Add AuthZ to Agents, Ratings and Schedules

commit-id:aa055770

deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java

@@ -16,14 +16,19 @@
 package com.pinterest.teletraan.resource;
 
 import com.pinterest.deployservice.bean.AgentBean;
+import com.pinterest.deployservice.bean.TeletraanPrincipalRoles;
 import com.pinterest.deployservice.dao.AgentDAO;
 import com.pinterest.teletraan.TeletraanServiceContext;
+import com.pinterest.teletraan.universal.security.ResourceAuthZInfo;
+import com.pinterest.teletraan.universal.security.ResourceAuthZInfo.Location;
+import com.pinterest.teletraan.universal.security.bean.AuthZResource;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import io.swagger.annotations.*;
 
+import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
@@ -69,12 +74,14 @@ public Collection<AgentBean> getById(@PathParam("hostId") String hostId) throws
 
     @PUT
     @Path("/id/{hostId : [a-zA-Z0-9\\-_]+}")
+    @RolesAllowed(TeletraanPrincipalRoles.Names.EXECUTE)
+    @ResourceAuthZInfo(type = AuthZResource.Type.ENV_STAGE, idLocation = Location.BODY)
     public void updateById(@Context SecurityContext sc,
                            @PathParam("hostId") String hostId,
                            @Valid AgentBean agentBean) throws Exception {
         String operator = sc.getUserPrincipal().getName();
         agentDAO.updateAgentById(hostId, agentBean);
-        LOG.info("Successfully update agents {} by {}: {}", hostId, operator, agentBean.toString());
+        LOG.info("Successfully update agents {} by {}: {}", hostId, operator, agentBean);
     }
 
     @GET

deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Ratings.java

@@ -4,9 +4,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- *  
+ *
  *     http://www.apache.org/licenses/LICENSE-2.0
- *    
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -15,23 +15,27 @@
  */
 package com.pinterest.teletraan.resource;
 
-import com.google.common.base.Optional;
 import com.pinterest.deployservice.bean.RatingBean;
+import com.pinterest.deployservice.bean.TeletraanPrincipalRoles;
 import com.pinterest.deployservice.handler.RatingsHandler;
 import com.pinterest.teletraan.TeletraanServiceContext;
+import com.pinterest.teletraan.universal.security.ResourceAuthZInfo;
+import com.pinterest.teletraan.universal.security.bean.AuthZResource;
 
+import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
 import javax.ws.rs.core.*;
 import java.net.URI;
 import java.util.List;
+import java.util.Optional;
 
 @Path("/v1/ratings")
 @Produces(MediaType.APPLICATION_JSON)
 @Consumes(MediaType.APPLICATION_JSON)
 public class Ratings {
-    private final static int DEFAULT_INDEX = 1;
-    private final static int DEFAULT_SIZE = 30;
+    private static final int DEFAULT_INDEX = 1;
+    private static final int DEFAULT_SIZE = 30;
     private RatingsHandler ratingsHandler;
 
     public Ratings(@Context TeletraanServiceContext context) {
@@ -41,13 +45,14 @@ public Ratings(@Context TeletraanServiceContext context) {
     @GET
     public List<RatingBean> getAll(@QueryParam("pageIndex") Optional<Integer> pageIndex,
         @QueryParam("pageSize") Optional<Integer> pageSize) throws Exception {
-        return ratingsHandler.getRatingDAO().getRatingsInfos(pageIndex.or(DEFAULT_INDEX), pageSize.or(DEFAULT_SIZE));
+        return ratingsHandler.getRatingDAO().getRatingsInfos(pageIndex.orElse(DEFAULT_INDEX), pageSize.orElse(DEFAULT_SIZE));
     }
 
     @POST
-    public Response create(@Valid RatingBean bean,
-                           @Context SecurityContext sc,
-                           @Context UriInfo uriInfo) throws Exception {
+    @RolesAllowed(TeletraanPrincipalRoles.Names.WRITE)
+    @ResourceAuthZInfo(type = AuthZResource.Type.RATINGS)
+    public Response create(@Valid RatingBean bean, @Context SecurityContext sc, @Context UriInfo uriInfo)
+            throws Exception {
         bean.setAuthor(sc.getUserPrincipal().getName());
         bean.setTimestamp(System.currentTimeMillis());
         String id = ratingsHandler.createRating(bean);
@@ -65,6 +70,8 @@ public Boolean checkUserFeedbackStatus(@PathParam("userName") String userName) t
 
     @DELETE
     @Path("/{id : [a-zA-Z0-9\\-_]+}")
+    @RolesAllowed(TeletraanPrincipalRoles.Names.DELETE)
+    @ResourceAuthZInfo(type = AuthZResource.Type.RATINGS)
     public void delete(@PathParam("id") String id, @Context SecurityContext sc) throws Exception {
         ratingsHandler.getRatingDAO().delete(id);
     }

deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Schedules.java

@@ -1,12 +1,12 @@
-/*sche
- * Copyright 2016 Pinterest, Inc.
+/*
+ * Copyright 2016-2024 Pinterest, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- *  
+ *
  *     http://www.apache.org/licenses/LICENSE-2.0
- *    
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -16,17 +16,21 @@
 package com.pinterest.teletraan.resource;
 
 import com.pinterest.deployservice.bean.ScheduleState;
+import com.pinterest.deployservice.bean.TeletraanPrincipalRoles;
 import com.pinterest.deployservice.bean.EnvironBean;
 import com.pinterest.deployservice.bean.ScheduleBean;
 import com.pinterest.deployservice.dao.ScheduleDAO;
 import com.pinterest.deployservice.dao.EnvironDAO;
 
 import com.pinterest.teletraan.TeletraanServiceContext;
+import com.pinterest.teletraan.universal.security.ResourceAuthZInfo;
+import com.pinterest.teletraan.universal.security.bean.AuthZResource;
 import com.pinterest.deployservice.common.CommonUtils;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
@@ -55,18 +59,17 @@ public ScheduleBean getSchedule(
             @PathParam("envName") String envName,
             @PathParam("stageName") String stageName,
             @PathParam("scheduleId") String scheduleId) throws Exception {
-
-        String operator = sc.getUserPrincipal().getName();
-
         ScheduleBean scheduleBean = scheduleDAO.getById(scheduleId);
         if (scheduleBean!=null) {
-            LOG.info(scheduleBean.toString());
+            LOG.info("Schedule: {}", scheduleBean);
         }
         return scheduleBean;
     }
-    
+
     @PUT
     @Path("/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/schedules")
+    @RolesAllowed(TeletraanPrincipalRoles.Names.EXECUTE)
+    @ResourceAuthZInfo(type = AuthZResource.Type.ENV_STAGE, idLocation = ResourceAuthZInfo.Location.PATH)
     public void updateSchedule(
             @Context SecurityContext sc,
             @PathParam("envName") String envName,
@@ -78,61 +81,62 @@ public void updateSchedule(
         String cooldownTimes = bean.getCooldown_times();
         String hostNumbers = bean.getHost_numbers();
         Integer totalSessions = bean.getTotal_sessions();
-        if (totalSessions > 0) { // there is a schedule  
+        if (totalSessions > 0) { // there is a schedule
             ScheduleBean scheduleBean = new ScheduleBean();
             scheduleBean.setState_start_time(System.currentTimeMillis());
             scheduleBean.setCooldown_times(cooldownTimes);
             scheduleBean.setHost_numbers(hostNumbers);
             scheduleBean.setTotal_sessions(totalSessions);
-            LOG.info(scheduleBean.toString());
+            LOG.info("Schedule: {}", scheduleBean);
             if (scheduleId == null) {
                 scheduleId = CommonUtils.getBase64UUID();
                 envBean.setSchedule_id(scheduleId);
                 environDAO.update(envName, stageName, envBean);
                 scheduleBean.setId(scheduleId);
                 scheduleDAO.insert(scheduleBean);
-                LOG.info(String.format("Successfully inserted one env %s (%s)'s schedule by %s: %s", envName, stageName, operator, scheduleBean.toString()));
+                LOG.info("Successfully inserted one env {} ({})'s schedule by {}: {}", envName, stageName, operator, scheduleBean);
             } else {
                 scheduleBean.setId(scheduleId);
                 scheduleDAO.update(scheduleBean, scheduleId);
-                LOG.info(String.format("Successfully updated one env %s (%s)'s schedule by %s: %s", envName, stageName, operator, scheduleBean.toString()));
+                LOG.info("Successfully updated one env {} ({})'s schedule by {}: {}", envName, stageName, operator, scheduleBean);
             }
         } else if (scheduleId != null) { //there are no sessions, so delete the schedule
-            scheduleDAO.delete(scheduleId); 
+            scheduleDAO.delete(scheduleId);
             environDAO.deleteSchedule(envName, stageName);
-            LOG.info(String.format("Successfully deleted env %s (%s)'s schedule by %s", envName, stageName, operator));
+            LOG.info("Successfully deleted env {} ({})'s schedule by {}", envName, stageName, operator);
         }
     }
 
     @PUT
     @Path("/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/override")
+    @RolesAllowed(TeletraanPrincipalRoles.Names.EXECUTE)
+    @ResourceAuthZInfo(type = AuthZResource.Type.ENV_STAGE, idLocation = ResourceAuthZInfo.Location.PATH)
     public void overrideSession(
             @Context SecurityContext sc,
             @PathParam("envName") String envName,
             @PathParam("stageName") String stageName,
             @QueryParam("sessionNumber") Integer sessionNumber) throws Exception {
-        String operator = sc.getUserPrincipal().getName();
         EnvironBean envBean = environDAO.getByStage(envName, stageName);
         String scheduleId = envBean.getSchedule_id();
         if (scheduleId == null) {
-            LOG.info(String.format("Cannot override session, env %s has no schedule set", envName));
+            LOG.info("Cannot override session, env {} has no schedule set", envName);
             return;
         }
         ScheduleBean scheduleBean = scheduleDAO.getById(scheduleId);
         Integer currentSession = scheduleBean.getCurrent_session();
         Integer totalSessions = scheduleBean.getTotal_sessions();
-        if (sessionNumber != currentSession) {
-            LOG.info(String.format("Overriding session %d is now invalid as deploy is already on session %d", sessionNumber, currentSession)); 
-            return;   
+        if (!sessionNumber.equals(currentSession)) {
+            LOG.info("Overriding session {} is now invalid as deploy is already on session {}", sessionNumber, currentSession);
+            return;
         }
-        if (sessionNumber == totalSessions) {
+        if (sessionNumber.equals(totalSessions)) {
             scheduleBean.setState(ScheduleState.FINAL);
-            LOG.info(String.format("Overrided session %d and currently working on the final deploy session", sessionNumber));    
+            LOG.info("Overridden session {} and currently working on the final deploy session", sessionNumber);
         } else {
             scheduleBean.setCurrent_session(sessionNumber+1);
             scheduleBean.setState(ScheduleState.RUNNING);
-            LOG.info(String.format("Overrided session %d and currently working on session %d", sessionNumber, currentSession+1));    
-        }    
+            LOG.info("Overridden session {} and currently working on session {}", sessionNumber, currentSession+1);
+        }
         scheduleBean.setState_start_time(System.currentTimeMillis());
         scheduleDAO.update(scheduleBean, scheduleId);
     }