Search in sources :

Example 16 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ArtifactHttpHandler method writeProperties.

@PUT
@Path("/namespaces/{namespace-id}/artifacts/{artifact-name}/versions/{artifact-version}/properties")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void writeProperties(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("artifact-name") String artifactName, @PathParam("artifact-version") String artifactVersion) throws Exception {
    NamespaceId namespace = NamespaceId.SYSTEM.getNamespace().equalsIgnoreCase(namespaceId) ? NamespaceId.SYSTEM : validateAndGetNamespace(namespaceId);
    Id.Artifact artifactId = validateAndGetArtifactId(namespace, artifactName, artifactVersion);
    Map<String, String> properties;
    try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()), Charsets.UTF_8)) {
        properties = GSON.fromJson(reader, MAP_STRING_STRING_TYPE);
    } catch (JsonSyntaxException e) {
        throw new BadRequestException("Json Syntax Error while parsing properties from request. " + "Please check that the properties are a json map from string to string.", e);
    } catch (IOException e) {
        throw new BadRequestException("Unable to read properties from the request.", e);
    }
    try {
        artifactRepository.writeArtifactProperties(artifactId, properties);
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (IOException e) {
        LOG.error("Exception writing properties for artifact {}.", artifactId, e);
        responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error adding properties to artifact.");
    }
}
Also used : JsonSyntaxException(com.google.gson.JsonSyntaxException) InputStreamReader(java.io.InputStreamReader) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) BadRequestException(co.cask.cdap.common.BadRequestException) NamespaceId(co.cask.cdap.proto.id.NamespaceId) Id(co.cask.cdap.proto.Id) ArtifactId(co.cask.cdap.proto.id.ArtifactId) NamespaceId(co.cask.cdap.proto.id.NamespaceId) ChannelBufferInputStream(org.jboss.netty.buffer.ChannelBufferInputStream) IOException(java.io.IOException) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) PUT(javax.ws.rs.PUT)

Example 17 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class DashboardHttpHandler method set.

@Path("/{dashboard-id}")
@PUT
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void set(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("dashboard-id") String id) throws Exception {
    try {
        String data = request.getContent().toString(Charsets.UTF_8);
        if (!isValidJSON(data)) {
            responder.sendJson(HttpResponseStatus.BAD_REQUEST, "Invalid JSON in body");
            return;
        }
        Map<String, String> propMap = ImmutableMap.of(CONFIG_PROPERTY, data);
        dashboardStore.put(namespace, new Config(id, propMap));
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (ConfigNotFoundException e) {
        responder.sendString(HttpResponseStatus.NOT_FOUND, "Dashboard not found");
    }
}
Also used : Config(co.cask.cdap.config.Config) ConfigNotFoundException(co.cask.cdap.config.ConfigNotFoundException) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) PUT(javax.ws.rs.PUT)

Example 18 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class AuthorizationHandler method grant.

@Path("/privileges/grant")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void grant(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
    ensureSecurityEnabled();
    GrantRequest request = parseBody(httpRequest, GrantRequest.class);
    verifyAuthRequest(request);
    Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
    // enforce that the user granting access has admin privileges on the entity
    authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
    privilegesManager.grant(request.getEntity(), request.getPrincipal(), actions);
    httpResponder.sendStatus(HttpResponseStatus.OK);
    createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}
Also used : Action(co.cask.cdap.proto.security.Action) GrantRequest(co.cask.cdap.proto.security.GrantRequest) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) POST(javax.ws.rs.POST)

Example 19 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class AuthorizationHandler method revoke.

@Path("/privileges/revoke")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void revoke(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
    ensureSecurityEnabled();
    RevokeRequest request = parseBody(httpRequest, RevokeRequest.class);
    verifyAuthRequest(request);
    // enforce that the user revoking access has admin privileges on the entity
    authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
    if (request.getPrincipal() == null && request.getActions() == null) {
        privilegesManager.revoke(request.getEntity());
    } else {
        Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
        privilegesManager.revoke(request.getEntity(), request.getPrincipal(), actions);
    }
    httpResponder.sendStatus(HttpResponseStatus.OK);
    createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}
Also used : RevokeRequest(co.cask.cdap.proto.security.RevokeRequest) Action(co.cask.cdap.proto.security.Action) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) POST(javax.ws.rs.POST)

Example 20 with AuditPolicy

use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class StreamViewHttpHandler method createOrUpdate.

@PUT
@Path("/streams/{stream}/views/{view}")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void createOrUpdate(HttpRequest request, HttpResponder responder, @PathParam("namespace") String namespace, @PathParam("stream") String stream, @PathParam("view") String view) throws Exception {
    StreamViewId viewId;
    try {
        viewId = new StreamViewId(namespace, stream, view);
    } catch (IllegalArgumentException e) {
        throw new BadRequestException(e);
    }
    try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()))) {
        ViewSpecification spec = GSON.fromJson(reader, ViewSpecification.class);
        if (spec == null) {
            throw new BadRequestException("Missing ViewSpecification in request body");
        }
        boolean created = admin.createOrUpdateView(viewId, spec);
        responder.sendStatus(created ? HttpResponseStatus.CREATED : HttpResponseStatus.OK);
    } catch (JsonSyntaxException e) {
        responder.sendString(HttpResponseStatus.BAD_REQUEST, "Couldn't decode body as view config JSON");
    } catch (IOException e) {
        LOG.warn("Error closing InputStreamReader", e);
    }
}
Also used : JsonSyntaxException(com.google.gson.JsonSyntaxException) InputStreamReader(java.io.InputStreamReader) BadRequestException(co.cask.cdap.common.BadRequestException) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) ViewSpecification(co.cask.cdap.proto.ViewSpecification) ChannelBufferInputStream(org.jboss.netty.buffer.ChannelBufferInputStream) IOException(java.io.IOException) StreamViewId(co.cask.cdap.proto.id.StreamViewId) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) PUT(javax.ws.rs.PUT)

Aggregations

AuditPolicy (co.cask.cdap.common.security.AuditPolicy)44 Path (javax.ws.rs.Path)44 POST (javax.ws.rs.POST)24 PUT (javax.ws.rs.PUT)19 BadRequestException (co.cask.cdap.common.BadRequestException)12 ProgramId (co.cask.cdap.proto.id.ProgramId)11 NamespaceId (co.cask.cdap.proto.id.NamespaceId)9 IOException (java.io.IOException)8 NotFoundException (co.cask.cdap.common.NotFoundException)7 JsonSyntaxException (com.google.gson.JsonSyntaxException)7 NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)6 ArtifactId (co.cask.cdap.proto.id.ArtifactId)6 ArrayList (java.util.ArrayList)6 Id (co.cask.cdap.proto.Id)5 StreamId (co.cask.cdap.proto.id.StreamId)5 Constraint (co.cask.cdap.internal.schedule.constraint.Constraint)4 ProtoConstraint (co.cask.cdap.proto.ProtoConstraint)4 DatasetId (co.cask.cdap.proto.id.DatasetId)4 InputStreamReader (java.io.InputStreamReader)4 Reader (java.io.Reader)4