adding feature flag

Author: sahusanket

pom.xml

@@ -72,7 +72,7 @@
     <aws.sdk.version>1.11.133</aws.sdk.version>
     <bigquery.connector.hadoop2.version>0.10.2-hadoop2</bigquery.connector.hadoop2.version>
     <bouncycastle.version>1.56</bouncycastle.version>
-    <cdap.version>6.11.0</cdap.version>
+    <cdap.version>6.11.1-SNAPSHOT</cdap.version>
     <chlorine.version>1.1.5</chlorine.version>
     <commons.validator.version>1.6</commons.validator.version>
     <commons-io.version>2.5</commons-io.version>

wrangler-service/src/main/java/io/cdap/wrangler/service/directive/WorkspaceHandler.java

@@ -89,6 +89,8 @@
 import io.cdap.wrangler.utils.SchemaConverter;
 import io.cdap.wrangler.utils.StructuredToRowTransformer;
 import org.apache.commons.lang3.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.net.HttpURLConnection;
 import java.nio.charset.StandardCharsets;
@@ -116,6 +118,7 @@
  */
 public class WorkspaceHandler extends AbstractDirectiveHandler {
 
+  private static final Logger LOG = LoggerFactory.getLogger(WorkspaceHandler.class);
   private static final Gson GSON =
     new GsonBuilder().registerTypeAdapter(Schema.class, new SchemaTypeAdapter()).create();
   private static final Pattern PRAGMA_PATTERN = Pattern.compile("^\\s*#pragma\\s+load-directives\\s+");
@@ -126,6 +129,7 @@ public class WorkspaceHandler extends AbstractDirectiveHandler {
   private RecipeStore recipeStore;
   private ConnectionDiscoverer discoverer;
   private ContextAccessEnforcer contextAccessEnforcer;
+  private boolean authEnforcementEnabled;
 
   // Injected by CDAP
   @SuppressWarnings("unused")
@@ -138,6 +142,7 @@ public void initialize(SystemHttpServiceContext context) throws Exception {
     recipeStore = new RecipeStore(context);
     discoverer = new ConnectionDiscoverer(context);
     contextAccessEnforcer = context.getContextAccessEnforcer();
+    authEnforcementEnabled = Feature.WRANGLER_WORKSPACE_AUTH_CHECK.isEnabled(context);
   }
 
   @POST
@@ -151,9 +156,10 @@ public void createWorkspace(HttpServiceRequest request, HttpServiceResponder res
       }
 
       WorkspaceId wsId = new WorkspaceId(ns);
-      contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
-                                    StandardPermission.CREATE);
-
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
+                                      StandardPermission.CREATE);
+      }
       WorkspaceCreationRequest creationRequest =
         GSON.fromJson(StandardCharsets.UTF_8.decode(request.getContent()).toString(), WorkspaceCreationRequest.class);
 
@@ -199,8 +205,10 @@ public void listWorkspaces(HttpServiceRequest request, HttpServiceResponder resp
       if (ns.getName().equalsIgnoreCase(NamespaceId.SYSTEM.getNamespace())) {
         throw new BadRequestException("Listing workspaces in system namespace is currently not supported");
       }
-      contextAccessEnforcer.enforceOnParent(EntityType.SYSTEM_APP_ENTITY, new NamespaceId(ns.getName()),
-                                            StandardPermission.LIST);
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforceOnParent(EntityType.SYSTEM_APP_ENTITY, new NamespaceId(ns.getName()),
+                                              StandardPermission.LIST);
+      }
       responder.sendString(GSON.toJson(new ServiceResponse<>(wsStore.listWorkspaces(ns))));
     });
   }
@@ -216,8 +224,10 @@ public void getWorkspace(HttpServiceRequest request, HttpServiceResponder respon
         throw new BadRequestException("Getting workspace in system namespace is currently not supported");
       }
       WorkspaceId wsId = new WorkspaceId(ns, workspaceId);
-      contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
-                                    StandardPermission.GET);
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
+                                      StandardPermission.GET);
+      }
       responder.sendString(GSON.toJson(wsStore.getWorkspace(wsId)));
     });
   }
@@ -236,9 +246,10 @@ public void updateWorkspace(HttpServiceRequest request, HttpServiceResponder res
         throw new BadRequestException("Updating workspace in system namespace is currently not supported");
       }
       WorkspaceId wsId = new WorkspaceId(ns, workspaceId);
-      contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
-                                    StandardPermission.UPDATE);
-
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
+                                      StandardPermission.UPDATE);
+      }
       WorkspaceUpdateRequest updateRequest =
         GSON.fromJson(StandardCharsets.UTF_8.decode(request.getContent()).toString(), WorkspaceUpdateRequest.class);
 
@@ -266,9 +277,10 @@ public void resampleWorkspace(HttpServiceRequest request, HttpServiceResponder r
       }
 
       WorkspaceId wsId = new WorkspaceId(ns, workspaceId);
-      contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
-                                    StandardPermission.UPDATE);
-
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
+                                      StandardPermission.UPDATE);
+      }
       Workspace currentWorkspace = wsStore.getWorkspace(wsId);
 
       String connectionName = currentWorkspace.getSampleSpec() == null ? null :
@@ -314,8 +326,10 @@ public void deleteWorkspace(HttpServiceRequest request, HttpServiceResponder res
         throw new BadRequestException("Deleting workspace in system namespace is currently not supported");
       }
       WorkspaceId wsId = new WorkspaceId(ns, workspaceId);
-      contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
-                                    StandardPermission.DELETE);
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
+                                      StandardPermission.DELETE);
+      }
       wsStore.deleteWorkspace(wsId);
       responder.sendStatus(HttpURLConnection.HTTP_OK);
     });
@@ -335,9 +349,10 @@ public void upload(HttpServiceRequest request, HttpServiceResponder responder,
       }
 
       WorkspaceId id = new WorkspaceId(ns);
-      contextAccessEnforcer.enforce(new WorkspaceEntityId(id.getNamespace().getName(), id.getWorkspaceId()),
-                                    StandardPermission.CREATE);
-
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforce(new WorkspaceEntityId(id.getNamespace().getName(), id.getWorkspaceId()),
+                                      StandardPermission.CREATE);
+      }
       String name = request.getHeader(PropertyIds.FILE_NAME);
       if (name == null) {
         throw new BadRequestException("Name must be provided in the 'file' header");
@@ -386,9 +401,10 @@ public void execute(HttpServiceRequest request, HttpServiceResponder responder,
     respond(responder, namespace, ns -> {
       validateNamespace(ns, "Executing directives in system namespace is currently not supported");
       WorkspaceId wsId =  new WorkspaceId(ns, workspaceId);
-      contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
-                                    StandardPermission.USE);
-
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
+                                      StandardPermission.USE);
+      }
       DirectiveExecutionResponse response = execute(ns, request, wsId, null);
       responder.sendJson(response);
     });
@@ -433,8 +449,10 @@ public void specification(HttpServiceRequest request, HttpServiceResponder respo
       composite.reload(namespace);
 
       WorkspaceId wsId = new WorkspaceId(ns, workspaceId);
-      contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
-                                    StandardPermission.GET);
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
+                                      StandardPermission.GET);
+      }
       WorkspaceDetail detail = wsStore.getWorkspaceDetail(wsId);
       List<String> directives = new ArrayList<>(detail.getWorkspace().getDirectives());
       UserDirectivesCollector userDirectivesCollector = new UserDirectivesCollector();
@@ -478,8 +496,10 @@ public void applyRecipe(HttpServiceRequest request, HttpServiceResponder respond
     respond(responder, namespace, ns -> {
       validateNamespace(ns, "Executing directives in system namespace is currently not supported");
       WorkspaceId wsId = new WorkspaceId(ns, workspaceId);
-      contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
-                                    StandardPermission.USE);
+      if (authEnforcementEnabled) {
+        contextAccessEnforcer.enforce(new WorkspaceEntityId(wsId.getNamespace().getName(), wsId.getWorkspaceId()),
+                                      StandardPermission.USE);
+      }
       RecipeId recipeId = RecipeId.builder(ns).setRecipeId(recipeIdString).build();
       Recipe recipe = recipeStore.getRecipeById(recipeId);