Examples with AuditPolicy co.cask.cdap.common.security.AuditPolicy used on opensource projects

Example 66 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ExploreExecutorHttpHandler method updateDataset.

/**
 * Enable ad-hoc exploration of a dataset instance.
 */
@POST
@Path("datasets/{dataset}/update")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void updateDataset(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("dataset") String datasetName) throws BadRequestException {
    final DatasetId datasetId = new DatasetId(namespace, datasetName);
    try {
        UpdateExploreParameters params = readUpdateParameters(request);
        final DatasetSpecification oldSpec = params.getOldSpec();
        final DatasetSpecification datasetSpec = params.getNewSpec();
        QueryHandle handle;
        if (oldSpec.equals(datasetSpec)) {
            handle = QueryHandle.NO_OP;
        } else {
            handle = impersonator.doAs(datasetId, new Callable<QueryHandle>() {

                @Override
                public QueryHandle call() throws Exception {
                    return exploreTableManager.updateDataset(datasetId, datasetSpec, oldSpec);
                }
            });
        }
        JsonObject json = new JsonObject();
        json.addProperty("handle", handle.getHandle());
        responder.sendJson(HttpResponseStatus.OK, json.toString());
    } catch (IllegalArgumentException e) {
        responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
    } catch (ExploreException e) {
        responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error updating explore on dataset " + datasetId);
    } catch (SQLException e) {
        responder.sendString(HttpResponseStatus.BAD_REQUEST, "SQL exception while trying to update explore on dataset " + datasetId);
    } catch (UnsupportedTypeException e) {
        responder.sendString(HttpResponseStatus.BAD_REQUEST, "Schema for dataset " + datasetId + " is not supported for exploration: " + e.getMessage());
    } catch (Throwable e) {
        LOG.error("Got exception:", e);
        responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, e.getMessage());
    }
}

Example 67 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ExploreExecutorHttpHandler method enableStream.

@POST
@Path("streams/{stream}/tables/{table}/enable")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void enableStream(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("stream") String streamName, @PathParam("table") final String tableName) throws Exception {
    final StreamId streamId = new StreamId(namespace, streamName);
    try (Reader reader = new InputStreamReader(new ByteBufInputStream(request.content()))) {
        final FormatSpecification format = GSON.fromJson(reader, FormatSpecification.class);
        if (format == null) {
            throw new BadRequestException("Expected format in the body");
        }
        QueryHandle handle = impersonator.doAs(streamId, new Callable<QueryHandle>() {

            @Override
            public QueryHandle call() throws Exception {
                return exploreTableManager.enableStream(tableName, streamId, format);
            }
        });
        JsonObject json = new JsonObject();
        json.addProperty("handle", handle.getHandle());
        responder.sendJson(HttpResponseStatus.OK, json.toString());
    } catch (UnsupportedTypeException e) {
        LOG.error("Exception while generating create statement for stream {}", streamName, e);
        responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
    }
}

Example 68 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class AppLifecycleHttpHandler method updateApp.

/**
 * Updates an existing application.
 */
@POST
@Path("/apps/{app-id}/update")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void updateApp(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") final String namespaceId, @PathParam("app-id") final String appName) throws NotFoundException, BadRequestException, UnauthorizedException, IOException {
    ApplicationId appId = validateApplicationId(namespaceId, appName);
    AppRequest appRequest;
    try (Reader reader = new InputStreamReader(new ByteBufInputStream(request.content()), StandardCharsets.UTF_8)) {
        appRequest = DECODE_GSON.fromJson(reader, AppRequest.class);
    } catch (IOException e) {
        LOG.error("Error reading request to update app {} in namespace {}.", appName, namespaceId, e);
        throw new IOException("Error reading request body.");
    } catch (JsonSyntaxException e) {
        throw new BadRequestException("Request body is invalid json: " + e.getMessage());
    }
    try {
        applicationLifecycleService.updateApp(appId, appRequest, createProgramTerminator());
        responder.sendString(HttpResponseStatus.OK, "Update complete.");
    } catch (InvalidArtifactException e) {
        throw new BadRequestException(e.getMessage());
    } catch (ConflictException e) {
        responder.sendString(HttpResponseStatus.CONFLICT, e.getMessage());
    } catch (NotFoundException | UnauthorizedException e) {
        throw e;
    } catch (Exception e) {
        // this is the same behavior as deploy app pipeline, but this is bad behavior. Error handling needs improvement.
        LOG.error("Deploy failure", e);
        responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
    }
}

Example 69 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ArtifactHttpHandler method callArtifactPluginMethod.

@Beta
@POST
@Path("/namespaces/{namespace-id}/artifacts/{artifact-name}/" + "versions/{artifact-version}/plugintypes/{plugin-type}/plugins/{plugin-name}/methods/{plugin-method}")
@AuditPolicy({ AuditDetail.REQUEST_BODY, AuditDetail.RESPONSE_BODY })
public void callArtifactPluginMethod(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("artifact-name") String artifactName, @PathParam("artifact-version") String artifactVersion, @PathParam("plugin-name") String pluginName, @PathParam("plugin-type") String pluginType, @PathParam("plugin-method") String methodName, @QueryParam("scope") @DefaultValue("user") String scope) throws Exception {
    String requestBody = request.content().toString(StandardCharsets.UTF_8);
    NamespaceId namespace = Ids.namespace(namespaceId);
    NamespaceId artifactNamespace = validateAndGetScopedNamespace(namespace, scope);
    ArtifactId artifactId = validateAndGetArtifactId(artifactNamespace, artifactName, artifactVersion);
    if (requestBody.isEmpty()) {
        throw new BadRequestException("Request body is used as plugin method parameter, " + "Received empty request body.");
    }
    try {
        PluginEndpoint pluginEndpoint = pluginService.getPluginEndpoint(namespace, Id.Artifact.fromEntityId(artifactId), pluginType, pluginName, methodName);
        Object response = pluginEndpoint.invoke(GSON.fromJson(requestBody, pluginEndpoint.getMethodParameterType()));
        responder.sendString(HttpResponseStatus.OK, GSON.toJson(response));
    } catch (JsonSyntaxException e) {
        LOG.error("Exception while invoking plugin method.", e);
        responder.sendString(HttpResponseStatus.BAD_REQUEST, "Unable to deserialize request body to method parameter type");
    } catch (InvocationTargetException e) {
        LOG.error("Exception while invoking plugin method.", e);
        if (e.getCause() instanceof javax.ws.rs.NotFoundException) {
            throw new NotFoundException(e.getCause());
        } else if (e.getCause() instanceof javax.ws.rs.BadRequestException) {
            throw new BadRequestException(e.getCause());
        } else if (e.getCause() instanceof IllegalArgumentException && e.getCause() != null) {
            responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getCause().getMessage());
        } else {
            Throwable rootCause = Throwables.getRootCause(e);
            String message = String.format("Error while invoking plugin method %s.", methodName);
            if (rootCause != null && rootCause.getMessage() != null) {
                message = String.format("%s %s", message, rootCause.getMessage());
            }
            responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, message);
        }
    }
}

Example 70 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ArtifactHttpHandler method writeProperty.

@PUT
@Path("/namespaces/{namespace-id}/artifacts/{artifact-name}/versions/{artifact-version}/properties/{property}")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void writeProperty(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("artifact-name") String artifactName, @PathParam("artifact-version") String artifactVersion, @PathParam("property") String key) throws Exception {
    NamespaceId namespace = NamespaceId.SYSTEM.getNamespace().equalsIgnoreCase(namespaceId) ? NamespaceId.SYSTEM : validateAndGetNamespace(namespaceId);
    ArtifactId artifactId = validateAndGetArtifactId(namespace, artifactName, artifactVersion);
    String value = request.content().toString(StandardCharsets.UTF_8);
    if (value == null) {
        responder.sendStatus(HttpResponseStatus.OK);
        return;
    }
    try {
        artifactRepository.writeArtifactProperty(Id.Artifact.fromEntityId(artifactId), key, value);
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (IOException e) {
        LOG.error("Exception writing properties for artifact {}.", artifactId, e);
        responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error writing property to artifact.");
    }
}