Java Code Examples for com.netflix.spinnaker.security.AuthenticatedRequest#allowAnonymous()

The following examples show how to use com.netflix.spinnaker.security.AuthenticatedRequest#allowAnonymous() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AtlasStorageUpdater.java    From kayenta with Apache License 2.0 6 votes vote down vote up 
boolean run(
    RetrofitClientFactory retrofitClientFactory,
    ObjectMapper objectMapper,
    OkHttpClient okHttpClient) {
  RemoteService remoteService = new RemoteService();
  remoteService.setBaseUrl(uri);
  AtlasStorageRemoteService atlasStorageRemoteService =
      retrofitClientFactory.createClient(
          AtlasStorageRemoteService.class,
          new JacksonConverter(objectMapper),
          remoteService,
          okHttpClient);
  try {
    Map<String, Map<String, AtlasStorage>> atlasStorageMap =
        AuthenticatedRequest.allowAnonymous(atlasStorageRemoteService::fetch);
    atlasStorageDatabase.update(atlasStorageMap);
  } catch (RetrofitError e) {
    log.warn("While fetching atlas backends from " + uri, e);
    return succeededAtLeastOnce;
  }
  succeededAtLeastOnce = true;
  return true;
}
Example 2
Source File: BackendUpdater.java    From kayenta with Apache License 2.0 6 votes vote down vote up 
boolean run(
    RetrofitClientFactory retrofitClientFactory,
    ObjectMapper objectMapper,
    OkHttpClient okHttpClient) {
  RemoteService remoteService = new RemoteService();
  remoteService.setBaseUrl(uri);
  BackendsRemoteService backendsRemoteService =
      retrofitClientFactory.createClient(
          BackendsRemoteService.class,
          new JacksonConverter(objectMapper),
          remoteService,
          okHttpClient);
  try {
    List<Backend> backends = AuthenticatedRequest.allowAnonymous(backendsRemoteService::fetch);
    backendDatabase.update(backends);
  } catch (RetrofitError e) {
    log.warn("While fetching atlas backends from " + uri, e);
    return succeededAtLeastOnce;
  }
  succeededAtLeastOnce = true;
  return true;
}
Example 3
Source File: PipelineInitiator.java    From echo with Apache License 2.0 6 votes vote down vote up 
/**
 * The set of accounts that a user has WRITE access to.
 *
 * <p>Similar filtering can be found in `gate` (see AllowedAccountsSupport.java).
 *
 * @param user A service account name (or 'anonymous' if not specified)
 * @return the allowed accounts for {@param user} as determined by fiat
 */
private Set<String> getAllowedAccountsForUser(String user) {
  if (fiatPermissionEvaluator == null || !fiatStatus.isLegacyFallbackEnabled()) {
    return Collections.emptySet();
  }

  UserPermission.View userPermission = null;
  try {
    userPermission =
        AuthenticatedRequest.allowAnonymous(() -> fiatPermissionEvaluator.getPermission(user));
  } catch (Exception e) {
    log.error("Unable to fetch permission for {}", user, e);
  }

  if (userPermission == null) {
    return Collections.emptySet();
  }

  return userPermission.getAccounts().stream()
      .filter(v -> v.getAuthorizations().contains(Authorization.WRITE))
      .map(Account.View::getName)
      .collect(Collectors.toSet());
}
Example 4
Source File: ConfigBinStorageService.java    From kayenta with Apache License 2.0 5 votes vote down vote up 
@Override
public List<Map<String, Object>> listObjectKeys(
    String accountName, ObjectType objectType, List<String> applications, boolean skipIndex) {
  ConfigBinNamedAccountCredentials credentials =
      accountCredentialsRepository.getRequiredOne(accountName);

  if (!skipIndex && objectType == ObjectType.CANARY_CONFIG) {
    Set<Map<String, Object>> canaryConfigSet =
        canaryConfigIndex.getCanaryConfigSummarySet(credentials, applications);

    return Lists.newArrayList(canaryConfigSet);
  } else {
    String ownerApp = credentials.getOwnerApp();
    String configType = credentials.getConfigType();
    ConfigBinRemoteService remoteService = credentials.getRemoteService();
    String jsonBody =
        AuthenticatedRequest.allowAnonymous(
            () ->
                retry.retry(
                    () -> remoteService.list(ownerApp, configType), MAX_RETRIES, RETRY_BACKOFF));

    try {
      List<String> ids =
          kayentaObjectMapper.readValue(jsonBody, new TypeReference<List<String>>() {});

      if (ids.size() > 0) {
        return ids.stream().map(i -> metadataFor(credentials, i)).collect(Collectors.toList());
      }
    } catch (IOException e) {
      log.error("List failed on path {}: {}", ownerApp, e);
    }

    return Collections.emptyList();
  }
}
Example 5
Source File: PipelineCache.java    From echo with Apache License 2.0 5 votes vote down vote up 
/**
 * If the pipeline is a v2 pipeline, plan that pipeline. Returns an empty map if the plan fails,
 * so that the pipeline is skipped.
 */
private Map<String, Object> planPipelineIfNeeded(
    Map<String, Object> pipeline, Predicate<Map<String, Object>> isV2Pipeline) {
  if (isV2Pipeline.test(pipeline)) {
    try {
      return AuthenticatedRequest.allowAnonymous(() -> orca.v2Plan(pipeline));
    } catch (Exception e) {
      // Don't fail the entire cache cycle if we fail a plan.
      log.error("Caught exception while planning templated pipeline: {}", pipeline, e);
      return Collections.emptyMap();
    }
  } else {
    return pipeline;
  }
}
Example 6
Source File: BaseTriggerEventHandler.java    From echo with Apache License 2.0 5 votes vote down vote up 
protected boolean canAccessApplication(Trigger trigger) {
  String runAsUser = trigger.getRunAsUser();
  if (runAsUser == null) {
    runAsUser = "anonymous";
  }
  String user = runAsUser;
  String application = trigger.getParent().getApplication();
  boolean hasPermission =
      AuthenticatedRequest.allowAnonymous(
          () ->
              fiatPermissionEvaluator.hasPermission(user, application, "APPLICATION", "EXECUTE"));
  if (!hasPermission) {
    log.info(
        "The user '{}' does not have access to execute pipelines in the application '{}', skipped triggering of pipeline '{}'.",
        user,
        application,
        trigger.getParent().getName());
    registry.counter(
        "trigger.errors.accessdenied",
        "application",
        application,
        "user",
        user,
        "pipeline",
        trigger.getParent().getName());
  }
  return hasPermission;
}
Example 7
Source File: ConfigBinStorageService.java    From kayenta with Apache License 2.0 4 votes vote down vote up 
@Override
public void deleteObject(String accountName, ObjectType objectType, String objectKey) {
  ConfigBinNamedAccountCredentials credentials =
      accountCredentialsRepository.getRequiredOne(accountName);
  String ownerApp = credentials.getOwnerApp();
  String configType = credentials.getConfigType();

  long updatedTimestamp = -1;
  String correlationId = null;
  String canaryConfigSummaryJson = null;

  if (objectType == ObjectType.CANARY_CONFIG) {
    updatedTimestamp = canaryConfigIndex.getRedisTime();

    Map<String, Object> existingCanaryConfigSummary =
        canaryConfigIndex.getSummaryFromId(credentials, objectKey);

    if (existingCanaryConfigSummary != null) {
      String canaryConfigName = (String) existingCanaryConfigSummary.get("name");
      List<String> applications = (List<String>) existingCanaryConfigSummary.get("applications");

      correlationId = UUID.randomUUID().toString();

      Map<String, Object> canaryConfigSummary =
          new ImmutableMap.Builder<String, Object>()
              .put("id", objectKey)
              .put("name", canaryConfigName)
              .put("updatedTimestamp", updatedTimestamp)
              .put("updatedTimestampIso", Instant.ofEpochMilli(updatedTimestamp).toString())
              .put("applications", applications)
              .build();

      try {
        canaryConfigSummaryJson = kayentaObjectMapper.writeValueAsString(canaryConfigSummary);
      } catch (JsonProcessingException e) {
        throw new IllegalArgumentException(
            "Problem serializing canaryConfigSummary -> " + canaryConfigSummary, e);
      }

      canaryConfigIndex.startPendingUpdate(
          credentials,
          updatedTimestamp + "",
          CanaryConfigIndexAction.DELETE,
          correlationId,
          canaryConfigSummaryJson);
    }
  }

  ConfigBinRemoteService remoteService = credentials.getRemoteService();

  // TODO(mgraff): If remoteService.delete() throws an exception when the target config does not
  // exist, we should
  // try/catch it here and then call canaryConfigIndex.removeFailedPendingUpdate() like the other
  // storage service
  // implementations do.
  AuthenticatedRequest.allowAnonymous(
      () ->
          retry.retry(
              () -> remoteService.delete(ownerApp, configType, objectKey),
              MAX_RETRIES,
              RETRY_BACKOFF));

  if (correlationId != null) {
    canaryConfigIndex.finishPendingUpdate(
        credentials, CanaryConfigIndexAction.DELETE, correlationId);
  }
}
Example 8
Source File: PipelineCache.java    From echo with Apache License 2.0 4 votes vote down vote up 
private List<Map<String, Object>> fetchRawPipelines() {
  List<Map<String, Object>> rawPipelines =
      AuthenticatedRequest.allowAnonymous(() -> front50.getPipelines());
  return (rawPipelines == null) ? Collections.emptyList() : rawPipelines;
}