use of io.hops.hopsworks.persistence.entity.user.Users in project hopsworks by logicalclocks.
the class JupyterJWTManager method recover.
protected void recover() {
LOG.log(INFO, "Starting Jupyter JWT manager recovery");
List<MaterializedJWT> failed2recover = new ArrayList<>();
// Get state from the database
for (MaterializedJWT materializedJWT : materializedJWTFacade.findAll4Jupyter()) {
LOG.log(Level.FINEST, "Recovering Jupyter JWT " + materializedJWT.getIdentifier());
// First lookup project and user in db
Project project = projectFacade.find(materializedJWT.getIdentifier().getProjectId());
Users user = userFacade.find(materializedJWT.getIdentifier().getUserId());
if (project == null || user == null) {
LOG.log(Level.WARNING, "Tried to recover " + materializedJWT.getIdentifier() + " but could not find " + "either Project or User");
failed2recover.add(materializedJWT);
continue;
}
// Get Jupyter configuration from db
String hdfsUsername = hdfsUsersController.getHdfsUserName(project, user);
JupyterProject jupyterProject = jupyterFacade.findByUser(hdfsUsername);
if (jupyterProject == null) {
LOG.log(Level.FINEST, "There is no Jupyter configuration persisted for " + materializedJWT.getIdentifier());
failed2recover.add(materializedJWT);
continue;
}
// Check if Jupyter is still running
if (!jupyterManager.ping(jupyterProject)) {
LOG.log(Level.FINEST, "Jupyter server is not running for " + materializedJWT.getIdentifier() + " Skip recovering...");
failed2recover.add(materializedJWT);
continue;
}
JupyterSettings jupyterSettings = jupyterSettingsFacade.findByProjectUser(project, user.getEmail());
Path tokenFile = constructTokenFilePath(jupyterSettings);
String token = null;
JupyterJWT jupyterJWT = null;
CidAndPort pidAndPort = new CidAndPort(jupyterProject.getCid(), jupyterProject.getPort());
try {
token = FileUtils.readFileToString(tokenFile.toFile());
DecodedJWT decodedJWT = jwtController.verifyToken(token, settings.getJWTIssuer());
jupyterJWT = new JupyterJWT(project, user, DateUtils.date2LocalDateTime(decodedJWT.getExpiresAt()), pidAndPort);
jupyterJWT.token = token;
jupyterJWT.tokenFile = tokenFile;
LOG.log(Level.FINE, "Successfully read existing JWT from local filesystem");
} catch (IOException | JWTException | JWTDecodeException ex) {
LOG.log(Level.FINE, "Could not recover Jupyter JWT from local filesystem, generating new!", ex);
// JWT does not exist or it is not valid any longer
// We should create a new one
String[] audience = new String[] { "api" };
LocalDateTime expirationDate = LocalDateTime.now().plus(settings.getJWTLifetimeMs(), ChronoUnit.MILLIS);
String[] userRoles = usersController.getUserRoles(user).toArray(new String[1]);
try {
Map<String, Object> claims = new HashMap<>(3);
claims.put(Constants.RENEWABLE, false);
claims.put(Constants.EXPIRY_LEEWAY, settings.getJWTExpLeewaySec());
claims.put(Constants.ROLES, userRoles);
token = jwtController.createToken(settings.getJWTSigningKeyName(), false, settings.getJWTIssuer(), audience, DateUtils.localDateTime2Date(expirationDate), DateUtils.localDateTime2Date(DateUtils.getNow()), user.getUsername(), claims, SignatureAlgorithm.valueOf(settings.getJWTSignatureAlg()));
jupyterJWT = new JupyterJWT(project, user, expirationDate, pidAndPort);
jupyterJWT.token = token;
jupyterJWT.tokenFile = tokenFile;
jwtTokenWriter.writeToken(settings, jupyterJWT);
LOG.log(Level.FINE, "Generated new Jupyter JWT cause could not recover existing");
} catch (IOException recIOEx) {
LOG.log(Level.WARNING, "Failed to recover Jupyter JWT for " + materializedJWT.getIdentifier() + ", generated new valid JWT but failed to write to local filesystem. Invalidating new token!" + " Continue recovering...");
if (token != null) {
try {
jwtController.invalidate(token);
} catch (InvalidationException jwtInvEx) {
// NO-OP
}
}
failed2recover.add(materializedJWT);
continue;
} catch (GeneralSecurityException | JWTException jwtEx) {
LOG.log(Level.WARNING, "Failed to recover Jupyter JWT for " + materializedJWT.getIdentifier() + ", tried to generate new token and it failed as well. Could not recover! Continue recovering...");
// Did our best, it's good to know when you should give up
failed2recover.add(materializedJWT);
continue;
}
}
addToken(jupyterJWT);
}
// Remove from the database entries that we failed to recover
for (MaterializedJWT failedRecovery : failed2recover) {
materializedJWTFacade.delete(failedRecovery.getIdentifier());
}
LOG.log(INFO, "Finished Jupyter JWT recovery");
}
use of io.hops.hopsworks.persistence.entity.user.Users in project hopsworks by logicalclocks.
the class MessageController method sendToMany.
/**
* Sends message to multiple users.
* <p>
* @param recipients list of the receivers
* @param from the sender
* @param subject
* @param msg the message text
* @param requestPath requestPath if the message is a request this will
* contain the path
* to the requested dataset or project.
*/
public void sendToMany(List<Users> recipients, Users from, String subject, String msg, String requestPath) {
Date now = new Date();
if (recipients == null || recipients.isEmpty()) {
throw new IllegalArgumentException("No recipient specified.");
}
if (msg == null || msg.isEmpty()) {
throw new IllegalArgumentException("Message is empty.");
}
if (msg.length() > MAX_MESSAGE_SIZE) {
throw new IllegalArgumentException("Message too long.");
}
for (Users u : recipients) {
Message newMsg = // recipients,
new Message(from, u, now, msg, true, false);
newMsg.setPath(requestPath);
newMsg.setSubject(subject);
messageFacade.save(newMsg);
}
}
use of io.hops.hopsworks.persistence.entity.user.Users in project hopsworks by logicalclocks.
the class ProjectController method addServiceUser.
private Future<CertificatesController.CertsResult> addServiceUser(Project project, String username) throws IOException, HopsSecurityException, ProjectException {
// Add the Serving Manager user to the project team
Users serviceUser = userFacade.findByUsername(username);
ProjectTeamPK stp = new ProjectTeamPK(project.getId(), serviceUser.getEmail());
ProjectTeam st = new ProjectTeam(stp);
st.setTeamRole(ProjectRoleTypes.DATA_SCIENTIST.getRole());
st.setTimestamp(new Date());
st.setUser(serviceUser);
// Not fetched by jpa from project id in PK
st.setProject(project);
projectTeamFacade.persistProjectTeam(st);
// Create the Hdfs user
hdfsUsersController.addNewMember(st);
// Create the certificate for this project user
Future<CertificatesController.CertsResult> certsResultFuture = null;
try {
certsResultFuture = certificatesController.generateCertificates(project, serviceUser);
} catch (Exception e) {
throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CERT_CREATION_ERROR, Level.SEVERE, "failed adding service user to project: " + project.getName() + "owner: " + username, e.getMessage(), e);
}
// trigger project team role add handlers
ProjectTeamRoleHandler.runProjectTeamRoleAddMembersHandlers(projectTeamRoleHandlers, project, Collections.singletonList(serviceUser), ProjectRoleTypes.fromString(st.getTeamRole()), true);
return certsResultFuture;
}
use of io.hops.hopsworks.persistence.entity.user.Users in project hopsworks by logicalclocks.
the class ProjectController method sendInbox.
private void sendInbox(String message, String userRequested) {
Users to = userFacade.findByEmail(userRequested);
Users from = userFacade.findByEmail(settings.getAdminEmail());
messageController.send(to, from, "Force project cleanup", "ServiceStatus", message, "");
}
use of io.hops.hopsworks.persistence.entity.user.Users in project hopsworks by logicalclocks.
the class LivyController method deleteAllLivySessions.
/**
* Delete all Livy sessions.
*
* @param hdfsUser
*/
public void deleteAllLivySessions(String hdfsUser) {
String username = hdfsUsersController.getUserName(hdfsUser);
String projectname = hdfsUsersController.getProjectName(hdfsUser);
Users user = userFacade.findByUsername(username);
Project project = projectFacade.findByName(projectname);
List<LivyMsg.Session> sessions;
sessions = getLivySessionsForProjectUser(project, user);
for (LivyMsg.Session session : sessions) {
deleteLivySession(session.getId());
}
}
Aggregations