use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.
the class InsertValuesExecutor method execute.
// Part of required API.
@SuppressWarnings("unused")
public void execute(final ConfiguredStatement<InsertValues> statement, final SessionProperties sessionProperties, final KsqlExecutionContext executionContext, final ServiceContext serviceContext) {
final InsertValues insertValues = statement.getStatement();
final MetaStore metaStore = executionContext.getMetaStore();
final KsqlConfig config = statement.getSessionConfig().getConfig(true);
final DataSource dataSource = getDataSource(config, metaStore, insertValues);
validateInsert(insertValues.getColumns(), dataSource);
final ProducerRecord<byte[], byte[]> record = buildRecord(statement, metaStore, dataSource, serviceContext);
try {
producer.sendRecord(record, serviceContext, config.getProducerClientConfigProps());
} catch (final TopicAuthorizationException e) {
// TopicAuthorizationException does not give much detailed information about why it failed,
// except which topics are denied. Here we just add the ACL to make the error message
// consistent with other authorization error messages.
final Exception rootCause = new KsqlTopicAuthorizationException(AclOperation.WRITE, e.unauthorizedTopics());
throw new KsqlException(createInsertFailedExceptionMessage(insertValues), rootCause);
} catch (final Exception e) {
throw new KsqlException(createInsertFailedExceptionMessage(insertValues), e);
}
}
use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.
the class StreamedQueryResourceTest method shouldReturnForbiddenKafkaAccessIfPrintTopicKsqlTopicAuthorizationException.
@Test
public void shouldReturnForbiddenKafkaAccessIfPrintTopicKsqlTopicAuthorizationException() {
// Given:
print = PreparedStatement.of("print", mock(PrintTopic.class));
when(mockStatementParser.<PrintTopic>parseSingleStatement(PRINT_TOPIC)).thenReturn(print);
doThrow(new KsqlTopicAuthorizationException(AclOperation.READ, Collections.singleton(TOPIC_NAME))).when(authorizationValidator).checkAuthorization(any(), any(), any());
// When:
final EndpointResponse response = testResource.streamQuery(securityContext, new KsqlRequest(PRINT_TOPIC, Collections.emptyMap(), Collections.emptyMap(), null), new CompletableFuture<>(), Optional.empty(), new MetricsCallbackHolder(), context);
assertEquals(response.getStatus(), AUTHORIZATION_ERROR_RESPONSE.getStatus());
assertEquals(response.getEntity(), AUTHORIZATION_ERROR_RESPONSE.getEntity());
}
use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.
the class KsqlResourceTest method shouldReturnForbiddenKafkaAccessIfKsqlTopicAuthorizationException.
@Test
public void shouldReturnForbiddenKafkaAccessIfKsqlTopicAuthorizationException() {
// Given:
final String errorMsg = "some error";
when(errorsHandler.generateResponse(any(), any())).thenReturn(EndpointResponse.create().status(FORBIDDEN.code()).entity(new KsqlErrorMessage(ERROR_CODE_FORBIDDEN_KAFKA_ACCESS, errorMsg)).build());
doThrow(new KsqlTopicAuthorizationException(AclOperation.DELETE, Collections.singleton("topic"))).when(authorizationValidator).checkAuthorization(any(), any(), any());
// When:
final KsqlErrorMessage result = makeFailingRequest("DROP STREAM TEST_STREAM DELETE TOPIC;", FORBIDDEN.code());
// Then:
assertThat(result, is(instanceOf(KsqlErrorMessage.class)));
assertThat(result.getErrorCode(), is(Errors.ERROR_CODE_FORBIDDEN_KAFKA_ACCESS));
assertThat(result.getMessage(), is(errorMsg));
}
use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.
the class KafkaTopicClientImpl method deleteTopics.
@Override
public void deleteTopics(final Collection<String> topicsToDelete) {
if (topicsToDelete.isEmpty()) {
return;
}
final DeleteTopicsResult deleteTopicsResult = adminClient.get().deleteTopics(topicsToDelete);
final Map<String, KafkaFuture<Void>> results = deleteTopicsResult.topicNameValues();
final List<String> failList = Lists.newArrayList();
final List<Pair<String, Throwable>> exceptionList = Lists.newArrayList();
for (final Map.Entry<String, KafkaFuture<Void>> entry : results.entrySet()) {
try {
entry.getValue().get(30, TimeUnit.SECONDS);
} catch (final Exception e) {
final Throwable rootCause = ExceptionUtils.getRootCause(e);
if (rootCause instanceof TopicDeletionDisabledException) {
throw new TopicDeletionDisabledException("Topic deletion is disabled. " + "To delete the topic, you must set '" + DELETE_TOPIC_ENABLE + "' to true in " + "the Kafka broker configuration.");
} else if (rootCause instanceof TopicAuthorizationException) {
throw new KsqlTopicAuthorizationException(AclOperation.DELETE, Collections.singleton(entry.getKey()));
} else if (!(rootCause instanceof UnknownTopicOrPartitionException)) {
LOG.error(String.format("Could not delete topic '%s'", entry.getKey()), e);
failList.add(entry.getKey());
exceptionList.add(new Pair<>(entry.getKey(), rootCause));
}
}
}
if (!failList.isEmpty()) {
throw new KafkaDeleteTopicsException("Failed to clean up topics: " + String.join(",", failList), exceptionList);
}
}
use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.
the class StreamedQueryResourceTest method shouldReturnForbiddenKafkaAccessForPullQueryAuthorizationDenied.
@Test
public void shouldReturnForbiddenKafkaAccessForPullQueryAuthorizationDenied() {
// Given:
when(mockStatementParser.<Query>parseSingleStatement(PULL_QUERY_STRING)).thenReturn(query);
doThrow(new KsqlTopicAuthorizationException(AclOperation.READ, Collections.singleton(TOPIC_NAME))).when(authorizationValidator).checkAuthorization(any(), any(), any());
// When:
final EndpointResponse response = testResource.streamQuery(securityContext, new KsqlRequest(PULL_QUERY_STRING, Collections.emptyMap(), Collections.emptyMap(), null), new CompletableFuture<>(), Optional.empty(), new MetricsCallbackHolder(), context);
final KsqlErrorMessage responseEntity = (KsqlErrorMessage) response.getEntity();
final KsqlErrorMessage expectedEntity = (KsqlErrorMessage) AUTHORIZATION_ERROR_RESPONSE.getEntity();
assertEquals(response.getStatus(), AUTHORIZATION_ERROR_RESPONSE.getStatus());
assertEquals(responseEntity.getMessage(), expectedEntity.getMessage());
}
Aggregations