use of io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse in project cdap by caskdata.
the class DatasetInstanceHandler method executeAdmin.
/**
* Executes an admin operation on a dataset instance.
*
* @param namespaceId namespace of the dataset instance
* @param name name of the dataset instance
* @param method the admin operation to execute (e.g. "exists", "truncate", "upgrade")
* @throws Exception
*/
@POST
@Path("/data/datasets/{name}/admin/{method}")
public void executeAdmin(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("name") String name, @PathParam("method") String method) throws Exception {
DatasetId instance = ConversionHelpers.toDatasetInstanceId(namespaceId, name);
try {
DatasetAdminOpResponse response = instanceService.executeAdmin(instance, method);
responder.sendJson(HttpResponseStatus.OK, response);
} catch (HandlerException e) {
responder.sendStatus(e.getFailureStatus());
}
}
use of io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse in project cdap by caskdata.
the class DatasetInstanceService method executeAdmin.
/**
* Executes an admin operation on a dataset instance.
*
* @param instance the instance to execute the admin operation on
* @param method the type of admin operation to execute
* @return the {@link DatasetAdminOpResponse} from the HTTP handler
* @throws NamespaceNotFoundException if the requested namespace was not found
* @throws IOException if there was a problem in checking if the namespace exists over HTTP
* @throws UnauthorizedException if perimeter security and authorization are enabled, and the current user does not
* have -
* <ol>
* <li>{@link Action#ADMIN} privileges on the #instance (for "drop" or "truncate") </li>
* <li>any privileges on the #instance (for "exists")</li>
* <ol>
*/
DatasetAdminOpResponse executeAdmin(DatasetId instance, String method) throws Exception {
ensureNamespaceExists(instance.getParent());
Object result = null;
// NOTE: one cannot directly call create and drop, instead this should be called thru
// POST/DELETE @ /data/datasets/{instance-id}. Because we must create/drop metadata for these at same time
Principal principal = authenticationContext.getPrincipal();
switch(method) {
case "exists":
// ensure the user has some privilege on the dataset instance if it is not system dataset
if (!DatasetsUtil.isSystemDatasetInUserNamespace(instance)) {
AuthorizationUtil.ensureAccess(instance, authorizationEnforcer, principal);
}
result = opExecutorClient.exists(instance);
break;
case "truncate":
if (!DatasetsUtil.isSystemDatasetInUserNamespace(instance)) {
authorizationEnforcer.enforce(instance, principal, Action.ADMIN);
}
if (instanceManager.get(instance) == null) {
throw new DatasetNotFoundException(instance);
}
opExecutorClient.truncate(instance);
publishAudit(instance, AuditType.TRUNCATE);
break;
case "upgrade":
if (!DatasetsUtil.isSystemDatasetInUserNamespace(instance)) {
authorizationEnforcer.enforce(instance, principal, Action.ADMIN);
}
if (instanceManager.get(instance) == null) {
throw new DatasetNotFoundException(instance);
}
opExecutorClient.upgrade(instance);
publishAudit(instance, AuditType.UPDATE);
break;
default:
throw new HandlerException(HttpResponseStatus.NOT_FOUND, "Invalid admin operation: " + method);
}
return new DatasetAdminOpResponse(result, null);
}
use of io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse in project cdap by caskdata.
the class DatasetInstanceService method executeAdmin.
/**
* Executes an admin operation on a dataset.
*
* @param datasetId the datasetId to execute the admin operation on
* @param method the type of admin operation to execute
* @return the {@link DatasetAdminOpResponse} from the HTTP handler
* @throws NamespaceNotFoundException if the requested namespace was not found
* @throws IOException if there was a problem in checking if the namespace exists over HTTP
* @throws UnauthorizedException if perimeter security and authorization are enabled, and the current user does not
* have -
* <ol>
* <li>{@link StandardPermission#DELETE} privileges on the dataset for "truncate" </li>
* <li>{@link StandardPermission#UPDATE} privileges on the dataset for "upgrade" </li>
* <li>read privileges on the dataset for "exists"</li>
* <ol>
*/
DatasetAdminOpResponse executeAdmin(DatasetId datasetId, String method) throws Exception {
ensureNamespaceExists(datasetId.getParent());
Object result = null;
// NOTE: one cannot directly call create and drop, instead this should be called thru
// POST/DELETE @ /data/datasets/{datasetId-id}. Because we must create/drop metadata for these at same time
Principal principal = authenticationContext.getPrincipal();
switch(method) {
case "exists":
// ensure the user has some privilege on the dataset datasetId if it is not system dataset
if (!DatasetsUtil.isSystemDatasetInUserNamespace(datasetId)) {
accessEnforcer.enforce(datasetId, principal, StandardPermission.GET);
}
result = opExecutorClient.exists(datasetId);
break;
case "truncate":
if (!DatasetsUtil.isSystemDatasetInUserNamespace(datasetId)) {
accessEnforcer.enforce(datasetId, principal, StandardPermission.DELETE);
}
if (instanceManager.get(datasetId) == null) {
throw new DatasetNotFoundException(datasetId);
}
opExecutorClient.truncate(datasetId);
publishAudit(datasetId, AuditType.TRUNCATE);
break;
case "upgrade":
if (!DatasetsUtil.isSystemDatasetInUserNamespace(datasetId)) {
accessEnforcer.enforce(datasetId, principal, StandardPermission.UPDATE);
}
if (instanceManager.get(datasetId) == null) {
throw new DatasetNotFoundException(datasetId);
}
opExecutorClient.upgrade(datasetId);
publishAudit(datasetId, AuditType.UPDATE);
break;
default:
throw new HandlerException(HttpResponseStatus.NOT_FOUND, "Invalid admin operation: " + method);
}
return new DatasetAdminOpResponse(result, null);
}
Aggregations