use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class ArtifactHttpHandler method writeProperties.
@PUT
@Path("/namespaces/{namespace-id}/artifacts/{artifact-name}/versions/{artifact-version}/properties")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void writeProperties(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("artifact-name") String artifactName, @PathParam("artifact-version") String artifactVersion) throws Exception {
NamespaceId namespace = NamespaceId.SYSTEM.getNamespace().equalsIgnoreCase(namespaceId) ? NamespaceId.SYSTEM : validateAndGetNamespace(namespaceId);
Id.Artifact artifactId = validateAndGetArtifactId(namespace, artifactName, artifactVersion);
Map<String, String> properties;
try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()), Charsets.UTF_8)) {
properties = GSON.fromJson(reader, MAP_STRING_STRING_TYPE);
} catch (JsonSyntaxException e) {
throw new BadRequestException("Json Syntax Error while parsing properties from request. " + "Please check that the properties are a json map from string to string.", e);
} catch (IOException e) {
throw new BadRequestException("Unable to read properties from the request.", e);
}
try {
artifactRepository.writeArtifactProperties(artifactId, properties);
responder.sendStatus(HttpResponseStatus.OK);
} catch (IOException e) {
LOG.error("Exception writing properties for artifact {}.", artifactId, e);
responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error adding properties to artifact.");
}
}
use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class DashboardHttpHandler method set.
@Path("/{dashboard-id}")
@PUT
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void set(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("dashboard-id") String id) throws Exception {
try {
String data = request.getContent().toString(Charsets.UTF_8);
if (!isValidJSON(data)) {
responder.sendJson(HttpResponseStatus.BAD_REQUEST, "Invalid JSON in body");
return;
}
Map<String, String> propMap = ImmutableMap.of(CONFIG_PROPERTY, data);
dashboardStore.put(namespace, new Config(id, propMap));
responder.sendStatus(HttpResponseStatus.OK);
} catch (ConfigNotFoundException e) {
responder.sendString(HttpResponseStatus.NOT_FOUND, "Dashboard not found");
}
}
use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class AuthorizationHandler method grant.
@Path("/privileges/grant")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void grant(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
ensureSecurityEnabled();
GrantRequest request = parseBody(httpRequest, GrantRequest.class);
verifyAuthRequest(request);
Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
// enforce that the user granting access has admin privileges on the entity
authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
privilegesManager.grant(request.getEntity(), request.getPrincipal(), actions);
httpResponder.sendStatus(HttpResponseStatus.OK);
createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}
use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class AuthorizationHandler method revoke.
@Path("/privileges/revoke")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void revoke(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
ensureSecurityEnabled();
RevokeRequest request = parseBody(httpRequest, RevokeRequest.class);
verifyAuthRequest(request);
// enforce that the user revoking access has admin privileges on the entity
authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
if (request.getPrincipal() == null && request.getActions() == null) {
privilegesManager.revoke(request.getEntity());
} else {
Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
privilegesManager.revoke(request.getEntity(), request.getPrincipal(), actions);
}
httpResponder.sendStatus(HttpResponseStatus.OK);
createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}
use of co.cask.cdap.common.security.AuditPolicy in project cdap by caskdata.
the class StreamViewHttpHandler method createOrUpdate.
@PUT
@Path("/streams/{stream}/views/{view}")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void createOrUpdate(HttpRequest request, HttpResponder responder, @PathParam("namespace") String namespace, @PathParam("stream") String stream, @PathParam("view") String view) throws Exception {
StreamViewId viewId;
try {
viewId = new StreamViewId(namespace, stream, view);
} catch (IllegalArgumentException e) {
throw new BadRequestException(e);
}
try (Reader reader = new InputStreamReader(new ChannelBufferInputStream(request.getContent()))) {
ViewSpecification spec = GSON.fromJson(reader, ViewSpecification.class);
if (spec == null) {
throw new BadRequestException("Missing ViewSpecification in request body");
}
boolean created = admin.createOrUpdateView(viewId, spec);
responder.sendStatus(created ? HttpResponseStatus.CREATED : HttpResponseStatus.OK);
} catch (JsonSyntaxException e) {
responder.sendString(HttpResponseStatus.BAD_REQUEST, "Couldn't decode body as view config JSON");
} catch (IOException e) {
LOG.warn("Error closing InputStreamReader", e);
}
}
Aggregations