Search in sources :

Example 1 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class InsertValuesExecutor method execute.

// Part of required API.
@SuppressWarnings("unused")
public void execute(final ConfiguredStatement<InsertValues> statement, final SessionProperties sessionProperties, final KsqlExecutionContext executionContext, final ServiceContext serviceContext) {
    final InsertValues insertValues = statement.getStatement();
    final MetaStore metaStore = executionContext.getMetaStore();
    final KsqlConfig config = statement.getSessionConfig().getConfig(true);
    final DataSource dataSource = getDataSource(config, metaStore, insertValues);
    validateInsert(insertValues.getColumns(), dataSource);
    final ProducerRecord<byte[], byte[]> record = buildRecord(statement, metaStore, dataSource, serviceContext);
    try {
        producer.sendRecord(record, serviceContext, config.getProducerClientConfigProps());
    } catch (final TopicAuthorizationException e) {
        // TopicAuthorizationException does not give much detailed information about why it failed,
        // except which topics are denied. Here we just add the ACL to make the error message
        // consistent with other authorization error messages.
        final Exception rootCause = new KsqlTopicAuthorizationException(AclOperation.WRITE, e.unauthorizedTopics());
        throw new KsqlException(createInsertFailedExceptionMessage(insertValues), rootCause);
    } catch (final Exception e) {
        throw new KsqlException(createInsertFailedExceptionMessage(insertValues), e);
    }
}
Also used : KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) MetaStore(io.confluent.ksql.metastore.MetaStore) InsertValues(io.confluent.ksql.parser.tree.InsertValues) KsqlConfig(io.confluent.ksql.util.KsqlConfig) KsqlException(io.confluent.ksql.util.KsqlException) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) TopicAuthorizationException(org.apache.kafka.common.errors.TopicAuthorizationException) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) RestClientException(io.confluent.kafka.schemaregistry.client.rest.exceptions.RestClientException) KsqlException(io.confluent.ksql.util.KsqlException) KsqlStatementException(io.confluent.ksql.util.KsqlStatementException) ExecutionException(java.util.concurrent.ExecutionException) KsqlSchemaAuthorizationException(io.confluent.ksql.exception.KsqlSchemaAuthorizationException) TopicAuthorizationException(org.apache.kafka.common.errors.TopicAuthorizationException) DataSource(io.confluent.ksql.metastore.model.DataSource)

Example 2 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class StreamedQueryResourceTest method shouldReturnForbiddenKafkaAccessIfPrintTopicKsqlTopicAuthorizationException.

@Test
public void shouldReturnForbiddenKafkaAccessIfPrintTopicKsqlTopicAuthorizationException() {
    // Given:
    print = PreparedStatement.of("print", mock(PrintTopic.class));
    when(mockStatementParser.<PrintTopic>parseSingleStatement(PRINT_TOPIC)).thenReturn(print);
    doThrow(new KsqlTopicAuthorizationException(AclOperation.READ, Collections.singleton(TOPIC_NAME))).when(authorizationValidator).checkAuthorization(any(), any(), any());
    // When:
    final EndpointResponse response = testResource.streamQuery(securityContext, new KsqlRequest(PRINT_TOPIC, Collections.emptyMap(), Collections.emptyMap(), null), new CompletableFuture<>(), Optional.empty(), new MetricsCallbackHolder(), context);
    assertEquals(response.getStatus(), AUTHORIZATION_ERROR_RESPONSE.getStatus());
    assertEquals(response.getEntity(), AUTHORIZATION_ERROR_RESPONSE.getEntity());
}
Also used : KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) EndpointResponse(io.confluent.ksql.rest.EndpointResponse) MetricsCallbackHolder(io.confluent.ksql.api.server.MetricsCallbackHolder) KsqlRequest(io.confluent.ksql.rest.entity.KsqlRequest) PrintTopic(io.confluent.ksql.parser.tree.PrintTopic) Test(org.junit.Test)

Example 3 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class KsqlResourceTest method shouldReturnForbiddenKafkaAccessIfKsqlTopicAuthorizationException.

@Test
public void shouldReturnForbiddenKafkaAccessIfKsqlTopicAuthorizationException() {
    // Given:
    final String errorMsg = "some error";
    when(errorsHandler.generateResponse(any(), any())).thenReturn(EndpointResponse.create().status(FORBIDDEN.code()).entity(new KsqlErrorMessage(ERROR_CODE_FORBIDDEN_KAFKA_ACCESS, errorMsg)).build());
    doThrow(new KsqlTopicAuthorizationException(AclOperation.DELETE, Collections.singleton("topic"))).when(authorizationValidator).checkAuthorization(any(), any(), any());
    // When:
    final KsqlErrorMessage result = makeFailingRequest("DROP STREAM TEST_STREAM DELETE TOPIC;", FORBIDDEN.code());
    // Then:
    assertThat(result, is(instanceOf(KsqlErrorMessage.class)));
    assertThat(result.getErrorCode(), is(Errors.ERROR_CODE_FORBIDDEN_KAFKA_ACCESS));
    assertThat(result.getMessage(), is(errorMsg));
}
Also used : KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) KsqlErrorMessage(io.confluent.ksql.rest.entity.KsqlErrorMessage) Test(org.junit.Test)

Example 4 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class KafkaTopicClientImpl method deleteTopics.

@Override
public void deleteTopics(final Collection<String> topicsToDelete) {
    if (topicsToDelete.isEmpty()) {
        return;
    }
    final DeleteTopicsResult deleteTopicsResult = adminClient.get().deleteTopics(topicsToDelete);
    final Map<String, KafkaFuture<Void>> results = deleteTopicsResult.topicNameValues();
    final List<String> failList = Lists.newArrayList();
    final List<Pair<String, Throwable>> exceptionList = Lists.newArrayList();
    for (final Map.Entry<String, KafkaFuture<Void>> entry : results.entrySet()) {
        try {
            entry.getValue().get(30, TimeUnit.SECONDS);
        } catch (final Exception e) {
            final Throwable rootCause = ExceptionUtils.getRootCause(e);
            if (rootCause instanceof TopicDeletionDisabledException) {
                throw new TopicDeletionDisabledException("Topic deletion is disabled. " + "To delete the topic, you must set '" + DELETE_TOPIC_ENABLE + "' to true in " + "the Kafka broker configuration.");
            } else if (rootCause instanceof TopicAuthorizationException) {
                throw new KsqlTopicAuthorizationException(AclOperation.DELETE, Collections.singleton(entry.getKey()));
            } else if (!(rootCause instanceof UnknownTopicOrPartitionException)) {
                LOG.error(String.format("Could not delete topic '%s'", entry.getKey()), e);
                failList.add(entry.getKey());
                exceptionList.add(new Pair<>(entry.getKey(), rootCause));
            }
        }
    }
    if (!failList.isEmpty()) {
        throw new KafkaDeleteTopicsException("Failed to clean up topics: " + String.join(",", failList), exceptionList);
    }
}
Also used : KafkaFuture(org.apache.kafka.common.KafkaFuture) DeleteTopicsResult(org.apache.kafka.clients.admin.DeleteTopicsResult) UnknownTopicOrPartitionException(org.apache.kafka.common.errors.UnknownTopicOrPartitionException) TopicDeletionDisabledException(org.apache.kafka.common.errors.TopicDeletionDisabledException) KafkaDeleteTopicsException(io.confluent.ksql.exception.KafkaDeleteTopicsException) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) KafkaDeleteTopicsException(io.confluent.ksql.exception.KafkaDeleteTopicsException) KafkaResponseGetFailedException(io.confluent.ksql.exception.KafkaResponseGetFailedException) ExecutionException(java.util.concurrent.ExecutionException) KsqlServerException(io.confluent.ksql.util.KsqlServerException) TopicExistsException(org.apache.kafka.common.errors.TopicExistsException) TopicDeletionDisabledException(org.apache.kafka.common.errors.TopicDeletionDisabledException) TopicAuthorizationException(org.apache.kafka.common.errors.TopicAuthorizationException) KsqlException(io.confluent.ksql.util.KsqlException) UnsupportedVersionException(org.apache.kafka.common.errors.UnsupportedVersionException) UnknownTopicOrPartitionException(org.apache.kafka.common.errors.UnknownTopicOrPartitionException) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) Map(java.util.Map) KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) TopicAuthorizationException(org.apache.kafka.common.errors.TopicAuthorizationException) Pair(io.confluent.ksql.util.Pair)

Example 5 with KsqlTopicAuthorizationException

use of io.confluent.ksql.exception.KsqlTopicAuthorizationException in project ksql by confluentinc.

the class StreamedQueryResourceTest method shouldReturnForbiddenKafkaAccessForPullQueryAuthorizationDenied.

@Test
public void shouldReturnForbiddenKafkaAccessForPullQueryAuthorizationDenied() {
    // Given:
    when(mockStatementParser.<Query>parseSingleStatement(PULL_QUERY_STRING)).thenReturn(query);
    doThrow(new KsqlTopicAuthorizationException(AclOperation.READ, Collections.singleton(TOPIC_NAME))).when(authorizationValidator).checkAuthorization(any(), any(), any());
    // When:
    final EndpointResponse response = testResource.streamQuery(securityContext, new KsqlRequest(PULL_QUERY_STRING, Collections.emptyMap(), Collections.emptyMap(), null), new CompletableFuture<>(), Optional.empty(), new MetricsCallbackHolder(), context);
    final KsqlErrorMessage responseEntity = (KsqlErrorMessage) response.getEntity();
    final KsqlErrorMessage expectedEntity = (KsqlErrorMessage) AUTHORIZATION_ERROR_RESPONSE.getEntity();
    assertEquals(response.getStatus(), AUTHORIZATION_ERROR_RESPONSE.getStatus());
    assertEquals(responseEntity.getMessage(), expectedEntity.getMessage());
}
Also used : KsqlTopicAuthorizationException(io.confluent.ksql.exception.KsqlTopicAuthorizationException) EndpointResponse(io.confluent.ksql.rest.EndpointResponse) Query(io.confluent.ksql.parser.tree.Query) MetricsCallbackHolder(io.confluent.ksql.api.server.MetricsCallbackHolder) KsqlRequest(io.confluent.ksql.rest.entity.KsqlRequest) KsqlErrorMessage(io.confluent.ksql.rest.entity.KsqlErrorMessage) Test(org.junit.Test)

Aggregations

KsqlTopicAuthorizationException (io.confluent.ksql.exception.KsqlTopicAuthorizationException)7 Test (org.junit.Test)4 MetricsCallbackHolder (io.confluent.ksql.api.server.MetricsCallbackHolder)3 EndpointResponse (io.confluent.ksql.rest.EndpointResponse)3 KsqlErrorMessage (io.confluent.ksql.rest.entity.KsqlErrorMessage)3 KsqlRequest (io.confluent.ksql.rest.entity.KsqlRequest)3 KsqlException (io.confluent.ksql.util.KsqlException)3 ExecutionException (java.util.concurrent.ExecutionException)3 TopicAuthorizationException (org.apache.kafka.common.errors.TopicAuthorizationException)3 KafkaDeleteTopicsException (io.confluent.ksql.exception.KafkaDeleteTopicsException)2 KafkaResponseGetFailedException (io.confluent.ksql.exception.KafkaResponseGetFailedException)2 Query (io.confluent.ksql.parser.tree.Query)2 KsqlServerException (io.confluent.ksql.util.KsqlServerException)2 TopicDeletionDisabledException (org.apache.kafka.common.errors.TopicDeletionDisabledException)2 TopicExistsException (org.apache.kafka.common.errors.TopicExistsException)2 UnknownTopicOrPartitionException (org.apache.kafka.common.errors.UnknownTopicOrPartitionException)2 UnsupportedVersionException (org.apache.kafka.common.errors.UnsupportedVersionException)2 RestClientException (io.confluent.kafka.schemaregistry.client.rest.exceptions.RestClientException)1 KsqlSchemaAuthorizationException (io.confluent.ksql.exception.KsqlSchemaAuthorizationException)1 MetaStore (io.confluent.ksql.metastore.MetaStore)1