Search in sources :

Example 71 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class ProjectsAdmin method createProjectAsUser.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("/projects/createas")
public Response createProjectAsUser(@Context HttpServletRequest request, @Context SecurityContext sc, ProjectDTO projectDTO) throws DatasetException, GenericException, KafkaException, ProjectException, UserException, ServiceException, HopsSecurityException, FeaturestoreException, OpenSearchException, SchemaException, IOException {
    Users user = jWTHelper.getUserPrincipal(sc);
    if (user == null) {
        throw new UserException(RESTCodes.UserErrorCode.AUTHENTICATION_FAILURE, Level.WARNING, "Unauthorized or unknown user tried to create a Project as another user");
    }
    String username = projectDTO.getOwner();
    if (username == null) {
        LOGGER.log(Level.WARNING, "Owner username is null");
        throw new IllegalArgumentException("Owner email cannot be null");
    }
    Users owner = userFacade.findByUsername(username);
    if (owner == null) {
        throw new UserException(RESTCodes.UserErrorCode.USER_DOES_NOT_EXIST, Level.FINE, "user:" + username);
    }
    projectController.createProject(projectDTO, owner, request.getSession().getId());
    RESTApiJsonResponse response = new RESTApiJsonResponse();
    response.setSuccessMessage(ResponseMessages.PROJECT_CREATED);
    return noCacheResponse.getNoCacheResponseBuilder(Response.Status.CREATED).entity(response).build();
}
Also used : RESTApiJsonResponse(io.hops.hopsworks.api.util.RESTApiJsonResponse) Users(io.hops.hopsworks.persistence.entity.user.Users) UserException(io.hops.hopsworks.exceptions.UserException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 72 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class FeaturestoreSnowflakeConnectorController method updateSecret.

private Secret updateSecret(Users user, FeaturestoreSnowflakeConnectorDTO featurestoreSnowflakeConnectorDTO, FeaturestoreSnowflakeConnector snowflakeConnector) throws UserException, ProjectException {
    String secret;
    Secret existingSecret = getSecret(snowflakeConnector);
    secretsController.checkCanAccessSecret(existingSecret, user);
    if (!Strings.isNullOrEmpty(featurestoreSnowflakeConnectorDTO.getPassword())) {
        secret = featurestoreSnowflakeConnectorDTO.getPassword();
    } else {
        secret = featurestoreSnowflakeConnectorDTO.getToken();
    }
    try {
        existingSecret.setSecret(secretsController.encryptSecret(secret));
    } catch (IOException | GeneralSecurityException e) {
        throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error encrypting secret", "Could not encrypt Secret " + existingSecret.getId().getName(), e);
    }
    return existingSecret;
}
Also used : Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) UserException(io.hops.hopsworks.exceptions.UserException)

Example 73 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class StorageConnectorUtil method getSecret.

public <T> T getSecret(Secret secret, Class<T> valueType) throws FeaturestoreException {
    T secretClass = null;
    if (secret != null) {
        try {
            Users owner = userFacade.find(secret.getId().getUid());
            // check if the calling user is part of the project with the shared feature store is done in feature store
            // service, so we can get the secret here with owner/owner
            SecretPlaintext plainText = secretsController.getShared(owner, owner, secret.getId().getName());
            if (valueType == String.class) {
                secretClass = (T) plainText.getPlaintext();
            } else {
                secretClass = objectMapper.readValue(plainText.getPlaintext(), valueType);
            }
        } catch (UserException | IOException | ServiceException | ProjectException e) {
            throw new FeaturestoreException(RESTCodes.FeaturestoreErrorCode.STORAGE_CONNECTOR_GET_ERROR, Level.FINE, "Unable to retrieve Secret " + secret.getId().getName() + " for this storage connector.", e.getMessage());
        }
    }
    return secretClass;
}
Also used : ProjectException(io.hops.hopsworks.exceptions.ProjectException) ServiceException(io.hops.hopsworks.exceptions.ServiceException) Users(io.hops.hopsworks.persistence.entity.user.Users) SecretPlaintext(io.hops.hopsworks.common.dao.user.security.secrets.SecretPlaintext) UserException(io.hops.hopsworks.exceptions.UserException) IOException(java.io.IOException) FeaturestoreException(io.hops.hopsworks.exceptions.FeaturestoreException)

Example 74 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class FeaturestoreS3ConnectorController method updateSecret.

private Secret updateSecret(Users user, FeaturestoreS3ConnectorDTO featurestoreS3ConnectorDTO, Featurestore featurestore, FeaturestoreS3Connector featurestoreS3Connector) throws UserException, FeaturestoreException, ProjectException {
    Secret secret = featurestoreS3Connector.getSecret();
    if (secret != null) {
        secretsController.checkCanAccessSecret(secret, user);
    }
    if (secret == null && keysNotNullOrEmpty(featurestoreS3ConnectorDTO)) {
        verifyS3ConnectorAccessKey(featurestoreS3ConnectorDTO.getAccessKey());
        verifyS3ConnectorSecretKey(featurestoreS3ConnectorDTO.getSecretKey());
        setSecret(user, featurestoreS3ConnectorDTO, featurestoreS3Connector, featurestore);
    } else if (keysNotNullOrEmpty(featurestoreS3ConnectorDTO)) {
        try {
            verifyS3ConnectorAccessKey(featurestoreS3ConnectorDTO.getAccessKey());
            verifyS3ConnectorSecretKey(featurestoreS3ConnectorDTO.getSecretKey());
            String jsonSecretString = createS3AccessAndSecretKeysSecret(featurestoreS3ConnectorDTO.getAccessKey(), featurestoreS3ConnectorDTO.getSecretKey());
            secret.setSecret(secretsController.encryptSecret(jsonSecretString));
        } catch (IOException | GeneralSecurityException e) {
            throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error encrypting secret", "Could not encrypt Secret " + secret.getId().getName(), e);
        }
    } else {
        featurestoreS3Connector.setSecret(null);
    // Secret can't be removed here b/c of ON DELETE RESTRICT
    }
    return secret;
}
Also used : Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) UserException(io.hops.hopsworks.exceptions.UserException)

Example 75 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class ApiKeyResource method getScopes.

@GET
@Path("scopes")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Get all api key scopes.")
@JWTRequired(acceptedTokens = { Audience.API }, allowedUserRoles = { "HOPS_ADMIN", "HOPS_USER" })
public Response getScopes(@Context SecurityContext sc) throws UserException {
    Users user = jwtHelper.getUserPrincipal(sc);
    if (user == null) {
        throw new UserException(RESTCodes.UserErrorCode.USER_WAS_NOT_FOUND, Level.FINE);
    }
    Set<ApiScope> scopes = getScopesForUser(user);
    GenericEntity<Set<ApiScope>> scopeEntity = new GenericEntity<Set<ApiScope>>(scopes) {
    };
    return Response.ok().entity(scopeEntity).build();
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) GenericEntity(javax.ws.rs.core.GenericEntity) ApiScope(io.hops.hopsworks.persistence.entity.user.security.apiKey.ApiScope) Users(io.hops.hopsworks.persistence.entity.user.Users) UserException(io.hops.hopsworks.exceptions.UserException) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) JWTRequired(io.hops.hopsworks.jwt.annotation.JWTRequired) ApiOperation(io.swagger.annotations.ApiOperation)

Aggregations

UserException (io.hops.hopsworks.exceptions.UserException)77 Users (io.hops.hopsworks.persistence.entity.user.Users)34 HttpServletRequest (javax.servlet.http.HttpServletRequest)16 Produces (javax.ws.rs.Produces)15 Path (javax.ws.rs.Path)12 IOException (java.io.IOException)11 ApiOperation (io.swagger.annotations.ApiOperation)10 ServiceException (io.hops.hopsworks.exceptions.ServiceException)9 MessagingException (javax.mail.MessagingException)9 GET (javax.ws.rs.GET)9 ProjectException (io.hops.hopsworks.exceptions.ProjectException)8 Project (io.hops.hopsworks.persistence.entity.project.Project)8 EJBException (javax.ejb.EJBException)8 FacesContext (javax.faces.context.FacesContext)8 FeaturestoreException (io.hops.hopsworks.exceptions.FeaturestoreException)7 JWTRequired (io.hops.hopsworks.jwt.annotation.JWTRequired)6 BbcGroup (io.hops.hopsworks.persistence.entity.user.BbcGroup)6 Secret (io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)6 HopsSecurityException (io.hops.hopsworks.exceptions.HopsSecurityException)5 KafkaException (io.hops.hopsworks.exceptions.KafkaException)5