diff options
Diffstat (limited to 'controller-server/src/main/java')
17 files changed, 43 insertions, 37 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 402f91f1a14..fb27247c48a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -164,7 +164,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { } private HttpResponse handleGET(HttpRequest request) { - Path path = new Path(request.getUri().getPath(), OPTIONAL_PREFIX); + Path path = new Path(request.getUri(), OPTIONAL_PREFIX); if (path.matches("/application/v4/")) return root(request); if (path.matches("/application/v4/user")) return authenticatedUser(request); if (path.matches("/application/v4/tenant")) return tenants(request); @@ -187,7 +187,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { } private HttpResponse handlePUT(HttpRequest request) { - Path path = new Path(request.getUri().getPath(), OPTIONAL_PREFIX); + Path path = new Path(request.getUri(), OPTIONAL_PREFIX); if (path.matches("/application/v4/user")) return createUser(request); if (path.matches("/application/v4/tenant/{tenant}")) return updateTenant(path.get("tenant"), request); if (path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/{environment}/region/{region}/instance/{instance}/global-rotation/override")) @@ -196,7 +196,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { } private HttpResponse handlePOST(HttpRequest request) { - Path path = new Path(request.getUri().getPath(), OPTIONAL_PREFIX); + Path path = new Path(request.getUri(), OPTIONAL_PREFIX); if (path.matches("/application/v4/tenant/{tenant}")) return createTenant(path.get("tenant"), request); if (path.matches("/application/v4/tenant/{tenant}/application/{application}")) return createApplication(path.get("tenant"), path.get("application"), request); if (path.matches("/application/v4/tenant/{tenant}/application/{application}/promote")) return promoteApplication(path.get("tenant"), path.get("application"), request); @@ -215,14 +215,14 @@ public class ApplicationApiHandler extends LoggingRequestHandler { } private HttpResponse handlePATCH(HttpRequest request) { - Path path = new Path(request.getUri().getPath(), OPTIONAL_PREFIX); + Path path = new Path(request.getUri(), OPTIONAL_PREFIX); if (path.matches("/application/v4/tenant/{tenant}/application/{application}")) return setMajorVersion(path.get("tenant"), path.get("application"), request); return ErrorResponse.notFoundError("Nothing at " + path); } private HttpResponse handleDELETE(HttpRequest request) { - Path path = new Path(request.getUri().getPath(), OPTIONAL_PREFIX); + Path path = new Path(request.getUri(), OPTIONAL_PREFIX); if (path.matches("/application/v4/tenant/{tenant}")) return deleteTenant(path.get("tenant"), request); if (path.matches("/application/v4/tenant/{tenant}/application/{application}")) return deleteApplication(path.get("tenant"), path.get("application"), request); if (path.matches("/application/v4/tenant/{tenant}/application/{application}/deploying")) return cancelDeploy(path.get("tenant"), path.get("application"), "all"); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/athenz/AthenzApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/athenz/AthenzApiHandler.java index 44164281411..e048c963641 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/athenz/AthenzApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/athenz/AthenzApiHandler.java @@ -60,7 +60,7 @@ public class AthenzApiHandler extends LoggingRequestHandler { } private HttpResponse get(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/athenz/v1")) return root(request); if (path.matches("/athenz/v1/domains")) return domainList(request); if (path.matches("/athenz/v1/properties")) return properties(); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java index fbbd8724a8c..a59e0e9130f 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java @@ -65,7 +65,7 @@ public class ControllerApiHandler extends AuditLoggingRequestHandler { } private HttpResponse get(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/controller/v1/")) return root(request); if (path.matches("/controller/v1/auditlog/")) return new AuditLogResponse(controller.auditLogger().readLog()); if (path.matches("/controller/v1/maintenance/")) return new JobsResponse(maintenance.jobControl()); @@ -74,21 +74,21 @@ public class ControllerApiHandler extends AuditLoggingRequestHandler { } private HttpResponse post(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/controller/v1/maintenance/inactive/{jobName}")) return setActive(path.get("jobName"), false); if (path.matches("/controller/v1/jobs/upgrader/confidence/{version}")) return overrideConfidence(request, path.get("version")); return notFound(path); } private HttpResponse delete(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/controller/v1/maintenance/inactive/{jobName}")) return setActive(path.get("jobName"), true); if (path.matches("/controller/v1/jobs/upgrader/confidence/{version}")) return removeConfidenceOverride(path.get("version")); return notFound(path); } private HttpResponse patch(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/controller/v1/jobs/upgrader")) return configureUpgrader(request); return notFound(path); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/cost/CostApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/cost/CostApiHandler.java index a82d2f22e74..bae790a49ad 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/cost/CostApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/cost/CostApiHandler.java @@ -35,7 +35,7 @@ public class CostApiHandler extends LoggingRequestHandler { return ErrorResponse.methodNotAllowed("Method '" + request.getMethod() + "' is not supported"); } - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/cost/v1/csv")) { Optional<String> cloudProperty = Optional.ofNullable(request.getProperty("cloud")); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/deployment/BadgeApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/deployment/BadgeApiHandler.java index 35fa812851a..0c5cfc539f1 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/deployment/BadgeApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/deployment/BadgeApiHandler.java @@ -54,7 +54,7 @@ public class BadgeApiHandler extends LoggingRequestHandler { } private HttpResponse get(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/badge/v1/{tenant}/{application}/{instance}")) return badge(path.get("tenant"), path.get("application"), path.get("instance")); if (path.matches("/badge/v1/{tenant}/{application}/{instance}/{jobName}")) return badge(path.get("tenant"), path.get("application"), path.get("instance"), path.get("jobName"), request.getProperty("historyLength")); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/deployment/DeploymentApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/deployment/DeploymentApiHandler.java index 8a5013a9c16..978b7e4397d 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/deployment/DeploymentApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/deployment/DeploymentApiHandler.java @@ -63,7 +63,7 @@ public class DeploymentApiHandler extends LoggingRequestHandler { } private HttpResponse handleGET(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/deployment/v1/")) return root(request); return ErrorResponse.notFoundError("Nothing at " + path); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleResolver.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleResolver.java index 21c9875bb8b..a1dfdbeb245 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleResolver.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleResolver.java @@ -78,6 +78,7 @@ public class AthenzRoleResolver implements RoleMembership.Resolver { if ( ! (principal instanceof AthenzPrincipal)) throw new IllegalStateException("Expected an AthenzPrincipal to be set on the request."); + @SuppressWarnings("deprecation") // TODO: Use URI when refactoring this. Path path = new Path(uriPath.orElseThrow(() -> new IllegalArgumentException("This resolver needs the request path."))); path.matches("/application/v4/tenant/{tenant}/{*}"); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 22747ab8510..dfcc5f732f8 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -59,11 +59,11 @@ public class ControllerAuthorizationFilter extends CorsRequestFilterBase { Action action = Action.from(HttpRequest.Method.valueOf(request.getMethod())); // Avoid expensive lookups when request is always legal. - if (RoleMembership.everyoneIn(controller.system()).allows(action, request.getRequestURI())) + if (RoleMembership.everyoneIn(controller.system()).allows(action, request.getUri())) return Optional.empty(); RoleMembership roles = this.roleResolver.membership(principal, Optional.of(request.getRequestURI())); - if (roles.allows(action, request.getRequestURI())) + if (roles.allows(action, request.getUri())) return Optional.empty(); } catch (Exception e) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/os/OsApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/os/OsApiHandler.java index 3c0f515aa8a..73bbcb1c383 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/os/OsApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/os/OsApiHandler.java @@ -66,19 +66,19 @@ public class OsApiHandler extends AuditLoggingRequestHandler { } private HttpResponse patch(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/os/v1/")) return new SlimeJsonResponse(setOsVersion(request)); return ErrorResponse.notFoundError("Nothing at " + path); } private HttpResponse get(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/os/v1/")) return new SlimeJsonResponse(osVersions()); return ErrorResponse.notFoundError("Nothing at " + path); } private HttpResponse post(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/os/v1/firmware/")) return requestFirmwareCheckResponse(path); if (path.matches("/os/v1/firmware/{environment}/")) return requestFirmwareCheckResponse(path); if (path.matches("/os/v1/firmware/{environment}/{region}/")) return requestFirmwareCheckResponse(path); @@ -86,7 +86,7 @@ public class OsApiHandler extends AuditLoggingRequestHandler { } private HttpResponse delete(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/os/v1/firmware/")) return cancelFirmwareCheckResponse(path); if (path.matches("/os/v1/firmware/{environment}/")) return cancelFirmwareCheckResponse(path); if (path.matches("/os/v1/firmware/{environment}/{region}/")) return cancelFirmwareCheckResponse(path); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/statuspage/StatusPageProxyHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/statuspage/StatusPageProxyHandler.java index 9021de366cb..1aa883359ee 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/statuspage/StatusPageProxyHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/statuspage/StatusPageProxyHandler.java @@ -54,7 +54,7 @@ public class StatusPageProxyHandler extends LoggingRequestHandler { } private HttpResponse handleGET(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (!path.matches("/statuspage/v1/{page}")) { return ErrorResponse.notFoundError("Nothing at " + path); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java index f7693968b43..18b124778d5 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java @@ -48,7 +48,7 @@ public class UserApiHandler extends LoggingRequestHandler { } private HttpResponse handleGET(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); return ErrorResponse.notFoundError(String.format("No '%s' handler at '%s'", request.getMethod(), @@ -56,7 +56,7 @@ public class UserApiHandler extends LoggingRequestHandler { } private HttpResponse handlePUT(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); return ErrorResponse.notFoundError(String.format("No '%s' handler at '%s'", request.getMethod(), @@ -64,7 +64,7 @@ public class UserApiHandler extends LoggingRequestHandler { } private HttpResponse handlePOST(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); return ErrorResponse.notFoundError(String.format("No '%s' handler at '%s'", request.getMethod(), @@ -72,7 +72,7 @@ public class UserApiHandler extends LoggingRequestHandler { } private HttpResponse handleDELETE(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); return ErrorResponse.notFoundError(String.format("No '%s' handler at '%s'", request.getMethod(), diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/zone/v1/ZoneApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/zone/v1/ZoneApiHandler.java index 6f014e5661f..94a2004197a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/zone/v1/ZoneApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/zone/v1/ZoneApiHandler.java @@ -54,7 +54,7 @@ public class ZoneApiHandler extends LoggingRequestHandler { } private HttpResponse get(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/zone/v1")) { return root(request); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/zone/v2/ZoneApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/zone/v2/ZoneApiHandler.java index 377a57fbb91..65f0abb16c8 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/zone/v2/ZoneApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/zone/v2/ZoneApiHandler.java @@ -66,7 +66,7 @@ public class ZoneApiHandler extends AuditLoggingRequestHandler { } private HttpResponse get(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if (path.matches("/zone/v2")) { return root(request); } @@ -74,7 +74,7 @@ public class ZoneApiHandler extends AuditLoggingRequestHandler { } private HttpResponse proxy(HttpRequest request) { - Path path = new Path(request.getUri().getPath()); + Path path = new Path(request.getUri()); if ( ! path.matches("/zone/v2/{environment}/{region}/{*}")) { return notFound(path); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java index e3d81e04591..fdcd70fc0d1 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java @@ -3,6 +3,7 @@ package com.yahoo.vespa.hosted.controller.role; import com.yahoo.restapi.Path; +import java.net.URI; import java.util.EnumSet; import java.util.List; import java.util.Optional; @@ -127,8 +128,9 @@ public enum PathGroup { } /** Returns path if it matches any spec in this group, with match groups set by the match. */ - private Optional<Path> get(String path) { - Path matcher = new Path(path); + @SuppressWarnings("deprecation") + private Optional<Path> get(URI uri) { + Path matcher = new Path(uri); // TODO Get URI down here. for (String spec : pathSpecs) // Iterate to be sure the Path's state is that of the match. if (matcher.matches(spec)) return Optional.of(matcher); return Optional.empty(); @@ -140,8 +142,8 @@ public enum PathGroup { } /** Returns whether this group matches path in given context */ - public boolean matches(String path, Context context) { - return get(path).map(p -> { + public boolean matches(URI uri, Context context) { + return get(uri).map(p -> { boolean match = true; String tenant = p.get(Matcher.tenant.name); if (tenant != null && context.tenant().isPresent()) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Policy.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Policy.java index 85702ac1b89..6ae68f598f0 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Policy.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Policy.java @@ -5,6 +5,7 @@ import com.yahoo.config.provision.ApplicationName; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.TenantName; +import java.net.URI; import java.util.Set; /** @@ -114,11 +115,11 @@ public enum Policy { } /** Returns whether action is allowed on path in given context */ - public boolean evaluate(Action action, String path, Context context) { + public boolean evaluate(Action action, URI uri, Context context) { return privileges.stream().anyMatch(privilege -> privilege.actions().contains(action) && privilege.systems().contains(context.system()) && privilege.pathGroups().stream() - .anyMatch(pg -> pg.matches(path, context))); + .anyMatch(pg -> pg.matches(uri, context))); } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Role.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Role.java index cae143a92a2..d82e4063391 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Role.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Role.java @@ -1,6 +1,7 @@ // Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.role; +import java.net.URI; import java.util.EnumSet; import java.util.Set; @@ -85,8 +86,8 @@ public enum Role { * Returns whether this role is allowed to perform action in given role context. Action is allowed if at least one * policy evaluates to true. */ - public boolean allows(Action action, String path, Context context) { - return policies.stream().anyMatch(policy -> policy.evaluate(action, path, context)); + public boolean allows(Action action, URI uri, Context context) { + return policies.stream().anyMatch(policy -> policy.evaluate(action, uri, context)); } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java index 2ee59d90a63..09e66528913 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java @@ -5,6 +5,7 @@ import com.yahoo.config.provision.ApplicationName; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.TenantName; +import java.net.URI; import java.security.Principal; import java.util.Collections; import java.util.HashMap; @@ -39,11 +40,11 @@ public class RoleMembership { public static Builder in(SystemName system) { return new BuilderWithRole(system); } /** Returns whether any role in this allows action to take place in path */ - public boolean allows(Action action, String path) { + public boolean allows(Action action, URI uri) { return roles.entrySet().stream().anyMatch(kv -> { Role role = kv.getKey(); Set<Context> contexts = kv.getValue(); - return contexts.stream().anyMatch(context -> role.allows(action, path, context)); + return contexts.stream().anyMatch(context -> role.allows(action, uri, context)); }); } |