From dd595ebe0071501f81e59e6314c1a5a91a5efada Mon Sep 17 00:00:00 2001 From: Tyler Ouyang Date: Fri, 1 Mar 2024 16:14:48 -0800 Subject: [PATCH] Add AuthZ to Agents, Ratings and Schedules commit-id:aa055770 --- .../pinterest/teletraan/resource/Agents.java | 9 ++++- .../pinterest/teletraan/resource/Ratings.java | 19 ++++++---- .../teletraan/resource/Schedules.java | 38 ++++++++++--------- 3 files changed, 41 insertions(+), 25 deletions(-) diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java index f27e7df904..695709694b 100644 --- a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java +++ b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java @@ -16,8 +16,12 @@ package com.pinterest.teletraan.resource; import com.pinterest.deployservice.bean.AgentBean; +import com.pinterest.deployservice.bean.TeletraanPrincipalRoles; import com.pinterest.deployservice.dao.AgentDAO; import com.pinterest.teletraan.TeletraanServiceContext; +import com.pinterest.teletraan.universal.security.ResourceAuthZInfo; +import com.pinterest.teletraan.universal.security.ResourceAuthZInfo.Location; +import com.pinterest.teletraan.universal.security.bean.AuthZResource; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -25,6 +29,7 @@ import io.swagger.annotations.*; import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; import javax.validation.Valid; import javax.ws.rs.*; import javax.ws.rs.core.Context; @@ -71,12 +76,14 @@ public Collection getById(@PathParam("hostId") String hostId) throws @PUT @Path("/id/{hostId : [a-zA-Z0-9\\-_]+}") + @RolesAllowed(TeletraanPrincipalRoles.Names.EXECUTE) + @ResourceAuthZInfo(type = AuthZResource.Type.ENV_STAGE, idLocation = Location.BODY) public void updateById(@Context SecurityContext sc, @PathParam("hostId") String hostId, @Valid AgentBean agentBean) throws Exception { String operator = sc.getUserPrincipal().getName(); agentDAO.updateAgentById(hostId, agentBean); - LOG.info("Successfully update agents {} by {}: {}", hostId, operator, agentBean.toString()); + LOG.info("Successfully update agents {} by {}: {}", hostId, operator, agentBean); } @GET diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Ratings.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Ratings.java index 86b52b9c92..b50826ae1f 100644 --- a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Ratings.java +++ b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Ratings.java @@ -15,25 +15,29 @@ */ package com.pinterest.teletraan.resource; -import com.google.common.base.Optional; import com.pinterest.deployservice.bean.RatingBean; +import com.pinterest.deployservice.bean.TeletraanPrincipalRoles; import com.pinterest.deployservice.handler.RatingsHandler; import com.pinterest.teletraan.TeletraanServiceContext; +import com.pinterest.teletraan.universal.security.ResourceAuthZInfo; +import com.pinterest.teletraan.universal.security.bean.AuthZResource; import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; import javax.validation.Valid; import javax.ws.rs.*; import javax.ws.rs.core.*; import java.net.URI; import java.util.List; +import java.util.Optional; @PermitAll @Path("/v1/ratings") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public class Ratings { - private final static int DEFAULT_INDEX = 1; - private final static int DEFAULT_SIZE = 30; + private static final int DEFAULT_INDEX = 1; + private static final int DEFAULT_SIZE = 30; private RatingsHandler ratingsHandler; public Ratings(@Context TeletraanServiceContext context) { @@ -43,13 +47,12 @@ public Ratings(@Context TeletraanServiceContext context) { @GET public List getAll(@QueryParam("pageIndex") Optional pageIndex, @QueryParam("pageSize") Optional pageSize) throws Exception { - return ratingsHandler.getRatingDAO().getRatingsInfos(pageIndex.or(DEFAULT_INDEX), pageSize.or(DEFAULT_SIZE)); + return ratingsHandler.getRatingDAO().getRatingsInfos(pageIndex.orElse(DEFAULT_INDEX), pageSize.orElse(DEFAULT_SIZE)); } @POST - public Response create(@Valid RatingBean bean, - @Context SecurityContext sc, - @Context UriInfo uriInfo) throws Exception { + public Response create(@Valid RatingBean bean, @Context SecurityContext sc, @Context UriInfo uriInfo) + throws Exception { bean.setAuthor(sc.getUserPrincipal().getName()); bean.setTimestamp(System.currentTimeMillis()); String id = ratingsHandler.createRating(bean); @@ -67,6 +70,8 @@ public Boolean checkUserFeedbackStatus(@PathParam("userName") String userName) t @DELETE @Path("/{id : [a-zA-Z0-9\\-_]+}") + @RolesAllowed(TeletraanPrincipalRoles.Names.DELETE) + @ResourceAuthZInfo(type = AuthZResource.Type.SYSTEM) public void delete(@PathParam("id") String id, @Context SecurityContext sc) throws Exception { ratingsHandler.getRatingDAO().delete(id); } diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Schedules.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Schedules.java index 4e285c01bc..b27119f6bd 100644 --- a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Schedules.java +++ b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Schedules.java @@ -1,5 +1,5 @@ -/*sche - * Copyright 2016 Pinterest, Inc. +/* + * Copyright 2016-2024 Pinterest, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,18 +16,22 @@ package com.pinterest.teletraan.resource; import com.pinterest.deployservice.bean.ScheduleState; +import com.pinterest.deployservice.bean.TeletraanPrincipalRoles; import com.pinterest.deployservice.bean.EnvironBean; import com.pinterest.deployservice.bean.ScheduleBean; import com.pinterest.deployservice.dao.ScheduleDAO; import com.pinterest.deployservice.dao.EnvironDAO; import com.pinterest.teletraan.TeletraanServiceContext; +import com.pinterest.teletraan.universal.security.ResourceAuthZInfo; +import com.pinterest.teletraan.universal.security.bean.AuthZResource; import com.pinterest.deployservice.common.CommonUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; import javax.validation.Valid; import javax.ws.rs.*; import javax.ws.rs.core.Context; @@ -56,18 +60,17 @@ public ScheduleBean getSchedule( @PathParam("envName") String envName, @PathParam("stageName") String stageName, @PathParam("scheduleId") String scheduleId) throws Exception { - - String operator = sc.getUserPrincipal().getName(); - ScheduleBean scheduleBean = scheduleDAO.getById(scheduleId); if (scheduleBean!=null) { - LOG.info(scheduleBean.toString()); + LOG.info("Schedule: {}", scheduleBean); } return scheduleBean; } @PUT @Path("/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/schedules") + @RolesAllowed(TeletraanPrincipalRoles.Names.EXECUTE) + @ResourceAuthZInfo(type = AuthZResource.Type.ENV_STAGE, idLocation = ResourceAuthZInfo.Location.PATH) public void updateSchedule( @Context SecurityContext sc, @PathParam("envName") String envName, @@ -85,54 +88,55 @@ public void updateSchedule( scheduleBean.setCooldown_times(cooldownTimes); scheduleBean.setHost_numbers(hostNumbers); scheduleBean.setTotal_sessions(totalSessions); - LOG.info(scheduleBean.toString()); + LOG.info("Schedule: {}", scheduleBean); if (scheduleId == null) { scheduleId = CommonUtils.getBase64UUID(); envBean.setSchedule_id(scheduleId); environDAO.update(envName, stageName, envBean); scheduleBean.setId(scheduleId); scheduleDAO.insert(scheduleBean); - LOG.info(String.format("Successfully inserted one env %s (%s)'s schedule by %s: %s", envName, stageName, operator, scheduleBean.toString())); + LOG.info("Successfully inserted one env {} ({})'s schedule by {}: {}", envName, stageName, operator, scheduleBean); } else { scheduleBean.setId(scheduleId); scheduleDAO.update(scheduleBean, scheduleId); - LOG.info(String.format("Successfully updated one env %s (%s)'s schedule by %s: %s", envName, stageName, operator, scheduleBean.toString())); + LOG.info("Successfully updated one env {} ({})'s schedule by {}: {}", envName, stageName, operator, scheduleBean); } } else if (scheduleId != null) { //there are no sessions, so delete the schedule scheduleDAO.delete(scheduleId); environDAO.deleteSchedule(envName, stageName); - LOG.info(String.format("Successfully deleted env %s (%s)'s schedule by %s", envName, stageName, operator)); + LOG.info("Successfully deleted env {} ({})'s schedule by {}", envName, stageName, operator); } } @PUT @Path("/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/override") + @RolesAllowed(TeletraanPrincipalRoles.Names.EXECUTE) + @ResourceAuthZInfo(type = AuthZResource.Type.ENV_STAGE, idLocation = ResourceAuthZInfo.Location.PATH) public void overrideSession( @Context SecurityContext sc, @PathParam("envName") String envName, @PathParam("stageName") String stageName, @QueryParam("sessionNumber") Integer sessionNumber) throws Exception { - String operator = sc.getUserPrincipal().getName(); EnvironBean envBean = environDAO.getByStage(envName, stageName); String scheduleId = envBean.getSchedule_id(); if (scheduleId == null) { - LOG.info(String.format("Cannot override session, env %s has no schedule set", envName)); + LOG.info("Cannot override session, env {} has no schedule set", envName); return; } ScheduleBean scheduleBean = scheduleDAO.getById(scheduleId); Integer currentSession = scheduleBean.getCurrent_session(); Integer totalSessions = scheduleBean.getTotal_sessions(); - if (sessionNumber != currentSession) { - LOG.info(String.format("Overriding session %d is now invalid as deploy is already on session %d", sessionNumber, currentSession)); + if (!sessionNumber.equals(currentSession)) { + LOG.info("Overriding session {} is now invalid as deploy is already on session {}", sessionNumber, currentSession); return; } - if (sessionNumber == totalSessions) { + if (sessionNumber.equals(totalSessions)) { scheduleBean.setState(ScheduleState.FINAL); - LOG.info(String.format("Overrided session %d and currently working on the final deploy session", sessionNumber)); + LOG.info("Overridden session {} and currently working on the final deploy session", sessionNumber); } else { scheduleBean.setCurrent_session(sessionNumber+1); scheduleBean.setState(ScheduleState.RUNNING); - LOG.info(String.format("Overrided session %d and currently working on session %d", sessionNumber, currentSession+1)); + LOG.info("Overridden session {} and currently working on session {}", sessionNumber, currentSession+1); } scheduleBean.setState_start_time(System.currentTimeMillis()); scheduleDAO.update(scheduleBean, scheduleId);