Whitelist APIs. Check if request succeeded (#7552)

author: olaaun <olaa@oath.com> 2018-11-02 13:46:41 +0100
committer: GitHub <noreply@github.com> 2018-11-02 13:46:41 +0100
commit: 5982fb109a559f57eb8609d18360f6ded9a98760 (patch)
tree: 3d04b9add9456618861705dd1386f78319ff53ef /controller-server/src
parent: 58c69fbe0b9127bfc464d1bc6c164003aaff24ca (diff)
4 files changed, 16 insertions, 9 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainer.java
index b89cbaa4c82..22d738ff98c 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainer.java
@@ -13,7 +13,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneId;
 import com.yahoo.vespa.hosted.controller.application.Deployment;
 import com.yahoo.vespa.hosted.controller.application.RotationStatus;
 import com.yahoo.vespa.hosted.controller.authority.config.ApiAuthorityConfig;
-import com.yahoo.yolean.Exceptions;
+import org.apache.http.HttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.entity.ByteArrayEntity;
 import org.apache.http.impl.client.CloseableHttpClient;
@@ -155,11 +155,14 @@ public class DeploymentMetricsMaintainer extends Maintainer {
     }
 
     private void feedMetrics(Slime slime) throws IOException {
-        String uri = baseUris.get(0) + "/metricforwarding/v1/deploymentmetrics/"; // For now, we only feed to one controller
+        String uri = baseUris.get(0) + "/metricforwarding/v1/deploymentmetrics"; // For now, we only feed to one controller
         CloseableHttpClient httpClient = HttpClientBuilder.create().build();
         HttpPost httpPost = new HttpPost(uri);
         httpPost.setEntity(new ByteArrayEntity(SlimeUtils.toJsonBytes(slime)));
-        httpClient.execute(httpPost);
+        HttpResponse response = httpClient.execute(httpPost);
+        if (response.getStatusLine().getStatusCode() != 200) {
+            log.log(Level.WARNING, "Could not feed metrics. Reason: " + response.getStatusLine().getReasonPhrase());
+        }
     }
 
     private static RotationStatus from(com.yahoo.vespa.hosted.controller.api.integration.routing.RotationStatus status) {
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
index b1e3f8799d6..ccd943e7f0a 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
@@ -81,10 +81,10 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase {
     @Override
     public Optional<ErrorResponse> filterRequest(DiscFilterRequest request) {
         Method method = getMethod(request);
-        if (isWhiteListedMethod(method)) return Optional.empty();
+        Path path = new Path(request.getRequestURI());
+        if (isWhiteListed(method, path)) return Optional.empty();
 
         try {
-            Path path = new Path(request.getRequestURI());
             AthenzPrincipal principal = getPrincipalOrThrow(request);
             if (isWhiteListedOperation(path, method)) {
                 // no authz check
@@ -106,8 +106,10 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase {
         }
     }
 
-    private static boolean isWhiteListedMethod(Method method) {
-        return WHITELISTED_METHODS.contains(method);
+    private static boolean isWhiteListed(Method method, Path path) {
+        return WHITELISTED_METHODS.contains(method) ||
+                path.matches("/metricforwarding/v1/{*}") && method == POST ||
+                path.matches("/contactinfo/v1/{*}") && method == POST;
     }
 
     private static boolean isWhiteListedOperation(Path path, Method method) {
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainerTest.java
index 5014f796933..fc43a7f9411 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainerTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/DeploymentMetricsMaintainerTest.java
@@ -72,13 +72,13 @@ public class DeploymentMetricsMaintainerTest {
         metricsService.setZoneIn(assignedRotation, "proxy.prod.us-west-1.vip.test");
         metricsService.setZoneOut(assignedRotation,"proxy.prod.us-east-3.vip.test");
 
-        wireMockRule.stubFor(post(urlEqualTo("/metricforwarding/v1/deploymentmetrics/"))
+        wireMockRule.stubFor(post(urlEqualTo("/metricforwarding/v1/deploymentmetrics"))
                 .willReturn(aResponse().withStatus(200)));
         maintainer.maintain();
 
         List<ServeEvent> allServeEvents = getAllServeEvents();
         assertEquals(1, allServeEvents.size());
-        LoggedRequest request = findAll(postRequestedFor(urlEqualTo("/metricforwarding/v1/deploymentmetrics/"))).get(0);
+        LoggedRequest request = findAll(postRequestedFor(urlEqualTo("/metricforwarding/v1/deploymentmetrics"))).get(0);
 
         Slime slime = SlimeUtils.jsonToSlime(request.getBody());
         Inspector inspector = slime.get().entry(0);
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java
index 19aa247edb4..6dce576e8a4 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java
@@ -58,6 +58,8 @@ public class ControllerAuthorizationFilterTest {
         ControllerAuthorizationFilter filter = createFilter(new ControllerTester());
         assertIsAllowed(invokeFilter(filter, createRequest(PUT, "/application/v4/user", USER)));
         assertIsAllowed(invokeFilter(filter, createRequest(POST, "/application/v4/tenant/john", USER)));
+        assertIsAllowed(invokeFilter(filter, createRequest(POST, "/metricforwarding/v1/deploymentmetrics", USER)));
+        assertIsAllowed(invokeFilter(filter, createRequest(POST, "/contactinfo/v1/tenant/john/etc", USER)));
     }
 
     @Test
author	olaaun <olaa@oath.com>	2018-11-02 13:46:41 +0100
committer	GitHub <noreply@github.com>	2018-11-02 13:46:41 +0100
commit	5982fb109a559f57eb8609d18360f6ded9a98760 (patch)
tree	3d04b9add9456618861705dd1386f78319ff53ef /controller-server/src
parent	58c69fbe0b9127bfc464d1bc6c164003aaff24ca (diff)