Examples of org.apache.aurora.auth.SessionValidator.SessionContext

• org.apache.aurora.auth.SessionValidator.SessionContext

    IJobKey jobKey = JobKeys.assertValid(IJobKey.build(mutableJobKey));
    checkNotBlank(shardIds);
    requireNonNull(session);

    Response response = Util.emptyResponse();
    SessionContext context;
    try {
      context = sessionValidator.checkAuthenticated(session, ImmutableSet.of(jobKey.getRole()));
    } catch (AuthFailedException e) {
      return addMessage(response, AUTH_FAILED, e);
    }

    try {
      lockManager.validateIfLocked(
          ILockKey.build(LockKey.job(jobKey.newBuilder())),
          Optional.fromNullable(mutableLock).transform(ILock.FROM_BUILDER));
      schedulerCore.restartShards(jobKey, shardIds, context.getIdentity());
      response.setResponseCode(OK);
    } catch (LockException e) {
      addMessage(response, LOCK_ERROR, e);
    } catch (ScheduleException e) {
      addMessage(response, INVALID_REQUEST, e);

    checkNotBlank(taskId);
    requireNonNull(status);
    requireNonNull(session);

    Response response = Util.emptyResponse();
    SessionContext context;
    try {
      // TODO(Sathya): Remove this after AOP-style session validation passes in a SessionContext.
      context = sessionValidator.checkAuthorized(session, Capability.ROOT, AuditCheck.REQUIRED);
    } catch (AuthFailedException e) {
      addMessage(response, AUTH_FAILED, e);
      return response;
    }

    schedulerCore.setTaskStatus(taskId, status, transitionMessage(context.getIdentity()));
    return okEmptyResponse();
  }

    ILockKey lockKey = ILockKey.build(mutableLockKey);
    Response response = Util.emptyResponse();

    try {
      SessionContext context = sessionValidator.checkAuthenticated(
          session,
          ImmutableSet.of(getRoleFromLockKey(lockKey)));

      ILock lock = lockManager.acquireLock(lockKey, context.getIdentity());
      response.setResult(Result.acquireLockResult(
          new AcquireLockResult().setLock(lock.newBuilder())));

      return response.setResponseCode(OK);
    } catch (AuthFailedException e) {

        query = query.get().isSetStatuses() ? query : query.byStatus(ACTIVE_STATES);

        final Set<IScheduledTask> tasks = storeProvider.getTaskStore().fetchTasks(query);

        Optional<SessionContext> maybeAdminContext = isAdmin(session);
        final SessionContext context;
        if (maybeAdminContext.isPresent()) {
          LOG.info("Granting kill query to admin user: " + query);
          context = maybeAdminContext.get();
        } else {
          try {
            context = validateSessionKeyForTasks(session, query, tasks);
          } catch (AuthFailedException e) {
            return errorResponse(AUTH_FAILED, e);
          }
        }

        try {
          validateLockForTasks(
              Optional.fromNullable(mutableLock).transform(ILock.FROM_BUILDER),
              tasks);
        } catch (LockException e) {
          return errorResponse(LOCK_ERROR, e);
        }

        LOG.info("Killing tasks matching " + query);

        final boolean cronJobKilled;
        if (isSingleJobScoped) {
          // If this looks like a query for all tasks in a job, instruct the cron
          // scheduler to delete it.
          // TODO(mchucarroll): deprecate cron as a part of create/kill job.  (AURORA-454)
          IJobKey jobKey = Iterables.getOnlyElement(JobKeys.from(query).get());
          LOG.warning("Deprecated behavior: descheduling job " + jobKey
              + " with cron via killTasks. (See AURORA-454)");
          cronJobKilled = cronJobManager.deleteJob(jobKey);
        } else {
          cronJobKilled = false;
        }

        final boolean tasksKilled = storage.write(new MutateWork.Quiet<Boolean>() {
          @Override
          public Boolean apply(MutableStoreProvider storeProvider) {
            boolean match = false;
            for (String taskId : Tasks.ids(tasks)) {
              match |= stateManager.changeState(
                  storeProvider,
                  taskId,
                  Optional.<ScheduleStatus>absent(),
                  ScheduleStatus.KILLING,
                  killedByMessage(context.getIdentity()));
            }
            return match;
          }
        });

    final IJobKey jobKey = JobKeys.assertValid(IJobKey.build(mutableJobKey));
    checkNotBlank(shardIds);
    requireNonNull(session);

    final SessionContext context;
    try {
      context = sessionValidator.checkAuthenticated(session, ImmutableSet.of(jobKey.getRole()));
    } catch (AuthFailedException e) {
      return errorResponse(AUTH_FAILED, e);
    }

    return storage.write(new MutateWork.Quiet<Response>() {
      @Override
      public Response apply(MutableStoreProvider storeProvider) {
        try {
          lockManager.validateIfLocked(
              ILockKey.build(LockKey.job(jobKey.newBuilder())),
              Optional.fromNullable(mutableLock).transform(ILock.FROM_BUILDER));
        } catch (LockException e) {
          return errorResponse(LOCK_ERROR, e);
        }

        Query.Builder query = Query.instanceScoped(jobKey, shardIds).active();
        final Set<IScheduledTask> matchingTasks = storeProvider.getTaskStore().fetchTasks(query);
        if (matchingTasks.size() != shardIds.size()) {
          return invalidResponse("Not all requested shards are active.");
        }

        LOG.info("Restarting shards matching " + query);
        storage.write(new MutateWork.NoResult.Quiet() {
          @Override
          protected void execute(MutableStoreProvider storeProvider) {
            for (String taskId : Tasks.ids(matchingTasks)) {
              stateManager.changeState(
                  storeProvider,
                  taskId,
                  Optional.<ScheduleStatus>absent(),
                  ScheduleStatus.RESTARTING,
                  restartedByMessage(context.getIdentity()));
            }
          }
        });
        return okEmptyResponse();
      }

    checkNotBlank(taskId);
    requireNonNull(status);
    requireNonNull(session);

    final SessionContext context;
    try {
      // TODO(Sathya): Remove this after AOP-style session validation passes in a SessionContext.
      context = sessionValidator.checkAuthorized(session, Capability.ROOT, AuditCheck.REQUIRED);
    } catch (AuthFailedException e) {
      return errorResponse(AUTH_FAILED, e);
    }

    storage.write(new MutateWork.NoResult.Quiet() {
      @Override
      protected void execute(MutableStoreProvider storeProvider) {
        stateManager.changeState(
            storeProvider,
            taskId,
            Optional.<ScheduleStatus>absent(),
            status,
            transitionMessage(context.getIdentity()));
      }
    });

    return okEmptyResponse();
  }

    requireNonNull(session);

    ILockKey lockKey = ILockKey.build(mutableLockKey);

    try {
      SessionContext context = sessionValidator.checkAuthenticated(
          session,
          ImmutableSet.of(getRoleFromLockKey(lockKey)));

      ILock lock = lockManager.acquireLock(lockKey, context.getIdentity());
      return okResponse(Result.acquireLockResult(
          new AcquireLockResult().setLock(lock.newBuilder())));
    } catch (AuthFailedException e) {
      return errorResponse(AUTH_FAILED, e);
    } catch (LockException e) {

    if (settings.getMinWaitInInstanceRunningMs() < 0) {
      return invalidResponse("minWaitInInstanceRunningMs must be non-negative.");
    }

    final SessionContext context;
    final IJobUpdateRequest request;
    try {
      context = sessionValidator.checkAuthenticated(session, ImmutableSet.of(job.getRole()));
      request = IJobUpdateRequest.build(new JobUpdateRequest(mutableRequest).setTaskConfig(
          ConfigurationManager.validateAndPopulate(
              ITaskConfig.build(mutableRequest.getTaskConfig())).newBuilder()));

      if (cronJobManager.hasJob(job)) {
        return invalidResponse("Cron jobs may only be updated by calling replaceCronTemplate.");
      }
    } catch (AuthFailedException e) {
      return errorResponse(AUTH_FAILED, e);
    } catch (TaskDescriptionException e) {
      return errorResponse(INVALID_REQUEST, e);
    }

    return storage.write(new MutateWork.Quiet<Response>() {
      @Override
      public Response apply(MutableStoreProvider storeProvider) {
        String updateId = uuidGenerator.createNew().toString();
        IJobUpdateSettings settings = request.getSettings();

        JobDiff diff = JobDiff.compute(
            storeProvider.getTaskStore(),
            job,
            JobDiff.asMap(request.getTaskConfig(), request.getInstanceCount()),
            settings.getUpdateOnlyTheseInstances());

        if (diff.isNoop()) {
          return addMessage(emptyResponse(), OK, NOOP_JOB_UPDATE_MESSAGE);
        }

        Set<Integer> invalidScope = diff.getOutOfScopeInstances(
            Numbers.rangesToInstanceIds(settings.getUpdateOnlyTheseInstances()));
        if (!invalidScope.isEmpty()) {
          return invalidResponse(
              "updateOnlyTheseInstances contains instances irrelevant to the update: "
                  + invalidScope);
        }

        JobUpdateInstructions instructions = new JobUpdateInstructions()
            .setSettings(settings.newBuilder())
            .setInitialState(buildInitialState(diff.getReplacedInstances()));
        if (!diff.getReplacementInstances().isEmpty()) {
          instructions.setDesiredState(
              new InstanceTaskConfig()
                  .setTask(request.getTaskConfig().newBuilder())
                  .setInstances(convertRanges(Numbers.toRanges(diff.getReplacementInstances()))));
        }

        IJobUpdate update = IJobUpdate.build(new JobUpdate()
            .setSummary(new JobUpdateSummary()
                .setJobKey(job.newBuilder())
                .setUpdateId(updateId)
                .setUser(context.getIdentity()))
            .setInstructions(instructions));
        try {
          validateTaskLimits(
              request.getTaskConfig(),
              request.getInstanceCount(),
              quotaManager.checkJobUpdate(update));

          jobUpdateController.start(update, context.getIdentity());
          return okResponse(Result.startJobUpdateResult(new StartJobUpdateResult(updateId)));
        } catch (UpdateStateException | TaskValidationException e) {
          return errorResponse(INVALID_REQUEST, e);
        }
      }

    return storage.write(new MutateWork.Quiet<Response>() {
      @Override
      public Response apply(MutableStoreProvider storeProvider) {
        try {
          IJobKey jobKey = JobKeys.assertValid(IJobKey.build(requireNonNull(mutableJobKey)));
          SessionContext context = sessionValidator
              .checkAuthenticated(session, ImmutableSet.of(jobKey.getRole()));
          jobUpdateController.pause(jobKey, context.getIdentity());
          return okEmptyResponse();
        } catch (AuthFailedException e) {
          return errorResponse(AUTH_FAILED, e);
        } catch (UpdateStateException e) {
          return errorResponse(INVALID_REQUEST, e);

    return storage.write(new MutateWork.Quiet<Response>() {
      @Override
      public Response apply(MutableStoreProvider storeProvider) {
        try {
          IJobKey jobKey = JobKeys.assertValid(IJobKey.build(requireNonNull(mutableJobKey)));
          SessionContext context = sessionValidator
              .checkAuthenticated(session, ImmutableSet.of(jobKey.getRole()));
          jobUpdateController.resume(jobKey, context.getIdentity());
          return okEmptyResponse();
        } catch (AuthFailedException e) {
          return errorResponse(AUTH_FAILED, e);
        } catch (UpdateStateException e) {
          return errorResponse(INVALID_REQUEST, e);