Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace Teletraan AuthN and AuthZ implementation #1487

Merged
merged 1 commit into from
Mar 28, 2024
Merged

Replace Teletraan AuthN and AuthZ implementation #1487

merged 1 commit into from
Mar 28, 2024

Conversation

tylerwowen
Copy link
Contributor

@tylerwowen tylerwowen commented Mar 2, 2024
edited
Loading

This PR replaces Teletraan AuthN and AuthZ implementation with the new security package in the universal library. It's a non-breaking change and clients should expect almost the same behaviors, except a couple of authorization fixes.

Changes by package

com.pinterest.deployservice.bean

  • Replace Resource by AuthZResource, which is from universal lib
  • Replace Role by TeletraanPrincipalRoles
    • Extended the original Role

com.pinterest.deployservice.dao

  • Replace Resource by AuthZResource, which is from universal lib

com.pinterest.deployservice.db

  • Replace Resource by AuthZResource, which is from universal lib
  • Update tests

com.pinterest.teletraan

  • Replaced authenticator and authorizer
  • Other changes to pick up the new implementation

com.pinterest.teletraan.config

  • TokenAuthorizationFactory -> RoleAuthorizationFactory with some new implementations1
  • new TokenAuthenticationFactory implementation

com.pinterest.teletraan.security

Main changes are here

  • Many classes are replaced by implementations in the universal lib.
  • implementations of
    • AuthZResourceExtractor
    • authorizers BaseAuthorizer<UserPrincipal>, BaseAuthorizer<ScriptTokenPrincipal<ValueBasedRole>>
    • ScriptTokenProvider<ValueBasedRole>
    • AuthZResourceExtractor.Factory
  • bunch of tests

com.pinterest.teletraan.resource

Seems a lot but no.

  • Replace authorization implementation with annotations.
    • @RolesAllowed
    • @PermitAll
    • @ResourceAuthZInfo

Test and validation

  • Unit tests
  • Resource tests
  • Will also deploy to dev1 for E2E tests

Misc.

Stack:

⚠️ Part of a stack created by spr. Do not merge manually using the UI - doing so may have unexpected results.

Things remaining

  • Add resource tests
  • Add more test cases in UserRoleAuthorizerTest

@tylerwowen tylerwowen requested a review from a team as a code owner March 2, 2024 00:25
@github-actions github-actions bot added the deploy-service Includes changes to deploy-service label Mar 2, 2024
This was referenced Mar 2, 2024
Merged
Merged
@tylerwowen tylerwowen removed the request for review from a team March 2, 2024 00:28
@tylerwowen tylerwowen marked this pull request as draft March 2, 2024 00:28
@tylerwowen tylerwowen added this to the Teletraan AuthN & AuthZ milestone Mar 2, 2024
@tylerwowen tylerwowen mentioned this pull request Mar 4, 2024
Merged
@tylerwowen tylerwowen force-pushed the spr/master/bf5d6dfa branch 2 times, most recently from b3be719 to 86eaa28 Compare March 5, 2024 03:23
@tylerwowen tylerwowen force-pushed the spr/master/17aa4dbb branch 2 times, most recently from 051c7c0 to df4b162 Compare March 6, 2024 01:37
@tylerwowen tylerwowen force-pushed the spr/master/bf5d6dfa branch 2 times, most recently from 02104a7 to 7f2b3d2 Compare March 6, 2024 18:46
@tylerwowen tylerwowen force-pushed the spr/master/bf5d6dfa branch 2 times, most recently from 4ae1f66 to f20f76f Compare March 7, 2024 18:33
@tylerwowen tylerwowen force-pushed the spr/master/17aa4dbb branch 2 times, most recently from 48a0a36 to 7aeecbd Compare March 12, 2024 19:01
@github-actions github-actions bot added the deploy-board Includes changes to deploy-board label Mar 12, 2024
Base automatically changed from spr/master/17aa4dbb to master March 13, 2024 16:56
@tylerwowen tylerwowen mentioned this pull request Mar 13, 2024
Merged
@tylerwowen tylerwowen force-pushed the spr/master/bf5d6dfa branch 3 times, most recently from f3c5bea to dcd4cbf Compare March 19, 2024 23:30
@tylerwowen tylerwowen force-pushed the spr/master/bf5d6dfa branch 2 times, most recently from 78bc6cb to 8a611a6 Compare March 25, 2024 20:15
vitalii-honchar
vitalii-honchar requested changes Mar 25, 2024
View reviewed changes
...y-service/common/src/main/java/com/pinterest/deployservice/bean/TeletraanPrincipalRoles.java Outdated Show resolved Hide resolved
...y-service/common/src/main/java/com/pinterest/deployservice/bean/TeletraanPrincipalRoles.java Outdated Show resolved Hide resolved
.../teletraanservice/src/main/java/com/pinterest/teletraan/config/RoleAuthorizationFactory.java Outdated Show resolved Hide resolved
.../teletraanservice/src/main/java/com/pinterest/teletraan/config/RoleAuthorizationFactory.java Show resolved Hide resolved
...eletraanservice/src/main/java/com/pinterest/teletraan/config/TokenAuthenticationFactory.java Show resolved Hide resolved
deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Hosts.java Show resolved Hide resolved
...ervice/teletraanservice/src/main/java/com/pinterest/teletraan/security/EnvPathExtractor.java Outdated Show resolved Hide resolved
...e/teletraanservice/src/main/java/com/pinterest/teletraan/security/EnvStageBodyExtractor.java Show resolved Hide resolved
...e/teletraanservice/src/main/java/com/pinterest/teletraan/security/EnvStagePathExtractor.java Outdated Show resolved Hide resolved
...rvice/teletraanservice/src/test/java/com/pinterest/teletraan/fixture/EnvironBeanFixture.java Show resolved Hide resolved
@tylerwowen tylerwowen force-pushed the spr/master/bf5d6dfa branch 2 times, most recently from 2bdc351 to 163bd3c Compare March 26, 2024 01:07
@tylerwowen tylerwowen force-pushed the spr/master/bf5d6dfa branch 8 times, most recently from 1d6b390 to d810d8f Compare March 28, 2024 00:56
@tylerwowen tylerwowen merged commit e41d5f2 into master Mar 28, 2024
9 checks passed
@tylerwowen tylerwowen deleted the spr/master/bf5d6dfa branch March 28, 2024 22:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vitalii-honchar vitalii-honchar vitalii-honchar approved these changes

Assignees
No one assigned
Labels
deploy-service Includes changes to deploy-service
Projects
None yet
Milestone
Teletraan AuthN & AuthZ
Development

Successfully merging this pull request may close these issues.
2 participants
@tylerwowen @vitalii-honchar