Examples with ForbiddenException io.cdap.cdap.common.ForbiddenException used on opensource projects

Example 1 with ForbiddenException

use of io.cdap.cdap.common.ForbiddenException in project cdap by caskdata.

the class TetheringServerHandler method connectControlChannel.

/**
 * Sends control commands to the client.
 */
@GET
@Path("/tethering/controlchannels/{peer}")
public void connectControlChannel(FullHttpRequest request, HttpResponder responder, @PathParam("peer") String peer, @QueryParam("messageId") String messageId) throws IOException, NotImplementedException, PeerNotFoundException, ForbiddenException, BadRequestException {
    checkTetheringServerEnabled();
    store.updatePeerTimestamp(peer);
    TetheringStatus tetheringStatus = store.getPeer(peer).getTetheringStatus();
    if (tetheringStatus == TetheringStatus.PENDING) {
        throw new PeerNotFoundException(String.format("Peer %s not found", peer));
    } else if (tetheringStatus == TetheringStatus.REJECTED) {
        responder.sendStatus(HttpResponseStatus.FORBIDDEN);
        throw new ForbiddenException(String.format("Peer %s is not authorized", peer));
    }
    List<TetheringControlResponse> controlResponses = new ArrayList<>();
    MessageFetcher fetcher = messagingContext.getMessageFetcher();
    TopicId topic = new TopicId(NamespaceId.SYSTEM.getNamespace(), topicPrefix + peer);
    String lastMessageId = messageId;
    try (CloseableIterator<Message> iterator = fetcher.fetch(topic.getNamespace(), topic.getTopic(), 1, messageId)) {
        while (iterator.hasNext()) {
            Message message = iterator.next();
            TetheringControlMessage controlMessage = GSON.fromJson(message.getPayloadAsString(StandardCharsets.UTF_8), TetheringControlMessage.class);
            lastMessageId = message.getId();
            controlResponses.add(new TetheringControlResponse(lastMessageId, controlMessage));
        }
    } catch (TopicNotFoundException e) {
        LOG.warn("Received control connection from peer {} that's not tethered", peer);
    } catch (IllegalArgumentException e) {
        throw new BadRequestException(String.format("Invalid message id %s", messageId));
    }
    if (controlResponses.isEmpty()) {
        controlResponses.add(new TetheringControlResponse(lastMessageId, new TetheringControlMessage(TetheringControlMessage.Type.KEEPALIVE)));
    }
    responder.sendJson(HttpResponseStatus.OK, GSON.toJson(controlResponses.toArray(new TetheringControlResponse[0]), TetheringControlResponse[].class));
}

Example 2 with ForbiddenException

use of io.cdap.cdap.common.ForbiddenException in project cdap by caskdata.

the class MonitorHandler method getServiceInstance.

/**
 * Returns the number of instances of CDAP Services
 */
@Path("/system/services/{service-name}/instances")
@GET
public void getServiceInstance(HttpRequest request, HttpResponder responder, @PathParam("service-name") String serviceName) throws Exception {
    JsonObject reply = new JsonObject();
    if (!serviceManagementMap.containsKey(serviceName)) {
        throw new NotFoundException(String.format("Invalid service name %s", serviceName));
    }
    SystemServiceId systemServiceId = new SystemServiceId(serviceName);
    contextAccessEnforcer.enforce(systemServiceId, StandardPermission.GET);
    MasterServiceManager serviceManager = serviceManagementMap.get(serviceName);
    if (serviceManager.isServiceEnabled()) {
        int actualInstance = serviceManagementMap.get(serviceName).getInstances();
        reply.addProperty("provisioned", actualInstance);
        reply.addProperty("requested", getSystemServiceInstanceCount(serviceName));
        responder.sendJson(HttpResponseStatus.OK, reply.toString());
    } else {
        throw new ForbiddenException(String.format("Service %s is not enabled", serviceName));
    }
}

Example 3 with ForbiddenException

use of io.cdap.cdap.common.ForbiddenException in project cdap by caskdata.

the class MonitorHandler method setServiceInstance.

/**
 * Sets the number of instances of CDAP Services
 */
@Path("/system/services/{service-name}/instances")
@PUT
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void setServiceInstance(FullHttpRequest request, HttpResponder responder, @PathParam("service-name") final String serviceName) throws Exception {
    if (!serviceManagementMap.containsKey(serviceName)) {
        throw new NotFoundException(String.format("Invalid service name %s", serviceName));
    }
    SystemServiceId systemServiceId = new SystemServiceId(serviceName);
    contextAccessEnforcer.enforce(systemServiceId, StandardPermission.UPDATE);
    MasterServiceManager serviceManager = serviceManagementMap.get(serviceName);
    int instances = getInstances(request);
    if (!serviceManager.isServiceEnabled()) {
        throw new ForbiddenException(String.format("Service %s is not enabled", serviceName));
    }
    int currentInstances = getSystemServiceInstanceCount(serviceName);
    if (instances < serviceManager.getMinInstances() || instances > serviceManager.getMaxInstances()) {
        String response = String.format("Instance count should be between [%s,%s]", serviceManager.getMinInstances(), serviceManager.getMaxInstances());
        throw new BadRequestException(response);
    } else if (instances == currentInstances) {
        responder.sendStatus(HttpResponseStatus.OK);
        return;
    }
    serviceStore.setServiceInstance(serviceName, instances);
    if (serviceManager.setInstances(instances)) {
        responder.sendStatus(HttpResponseStatus.OK);
    } else {
        throw new BadRequestException("Operation did not succeed");
    }
}

Example 4 with ForbiddenException

use of io.cdap.cdap.common.ForbiddenException in project cdap by caskdata.

the class MonitorHandler method updateServiceLogLevels.

/**
 * Update log levels for this service.
 */
@Path("system/services/{service-name}/loglevels")
@PUT
public void updateServiceLogLevels(FullHttpRequest request, HttpResponder responder, @PathParam("service-name") String serviceName) throws Exception {
    if (!serviceManagementMap.containsKey(serviceName)) {
        throw new NotFoundException(String.format("Invalid service name %s", serviceName));
    }
    SystemServiceId systemServiceId = new SystemServiceId(serviceName);
    contextAccessEnforcer.enforce(systemServiceId, StandardPermission.UPDATE);
    MasterServiceManager masterServiceManager = serviceManagementMap.get(serviceName);
    if (!masterServiceManager.isServiceEnabled()) {
        throw new ForbiddenException(String.format("Failed to update log levels for service %s " + "because the service is not enabled", serviceName));
    }
    try {
        // we are decoding the body to Map<String, String> instead of Map<String, LogEntry.Level> here since Gson will
        // serialize invalid enum values to null, which is allowed for log level, instead of throw an Exception.
        masterServiceManager.updateServiceLogLevels(transformLogLevelsMap(decodeArguments(request)));
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (IllegalStateException ise) {
        throw new ServiceUnavailableException(String.format("Failed to update log levels for service %s " + "because the service may not be ready yet", serviceName));
    } catch (IllegalArgumentException e) {
        throw new BadRequestException(e.getMessage());
    } catch (JsonSyntaxException e) {
        throw new BadRequestException("Invalid Json in the body");
    }
}

Example 5 with ForbiddenException

use of io.cdap.cdap.common.ForbiddenException in project cdap by caskdata.

the class MonitorHandler method restartInstances.

private void restartInstances(HttpResponder responder, String serviceName, int instanceId, boolean restartAll) throws Exception {
    long startTimeMs = System.currentTimeMillis();
    boolean isSuccess = true;
    if (!serviceManagementMap.containsKey(serviceName)) {
        throw new NotFoundException(String.format("Invalid service name %s", serviceName));
    }
    SystemServiceId systemServiceId = new SystemServiceId(serviceName);
    contextAccessEnforcer.enforce(systemServiceId, ApplicationPermission.EXECUTE);
    MasterServiceManager masterServiceManager = serviceManagementMap.get(serviceName);
    try {
        if (!masterServiceManager.isServiceEnabled()) {
            String message = String.format("Failed to restart instance for %s because the service is not enabled.", serviceName);
            LOG.debug(message);
            isSuccess = false;
            throw new ForbiddenException(message);
        }
        if (restartAll) {
            masterServiceManager.restartAllInstances();
        } else {
            if (instanceId < 0 || instanceId >= masterServiceManager.getInstances()) {
                throw new IllegalArgumentException();
            }
            masterServiceManager.restartInstances(instanceId);
        }
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (IllegalStateException ise) {
        String message = String.format("Failed to restart instance for %s because the service may not be ready yet", serviceName);
        LOG.debug(message, ise);
        isSuccess = false;
        throw new ServiceUnavailableException(message);
    } catch (IllegalArgumentException iex) {
        String message = String.format("Failed to restart instance %d for service: %s because invalid instance id", instanceId, serviceName);
        LOG.debug(message, iex);
        isSuccess = false;
        throw new BadRequestException(message);
    } catch (Exception ex) {
        LOG.warn(String.format("Exception when trying to restart instances for service %s", serviceName), ex);
        isSuccess = false;
        throw new Exception(String.format("Error restarting instance %d for service: %s", instanceId, serviceName));
    } finally {
        long endTimeMs = System.currentTimeMillis();
        if (restartAll) {
            serviceStore.setRestartAllInstancesRequest(serviceName, startTimeMs, endTimeMs, isSuccess);
        } else {
            serviceStore.setRestartInstanceRequest(serviceName, startTimeMs, endTimeMs, isSuccess, instanceId);
        }
    }
}