Supply user.name when calling package repository

PNDA-4562

Author: jeclarke

README.md

@@ -96,12 +96,16 @@ To build the Deployment Manager, change to the `api` directory, which contains t
 
 ?recency=n may be used to control how many versions of each package are listed, by default recency=1
 ````
-GET /repository/packages
+GET /repository/packages?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 Example response:
 [
     {
@@ -118,24 +122,32 @@ Example response:
 
 ### List packages currently deployed to the cluster
 ````
-GET /packages
+GET /packages?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 Example response:
 ["spark-batch-example-app-1.0.23"]
 ````
 
 ### Get the status for _package_
 ````
-GET /packages/<package>/status
+GET /packages/<package>/status?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 Example response:
 {"status": "DEPLOYED", "information": "human readable error message or other information about this status"}
 
@@ -148,12 +160,16 @@ UNDEPLOYING
 
 ### Get full information for _package_
 ````
-GET /packages/<package>
+GET /packages/<package>?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 Example response:
 {
 	"status": "DEPLOYED",
@@ -179,61 +195,80 @@ Example response:
 
 ### Deploy _package_ to the cluster
 ````
-PUT /packages/<package>
+PUT /packages/<package>?user.name=<username>
 
 Response Codes:
 202 - Accepted, poll /packages/<package>/status for status
+403 - Unauthorised user
 404 - Package not found in repository
 409 - Package already deployed
 500 - Server Error
+
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
 ````
 
 ### Undeploy _package_ from the cluster
 ````
-DELETE /packages/<package>
+DELETE /packages/<package>?user.name=<username>
 
 Response Codes:
 202 - Accepted, poll /packages/<package>/status for status
 403 - Unauthorised user
 404 - Package not deployed
 500 - Server Error
+
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
 ````
 
 ## Applications API
 
 ### List all applications
 ````
-GET /applications
+GET /applications?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 Example response:
 ["spark-batch-example-app-instance"]
 ````
 
 ### List applications that have been created from _package_
 ````
-GET /packages/<package>/applications
+GET /packages/<package>/applications?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 Example response:
 ["spark-batch-example-app-instance"]
 ````
 
 ### Get the status for _application_
 ````
-GET /applications/<application>/status
+GET /applications/<application>/status?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 404 - Application not known
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 Example response:
 {"status": "STARTED", "information": "human readible error message or other information about this status"}
 
@@ -249,13 +284,17 @@ DESTROYING
 
 ### Get run-time details for _application_
 ````
-GET /applications/<application>/detail
+GET /applications/<application>/detail?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 404 - Application not known
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 {
         "yarn_applications": {
 		    "oozie-example": {
@@ -274,12 +313,16 @@ Response Codes:
 
 ### Get the summary status for _application_
 ````
-GET /applications/<application>/summary
+GET /applications/<application>/summary?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 404 - Application not known
 500 - Server Error
+
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
 ````
 
 ### Summary status in case of oozie component
@@ -368,7 +411,7 @@ Response Codes:
 500 - Server Error
 
 Query Parameters:
-user - User with permisson to perform this action on the application should be passed. 
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
 ````
 
 ### Stop _application_
@@ -382,18 +425,22 @@ Response Codes:
 500 - Server Error
 
 Query Parameters:
-user - User with permisson to perform this action on the application should be passed. 
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
 ````
 
 ### Get full information for _application_
 ````
-GET /applications/<application>
+GET /applications/<application>?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 404 - Application not known
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 Example response:
 {
 	"status": "CREATED",
@@ -441,12 +488,13 @@ PUT /applications/<application>?user.name=<username>
 Response Codes:
 202 - Accepted, poll /applications/<application>/status for status
 400 - Request body failed validation
+403 - Unauthorised user
 404 - Package not found
 409 - Application already exists
 500 - Server Error
 
 Query Parameters:
-user - User creating this application should be passed.
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
 
 Example body:
 {
@@ -472,18 +520,22 @@ Response Codes:
 500 - Server Error
 
 Query Parameters:
-user - User with permisson to perform this action on the application should be passed.
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
 ````
 
 ## Environment Endpoints API
 ### List environment variables known to the deployment manager
 ````
-GET /environment/endpoints
+GET /environment/endpoints?user.name=<username>
 
 Response Codes:
 200 - OK
+403 - Unauthorised user
 500 - Server Error
 
+Query Parameters:
+user.name - User name to run this command as. Should have permissions to perform the action as defined in authorizer_rules.yaml. 
+
 Example response:
 {"zookeeper_port": "2181", "cluster_root_user": "cloud-user", ... }
 ````

api/src/main/resources/deployment_manager.py

@@ -85,9 +85,12 @@ def __init__(self, repository, package_registrar, application_registrar, applica
     def _get_groups(self, user):
         groups = []
         if user:
-            groups = [g.gr_name for g in grp.getgrall() if user in g.gr_mem]
-            gid = pwd.getpwnam(user).pw_gid
-            groups.append(grp.getgrgid(gid).gr_name)
+            try:
+                groups = [g.gr_name for g in grp.getgrall() if user in g.gr_mem]
+                gid = pwd.getpwnam(user).pw_gid
+                groups.append(grp.getgrgid(gid).gr_name)
+            except:
+                raise Forbidden('Failed to find details for user "%s"' % user)
         return groups
 
     def _authorize(self, user_name, resource_type, resource_owner, action_name):
@@ -119,7 +122,7 @@ def _assert_package_status(self, package, required_status):
     def list_repository(self, recency, user_name):
         self._authorize(user_name, Resources.REPOSITORY, None, Actions.READ)
         logging.info("list_available: %s", recency)
-        available = self._repository.get_package_list(recency)
+        available = self._repository.get_package_list(user_name, recency)
         return available
 
     def _get_saved_package_data(self, package):
@@ -226,7 +229,7 @@ def _do_deploy():
                 package_file = package + '.tar.gz'
                 logging.info("deploy: %s", package)
                 # download package:
-                package_data_path = self._repository.get_package(package_file)
+                package_data_path = self._repository.get_package(package_file, user_name)
                 # put package in database:
                 metadata = self._package_parser.get_package_metadata(package_data_path)
                 self._application_creator.validate_package(package, metadata)

api/src/main/resources/package_repo_rest_client.py

@@ -47,27 +47,27 @@ def put_package(self, package_name, package_data):
         logging.debug("response code: %s", str(response.status_code))
         assert response.status_code == 200
 
-    def get_package(self, package_name, expected_codes=None):
+    def get_package(self, package_name, user_name, expected_codes=None):
         """
         gets a package from the repository
         :param package_nam:
         :return: local path to file
         """
         if not expected_codes:
             expected_codes = [200]
-        response = self.make_rest_get_request("/packages/" + package_name, expected_codes)
+        response = self.make_rest_get_request("/packages/%s?user.name=%s" % (package_name, user_name), expected_codes)
         local_path = "%s/%s" % (self._package_local_dir_path, package_name)
         with open(local_path, 'wb') as local_file:
             local_file.write(response.content)
         return local_path
 
-    def get_package_list(self, recency=None):
+    def get_package_list(self, user_name, recency=None):
         """
         :return: a list of all packages in the repository
         """
-        url = "/packages"
+        url = "/packages?user.name=%s" % user_name
         if recency:
-            url = url + "?recency=" + str(recency)
+            url = url + "&recency=" + str(recency)
         response = self.make_rest_get_request(url)
         return json.loads(response.content)