Search in sources :

Example 1 with DatasetAdminOpResponse

use of io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse in project cdap by caskdata.

the class DatasetInstanceHandler method executeAdmin.

/**
   * Executes an admin operation on a dataset instance.
   *
   * @param namespaceId namespace of the dataset instance
   * @param name name of the dataset instance
   * @param method the admin operation to execute (e.g. "exists", "truncate", "upgrade")
   * @throws Exception
   */
@POST
@Path("/data/datasets/{name}/admin/{method}")
public void executeAdmin(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") String namespaceId, @PathParam("name") String name, @PathParam("method") String method) throws Exception {
    DatasetId instance = ConversionHelpers.toDatasetInstanceId(namespaceId, name);
    try {
        DatasetAdminOpResponse response = instanceService.executeAdmin(instance, method);
        responder.sendJson(HttpResponseStatus.OK, response);
    } catch (HandlerException e) {
        responder.sendStatus(e.getFailureStatus());
    }
}
Also used : HandlerException(co.cask.cdap.common.HandlerException) DatasetAdminOpResponse(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse) DatasetId(co.cask.cdap.proto.id.DatasetId) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 2 with DatasetAdminOpResponse

use of io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse in project cdap by caskdata.

the class DatasetInstanceService method executeAdmin.

/**
 * Executes an admin operation on a dataset instance.
 *
 * @param instance the instance to execute the admin operation on
 * @param method the type of admin operation to execute
 * @return the {@link DatasetAdminOpResponse} from the HTTP handler
 * @throws NamespaceNotFoundException if the requested namespace was not found
 * @throws IOException if there was a problem in checking if the namespace exists over HTTP
 * @throws UnauthorizedException if perimeter security and authorization are enabled, and the current user does not
 *  have -
 *  <ol>
 *    <li>{@link Action#ADMIN} privileges on the #instance (for "drop" or "truncate") </li>
 *    <li>any privileges on the #instance (for "exists")</li>
 *  <ol>
 */
DatasetAdminOpResponse executeAdmin(DatasetId instance, String method) throws Exception {
    ensureNamespaceExists(instance.getParent());
    Object result = null;
    // NOTE: one cannot directly call create and drop, instead this should be called thru
    // POST/DELETE @ /data/datasets/{instance-id}. Because we must create/drop metadata for these at same time
    Principal principal = authenticationContext.getPrincipal();
    switch(method) {
        case "exists":
            // ensure the user has some privilege on the dataset instance if it is not system dataset
            if (!DatasetsUtil.isSystemDatasetInUserNamespace(instance)) {
                AuthorizationUtil.ensureAccess(instance, authorizationEnforcer, principal);
            }
            result = opExecutorClient.exists(instance);
            break;
        case "truncate":
            if (!DatasetsUtil.isSystemDatasetInUserNamespace(instance)) {
                authorizationEnforcer.enforce(instance, principal, Action.ADMIN);
            }
            if (instanceManager.get(instance) == null) {
                throw new DatasetNotFoundException(instance);
            }
            opExecutorClient.truncate(instance);
            publishAudit(instance, AuditType.TRUNCATE);
            break;
        case "upgrade":
            if (!DatasetsUtil.isSystemDatasetInUserNamespace(instance)) {
                authorizationEnforcer.enforce(instance, principal, Action.ADMIN);
            }
            if (instanceManager.get(instance) == null) {
                throw new DatasetNotFoundException(instance);
            }
            opExecutorClient.upgrade(instance);
            publishAudit(instance, AuditType.UPDATE);
            break;
        default:
            throw new HandlerException(HttpResponseStatus.NOT_FOUND, "Invalid admin operation: " + method);
    }
    return new DatasetAdminOpResponse(result, null);
}
Also used : HandlerException(co.cask.cdap.common.HandlerException) DatasetNotFoundException(co.cask.cdap.common.DatasetNotFoundException) DatasetAdminOpResponse(co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse) Principal(co.cask.cdap.proto.security.Principal)

Example 3 with DatasetAdminOpResponse

use of io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse in project cdap by caskdata.

the class DatasetInstanceService method executeAdmin.

/**
 * Executes an admin operation on a dataset.
 *
 * @param datasetId the datasetId to execute the admin operation on
 * @param method the type of admin operation to execute
 * @return the {@link DatasetAdminOpResponse} from the HTTP handler
 * @throws NamespaceNotFoundException if the requested namespace was not found
 * @throws IOException if there was a problem in checking if the namespace exists over HTTP
 * @throws UnauthorizedException if perimeter security and authorization are enabled, and the current user does not
 *  have -
 *  <ol>
 *    <li>{@link StandardPermission#DELETE} privileges on the dataset for "truncate" </li>
 *    <li>{@link StandardPermission#UPDATE} privileges on the dataset for "upgrade" </li>
 *    <li>read privileges on the dataset for "exists"</li>
 *  <ol>
 */
DatasetAdminOpResponse executeAdmin(DatasetId datasetId, String method) throws Exception {
    ensureNamespaceExists(datasetId.getParent());
    Object result = null;
    // NOTE: one cannot directly call create and drop, instead this should be called thru
    // POST/DELETE @ /data/datasets/{datasetId-id}. Because we must create/drop metadata for these at same time
    Principal principal = authenticationContext.getPrincipal();
    switch(method) {
        case "exists":
            // ensure the user has some privilege on the dataset datasetId if it is not system dataset
            if (!DatasetsUtil.isSystemDatasetInUserNamespace(datasetId)) {
                accessEnforcer.enforce(datasetId, principal, StandardPermission.GET);
            }
            result = opExecutorClient.exists(datasetId);
            break;
        case "truncate":
            if (!DatasetsUtil.isSystemDatasetInUserNamespace(datasetId)) {
                accessEnforcer.enforce(datasetId, principal, StandardPermission.DELETE);
            }
            if (instanceManager.get(datasetId) == null) {
                throw new DatasetNotFoundException(datasetId);
            }
            opExecutorClient.truncate(datasetId);
            publishAudit(datasetId, AuditType.TRUNCATE);
            break;
        case "upgrade":
            if (!DatasetsUtil.isSystemDatasetInUserNamespace(datasetId)) {
                accessEnforcer.enforce(datasetId, principal, StandardPermission.UPDATE);
            }
            if (instanceManager.get(datasetId) == null) {
                throw new DatasetNotFoundException(datasetId);
            }
            opExecutorClient.upgrade(datasetId);
            publishAudit(datasetId, AuditType.UPDATE);
            break;
        default:
            throw new HandlerException(HttpResponseStatus.NOT_FOUND, "Invalid admin operation: " + method);
    }
    return new DatasetAdminOpResponse(result, null);
}
Also used : HandlerException(io.cdap.cdap.common.HandlerException) DatasetNotFoundException(io.cdap.cdap.common.DatasetNotFoundException) DatasetAdminOpResponse(io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse) Principal(io.cdap.cdap.proto.security.Principal)

Aggregations

HandlerException (co.cask.cdap.common.HandlerException)2 DatasetAdminOpResponse (co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse)2 DatasetNotFoundException (co.cask.cdap.common.DatasetNotFoundException)1 DatasetId (co.cask.cdap.proto.id.DatasetId)1 Principal (co.cask.cdap.proto.security.Principal)1 DatasetNotFoundException (io.cdap.cdap.common.DatasetNotFoundException)1 HandlerException (io.cdap.cdap.common.HandlerException)1 DatasetAdminOpResponse (io.cdap.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse)1 Principal (io.cdap.cdap.proto.security.Principal)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1