use of io.swagger.annotations.ApiResponse in project kylo by Teradata.
the class FeedCategoryRestController method getAllowedActions.
@GET
@Path("{categoryId}/actions/allowed")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation("Gets the list of actions permitted for the given username and/or groups.")
@ApiResponses({ @ApiResponse(code = 200, message = "Returns the actions.", response = ActionGroup.class), @ApiResponse(code = 404, message = "A category with the given ID does not exist.", response = RestResponseStatus.class) })
public Response getAllowedActions(@PathParam("categoryId") String categoryIdStr, @QueryParam("user") Set<String> userNames, @QueryParam("group") Set<String> groupNames) {
log.debug("Get allowed actions for category: {}", categoryIdStr);
Set<? extends Principal> users = Arrays.stream(this.securityTransform.asUserPrincipals(userNames)).collect(Collectors.toSet());
Set<? extends Principal> groups = Arrays.stream(this.securityTransform.asGroupPrincipals(groupNames)).collect(Collectors.toSet());
return this.securityService.getAllowedCategoryActions(categoryIdStr, Stream.concat(users.stream(), groups.stream()).collect(Collectors.toSet())).map(g -> Response.ok(g).build()).orElseThrow(() -> new WebApplicationException("A category with the given ID does not exist: " + categoryIdStr, Status.NOT_FOUND));
}
use of io.swagger.annotations.ApiResponse in project kylo by Teradata.
the class FeedsRestController method findFeedDailyStatusCount.
@GET
@Path("/{feedName}/daily-status-count")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation("Gets a daily health summary for the specified feed.")
@ApiResponses(@ApiResponse(code = 200, message = "Returns the health.", response = JobStatusCount.class, responseContainer = "List"))
public List<JobStatusCount> findFeedDailyStatusCount(@PathParam("feedName") String feedName, @QueryParam("period") String periodString) {
this.accessController.checkPermission(AccessController.SERVICES, OperationsAccessControl.ACCESS_OPS);
return metadataAccess.read(() -> {
Period period = DateTimeUtil.period(periodString);
List<com.thinkbiganalytics.metadata.api.jobrepo.job.JobStatusCount> counts = opsFeedManagerFeedProvider.getJobStatusCountByDateFromNow(feedName, period);
if (counts != null) {
List<JobStatusCount> jobStatusCounts = counts.stream().map(c -> JobStatusTransform.jobStatusCount(c)).collect(Collectors.toList());
JobStatusTransform.ensureDateFromPeriodExists(jobStatusCounts, period);
return jobStatusCounts;
} else {
return Collections.emptyList();
}
});
}
use of io.swagger.annotations.ApiResponse in project kylo by Teradata.
the class JobsRestController method findDailyStatusCount.
@GET
@Path("/daily-status-count")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation("Gets the daily statistics.")
@ApiResponses(@ApiResponse(code = 200, message = "Returns the daily stats.", response = JobStatusCount.class, responseContainer = "List"))
public List<JobStatusCount> findDailyStatusCount(@QueryParam("period") String periodString) {
this.accessController.checkPermission(AccessController.SERVICES, OperationsAccessControl.ACCESS_OPS);
Period period = DateTimeUtil.period(periodString);
return metadataAccess.read(() -> {
List<com.thinkbiganalytics.metadata.api.jobrepo.job.JobStatusCount> counts = jobExecutionProvider.getJobStatusCountByDateFromNow(period, null);
if (counts != null) {
List<JobStatusCount> jobStatusCounts = counts.stream().map(c -> JobStatusTransform.jobStatusCount(c)).collect(Collectors.toList());
JobStatusTransform.ensureDateFromPeriodExists(jobStatusCounts, period);
return jobStatusCounts;
}
return Collections.emptyList();
});
}
use of io.swagger.annotations.ApiResponse in project nifi by apache.
the class AccessResource method createAccessTokenFromTicket.
/**
* Creates a token for accessing the REST API via Kerberos ticket exchange / SPNEGO negotiation.
*
* @param httpServletRequest the servlet request
* @return A JWT (string)
*/
@POST
@Consumes(MediaType.TEXT_PLAIN)
@Produces(MediaType.TEXT_PLAIN)
@Path("/kerberos")
@ApiOperation(value = "Creates a token for accessing the REST API via Kerberos ticket exchange / SPNEGO negotiation", notes = "The token returned is formatted as a JSON Web Token (JWT). The token is base64 encoded and comprised of three parts. The header, " + "the body, and the signature. The expiration of the token is a contained within the body. The token can be used in the Authorization header " + "in the format 'Authorization: Bearer <token>'.", response = String.class)
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "NiFi was unable to complete the request because it did not contain a valid Kerberos " + "ticket in the Authorization header. Retry this request after initializing a ticket with kinit and " + "ensuring your browser is configured to support SPNEGO."), @ApiResponse(code = 409, message = "Unable to create access token because NiFi is not in the appropriate state. (i.e. may not be configured to support Kerberos login."), @ApiResponse(code = 500, message = "Unable to create access token because an unexpected error occurred.") })
public Response createAccessTokenFromTicket(@Context HttpServletRequest httpServletRequest) {
// only support access tokens when communicating over HTTPS
if (!httpServletRequest.isSecure()) {
throw new IllegalStateException("Access tokens are only issued over HTTPS.");
}
// If Kerberos Service Principal and keytab location not configured, throws exception
if (!properties.isKerberosSpnegoSupportEnabled() || kerberosService == null) {
throw new IllegalStateException("Kerberos ticket login not supported by this NiFi.");
}
String authorizationHeaderValue = httpServletRequest.getHeader(KerberosService.AUTHORIZATION_HEADER_NAME);
if (!kerberosService.isValidKerberosHeader(authorizationHeaderValue)) {
final Response response = generateNotAuthorizedResponse().header(KerberosService.AUTHENTICATION_CHALLENGE_HEADER_NAME, KerberosService.AUTHORIZATION_NEGOTIATE).build();
return response;
} else {
try {
// attempt to authenticate
Authentication authentication = kerberosService.validateKerberosTicket(httpServletRequest);
if (authentication == null) {
throw new IllegalArgumentException("Request is not HTTPS or Kerberos ticket missing or malformed");
}
final String expirationFromProperties = properties.getKerberosAuthenticationExpiration();
long expiration = FormatUtils.getTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS);
final String identity = authentication.getName();
expiration = validateTokenExpiration(expiration, identity);
// create the authentication token
final LoginAuthenticationToken loginAuthenticationToken = new LoginAuthenticationToken(identity, expiration, "KerberosService");
// generate JWT for response
final String token = jwtService.generateSignedToken(loginAuthenticationToken);
// build the response
final URI uri = URI.create(generateResourceUri("access", "kerberos"));
return generateCreatedResponse(uri, token).build();
} catch (final AuthenticationException e) {
throw new AccessDeniedException(e.getMessage(), e);
}
}
}
use of io.swagger.annotations.ApiResponse in project nifi by apache.
the class SnippetResource method deleteSnippet.
/**
* Removes the specified snippet.
*
* @param httpServletRequest request
* @param snippetId The id of the snippet to remove.
* @return A entity containing the client id and an updated revision.
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Deletes the components in a snippet and discards the snippet", response = SnippetEntity.class, authorizations = { @Authorization(value = "Write - /{component-type}/{uuid} - For each component in the Snippet and their descendant components"), @Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response deleteSnippet(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The snippet id.", required = true) @PathParam("id") final String snippetId) {
if (isReplicateRequest()) {
return replicate(HttpMethod.DELETE);
}
final ComponentEntity requestEntity = new ComponentEntity();
requestEntity.setId(snippetId);
// get the revision from this snippet
final Set<Revision> requestRevisions = serviceFacade.getRevisionsFromSnippet(snippetId);
return withWriteLock(serviceFacade, requestEntity, requestRevisions, lookup -> {
// ensure write permission to every component in the snippet excluding referenced services
final SnippetAuthorizable snippet = lookup.getSnippet(snippetId);
authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE, true, false);
// ensure write permission to the parent process group
snippet.getParentProcessGroup().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, () -> serviceFacade.verifyDeleteSnippet(snippetId, requestRevisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())), (revisions, entity) -> {
// delete the specified snippet
final SnippetEntity snippetEntity = serviceFacade.deleteSnippet(revisions, entity.getId());
return generateOkResponse(snippetEntity).build();
});
}
Aggregations