Examples with KsqlTopicAuthorizationException io.confluent.ksql.exception.KsqlTopicAuthorizationException used on opensource projects

Example 1 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class InsertValuesExecutor method execute.

// Part of required API.
@SuppressWarnings("unused")
public void execute(final ConfiguredStatement<InsertValues> statement, final SessionProperties sessionProperties, final KsqlExecutionContext executionContext, final ServiceContext serviceContext) {
    final InsertValues insertValues = statement.getStatement();
    final MetaStore metaStore = executionContext.getMetaStore();
    final KsqlConfig config = statement.getSessionConfig().getConfig(true);
    final DataSource dataSource = getDataSource(config, metaStore, insertValues);
    validateInsert(insertValues.getColumns(), dataSource);
    final ProducerRecord<byte[], byte[]> record = buildRecord(statement, metaStore, dataSource, serviceContext);
    try {
        producer.sendRecord(record, serviceContext, config.getProducerClientConfigProps());
    } catch (final TopicAuthorizationException e) {
        // TopicAuthorizationException does not give much detailed information about why it failed,
        // except which topics are denied. Here we just add the ACL to make the error message
        // consistent with other authorization error messages.
        final Exception rootCause = new KsqlTopicAuthorizationException(AclOperation.WRITE, e.unauthorizedTopics());
        throw new KsqlException(createInsertFailedExceptionMessage(insertValues), rootCause);
    } catch (final Exception e) {
        throw new KsqlException(createInsertFailedExceptionMessage(insertValues), e);
    }
}

Example 2 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class StreamedQueryResourceTest method shouldReturnForbiddenKafkaAccessIfPrintTopicKsqlTopicAuthorizationException.

@Test
public void shouldReturnForbiddenKafkaAccessIfPrintTopicKsqlTopicAuthorizationException() {
    // Given:
    print = PreparedStatement.of("print", mock(PrintTopic.class));
    when(mockStatementParser.<PrintTopic>parseSingleStatement(PRINT_TOPIC)).thenReturn(print);
    doThrow(new KsqlTopicAuthorizationException(AclOperation.READ, Collections.singleton(TOPIC_NAME))).when(authorizationValidator).checkAuthorization(any(), any(), any());
    // When:
    final EndpointResponse response = testResource.streamQuery(securityContext, new KsqlRequest(PRINT_TOPIC, Collections.emptyMap(), Collections.emptyMap(), null), new CompletableFuture<>(), Optional.empty(), new MetricsCallbackHolder(), context);
    assertEquals(response.getStatus(), AUTHORIZATION_ERROR_RESPONSE.getStatus());
    assertEquals(response.getEntity(), AUTHORIZATION_ERROR_RESPONSE.getEntity());
}

Example 3 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class KsqlResourceTest method shouldReturnForbiddenKafkaAccessIfKsqlTopicAuthorizationException.

@Test
public void shouldReturnForbiddenKafkaAccessIfKsqlTopicAuthorizationException() {
    // Given:
    final String errorMsg = "some error";
    when(errorsHandler.generateResponse(any(), any())).thenReturn(EndpointResponse.create().status(FORBIDDEN.code()).entity(new KsqlErrorMessage(ERROR_CODE_FORBIDDEN_KAFKA_ACCESS, errorMsg)).build());
    doThrow(new KsqlTopicAuthorizationException(AclOperation.DELETE, Collections.singleton("topic"))).when(authorizationValidator).checkAuthorization(any(), any(), any());
    // When:
    final KsqlErrorMessage result = makeFailingRequest("DROP STREAM TEST_STREAM DELETE TOPIC;", FORBIDDEN.code());
    // Then:
    assertThat(result, is(instanceOf(KsqlErrorMessage.class)));
    assertThat(result.getErrorCode(), is(Errors.ERROR_CODE_FORBIDDEN_KAFKA_ACCESS));
    assertThat(result.getMessage(), is(errorMsg));
}

Example 4 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class KafkaTopicClientImpl method deleteTopics.

@Override
public void deleteTopics(final Collection<String> topicsToDelete) {
    if (topicsToDelete.isEmpty()) {
        return;
    }
    final DeleteTopicsResult deleteTopicsResult = adminClient.get().deleteTopics(topicsToDelete);
    final Map<String, KafkaFuture<Void>> results = deleteTopicsResult.topicNameValues();
    final List<String> failList = Lists.newArrayList();
    final List<Pair<String, Throwable>> exceptionList = Lists.newArrayList();
    for (final Map.Entry<String, KafkaFuture<Void>> entry : results.entrySet()) {
        try {
            entry.getValue().get(30, TimeUnit.SECONDS);
        } catch (final Exception e) {
            final Throwable rootCause = ExceptionUtils.getRootCause(e);
            if (rootCause instanceof TopicDeletionDisabledException) {
                throw new TopicDeletionDisabledException("Topic deletion is disabled. " + "To delete the topic, you must set '" + DELETE_TOPIC_ENABLE + "' to true in " + "the Kafka broker configuration.");
            } else if (rootCause instanceof TopicAuthorizationException) {
                throw new KsqlTopicAuthorizationException(AclOperation.DELETE, Collections.singleton(entry.getKey()));
            } else if (!(rootCause instanceof UnknownTopicOrPartitionException)) {
                LOG.error(String.format("Could not delete topic '%s'", entry.getKey()), e);
                failList.add(entry.getKey());
                exceptionList.add(new Pair<>(entry.getKey(), rootCause));
            }
        }
    }
    if (!failList.isEmpty()) {
        throw new KafkaDeleteTopicsException("Failed to clean up topics: " + String.join(",", failList), exceptionList);
    }
}

Example 5 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class StreamedQueryResourceTest method shouldReturnForbiddenKafkaAccessForPullQueryAuthorizationDenied.

@Test
public void shouldReturnForbiddenKafkaAccessForPullQueryAuthorizationDenied() {
    // Given:
    when(mockStatementParser.<Query>parseSingleStatement(PULL_QUERY_STRING)).thenReturn(query);
    doThrow(new KsqlTopicAuthorizationException(AclOperation.READ, Collections.singleton(TOPIC_NAME))).when(authorizationValidator).checkAuthorization(any(), any(), any());
    // When:
    final EndpointResponse response = testResource.streamQuery(securityContext, new KsqlRequest(PULL_QUERY_STRING, Collections.emptyMap(), Collections.emptyMap(), null), new CompletableFuture<>(), Optional.empty(), new MetricsCallbackHolder(), context);
    final KsqlErrorMessage responseEntity = (KsqlErrorMessage) response.getEntity();
    final KsqlErrorMessage expectedEntity = (KsqlErrorMessage) AUTHORIZATION_ERROR_RESPONSE.getEntity();
    assertEquals(response.getStatus(), AUTHORIZATION_ERROR_RESPONSE.getStatus());
    assertEquals(responseEntity.getMessage(), expectedEntity.getMessage());
}