Search in sources :

Example 11 with Pipeline

use of com.netflix.spinnaker.front50.api.model.pipeline.Pipeline in project front50 by spinnaker.

the class StrategyController method update.

@PreAuthorize("hasPermission(#strategy.application, 'APPLICATION', 'WRITE')")
@RequestMapping(value = "/{id}", method = RequestMethod.PUT)
public Pipeline update(@PathVariable final String id, @RequestBody final Pipeline strategy) {
    Pipeline existingStrategy = pipelineStrategyDAO.findById(id);
    if (!strategy.getId().equals(existingStrategy.getId())) {
        throw new InvalidRequestException(format("The provided id '%s' doesn't match the strategy id '%s'", id, strategy.getId()));
    }
    boolean alreadyExists = pipelineStrategyDAO.getPipelinesByApplication(strategy.getApplication()).stream().anyMatch(it -> it.getName().equalsIgnoreCase(strategy.getName()) && !it.getId().equals(id));
    if (alreadyExists) {
        throw new DuplicateEntityException(format("A strategy with name '%s' already exists in application '%s'", strategy.getName(), strategy.getApplication()));
    }
    strategy.setLastModified(System.currentTimeMillis());
    pipelineStrategyDAO.update(id, strategy);
    return strategy;
}
Also used : DuplicateEntityException(com.netflix.spinnaker.front50.exceptions.DuplicateEntityException) InvalidRequestException(com.netflix.spinnaker.front50.exceptions.InvalidRequestException) Pipeline(com.netflix.spinnaker.front50.api.model.pipeline.Pipeline) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 12 with Pipeline

use of com.netflix.spinnaker.front50.api.model.pipeline.Pipeline in project front50 by spinnaker.

the class V2PipelineTemplateController method getDependentConfigs.

@VisibleForTesting
List<String> getDependentConfigs(String templateId) {
    List<String> dependentConfigIds = new ArrayList<>();
    String prefixedId = SPINNAKER_PREFIX + templateId;
    pipelineDAO.all().stream().filter(pipeline -> pipeline.getType() != null && pipeline.getType().equals(TYPE_TEMPLATED)).forEach(templatedPipeline -> {
        String source;
        try {
            TemplateConfiguration config = objectMapper.convertValue(templatedPipeline.getConfig(), TemplateConfiguration.class);
            source = config.getPipeline().getTemplate().getSource();
        } catch (Exception e) {
            return;
        }
        if (source != null && source.equalsIgnoreCase(prefixedId)) {
            dependentConfigIds.add(templatedPipeline.getId());
        }
    });
    return dependentConfigIds;
}
Also used : PipelineTemplate(com.netflix.spinnaker.front50.model.pipeline.PipelineTemplate) PathVariable(org.springframework.web.bind.annotation.PathVariable) Arrays(java.util.Arrays) RequestParam(org.springframework.web.bind.annotation.RequestParam) InvalidRequestException(com.netflix.spinnaker.front50.exceptions.InvalidRequestException) PipelineDAO(com.netflix.spinnaker.front50.model.pipeline.PipelineDAO) PipelineTemplateDAO(com.netflix.spinnaker.front50.model.pipeline.PipelineTemplateDAO) MessageDigest(java.security.MessageDigest) Pipeline(com.netflix.spinnaker.front50.api.model.pipeline.Pipeline) Autowired(org.springframework.beans.factory.annotation.Autowired) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Hex(org.apache.commons.codec.binary.Hex) StringUtils(org.apache.commons.lang3.StringUtils) ArrayList(java.util.ArrayList) RequestBody(org.springframework.web.bind.annotation.RequestBody) BadRequestException(com.netflix.spinnaker.front50.exception.BadRequestException) Map(java.util.Map) InvalidEntityException(com.netflix.spinnaker.front50.exceptions.InvalidEntityException) TYPE_TEMPLATED(com.netflix.spinnaker.front50.api.model.pipeline.Pipeline.TYPE_TEMPLATED) DuplicateEntityException(com.netflix.spinnaker.front50.exceptions.DuplicateEntityException) TemplateConfiguration(com.netflix.spinnaker.front50.model.pipeline.TemplateConfiguration) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) StandardCharsets(java.nio.charset.StandardCharsets) List(java.util.List) Slf4j(lombok.extern.slf4j.Slf4j) TreeMap(java.util.TreeMap) SPINNAKER_PREFIX(com.netflix.spinnaker.front50.model.pipeline.TemplateConfiguration.TemplateSource.SPINNAKER_PREFIX) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) VisibleForTesting(com.google.common.annotations.VisibleForTesting) NotFoundException(com.netflix.spinnaker.kork.web.exceptions.NotFoundException) ArrayList(java.util.ArrayList) TemplateConfiguration(com.netflix.spinnaker.front50.model.pipeline.TemplateConfiguration) InvalidRequestException(com.netflix.spinnaker.front50.exceptions.InvalidRequestException) BadRequestException(com.netflix.spinnaker.front50.exception.BadRequestException) InvalidEntityException(com.netflix.spinnaker.front50.exceptions.InvalidEntityException) DuplicateEntityException(com.netflix.spinnaker.front50.exceptions.DuplicateEntityException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NotFoundException(com.netflix.spinnaker.kork.web.exceptions.NotFoundException) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 13 with Pipeline

use of com.netflix.spinnaker.front50.api.model.pipeline.Pipeline in project front50 by spinnaker.

the class AuthorizationSupport method hasRunAsUserPermission.

public boolean hasRunAsUserPermission(final Pipeline pipeline) {
    List<String> runAsUsers = Optional.ofNullable(pipeline.getTriggers()).map(triggers -> triggers.stream().map(it -> (String) it.get("runAsUser")).filter(Objects::nonNull).collect(Collectors.toList())).orElse(Collections.emptyList());
    if (runAsUsers.isEmpty()) {
        return true;
    }
    final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    return runAsUsers.stream().noneMatch(runAsUser -> {
        if (!userCanAccessServiceAccount(auth, runAsUser)) {
            log.error("User {} does not have access to service account {}", Optional.ofNullable(auth).map(Authentication::getPrincipal).orElse("unknown"), runAsUser);
            return true;
        }
        if (!serviceAccountCanAccessApplication(runAsUser, pipeline.getApplication())) {
            log.error("Service account {} does not have access to application {}", runAsUser, pipeline.getApplication());
            return true;
        }
        return false;
    });
}
Also used : FiatPermissionEvaluator(com.netflix.spinnaker.fiat.shared.FiatPermissionEvaluator) java.util(java.util) Component(org.springframework.stereotype.Component) Logger(org.slf4j.Logger) Pipeline(com.netflix.spinnaker.front50.api.model.pipeline.Pipeline) LoggerFactory(org.slf4j.LoggerFactory) Authentication(org.springframework.security.core.Authentication) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) Collectors(java.util.stream.Collectors) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) Authentication(org.springframework.security.core.Authentication)

Aggregations

Pipeline (com.netflix.spinnaker.front50.api.model.pipeline.Pipeline)9 InvalidRequestException (com.netflix.spinnaker.front50.exceptions.InvalidRequestException)7 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)5 NotFoundException (com.netflix.spinnaker.kork.web.exceptions.NotFoundException)4 ArrayList (java.util.ArrayList)4 VisibleForTesting (com.google.common.annotations.VisibleForTesting)3 BadRequestException (com.netflix.spinnaker.front50.exception.BadRequestException)3 DuplicateEntityException (com.netflix.spinnaker.front50.exceptions.DuplicateEntityException)3 InvalidEntityException (com.netflix.spinnaker.front50.exceptions.InvalidEntityException)3 PipelineTemplate (com.netflix.spinnaker.front50.model.pipeline.PipelineTemplate)3 PipelineTemplateDAO (com.netflix.spinnaker.front50.model.pipeline.PipelineTemplateDAO)3 TemplateConfiguration (com.netflix.spinnaker.front50.model.pipeline.TemplateConfiguration)3 List (java.util.List)3 Map (java.util.Map)3 Collectors (java.util.stream.Collectors)3 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)3 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 TYPE_TEMPLATED (com.netflix.spinnaker.front50.api.model.pipeline.Pipeline.TYPE_TEMPLATED)2 PipelineDAO (com.netflix.spinnaker.front50.model.pipeline.PipelineDAO)2