.common.ConflictException) BadRequestException(co.cask.cdap.common.BadRequestException) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) WriteConflictException(co.cask.cdap.internal.app.runtime.artifact.WriteConflictException) JsonSyntaxException(com.google.gson.JsonSyntaxException) IOException(java.io.IOException) InvalidArtifactException(co.cask.cdap.common.InvalidArtifactException) ExecutionException(java.util.concurrent.ExecutionException) NotFoundException(co.cask.cdap.common.NotFoundException) AppRequest(co.cask.cdap.proto.artifact.AppRequest) JsonSyntaxException(com.google.gson.JsonSyntaxException) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) BadRequestException(co.cask.cdap.common.BadRequestException) ChannelBufferInputStream(org.jboss.netty.buffer.ChannelBufferInputStream) ApplicationId(co.cask.cdap.proto.id.ApplicationId) InvalidArtifactException(co.cask.cdap.common.InvalidArtifactException) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) POST(javax.ws.rs.POST)

Example 3 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ArtifactHttpHandler method writeProperties.

@PUT
@Path("/namespaces/{namespace-id}/artifacts/{artifact-name}/versions/{artifact-version}/properties")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void writeProperties(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("artifact-name") String artifactName, @PathParam("artifact-version") String artifactVersion) throws Exception {
    NamespaceId namespace = NamespaceId.SYSTEM.getNamespace().equalsIgnoreCase(namespaceId) ? NamespaceId.SYSTEM : validateAndGetNamespace(namespaceId);
    Id.Artifact artifactId = validateAndGetArtifactId(namespace, artifactName, artifactVersion);
    Map<String, String> properties;
    try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()), Charsets.UTF_8)) {
        properties = GSON.fromJson(reader, MAP_STRING_STRING_TYPE);
    } catch (JsonSyntaxException e) {
        throw new BadRequestException("Json Syntax Error while parsing properties from request. " + "Please check that the properties are a json map from string to string.", e);
    } catch (IOException e) {
        throw new BadRequestException("Unable to read properties from the request.", e);
    }
    try {
        artifactRepository.writeArtifactProperties(artifactId, properties);
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (IOException e) {
        LOG.error("Exception writing properties for artifact {}.", artifactId, e);
        responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error adding properties to artifact.");
    }
}
Also used : JsonSyntaxException(com.google.gson.JsonSyntaxException) InputStreamReader(java.io.InputStreamReader) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) BadRequestException(co.cask.cdap.common.BadRequestException) NamespaceId(co.cask.cdap.proto.id.NamespaceId) Id(co.cask.cdap.proto.Id) ArtifactId(co.cask.cdap.proto.id.ArtifactId) NamespaceId(co.cask.cdap.proto.id.NamespaceId) ChannelBufferInputStream(org.jboss.netty.buffer.ChannelBufferInputStream) IOException(java.io.IOException) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) PUT(javax.ws.rs.PUT)

Example 4 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class DashboardHttpHandler method set.

@Path("/{dashboard-id}")
@PUT
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void set(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("dashboard-id") String id) throws Exception {
    try {
        String data = request.getContent().toString(Charsets.UTF_8);
        if (!isValidJSON(data)) {
            responder.sendJson(HttpResponseStatus.BAD_REQUEST, "Invalid JSON in body");
            return;
        }
        Map<String, String> propMap = ImmutableMap.of(CONFIG_PROPERTY, data);
        dashboardStore.put(namespace, new Config(id, propMap));
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (ConfigNotFoundException e) {
        responder.sendString(HttpResponseStatus.NOT_FOUND, "Dashboard not found");
    }
}
Also used : Config(co.cask.cdap.config.Config) ConfigNotFoundException(co.cask.cdap.config.ConfigNotFoundException) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) PUT(javax.ws.rs.PUT)

Example 5 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class AuthorizationHandler method grant.

@Path("/privileges/grant")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void grant(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
    ensureSecurityEnabled();
    GrantRequest request = parseBody(httpRequest, GrantRequest.class);
    verifyAuthRequest(request);
    Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
    // enforce that the user granting access has admin privileges on the entity
    authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
    privilegesManager.grant(request.getEntity(), request.getPrincipal(), actions);
    httpResponder.sendStatus(HttpResponseStatus.OK);
    createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}
Also used : Action(co.cask.cdap.proto.security.Action) GrantRequest(co.cask.cdap.proto.security.GrantRequest) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) POST(javax.ws.rs.POST)

Aggregations

AuditPolicy (co.cask.cdap.common.security.AuditPolicy)86 Path (javax.ws.rs.Path)86 POST (javax.ws.rs.POST)47 PUT (javax.ws.rs.PUT)38 BadRequestException (co.cask.cdap.common.BadRequestException)25 ProgramId (co.cask.cdap.proto.id.ProgramId)22 NamespaceId (co.cask.cdap.proto.id.NamespaceId)17 IOException (java.io.IOException)14 NotFoundException (co.cask.cdap.common.NotFoundException)13 JsonSyntaxException (com.google.gson.JsonSyntaxException)13 NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)11 ArtifactId (co.cask.cdap.proto.id.ArtifactId)11 ArrayList (java.util.ArrayList)11 StreamId (co.cask.cdap.proto.id.StreamId)10 ApplicationId (co.cask.cdap.proto.id.ApplicationId)9 Constraint (co.cask.cdap.internal.schedule.constraint.Constraint)8 DatasetId (co.cask.cdap.proto.id.DatasetId)8 InputStreamReader (java.io.InputStreamReader)8 Reader (java.io.Reader)8 ArtifactNotFoundException (co.cask.cdap.common.ArtifactNotFoundException)5