use of io.hops.hopsworks.exceptions.AirflowException in project hopsworks by logicalclocks.
the class AirflowManager method prepareSecurityMaterial.
@Lock(LockType.READ)
@AccessTimeout(value = 1, unit = TimeUnit.SECONDS)
public void prepareSecurityMaterial(Users user, Project project, String[] audience) throws AirflowException {
isInitialized();
MaterializedJWTID materialID = new MaterializedJWTID(project.getId(), user.getUid(), MaterializedJWTID.USAGE.AIRFLOW);
if (!materializedJWTFacade.exists(materialID)) {
LocalDateTime expirationDate = DateUtils.getNow().plus(settings.getJWTLifetimeMs(), ChronoUnit.MILLIS);
AirflowJWT airflowJWT = new AirflowJWT(user.getUsername(), project.getId(), project.getName(), expirationDate, user.getUid());
try {
String[] roles = getUserRoles(user);
MaterializedJWT airflowMaterial = new MaterializedJWT(new MaterializedJWTID(project.getId(), user.getUid(), MaterializedJWTID.USAGE.AIRFLOW));
materializedJWTFacade.persist(airflowMaterial);
Map<String, Object> claims = new HashMap<>(3);
claims.put(Constants.RENEWABLE, false);
claims.put(Constants.EXPIRY_LEEWAY, settings.getJWTExpLeewaySec());
claims.put(Constants.ROLES, roles);
String token = jwtController.createToken(settings.getJWTSigningKeyName(), false, settings.getJWTIssuer(), audience, DateUtils.localDateTime2Date(expirationDate), DateUtils.localDateTime2Date(DateUtils.getNow()), user.getUsername(), claims, SignatureAlgorithm.valueOf(settings.getJWTSignatureAlg()));
String projectAirflowDir = getProjectSecretsDirectory(user.getUsername()).toString();
airflowJWT.tokenFile = Paths.get(projectAirflowDir, getTokenFileName(project.getName(), user.getUsername()));
airflowJWT.token = token;
writeTokenToFile(airflowJWT);
certificateMaterializer.materializeCertificatesLocalCustomDir(user.getUsername(), project.getName(), projectAirflowDir);
airflowJWTs.add(airflowJWT);
} catch (GeneralSecurityException | JWTException ex) {
deleteAirflowMaterial(materialID);
throw new AirflowException(RESTCodes.AirflowErrorCode.JWT_NOT_CREATED, Level.SEVERE, "Could not generate Airflow JWT for user " + user.getUsername(), ex.getMessage(), ex);
} catch (IOException ex) {
LOG.log(Level.WARNING, "Could not write Airflow JWT for user " + hdfsUsersController.getHdfsUserName(project, user), ex);
deleteAirflowMaterial(materialID);
try {
jwtController.invalidate(airflowJWT.token);
} catch (InvalidationException invEx) {
LOG.log(Level.FINE, "Could not invalidate Airflow JWT. Skipping...", ex);
}
throw new AirflowException(RESTCodes.AirflowErrorCode.JWT_NOT_STORED, Level.SEVERE, "Could not store Airflow JWT for user " + hdfsUsersController.getHdfsUserName(project, user), ex.getMessage(), ex);
}
}
}
use of io.hops.hopsworks.exceptions.AirflowException in project hopsworks by logicalclocks.
the class AirflowService method composeDAG.
@POST
@Path("/dag")
@Produces(MediaType.APPLICATION_JSON)
@AllowedProjectRoles({ AllowedProjectRoles.DATA_OWNER, AllowedProjectRoles.DATA_SCIENTIST })
@JWTRequired(acceptedTokens = { Audience.API }, allowedUserRoles = { "HOPS_ADMIN", "HOPS_USER" })
@ApiOperation(value = "Generate an Airflow Python DAG file from a DAG definition")
public Response composeDAG(AirflowDagDTO dagDefinition, @Context SecurityContext sc) throws AirflowException {
Users user = jwtHelper.getUserPrincipal(sc);
AirflowDAG dag = AirflowDagDTO.toAirflowDagTemplate(dagDefinition, user, project);
Map<String, Object> dataModel = new HashMap<>(4);
dataModel.put(AirflowJobLaunchOperator.class.getSimpleName(), AirflowJobLaunchOperator.class);
dataModel.put(AirflowJobSuccessSensor.class.getSimpleName(), AirflowJobSuccessSensor.class);
dataModel.put("dag", dag);
java.nio.file.Path outputFile = Paths.get(airflowJWTManager.getProjectDagDirectory(project.getId()).toString(), dagDefinition.getName() + ".py");
try (FileWriter out = new FileWriter(outputFile.toFile(), false)) {
templateEngine.template(AirflowDAG.TEMPLATE_NAME, dataModel, out);
} catch (IOException | TemplateException ex) {
throw new AirflowException(RESTCodes.AirflowErrorCode.DAG_NOT_TEMPLATED, Level.SEVERE, "Could not template DAG file for Project " + project.getName(), ex.getMessage(), ex);
}
return Response.ok().build();
}
use of io.hops.hopsworks.exceptions.AirflowException in project hopsworks by logicalclocks.
the class AirflowService method secretDir.
@GET
@Path("secretDir")
@Produces(MediaType.TEXT_PLAIN)
@AllowedProjectRoles({ AllowedProjectRoles.DATA_OWNER, AllowedProjectRoles.DATA_SCIENTIST })
@JWTRequired(acceptedTokens = { Audience.API }, allowedUserRoles = { "HOPS_ADMIN", "HOPS_USER" })
@ApiOperation(value = "Create project secret directory in Airflow home")
public Response secretDir(@Context SecurityContext sc) throws AirflowException {
String secret = DigestUtils.sha256Hex(Integer.toString(this.projectId));
java.nio.file.Path dagsDir = airflowJWTManager.getProjectDagDirectory(project.getId());
try {
// Instead of checking and setting the permissions, just set them as it is an idempotent operation
dagsDir.toFile().mkdirs();
Files.setPosixFilePermissions(dagsDir, DAGS_PERM);
} catch (IOException ex) {
throw new AirflowException(RESTCodes.AirflowErrorCode.AIRFLOW_DIRS_NOT_CREATED, Level.SEVERE, "Could not create Airlflow directories", ex.getMessage(), ex);
}
return noCacheResponse.getNoCacheResponseBuilder(Response.Status.OK).entity(secret).build();
}
Aggregations