Search in sources :

Example 6 with AuthenticationException

use of io.pravega.common.auth.AuthenticationException in project pravega by pravega.

the class StreamMetadataResourceImpl method updateStream.

/**
 * Implementation of updateStream REST API.
 *
 * @param scopeName           The scope name of stream.
 * @param streamName          The name of stream.
 * @param updateStreamRequest The object conforming to updateStreamConfig request json.
 * @param securityContext     The security for API access.
 * @param asyncResponse       AsyncResponse provides means for asynchronous server side response processing.
 */
@Override
public void updateStream(final String scopeName, final String streamName, final UpdateStreamRequest updateStreamRequest, final SecurityContext securityContext, final AsyncResponse asyncResponse) {
    long traceId = LoggerHelpers.traceEnter(log, "updateStream");
    try {
        authenticate(scopeName + "/" + streamName, READ_UPDATE);
    } catch (AuthenticationException e) {
        log.warn("Update stream for {} failed due to authentication failure.", scopeName + "/" + streamName);
        asyncResponse.resume(Response.status(Status.UNAUTHORIZED).build());
        LoggerHelpers.traceLeave(log, "Update stream", traceId);
        return;
    }
    StreamConfiguration streamConfiguration = ModelHelper.getUpdateStreamConfig(updateStreamRequest, scopeName, streamName);
    controllerService.updateStream(streamConfiguration).thenApply(streamStatus -> {
        if (streamStatus.getStatus() == UpdateStreamStatus.Status.SUCCESS) {
            log.info("Successfully updated stream config for: {}/{}", scopeName, streamName);
            return Response.status(Status.OK).entity(ModelHelper.encodeStreamResponse(streamConfiguration)).build();
        } else if (streamStatus.getStatus() == UpdateStreamStatus.Status.STREAM_NOT_FOUND || streamStatus.getStatus() == UpdateStreamStatus.Status.SCOPE_NOT_FOUND) {
            log.warn("Stream: {}/{} not found", scopeName, streamName);
            return Response.status(Status.NOT_FOUND).build();
        } else {
            log.warn("updateStream failed for {}/{}", scopeName, streamName);
            return Response.status(Status.INTERNAL_SERVER_ERROR).build();
        }
    }).exceptionally(exception -> {
        log.warn("updateStream for {}/{} failed with exception: {}", scopeName, streamName, exception);
        return Response.status(Status.INTERNAL_SERVER_ERROR).build();
    }).thenApply(asyncResponse::resume).thenAccept(x -> LoggerHelpers.traceLeave(log, "updateStream", traceId));
}
Also used : AuthenticationException(io.pravega.common.auth.AuthenticationException) Arrays(java.util.Arrays) ApiV1(io.pravega.controller.server.rest.v1.ApiV1) READ(io.pravega.auth.AuthHandler.Permissions.READ) StreamsList(io.pravega.controller.server.rest.generated.model.StreamsList) AuthHandler(io.pravega.auth.AuthHandler) SecurityContext(javax.ws.rs.core.SecurityContext) ReaderGroupManagerImpl(io.pravega.client.admin.impl.ReaderGroupManagerImpl) ReaderGroup(io.pravega.client.stream.ReaderGroup) StreamConfiguration(io.pravega.client.stream.StreamConfiguration) LocalController(io.pravega.controller.server.eventProcessor.LocalController) StoreException(io.pravega.controller.store.stream.StoreException) ClientFactoryImpl(io.pravega.client.stream.impl.ClientFactoryImpl) ReaderGroupManager(io.pravega.client.admin.ReaderGroupManager) Map(java.util.Map) ReaderGroupProperty(io.pravega.controller.server.rest.generated.model.ReaderGroupProperty) INTERNAL_NAME_PREFIX(io.pravega.shared.NameUtils.INTERNAL_NAME_PREFIX) DeleteScopeStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteScopeStatus) CreateStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateStreamStatus) Context(javax.ws.rs.core.Context) AsyncResponse(javax.ws.rs.container.AsyncResponse) CreateScopeRequest(io.pravega.controller.server.rest.generated.model.CreateScopeRequest) Collectors(java.util.stream.Collectors) CreateStreamRequest(io.pravega.controller.server.rest.generated.model.CreateStreamRequest) READER_GROUP_STREAM_PREFIX(io.pravega.shared.NameUtils.READER_GROUP_STREAM_PREFIX) List(java.util.List) Slf4j(lombok.extern.slf4j.Slf4j) HttpHeaders(javax.ws.rs.core.HttpHeaders) StreamState(io.pravega.controller.server.rest.generated.model.StreamState) Response(javax.ws.rs.core.Response) ScopesList(io.pravega.controller.server.rest.generated.model.ScopesList) CreateScopeStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateScopeStatus) CompletableFuture(java.util.concurrent.CompletableFuture) UpdateStreamRequest(io.pravega.controller.server.rest.generated.model.UpdateStreamRequest) ArrayList(java.util.ArrayList) READ_UPDATE(io.pravega.auth.AuthHandler.Permissions.READ_UPDATE) ScaleMetadata(io.pravega.controller.store.stream.ScaleMetadata) DeleteStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteStreamStatus) ConnectionFactory(io.pravega.client.netty.impl.ConnectionFactory) Status(javax.ws.rs.core.Response.Status) LoggerHelpers(io.pravega.common.LoggerHelpers) ControllerService(io.pravega.controller.server.ControllerService) NameUtils(io.pravega.shared.NameUtils) Iterator(java.util.Iterator) ScopeProperty(io.pravega.controller.server.rest.generated.model.ScopeProperty) ModelHelper(io.pravega.controller.server.rest.ModelHelper) ReaderGroupsList(io.pravega.controller.server.rest.generated.model.ReaderGroupsList) PravegaAuthManager(io.pravega.controller.server.rpc.auth.PravegaAuthManager) ReaderGroupsListReaderGroups(io.pravega.controller.server.rest.generated.model.ReaderGroupsListReaderGroups) UpdateStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.UpdateStreamStatus) InvalidStreamException(io.pravega.client.stream.InvalidStreamException) AuthenticationException(io.pravega.common.auth.AuthenticationException) StreamConfiguration(io.pravega.client.stream.StreamConfiguration)

Example 7 with AuthenticationException

use of io.pravega.common.auth.AuthenticationException in project pravega by pravega.

the class StreamMetadataResourceImpl method createStream.

/**
 * Implementation of createStream REST API.
 *
 * @param scopeName           The scope name of stream.
 * @param createStreamRequest The object conforming to createStream request json.
 * @param securityContext     The security for API access.
 * @param asyncResponse       AsyncResponse provides means for asynchronous server side response processing.
 */
@Override
public void createStream(final String scopeName, final CreateStreamRequest createStreamRequest, final SecurityContext securityContext, final AsyncResponse asyncResponse) {
    long traceId = LoggerHelpers.traceEnter(log, "createStream");
    try {
        NameUtils.validateUserStreamName(createStreamRequest.getStreamName());
    } catch (IllegalArgumentException | NullPointerException e) {
        log.warn("Create stream failed due to invalid stream name {}", createStreamRequest.getStreamName());
        asyncResponse.resume(Response.status(Status.BAD_REQUEST).build());
        LoggerHelpers.traceLeave(log, "createStream", traceId);
        return;
    }
    try {
        authenticate(scopeName + "/" + createStreamRequest.getStreamName(), READ_UPDATE);
    } catch (AuthenticationException e) {
        log.warn("Create stream for {} failed due to authentication failure.", createStreamRequest.getStreamName());
        asyncResponse.resume(Response.status(Status.UNAUTHORIZED).build());
        LoggerHelpers.traceLeave(log, "createStream", traceId);
        return;
    }
    StreamConfiguration streamConfiguration = ModelHelper.getCreateStreamConfig(createStreamRequest, scopeName);
    controllerService.createStream(streamConfiguration, System.currentTimeMillis()).thenApply(streamStatus -> {
        Response resp = null;
        if (streamStatus.getStatus() == CreateStreamStatus.Status.SUCCESS) {
            log.info("Successfully created stream: {}/{}", scopeName, streamConfiguration.getStreamName());
            resp = Response.status(Status.CREATED).entity(ModelHelper.encodeStreamResponse(streamConfiguration)).build();
        } else if (streamStatus.getStatus() == CreateStreamStatus.Status.STREAM_EXISTS) {
            log.warn("Stream already exists: {}/{}", scopeName, streamConfiguration.getStreamName());
            resp = Response.status(Status.CONFLICT).build();
        } else if (streamStatus.getStatus() == CreateStreamStatus.Status.SCOPE_NOT_FOUND) {
            log.warn("Scope not found: {}", scopeName);
            resp = Response.status(Status.NOT_FOUND).build();
        } else if (streamStatus.getStatus() == CreateStreamStatus.Status.INVALID_STREAM_NAME) {
            log.warn("Invalid stream name: {}", streamConfiguration.getStreamName());
            resp = Response.status(Status.BAD_REQUEST).build();
        } else {
            log.warn("createStream failed for : {}/{}", scopeName, streamConfiguration.getStreamName());
            resp = Response.status(Status.INTERNAL_SERVER_ERROR).build();
        }
        return resp;
    }).exceptionally(exception -> {
        log.warn("createStream for {}/{} failed {}: ", scopeName, streamConfiguration.getStreamName(), exception);
        return Response.status(Status.INTERNAL_SERVER_ERROR).build();
    }).thenApply(asyncResponse::resume).thenAccept(x -> LoggerHelpers.traceLeave(log, "createStream", traceId));
}
Also used : AuthenticationException(io.pravega.common.auth.AuthenticationException) Arrays(java.util.Arrays) ApiV1(io.pravega.controller.server.rest.v1.ApiV1) READ(io.pravega.auth.AuthHandler.Permissions.READ) StreamsList(io.pravega.controller.server.rest.generated.model.StreamsList) AuthHandler(io.pravega.auth.AuthHandler) SecurityContext(javax.ws.rs.core.SecurityContext) ReaderGroupManagerImpl(io.pravega.client.admin.impl.ReaderGroupManagerImpl) ReaderGroup(io.pravega.client.stream.ReaderGroup) StreamConfiguration(io.pravega.client.stream.StreamConfiguration) LocalController(io.pravega.controller.server.eventProcessor.LocalController) StoreException(io.pravega.controller.store.stream.StoreException) ClientFactoryImpl(io.pravega.client.stream.impl.ClientFactoryImpl) ReaderGroupManager(io.pravega.client.admin.ReaderGroupManager) Map(java.util.Map) ReaderGroupProperty(io.pravega.controller.server.rest.generated.model.ReaderGroupProperty) INTERNAL_NAME_PREFIX(io.pravega.shared.NameUtils.INTERNAL_NAME_PREFIX) DeleteScopeStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteScopeStatus) CreateStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateStreamStatus) Context(javax.ws.rs.core.Context) AsyncResponse(javax.ws.rs.container.AsyncResponse) CreateScopeRequest(io.pravega.controller.server.rest.generated.model.CreateScopeRequest) Collectors(java.util.stream.Collectors) CreateStreamRequest(io.pravega.controller.server.rest.generated.model.CreateStreamRequest) READER_GROUP_STREAM_PREFIX(io.pravega.shared.NameUtils.READER_GROUP_STREAM_PREFIX) List(java.util.List) Slf4j(lombok.extern.slf4j.Slf4j) HttpHeaders(javax.ws.rs.core.HttpHeaders) StreamState(io.pravega.controller.server.rest.generated.model.StreamState) Response(javax.ws.rs.core.Response) ScopesList(io.pravega.controller.server.rest.generated.model.ScopesList) CreateScopeStatus(io.pravega.controller.stream.api.grpc.v1.Controller.CreateScopeStatus) CompletableFuture(java.util.concurrent.CompletableFuture) UpdateStreamRequest(io.pravega.controller.server.rest.generated.model.UpdateStreamRequest) ArrayList(java.util.ArrayList) READ_UPDATE(io.pravega.auth.AuthHandler.Permissions.READ_UPDATE) ScaleMetadata(io.pravega.controller.store.stream.ScaleMetadata) DeleteStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.DeleteStreamStatus) ConnectionFactory(io.pravega.client.netty.impl.ConnectionFactory) Status(javax.ws.rs.core.Response.Status) LoggerHelpers(io.pravega.common.LoggerHelpers) ControllerService(io.pravega.controller.server.ControllerService) NameUtils(io.pravega.shared.NameUtils) Iterator(java.util.Iterator) ScopeProperty(io.pravega.controller.server.rest.generated.model.ScopeProperty) ModelHelper(io.pravega.controller.server.rest.ModelHelper) ReaderGroupsList(io.pravega.controller.server.rest.generated.model.ReaderGroupsList) PravegaAuthManager(io.pravega.controller.server.rpc.auth.PravegaAuthManager) ReaderGroupsListReaderGroups(io.pravega.controller.server.rest.generated.model.ReaderGroupsListReaderGroups) UpdateStreamStatus(io.pravega.controller.stream.api.grpc.v1.Controller.UpdateStreamStatus) InvalidStreamException(io.pravega.client.stream.InvalidStreamException) AsyncResponse(javax.ws.rs.container.AsyncResponse) Response(javax.ws.rs.core.Response) AuthenticationException(io.pravega.common.auth.AuthenticationException) StreamConfiguration(io.pravega.client.stream.StreamConfiguration)

Example 8 with AuthenticationException

use of io.pravega.common.auth.AuthenticationException in project pravega by pravega.

the class AppendProcessor method handleException.

private void handleException(UUID writerId, long requestId, String segment, String doingWhat, Throwable u) {
    if (u == null) {
        IllegalStateException exception = new IllegalStateException("No exception to handle.");
        log.error("Append processor: Error {} on segment = '{}'", doingWhat, segment, exception);
        throw exception;
    }
    u = Exceptions.unwrap(u);
    if (u instanceof StreamSegmentExistsException) {
        log.warn("Segment '{}' already exists and {} cannot perform operation '{}'.", segment, writerId, doingWhat);
        connection.send(new SegmentAlreadyExists(requestId, segment));
    } else if (u instanceof StreamSegmentNotExistsException) {
        log.warn("Segment '{}' does not exist and {} cannot perform operation '{}'.", segment, writerId, doingWhat);
        connection.send(new NoSuchSegment(requestId, segment));
    } else if (u instanceof StreamSegmentSealedException) {
        log.info("Segment '{}' is sealed and {} cannot perform operation '{}'.", segment, writerId, doingWhat);
        connection.send(new SegmentIsSealed(requestId, segment));
    } else if (u instanceof ContainerNotFoundException) {
        int containerId = ((ContainerNotFoundException) u).getContainerId();
        log.warn("Wrong host. Segment '{}' (Container {}) is not owned and {} cannot perform operation '{}'.", segment, containerId, writerId, doingWhat);
        connection.send(new WrongHost(requestId, segment, ""));
    } else if (u instanceof BadAttributeUpdateException) {
        log.warn("Bad attribute update by {} on segment {}.", writerId, segment, u);
        connection.send(new InvalidEventNumber(writerId, requestId));
        connection.close();
    } else if (u instanceof TooManyAttributesException) {
        log.warn("Attribute limit would be exceeded by {} on segment {}.", writerId, segment, u);
        connection.send(new InvalidEventNumber(writerId, requestId));
        connection.close();
    } else if (u instanceof AuthenticationException) {
        log.warn("Token check failed while being written by {} on segment {}.", writerId, segment, u);
        connection.send(new WireCommands.AuthTokenCheckFailed(requestId));
        connection.close();
    } else if (u instanceof UnsupportedOperationException) {
        log.warn("Unsupported Operation '{}'.", doingWhat, u);
        connection.send(new OperationUnsupported(requestId, doingWhat));
    } else {
        log.error("Error (Segment = '{}', Operation = 'append')", segment, u);
        // Closing connection should reinitialize things, and hopefully fix the problem
        connection.close();
    }
}
Also used : TooManyAttributesException(io.pravega.segmentstore.contracts.TooManyAttributesException) OperationUnsupported(io.pravega.shared.protocol.netty.WireCommands.OperationUnsupported) AuthenticationException(io.pravega.common.auth.AuthenticationException) WrongHost(io.pravega.shared.protocol.netty.WireCommands.WrongHost) StreamSegmentNotExistsException(io.pravega.segmentstore.contracts.StreamSegmentNotExistsException) StreamSegmentExistsException(io.pravega.segmentstore.contracts.StreamSegmentExistsException) SegmentAlreadyExists(io.pravega.shared.protocol.netty.WireCommands.SegmentAlreadyExists) StreamSegmentSealedException(io.pravega.segmentstore.contracts.StreamSegmentSealedException) SegmentIsSealed(io.pravega.shared.protocol.netty.WireCommands.SegmentIsSealed) BadAttributeUpdateException(io.pravega.segmentstore.contracts.BadAttributeUpdateException) InvalidEventNumber(io.pravega.shared.protocol.netty.WireCommands.InvalidEventNumber) NoSuchSegment(io.pravega.shared.protocol.netty.WireCommands.NoSuchSegment) WireCommands(io.pravega.shared.protocol.netty.WireCommands) ContainerNotFoundException(io.pravega.segmentstore.contracts.ContainerNotFoundException)

Example 9 with AuthenticationException

use of io.pravega.common.auth.AuthenticationException in project pravega by pravega.

the class PravegaRequestProcessor method verifyToken.

private boolean verifyToken(String segment, long requestId, String delegationToken, AuthHandler.Permissions read, String operation) {
    if (!tokenVerifier.verifyToken(segment, delegationToken, READ)) {
        log.warn("Delegation token verification failed");
        handleException(requestId, segment, "Read Segment", new AuthenticationException("Token verification failed"));
        return false;
    }
    return true;
}
Also used : AuthenticationException(io.pravega.common.auth.AuthenticationException)

Example 10 with AuthenticationException

use of io.pravega.common.auth.AuthenticationException in project pravega by pravega.

the class MockController method createSegmentTx.

private CompletableFuture<Void> createSegmentTx(UUID txId, Segment segment) {
    CompletableFuture<Void> result = new CompletableFuture<>();
    FailingReplyProcessor replyProcessor = new FailingReplyProcessor() {

        @Override
        public void connectionDropped() {
            result.completeExceptionally(new ConnectionClosedException());
        }

        @Override
        public void wrongHost(WrongHost wrongHost) {
            result.completeExceptionally(new UnsupportedOperationException());
        }

        @Override
        public void transactionCreated(TransactionCreated transactionCreated) {
            result.complete(null);
        }

        @Override
        public void processingFailure(Exception error) {
            result.completeExceptionally(error);
        }

        @Override
        public void authTokenCheckFailed(WireCommands.AuthTokenCheckFailed authTokenCheckFailed) {
            result.completeExceptionally(new AuthenticationException(authTokenCheckFailed.toString()));
        }
    };
    sendRequestOverNewConnection(new CreateTransaction(idGenerator.get(), segment.getScopedName(), txId, ""), replyProcessor, result);
    return result;
}
Also used : CreateTransaction(io.pravega.shared.protocol.netty.WireCommands.CreateTransaction) CompletableFuture(java.util.concurrent.CompletableFuture) TransactionCreated(io.pravega.shared.protocol.netty.WireCommands.TransactionCreated) AuthenticationException(io.pravega.common.auth.AuthenticationException) FailingReplyProcessor(io.pravega.shared.protocol.netty.FailingReplyProcessor) ConnectionClosedException(io.pravega.client.stream.impl.ConnectionClosedException) WrongHost(io.pravega.shared.protocol.netty.WireCommands.WrongHost) AuthenticationException(io.pravega.common.auth.AuthenticationException) TxnFailedException(io.pravega.client.stream.TxnFailedException) ConnectionClosedException(io.pravega.client.stream.impl.ConnectionClosedException)

Aggregations

AuthenticationException (io.pravega.common.auth.AuthenticationException)24 CompletableFuture (java.util.concurrent.CompletableFuture)19 FailingReplyProcessor (io.pravega.shared.protocol.netty.FailingReplyProcessor)14 WireCommands (io.pravega.shared.protocol.netty.WireCommands)10 Controller (io.pravega.controller.stream.api.grpc.v1.Controller)9 ConnectionFailedException (io.pravega.shared.protocol.netty.ConnectionFailedException)9 WireCommandType (io.pravega.shared.protocol.netty.WireCommandType)9 AuthHandler (io.pravega.auth.AuthHandler)6 READ (io.pravega.auth.AuthHandler.Permissions.READ)5 READ_UPDATE (io.pravega.auth.AuthHandler.Permissions.READ_UPDATE)5 ReaderGroupManager (io.pravega.client.admin.ReaderGroupManager)5 ReaderGroupManagerImpl (io.pravega.client.admin.impl.ReaderGroupManagerImpl)5 ConnectionFactory (io.pravega.client.netty.impl.ConnectionFactory)5 InvalidStreamException (io.pravega.client.stream.InvalidStreamException)5 ReaderGroup (io.pravega.client.stream.ReaderGroup)5 StreamConfiguration (io.pravega.client.stream.StreamConfiguration)5 ClientFactoryImpl (io.pravega.client.stream.impl.ClientFactoryImpl)5 LoggerHelpers (io.pravega.common.LoggerHelpers)5 ControllerService (io.pravega.controller.server.ControllerService)5 LocalController (io.pravega.controller.server.eventProcessor.LocalController)5