Example 1 with PermissionResolutionException
use of com.netflix.spinnaker.fiat.permissions.PermissionResolutionException in project fiat by spinnaker.
the class RolesController method putUserPermission.
@RequestMapping(value = "/{userId:.+}", method = RequestMethod.PUT)
public void putUserPermission(@PathVariable String userId, @RequestBody @NonNull List<String> externalRoles) {
List<Role> convertedRoles = externalRoles.stream().map(extRole -> new Role().setSource(Role.Source.EXTERNAL).setName(extRole)).collect(Collectors.toList());
ExternalUser extUser = new ExternalUser().setId(ControllerSupport.convert(userId)).setExternalRoles(convertedRoles);
try {
UserPermission userPermission = permissionsResolver.resolveAndMerge(extUser);
log.debug("Updated user permissions (userId: {}, roles: {}, suppliedExternalRoles: {})", userId, userPermission.getRoles().stream().map(Role::getName).collect(Collectors.toList()), externalRoles);
permissionsRepository.put(userPermission);
} catch (PermissionResolutionException pre) {
throw new UserPermissionModificationException(pre);
}
}
Also used :
Role(com.netflix.spinnaker.fiat.model.resources.Role)
ExternalUser(com.netflix.spinnaker.fiat.permissions.ExternalUser)
PathVariable(org.springframework.web.bind.annotation.PathVariable)
PermissionResolutionException(com.netflix.spinnaker.fiat.permissions.PermissionResolutionException)
Setter(lombok.Setter)
NonNull(lombok.NonNull)
PermissionsRepository(com.netflix.spinnaker.fiat.permissions.PermissionsRepository)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Autowired(org.springframework.beans.factory.annotation.Autowired)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
RequestMethod(org.springframework.web.bind.annotation.RequestMethod)
IOException(java.io.IOException)
PermissionsResolver(com.netflix.spinnaker.fiat.permissions.PermissionsResolver)
Collectors(java.util.stream.Collectors)
RestController(org.springframework.web.bind.annotation.RestController)
RequestBody(org.springframework.web.bind.annotation.RequestBody)
List(java.util.List)
Slf4j(lombok.extern.slf4j.Slf4j)
ConditionalOnExpression(org.springframework.boot.autoconfigure.condition.ConditionalOnExpression)
UserRolesSyncer(com.netflix.spinnaker.fiat.roles.UserRolesSyncer)
Role(com.netflix.spinnaker.fiat.model.resources.Role)
UserPermission(com.netflix.spinnaker.fiat.model.UserPermission)
PermissionResolutionException(com.netflix.spinnaker.fiat.permissions.PermissionResolutionException)
ExternalUser(com.netflix.spinnaker.fiat.permissions.ExternalUser)
UserPermission(com.netflix.spinnaker.fiat.model.UserPermission)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 2 with PermissionResolutionException
use of com.netflix.spinnaker.fiat.permissions.PermissionResolutionException in project fiat by spinnaker.
the class RolesController method putUserPermission.
@RequestMapping(value = "/{userId:.+}", method = RequestMethod.POST)
public void putUserPermission(@PathVariable String userId) {
try {
UserPermission userPermission = permissionsResolver.resolve(ControllerSupport.convert(userId));
log.debug("Updated user permissions (userId: {}, roles: {})", userId, userPermission.getRoles().stream().map(Role::getName).collect(Collectors.toList()));
permissionsRepository.put(userPermission);
} catch (PermissionResolutionException pre) {
throw new UserPermissionModificationException(pre);
}
}
Also used :
Role(com.netflix.spinnaker.fiat.model.resources.Role)
PermissionResolutionException(com.netflix.spinnaker.fiat.permissions.PermissionResolutionException)
UserPermission(com.netflix.spinnaker.fiat.model.UserPermission)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 3 with PermissionResolutionException
use of com.netflix.spinnaker.fiat.permissions.PermissionResolutionException in project fiat by spinnaker.
the class UserRolesSyncer method syncAndReturn.
public long syncAndReturn(List<String> roles) {
FixedBackOff backoff = new FixedBackOff();
backoff.setInterval(retryIntervalMs);
backoff.setMaxAttempts(Math.floorDiv(syncDelayTimeoutMs, retryIntervalMs) + 1);
BackOffExecution backOffExec = backoff.start();
// after this point the execution will get rescheduled
final long timeout = System.currentTimeMillis() + syncDelayTimeoutMs;
if (!isServerHealthy()) {
log.warn("Server is currently UNHEALTHY. User permission role synchronization and " + "resolution may not complete until this server becomes healthy again.");
}
// Ensure we're going to reload app and service account definitions
permissionsResolver.clearCache();
while (true) {
try {
Map<String, Set<Role>> combo = new HashMap<>();
// force a refresh of the unrestricted user in case the backing repository is empty:
combo.put(UnrestrictedResourceConfig.UNRESTRICTED_USERNAME, new HashSet<>());
Map<String, Set<Role>> temp;
if (!(temp = getUserPermissions(roles)).isEmpty()) {
combo.putAll(temp);
}
if (!(temp = getServiceAccountsAsMap(roles)).isEmpty()) {
combo.putAll(temp);
}
return updateUserPermissions(combo);
} catch (ProviderException | PermissionResolutionException ex) {
registry.counter(metricName("syncFailure"), "cause", ex.getClass().getSimpleName()).increment();
Status status = healthIndicator.health().getStatus();
long waitTime = backOffExec.nextBackOff();
if (waitTime == BackOffExecution.STOP || System.currentTimeMillis() > timeout) {
String cause = (waitTime == BackOffExecution.STOP) ? "backoff-exhausted" : "timeout";
registry.counter("syncAborted", "cause", cause).increment();
log.error("Unable to resolve service account permissions.", ex);
return 0;
}
String message = new StringBuilder("User permission sync failed. ").append("Server status is ").append(status).append(". Trying again in ").append(waitTime).append(" ms. Cause:").append(ex.getMessage()).toString();
if (log.isDebugEnabled()) {
log.debug(message, ex);
} else {
log.warn(message);
}
try {
Thread.sleep(waitTime);
} catch (InterruptedException ignored) {
}
} finally {
isServerHealthy();
}
}
}
Also used :
Status(org.springframework.boot.actuate.health.Status)
ProviderException(com.netflix.spinnaker.fiat.providers.ProviderException)
PermissionResolutionException(com.netflix.spinnaker.fiat.permissions.PermissionResolutionException)
BackOffExecution(org.springframework.util.backoff.BackOffExecution)
FixedBackOff(org.springframework.util.backoff.FixedBackOff)
Aggregations
PermissionResolutionException (com.netflix.spinnaker.fiat.permissions.PermissionResolutionException)3
UserPermission (com.netflix.spinnaker.fiat.model.UserPermission)2
Role (com.netflix.spinnaker.fiat.model.resources.Role)2
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2
ExternalUser (com.netflix.spinnaker.fiat.permissions.ExternalUser)1
PermissionsRepository (com.netflix.spinnaker.fiat.permissions.PermissionsRepository)1
PermissionsResolver (com.netflix.spinnaker.fiat.permissions.PermissionsResolver)1
ProviderException (com.netflix.spinnaker.fiat.providers.ProviderException)1
UserRolesSyncer (com.netflix.spinnaker.fiat.roles.UserRolesSyncer)1
IOException (java.io.IOException)1
List (java.util.List)1
Collectors (java.util.stream.Collectors)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
NonNull (lombok.NonNull)1
Setter (lombok.Setter)1
Slf4j (lombok.extern.slf4j.Slf4j)1
Autowired (org.springframework.beans.factory.annotation.Autowired)1
Status (org.springframework.boot.actuate.health.Status)1
ConditionalOnExpression (org.springframework.boot.autoconfigure.condition.ConditionalOnExpression)1
BackOffExecution (org.springframework.util.backoff.BackOffExecution)1
