diff options
author | olaaun <olaa@oath.com> | 2018-11-02 13:46:41 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-02 13:46:41 +0100 |
commit | 5982fb109a559f57eb8609d18360f6ded9a98760 (patch) | |
tree | 3d04b9add9456618861705dd1386f78319ff53ef /controller-server/src | |
parent | 58c69fbe0b9127bfc464d1bc6c164003aaff24ca (diff) |
Whitelist APIs. Check if request succeeded (#7552)
Diffstat (limited to 'controller-server/src')
4 files changed, 16 insertions, 9 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainer.java index b89cbaa4c82..22d738ff98c 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainer.java @@ -13,7 +13,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneId; import com.yahoo.vespa.hosted.controller.application.Deployment; import com.yahoo.vespa.hosted.controller.application.RotationStatus; import com.yahoo.vespa.hosted.controller.authority.config.ApiAuthorityConfig; -import com.yahoo.yolean.Exceptions; +import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.ByteArrayEntity; import org.apache.http.impl.client.CloseableHttpClient; @@ -155,11 +155,14 @@ public class DeploymentMetricsMaintainer extends Maintainer { } private void feedMetrics(Slime slime) throws IOException { - String uri = baseUris.get(0) + "/metricforwarding/v1/deploymentmetrics/"; // For now, we only feed to one controller + String uri = baseUris.get(0) + "/metricforwarding/v1/deploymentmetrics"; // For now, we only feed to one controller CloseableHttpClient httpClient = HttpClientBuilder.create().build(); HttpPost httpPost = new HttpPost(uri); httpPost.setEntity(new ByteArrayEntity(SlimeUtils.toJsonBytes(slime))); - httpClient.execute(httpPost); + HttpResponse response = httpClient.execute(httpPost); + if (response.getStatusLine().getStatusCode() != 200) { + log.log(Level.WARNING, "Could not feed metrics. Reason: " + response.getStatusLine().getReasonPhrase()); + } } private static RotationStatus from(com.yahoo.vespa.hosted.controller.api.integration.routing.RotationStatus status) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index b1e3f8799d6..ccd943e7f0a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -81,10 +81,10 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase { @Override public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) { Method method = getMethod(request); - if (isWhiteListedMethod(method)) return Optional.empty(); + Path path = new Path(request.getRequestURI()); + if (isWhiteListed(method, path)) return Optional.empty(); try { - Path path = new Path(request.getRequestURI()); AthenzPrincipal principal = getPrincipalOrThrow(request); if (isWhiteListedOperation(path, method)) { // no authz check @@ -106,8 +106,10 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase { } } - private static boolean isWhiteListedMethod(Method method) { - return WHITELISTED_METHODS.contains(method); + private static boolean isWhiteListed(Method method, Path path) { + return WHITELISTED_METHODS.contains(method) || + path.matches("/metricforwarding/v1/{*}") && method == POST || + path.matches("/contactinfo/v1/{*}") && method == POST; } private static boolean isWhiteListedOperation(Path path, Method method) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainerTest.java index 5014f796933..fc43a7f9411 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainerTest.java @@ -72,13 +72,13 @@ public class DeploymentMetricsMaintainerTest { metricsService.setZoneIn(assignedRotation, "proxy.prod.us-west-1.vip.test"); metricsService.setZoneOut(assignedRotation,"proxy.prod.us-east-3.vip.test"); - wireMockRule.stubFor(post(urlEqualTo("/metricforwarding/v1/deploymentmetrics/")) + wireMockRule.stubFor(post(urlEqualTo("/metricforwarding/v1/deploymentmetrics")) .willReturn(aResponse().withStatus(200))); maintainer.maintain(); List<ServeEvent> allServeEvents = getAllServeEvents(); assertEquals(1, allServeEvents.size()); - LoggedRequest request = findAll(postRequestedFor(urlEqualTo("/metricforwarding/v1/deploymentmetrics/"))).get(0); + LoggedRequest request = findAll(postRequestedFor(urlEqualTo("/metricforwarding/v1/deploymentmetrics"))).get(0); Slime slime = SlimeUtils.jsonToSlime(request.getBody()); Inspector inspector = slime.get().entry(0); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java index 19aa247edb4..6dce576e8a4 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java @@ -58,6 +58,8 @@ public class ControllerAuthorizationFilterTest { ControllerAuthorizationFilter filter = createFilter(new ControllerTester()); assertIsAllowed(invokeFilter(filter, createRequest(PUT, "/application/v4/user", USER))); assertIsAllowed(invokeFilter(filter, createRequest(POST, "/application/v4/tenant/john", USER))); + assertIsAllowed(invokeFilter(filter, createRequest(POST, "/metricforwarding/v1/deploymentmetrics", USER))); + assertIsAllowed(invokeFilter(filter, createRequest(POST, "/contactinfo/v1/tenant/john/etc", USER))); } @Test |