From 21e8feb84ad90aa96aacbb6de3e14c4b313bedcd Mon Sep 17 00:00:00 2001 From: Tyler Ouyang Date: Fri, 1 Mar 2024 16:14:48 -0800 Subject: [PATCH] Add AuthZ to Agents, Ratings and Schedules commit-id:aa055770 --- .../pinterest/teletraan/resource/Agents.java | 9 +++- .../pinterest/teletraan/resource/Ratings.java | 25 +++++---- .../teletraan/resource/Schedules.java | 52 ++++++++++--------- 3 files changed, 52 insertions(+), 34 deletions(-) diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java index 23b32606af..ac846c5f7e 100644 --- a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java +++ b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java @@ -16,14 +16,19 @@ package com.pinterest.teletraan.resource; import com.pinterest.deployservice.bean.AgentBean; +import com.pinterest.deployservice.bean.TeletraanPrincipalRoles; import com.pinterest.deployservice.dao.AgentDAO; import com.pinterest.teletraan.TeletraanServiceContext; +import com.pinterest.teletraan.universal.security.ResourceAuthZInfo; +import com.pinterest.teletraan.universal.security.ResourceAuthZInfo.Location; +import com.pinterest.teletraan.universal.security.bean.AuthZResource; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import io.swagger.annotations.*; +import javax.annotation.security.RolesAllowed; import javax.validation.Valid; import javax.ws.rs.*; import javax.ws.rs.core.Context; @@ -69,12 +74,14 @@ public Collection getById(@PathParam("hostId") String hostId) throws @PUT @Path("/id/{hostId : [a-zA-Z0-9\\-_]+}") + @RolesAllowed(TeletraanPrincipalRoles.Names.EXECUTE) + @ResourceAuthZInfo(type = AuthZResource.Type.ENV_STAGE, idLocation = Location.BODY) public void updateById(@Context SecurityContext sc, @PathParam("hostId") String hostId, @Valid AgentBean agentBean) throws Exception { String operator = sc.getUserPrincipal().getName(); agentDAO.updateAgentById(hostId, agentBean); - LOG.info("Successfully update agents {} by {}: {}", hostId, operator, agentBean.toString()); + LOG.info("Successfully update agents {} by {}: {}", hostId, operator, agentBean); } @GET diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Ratings.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Ratings.java index 9e17d9cd7d..46e4c48b59 100644 --- a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Ratings.java +++ b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Ratings.java @@ -4,9 +4,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -15,23 +15,27 @@ */ package com.pinterest.teletraan.resource; -import com.google.common.base.Optional; import com.pinterest.deployservice.bean.RatingBean; +import com.pinterest.deployservice.bean.TeletraanPrincipalRoles; import com.pinterest.deployservice.handler.RatingsHandler; import com.pinterest.teletraan.TeletraanServiceContext; +import com.pinterest.teletraan.universal.security.ResourceAuthZInfo; +import com.pinterest.teletraan.universal.security.bean.AuthZResource; +import javax.annotation.security.RolesAllowed; import javax.validation.Valid; import javax.ws.rs.*; import javax.ws.rs.core.*; import java.net.URI; import java.util.List; +import java.util.Optional; @Path("/v1/ratings") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public class Ratings { - private final static int DEFAULT_INDEX = 1; - private final static int DEFAULT_SIZE = 30; + private static final int DEFAULT_INDEX = 1; + private static final int DEFAULT_SIZE = 30; private RatingsHandler ratingsHandler; public Ratings(@Context TeletraanServiceContext context) { @@ -41,13 +45,14 @@ public Ratings(@Context TeletraanServiceContext context) { @GET public List getAll(@QueryParam("pageIndex") Optional pageIndex, @QueryParam("pageSize") Optional pageSize) throws Exception { - return ratingsHandler.getRatingDAO().getRatingsInfos(pageIndex.or(DEFAULT_INDEX), pageSize.or(DEFAULT_SIZE)); + return ratingsHandler.getRatingDAO().getRatingsInfos(pageIndex.orElse(DEFAULT_INDEX), pageSize.orElse(DEFAULT_SIZE)); } @POST - public Response create(@Valid RatingBean bean, - @Context SecurityContext sc, - @Context UriInfo uriInfo) throws Exception { + @RolesAllowed(TeletraanPrincipalRoles.Names.WRITE) + @ResourceAuthZInfo(type = AuthZResource.Type.RATINGS) + public Response create(@Valid RatingBean bean, @Context SecurityContext sc, @Context UriInfo uriInfo) + throws Exception { bean.setAuthor(sc.getUserPrincipal().getName()); bean.setTimestamp(System.currentTimeMillis()); String id = ratingsHandler.createRating(bean); @@ -65,6 +70,8 @@ public Boolean checkUserFeedbackStatus(@PathParam("userName") String userName) t @DELETE @Path("/{id : [a-zA-Z0-9\\-_]+}") + @RolesAllowed(TeletraanPrincipalRoles.Names.DELETE) + @ResourceAuthZInfo(type = AuthZResource.Type.RATINGS) public void delete(@PathParam("id") String id, @Context SecurityContext sc) throws Exception { ratingsHandler.getRatingDAO().delete(id); } diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Schedules.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Schedules.java index 70416fc123..a91b333f4d 100644 --- a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Schedules.java +++ b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Schedules.java @@ -1,12 +1,12 @@ -/*sche - * Copyright 2016 Pinterest, Inc. +/* + * Copyright 2016-2024 Pinterest, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -16,17 +16,21 @@ package com.pinterest.teletraan.resource; import com.pinterest.deployservice.bean.ScheduleState; +import com.pinterest.deployservice.bean.TeletraanPrincipalRoles; import com.pinterest.deployservice.bean.EnvironBean; import com.pinterest.deployservice.bean.ScheduleBean; import com.pinterest.deployservice.dao.ScheduleDAO; import com.pinterest.deployservice.dao.EnvironDAO; import com.pinterest.teletraan.TeletraanServiceContext; +import com.pinterest.teletraan.universal.security.ResourceAuthZInfo; +import com.pinterest.teletraan.universal.security.bean.AuthZResource; import com.pinterest.deployservice.common.CommonUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.annotation.security.RolesAllowed; import javax.validation.Valid; import javax.ws.rs.*; import javax.ws.rs.core.Context; @@ -55,18 +59,17 @@ public ScheduleBean getSchedule( @PathParam("envName") String envName, @PathParam("stageName") String stageName, @PathParam("scheduleId") String scheduleId) throws Exception { - - String operator = sc.getUserPrincipal().getName(); - ScheduleBean scheduleBean = scheduleDAO.getById(scheduleId); if (scheduleBean!=null) { - LOG.info(scheduleBean.toString()); + LOG.info("Schedule: {}", scheduleBean); } return scheduleBean; } - + @PUT @Path("/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/schedules") + @RolesAllowed(TeletraanPrincipalRoles.Names.EXECUTE) + @ResourceAuthZInfo(type = AuthZResource.Type.ENV_STAGE, idLocation = ResourceAuthZInfo.Location.PATH) public void updateSchedule( @Context SecurityContext sc, @PathParam("envName") String envName, @@ -78,61 +81,62 @@ public void updateSchedule( String cooldownTimes = bean.getCooldown_times(); String hostNumbers = bean.getHost_numbers(); Integer totalSessions = bean.getTotal_sessions(); - if (totalSessions > 0) { // there is a schedule + if (totalSessions > 0) { // there is a schedule ScheduleBean scheduleBean = new ScheduleBean(); scheduleBean.setState_start_time(System.currentTimeMillis()); scheduleBean.setCooldown_times(cooldownTimes); scheduleBean.setHost_numbers(hostNumbers); scheduleBean.setTotal_sessions(totalSessions); - LOG.info(scheduleBean.toString()); + LOG.info("Schedule: {}", scheduleBean); if (scheduleId == null) { scheduleId = CommonUtils.getBase64UUID(); envBean.setSchedule_id(scheduleId); environDAO.update(envName, stageName, envBean); scheduleBean.setId(scheduleId); scheduleDAO.insert(scheduleBean); - LOG.info(String.format("Successfully inserted one env %s (%s)'s schedule by %s: %s", envName, stageName, operator, scheduleBean.toString())); + LOG.info("Successfully inserted one env {} ({})'s schedule by {}: {}", envName, stageName, operator, scheduleBean); } else { scheduleBean.setId(scheduleId); scheduleDAO.update(scheduleBean, scheduleId); - LOG.info(String.format("Successfully updated one env %s (%s)'s schedule by %s: %s", envName, stageName, operator, scheduleBean.toString())); + LOG.info("Successfully updated one env {} ({})'s schedule by {}: {}", envName, stageName, operator, scheduleBean); } } else if (scheduleId != null) { //there are no sessions, so delete the schedule - scheduleDAO.delete(scheduleId); + scheduleDAO.delete(scheduleId); environDAO.deleteSchedule(envName, stageName); - LOG.info(String.format("Successfully deleted env %s (%s)'s schedule by %s", envName, stageName, operator)); + LOG.info("Successfully deleted env {} ({})'s schedule by {}", envName, stageName, operator); } } @PUT @Path("/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/override") + @RolesAllowed(TeletraanPrincipalRoles.Names.EXECUTE) + @ResourceAuthZInfo(type = AuthZResource.Type.ENV_STAGE, idLocation = ResourceAuthZInfo.Location.PATH) public void overrideSession( @Context SecurityContext sc, @PathParam("envName") String envName, @PathParam("stageName") String stageName, @QueryParam("sessionNumber") Integer sessionNumber) throws Exception { - String operator = sc.getUserPrincipal().getName(); EnvironBean envBean = environDAO.getByStage(envName, stageName); String scheduleId = envBean.getSchedule_id(); if (scheduleId == null) { - LOG.info(String.format("Cannot override session, env %s has no schedule set", envName)); + LOG.info("Cannot override session, env {} has no schedule set", envName); return; } ScheduleBean scheduleBean = scheduleDAO.getById(scheduleId); Integer currentSession = scheduleBean.getCurrent_session(); Integer totalSessions = scheduleBean.getTotal_sessions(); - if (sessionNumber != currentSession) { - LOG.info(String.format("Overriding session %d is now invalid as deploy is already on session %d", sessionNumber, currentSession)); - return; + if (!sessionNumber.equals(currentSession)) { + LOG.info("Overriding session {} is now invalid as deploy is already on session {}", sessionNumber, currentSession); + return; } - if (sessionNumber == totalSessions) { + if (sessionNumber.equals(totalSessions)) { scheduleBean.setState(ScheduleState.FINAL); - LOG.info(String.format("Overrided session %d and currently working on the final deploy session", sessionNumber)); + LOG.info("Overridden session {} and currently working on the final deploy session", sessionNumber); } else { scheduleBean.setCurrent_session(sessionNumber+1); scheduleBean.setState(ScheduleState.RUNNING); - LOG.info(String.format("Overrided session %d and currently working on session %d", sessionNumber, currentSession+1)); - } + LOG.info("Overridden session {} and currently working on session {}", sessionNumber, currentSession+1); + } scheduleBean.setState_start_time(System.currentTimeMillis()); scheduleDAO.update(scheduleBean, scheduleId); }