Example 11 with AccessException
use of io.cdap.cdap.api.security.AccessException in project cdap by caskdata.
the class AppLifecycleHttpHandler method updateApp.
/**
* Updates an existing application.
*/
@POST
@Path("/apps/{app-id}/update")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void updateApp(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") final String namespaceId, @PathParam("app-id") final String appName) throws NotFoundException, BadRequestException, AccessException, IOException {
ApplicationId appId = validateApplicationId(namespaceId, appName);
AppRequest appRequest;
try (Reader reader = new InputStreamReader(new ByteBufInputStream(request.content()), StandardCharsets.UTF_8)) {
appRequest = DECODE_GSON.fromJson(reader, AppRequest.class);
} catch (IOException e) {
LOG.error("Error reading request to update app {} in namespace {}.", appName, namespaceId, e);
throw new IOException("Error reading request body.");
} catch (JsonSyntaxException e) {
throw new BadRequestException("Request body is invalid json: " + e.getMessage());
}
try {
applicationLifecycleService.updateApp(appId, appRequest, createProgramTerminator());
responder.sendString(HttpResponseStatus.OK, "Update complete.");
} catch (InvalidArtifactException e) {
throw new BadRequestException(e.getMessage());
} catch (ConflictException e) {
responder.sendString(HttpResponseStatus.CONFLICT, e.getMessage());
} catch (NotFoundException | UnauthorizedException e) {
throw e;
} catch (Exception e) {
// this is the same behavior as deploy app pipeline, but this is bad behavior. Error handling needs improvement.
LOG.error("Deploy failure", e);
responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
}
}
Also used :
InputStreamReader(java.io.InputStreamReader)
WriteConflictException(io.cdap.cdap.internal.app.runtime.artifact.WriteConflictException)
ConflictException(io.cdap.cdap.common.ConflictException)
Reader(java.io.Reader)
InputStreamReader(java.io.InputStreamReader)
FileReader(java.io.FileReader)
ApplicationNotFoundException(io.cdap.cdap.common.ApplicationNotFoundException)
NamespaceNotFoundException(io.cdap.cdap.common.NamespaceNotFoundException)
NotFoundException(io.cdap.cdap.common.NotFoundException)
ArtifactNotFoundException(io.cdap.cdap.common.ArtifactNotFoundException)
ByteBufInputStream(io.netty.buffer.ByteBufInputStream)
IOException(java.io.IOException)
ApplicationNotFoundException(io.cdap.cdap.common.ApplicationNotFoundException)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
NamespaceNotFoundException(io.cdap.cdap.common.NamespaceNotFoundException)
WriteConflictException(io.cdap.cdap.internal.app.runtime.artifact.WriteConflictException)
DatasetManagementException(io.cdap.cdap.api.dataset.DatasetManagementException)
IOException(java.io.IOException)
ConflictException(io.cdap.cdap.common.ConflictException)
NotImplementedException(io.cdap.cdap.common.NotImplementedException)
AccessException(io.cdap.cdap.api.security.AccessException)
InvalidArtifactException(io.cdap.cdap.common.InvalidArtifactException)
ArtifactAlreadyExistsException(io.cdap.cdap.common.ArtifactAlreadyExistsException)
NotFoundException(io.cdap.cdap.common.NotFoundException)
ServiceException(io.cdap.cdap.common.ServiceException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
BadRequestException(io.cdap.cdap.common.BadRequestException)
ArtifactNotFoundException(io.cdap.cdap.common.ArtifactNotFoundException)
AppRequest(io.cdap.cdap.proto.artifact.AppRequest)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
BadRequestException(io.cdap.cdap.common.BadRequestException)
ApplicationId(io.cdap.cdap.proto.id.ApplicationId)
InvalidArtifactException(io.cdap.cdap.common.InvalidArtifactException)
Path(javax.ws.rs.Path)
AuditPolicy(io.cdap.cdap.common.security.AuditPolicy)
POST(javax.ws.rs.POST)
Example 12 with AccessException
use of io.cdap.cdap.api.security.AccessException in project cdap by caskdata.
the class CoreSchedulerService method getProgramScheduleWithUserAndArtifactId.
/**
* Gets a copy of the given {@link ProgramSchedule} and add user and artifact ID in the schedule properties
* TODO CDAP-13662 - move logic to find artifactId and userId to dashboard service and remove this method
*/
private ProgramSchedule getProgramScheduleWithUserAndArtifactId(ProgramSchedule schedule) {
Map<String, String> additionalProperties = new HashMap<>();
// add artifact id to the schedule property
ProgramDescriptor programDescriptor;
try {
programDescriptor = appMetaStore.loadProgram(schedule.getProgramId());
} catch (Exception e) {
LOG.error("Exception occurs when looking up program descriptor for program {} in schedule {}", schedule.getProgramId(), schedule, e);
throw new RuntimeException(String.format("Exception occurs when looking up program descriptor for" + " program %s in schedule %s", schedule.getProgramId(), schedule), e);
}
additionalProperties.put(ProgramOptionConstants.ARTIFACT_ID, GSON.toJson(programDescriptor.getArtifactId().toApiArtifactId()));
String userId;
try {
userId = impersonator.getUGI(schedule.getProgramId()).getUserName();
} catch (AccessException e) {
LOG.error("Exception occurs when looking up user group information for program {} in schedule {}", schedule.getProgramId(), schedule, e);
throw new RuntimeException(String.format("Exception occurs when looking up user group information for" + " program %s in schedule %s", schedule.getProgramId(), schedule), e);
}
// add the user name to the schedule property
additionalProperties.put(ProgramOptionConstants.USER_ID, userId);
// make a copy of the existing schedule properties and add the additional properties in the copy
Map<String, String> newProperties = new HashMap<>(schedule.getProperties());
newProperties.putAll(additionalProperties);
// construct a copy of the schedule with the additional properties added
return new ProgramSchedule(schedule.getName(), schedule.getDescription(), schedule.getProgramId(), newProperties, schedule.getTrigger(), schedule.getConstraints(), schedule.getTimeoutMillis());
}
Also used :
AccessException(io.cdap.cdap.api.security.AccessException)
HashMap(java.util.HashMap)
ProgramSchedule(io.cdap.cdap.internal.app.runtime.schedule.ProgramSchedule)
ProgramDescriptor(io.cdap.cdap.app.program.ProgramDescriptor)
AccessException(io.cdap.cdap.api.security.AccessException)
ServiceUnavailableException(io.cdap.cdap.common.ServiceUnavailableException)
TimeoutException(java.util.concurrent.TimeoutException)
AlreadyExistsException(io.cdap.cdap.common.AlreadyExistsException)
NotFoundException(io.cdap.cdap.common.NotFoundException)
ProfileConflictException(io.cdap.cdap.common.ProfileConflictException)
TransactionException(io.cdap.cdap.spi.data.transaction.TransactionException)
SchedulerException(io.cdap.cdap.internal.app.runtime.schedule.SchedulerException)
IOException(java.io.IOException)
BadRequestException(io.cdap.cdap.common.BadRequestException)
ConflictException(io.cdap.cdap.common.ConflictException)
Example 13 with AccessException
use of io.cdap.cdap.api.security.AccessException in project cdap by caskdata.
the class ImpersonationHandler method getCredentials.
@POST
@Path("/credentials")
public void getCredentials(FullHttpRequest request, HttpResponder responder) throws Exception {
String requestContent = request.content().toString(StandardCharsets.UTF_8);
if (requestContent == null) {
throw new BadRequestException("Request body is empty.");
}
ImpersonationRequest impersonationRequest = GSON.fromJson(requestContent, ImpersonationRequest.class);
LOG.debug("Fetching credentials for {}", impersonationRequest);
UGIWithPrincipal ugiWithPrincipal;
try {
ugiWithPrincipal = ugiProvider.getConfiguredUGI(impersonationRequest);
} catch (AccessException e) {
throw new ServiceException(e, HttpResponseStatus.INTERNAL_SERVER_ERROR);
}
Credentials credentials = ImpersonationUtils.doAs(ugiWithPrincipal.getUGI(), new Callable<Credentials>() {
@Override
public Credentials call() throws Exception {
return tokenSecureStoreRenewer.createCredentials();
}
});
// example: hdfs:///cdap/credentials
Location credentialsDir = locationFactory.create("credentials");
if (credentialsDir.isDirectory() || credentialsDir.mkdirs() || credentialsDir.isDirectory()) {
// the getTempFile() doesn't create the file within the directory that you call it on. It simply appends the path
// without a separator, which is why we manually append the "tmp"
// example: hdfs:///cdap/credentials/tmp.5960fe60-6fd8-4f3e-8e92-3fb6d4726006.credentials
Location credentialsFile = credentialsDir.append("tmp").getTempFile(".credentials");
// 600 is owner-only READ_WRITE
try (DataOutputStream os = new DataOutputStream(new BufferedOutputStream(credentialsFile.getOutputStream("600")))) {
credentials.writeTokenStorageToStream(os);
}
LOG.debug("Wrote credentials for user {} to {}", ugiWithPrincipal.getPrincipal(), credentialsFile);
PrincipalCredentials principalCredentials = new PrincipalCredentials(ugiWithPrincipal.getPrincipal(), credentialsFile.toURI().toString());
responder.sendJson(HttpResponseStatus.OK, GSON.toJson(principalCredentials));
} else {
throw new IllegalStateException("Unable to create credentials directory.");
}
}
Also used :
PrincipalCredentials(io.cdap.cdap.security.impersonation.PrincipalCredentials)
UGIWithPrincipal(io.cdap.cdap.security.impersonation.UGIWithPrincipal)
DataOutputStream(java.io.DataOutputStream)
AccessException(io.cdap.cdap.api.security.AccessException)
ServiceException(io.cdap.cdap.common.ServiceException)
BadRequestException(io.cdap.cdap.common.BadRequestException)
AccessException(io.cdap.cdap.api.security.AccessException)
ServiceException(io.cdap.cdap.common.ServiceException)
ImpersonationRequest(io.cdap.cdap.security.impersonation.ImpersonationRequest)
BadRequestException(io.cdap.cdap.common.BadRequestException)
BufferedOutputStream(java.io.BufferedOutputStream)
Credentials(org.apache.hadoop.security.Credentials)
PrincipalCredentials(io.cdap.cdap.security.impersonation.PrincipalCredentials)
Location(org.apache.twill.filesystem.Location)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 14 with AccessException
use of io.cdap.cdap.api.security.AccessException in project cdap by caskdata.
the class AbstractContext method createRuntimeProgramContext.
/**
* Creates a new instance of {@link RuntimeProgramContext} to be
* provided to {@link RuntimeProgramContextAware} dataset.
*/
private RuntimeProgramContext createRuntimeProgramContext(final DatasetId datasetId) {
return new RuntimeProgramContext() {
@Override
public void notifyNewPartitions(Collection<? extends PartitionKey> partitionKeys) throws IOException {
String topic = cConf.get(Constants.Dataset.DATA_EVENT_TOPIC);
if (Strings.isNullOrEmpty(topic)) {
// Don't publish if there is no data event topic
return;
}
TopicId dataEventTopic = NamespaceId.SYSTEM.topic(topic);
MessagePublisher publisher = getMessagingContext().getMessagePublisher();
byte[] payload = Bytes.toBytes(GSON.toJson(Notification.forPartitions(datasetId, partitionKeys)));
int failure = 0;
long startTime = System.currentTimeMillis();
while (true) {
try {
publisher.publish(dataEventTopic.getNamespace(), dataEventTopic.getTopic(), payload);
return;
} catch (TopicNotFoundException e) {
// this shouldn't happen since the TMS creates the data event topic on startup.
throw new IOException("Unexpected exception due to missing topic '" + dataEventTopic + "'", e);
} catch (AccessException e) {
throw new IOException("Unexpected access exception during publishing notification to '" + dataEventTopic + "'", e);
} catch (IOException e) {
long sleepTime = retryStrategy.nextRetry(++failure, startTime);
if (sleepTime < 0) {
throw e;
}
try {
TimeUnit.MILLISECONDS.sleep(sleepTime);
} catch (InterruptedException ex) {
// If interrupted during sleep, just reset the interrupt flag and return
Thread.currentThread().interrupt();
return;
}
}
}
}
@Override
public ProgramRunId getProgramRunId() {
return programRunId;
}
@Nullable
@Override
public NamespacedEntityId getComponentId() {
return AbstractContext.this.getComponentId();
}
};
}
Also used :
RuntimeProgramContext(io.cdap.cdap.data.RuntimeProgramContext)
MessagePublisher(io.cdap.cdap.api.messaging.MessagePublisher)
TopicNotFoundException(io.cdap.cdap.api.messaging.TopicNotFoundException)
IOException(java.io.IOException)
AccessException(io.cdap.cdap.api.security.AccessException)
Collection(java.util.Collection)
PartitionKey(io.cdap.cdap.api.dataset.lib.PartitionKey)
TopicId(io.cdap.cdap.proto.id.TopicId)
Example 15 with AccessException
use of io.cdap.cdap.api.security.AccessException in project cdap by caskdata.
the class UnitTestManager method deployApplication.
@Override
public ApplicationManager deployApplication(NamespaceId namespace, Class<? extends Application> applicationClz, @Nullable Config configObject, File... bundleEmbeddedJars) throws AccessException {
Preconditions.checkNotNull(applicationClz, "Application class cannot be null.");
Type configType = Artifacts.getConfigType(applicationClz);
try {
ArtifactId artifactId = new ArtifactId(namespace.getNamespace(), applicationClz.getSimpleName(), "1.0-SNAPSHOT");
addAppArtifact(artifactId, applicationClz, new Manifest(), bundleEmbeddedJars);
if (configObject == null) {
configObject = (Config) TypeToken.of(configType).getRawType().newInstance();
}
Application app = applicationClz.newInstance();
MockAppConfigurer configurer = new MockAppConfigurer(app);
app.configure(configurer, new DefaultApplicationContext<>(configObject));
ApplicationId applicationId = new ApplicationId(namespace.getNamespace(), configurer.getName());
ArtifactSummary artifactSummary = new ArtifactSummary(artifactId.getArtifact(), artifactId.getVersion());
appFabricClient.deployApplication(Id.Application.fromEntityId(applicationId), new AppRequest(artifactSummary, configObject));
return appManagerFactory.create(applicationId);
} catch (AccessException e) {
throw e;
} catch (Exception e) {
throw Throwables.propagate(e);
}
}
Also used :
Type(java.lang.reflect.Type)
MockAppConfigurer(io.cdap.cdap.app.MockAppConfigurer)
ArtifactSummary(io.cdap.cdap.api.artifact.ArtifactSummary)
AccessException(io.cdap.cdap.api.security.AccessException)
ArtifactId(io.cdap.cdap.proto.id.ArtifactId)
Manifest(java.util.jar.Manifest)
ApplicationId(io.cdap.cdap.proto.id.ApplicationId)
Application(io.cdap.cdap.api.app.Application)
TransactionFailureException(org.apache.tephra.TransactionFailureException)
AccessException(io.cdap.cdap.api.security.AccessException)
IOException(java.io.IOException)
AppRequest(io.cdap.cdap.proto.artifact.AppRequest)
Aggregations
AccessException (io.cdap.cdap.api.security.AccessException)24
IOException (java.io.IOException)22
TopicNotFoundException (io.cdap.cdap.api.messaging.TopicNotFoundException)8
BadRequestException (io.cdap.cdap.common.BadRequestException)6
ServiceUnavailableException (io.cdap.cdap.common.ServiceUnavailableException)6
ConflictException (io.cdap.cdap.common.ConflictException)4
NotFoundException (io.cdap.cdap.common.NotFoundException)4
ServiceException (io.cdap.cdap.common.ServiceException)4
AppRequest (io.cdap.cdap.proto.artifact.AppRequest)4
ApplicationId (io.cdap.cdap.proto.id.ApplicationId)4
UnauthorizedException (io.cdap.cdap.security.spi.authorization.UnauthorizedException)4
RetryableException (io.cdap.cdap.api.retry.RetryableException)3
Notification (io.cdap.cdap.proto.Notification)3
POST (javax.ws.rs.POST)3
Path (javax.ws.rs.Path)3
JsonSyntaxException (com.google.gson.JsonSyntaxException)2
DatasetManagementException (io.cdap.cdap.api.dataset.DatasetManagementException)2
PartitionKey (io.cdap.cdap.api.dataset.lib.PartitionKey)2
MessagePublisher (io.cdap.cdap.api.messaging.MessagePublisher)2
ProgramDescriptor (io.cdap.cdap.app.program.ProgramDescriptor)2
