Examples with AuditPolicy io.cdap.cdap.common.security.AuditPolicy used on opensource projects

Example 1 with AuditPolicy

use of io.cdap.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class MetadataHttpHandler method addProperties.

@POST
@Path("/**/metadata/properties")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void addProperties(FullHttpRequest request, HttpResponder responder, @QueryParam("type") String type, @QueryParam("async") @DefaultValue("false") Boolean async) throws Exception {
    MetadataEntity metadataEntity = getMetadataEntityFromPath(request.uri(), type, "/metadata/properties");
    enforce(metadataEntity, StandardPermission.UPDATE);
    metadataAdmin.addProperties(metadataEntity, readProperties(request), async ? ASYNC : SYNC);
    responder.sendString(HttpResponseStatus.OK, String.format("Metadata properties for %s added successfully.", metadataEntity));
}

Example 2 with AuditPolicy

use of io.cdap.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class NamespacedExploreQueryExecutorHttpHandler method query.

@POST
@Path("data/explore/queries")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void query(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") final String namespaceId) throws Exception {
    try {
        Map<String, String> args = decodeArguments(request);
        final String query = args.get("query");
        final Map<String, String> additionalSessionConf = new HashMap<>(args);
        additionalSessionConf.remove("query");
        LOG.trace("Received query: {}", query);
        QueryHandle queryHandle = impersonator.doAs(new NamespaceId(namespaceId), new Callable<QueryHandle>() {

            @Override
            public QueryHandle call() throws Exception {
                return exploreService.execute(new NamespaceId(namespaceId), query, additionalSessionConf);
            }
        }, ImpersonatedOpType.EXPLORE);
        responder.sendJson(HttpResponseStatus.OK, GSON.toJson(queryHandle));
    } catch (IllegalArgumentException e) {
        LOG.debug("Got exception:", e);
        responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
    } catch (SQLException e) {
        LOG.debug("Got exception:", e);
        responder.sendString(HttpResponseStatus.BAD_REQUEST, String.format("[SQLState %s] %s", e.getSQLState(), e.getMessage()));
    }
}

Example 3 with AuditPolicy

use of io.cdap.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ExploreExecutorHttpHandler method updateDataset.

/**
 * Enable ad-hoc exploration of a dataset instance.
 */
@POST
@Path("datasets/{dataset}/update")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void updateDataset(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespace, @PathParam("dataset") String datasetName) throws BadRequestException {
    final DatasetId datasetId = new DatasetId(namespace, datasetName);
    try {
        UpdateExploreParameters params = readUpdateParameters(request);
        final DatasetSpecification oldSpec = params.getOldSpec();
        final DatasetSpecification datasetSpec = params.getNewSpec();
        QueryHandle handle;
        if (oldSpec.equals(datasetSpec)) {
            handle = QueryHandle.NO_OP;
        } else {
            handle = impersonator.doAs(datasetId, new Callable<QueryHandle>() {

                @Override
                public QueryHandle call() throws Exception {
                    return exploreTableManager.updateDataset(datasetId, datasetSpec, oldSpec);
                }
            });
        }
        JsonObject json = new JsonObject();
        json.addProperty("handle", handle.getHandle());
        responder.sendJson(HttpResponseStatus.OK, json.toString());
    } catch (IllegalArgumentException e) {
        responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
    } catch (ExploreException e) {
        responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error updating explore on dataset " + datasetId);
    } catch (SQLException e) {
        responder.sendString(HttpResponseStatus.BAD_REQUEST, "SQL exception while trying to update explore on dataset " + datasetId);
    } catch (UnsupportedTypeException e) {
        responder.sendString(HttpResponseStatus.BAD_REQUEST, "Schema for dataset " + datasetId + " is not supported for exploration: " + e.getMessage());
    } catch (Throwable e) {
        LOG.error("Got exception:", e);
        responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, e.getMessage());
    }
}

Example 4 with AuditPolicy

use of io.cdap.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class AppLifecycleHttpHandler method upgradeApplications.

/**
 * Upgrades a lis of existing application to use latest version of application artifact and plugin artifacts.
 *
 * <pre>
 * {@code
 * [
 *   {"name":"XYZ"},
 *   {"name":"ABC"},
 *   {"name":"FOO"},
 * ]
 * }
 * </pre>
 * The response will be an array of {@link ApplicationUpdateDetail} object, which either indicates a success (200) or
 * failure for each of the requested application in the same order as the request. The failure also indicates reason
 * for the error. The response will be sent via ChunkResponder to continuously stream upgrade result per application.
 */
@POST
@Path("/upgrade")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void upgradeApplications(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @QueryParam("artifactScope") Set<String> artifactScopes, @QueryParam("allowSnapshot") boolean allowSnapshot) throws Exception {
    // TODO: (CDAP-16910) Improve batch API performance as each application upgrade is an event independent of each
    // other.
    List<ApplicationId> appIds = decodeAndValidateBatchApplicationRecord(validateNamespace(namespaceId), request);
    Set<ArtifactScope> allowedArtifactScopes = getArtifactScopes(artifactScopes);
    try (ChunkResponder chunkResponder = responder.sendChunkStart(HttpResponseStatus.OK)) {
        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
        try (JsonWriter jsonWriter = new JsonWriter(new OutputStreamWriter(outputStream, StandardCharsets.UTF_8))) {
            jsonWriter.beginArray();
            for (ApplicationId appId : appIds) {
                ApplicationUpdateDetail updateDetail;
                try {
                    applicationLifecycleService.upgradeApplication(appId, allowedArtifactScopes, allowSnapshot);
                    updateDetail = new ApplicationUpdateDetail(appId);
                } catch (UnsupportedOperationException e) {
                    String errorMessage = String.format("Application %s does not support upgrade.", appId);
                    updateDetail = new ApplicationUpdateDetail(appId, new NotImplementedException(errorMessage));
                } catch (InvalidArtifactException | NotFoundException e) {
                    updateDetail = new ApplicationUpdateDetail(appId, e);
                } catch (Exception e) {
                    updateDetail = new ApplicationUpdateDetail(appId, new ServiceException("Upgrade failed due to internal error.", e, HttpResponseStatus.INTERNAL_SERVER_ERROR));
                    LOG.error("Application upgrade failed with exception", e);
                }
                GSON.toJson(updateDetail, ApplicationUpdateDetail.class, jsonWriter);
                jsonWriter.flush();
                chunkResponder.sendChunk(Unpooled.wrappedBuffer(outputStream.toByteArray()));
                outputStream.reset();
                chunkResponder.flush();
            }
            jsonWriter.endArray();
        }
        chunkResponder.sendChunk(Unpooled.wrappedBuffer(outputStream.toByteArray()));
    }
}

Example 5 with AuditPolicy

use of io.cdap.cdap.common.security.AuditPolicy in project cdap by caskdata.

the class ArtifactHttpHandler method writeProperty.

@PUT
@Path("/namespaces/{namespace-id}/artifacts/{artifact-name}/versions/{artifact-version}/properties/{property}")
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void writeProperty(FullHttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("artifact-name") String artifactName, @PathParam("artifact-version") String artifactVersion, @PathParam("property") String key) throws Exception {
    NamespaceId namespace = NamespaceId.SYSTEM.getNamespace().equalsIgnoreCase(namespaceId) ? NamespaceId.SYSTEM : validateAndGetNamespace(namespaceId);
    ArtifactId artifactId = validateAndGetArtifactId(namespace, artifactName, artifactVersion);
    String value = request.content().toString(StandardCharsets.UTF_8);
    if (value == null) {
        responder.sendStatus(HttpResponseStatus.OK);
        return;
    }
    try {
        artifactRepository.writeArtifactProperty(Id.Artifact.fromEntityId(artifactId), key, value);
        responder.sendStatus(HttpResponseStatus.OK);
    } catch (IOException e) {
        LOG.error("Exception writing properties for artifact {}.", artifactId, e);
        responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error writing property to artifact.");
    }
}