Example 1 with Path
use of com.yahoo.vespa.hosted.controller.restapi.Path in project vespa by vespa-engine.
the class ControllerAuthorizationFilter method filter.
// NOTE: Be aware of the ordering of the path pattern matching. Semantics may change if the patterns are evaluated
// in different order.
@Override
public void filter(DiscFilterRequest request, ResponseHandler handler) {
Method method = getMethod(request);
if (isWhiteListedMethod(method))
return;
try {
Path path = new Path(request.getRequestURI());
AthenzPrincipal principal = getPrincipalOrThrow(request);
if (isWhiteListedOperation(path, method)) {
// no authz check
} else if (isHostedOperatorOperation(path, method)) {
verifyIsHostedOperator(principal);
} else if (isTenantAdminOperation(path, method)) {
verifyIsTenantAdmin(principal, getTenantId(path));
} else if (isTenantPipelineOperation(path, method)) {
verifyIsTenantPipelineOperator(principal, getTenantId(path), getApplicationName(path));
} else {
throw new ForbiddenException("No access control is explicitly declared for this api.");
}
} catch (WebApplicationException e) {
authorizationResponseHandler.handle(handler, request, e);
}
}
Also used :
Path(com.yahoo.vespa.hosted.controller.restapi.Path)
ForbiddenException(javax.ws.rs.ForbiddenException)
WebApplicationException(javax.ws.rs.WebApplicationException)
AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal)
Method(com.yahoo.jdisc.http.HttpRequest.Method)
Example 2 with Path
use of com.yahoo.vespa.hosted.controller.restapi.Path in project vespa by vespa-engine.
the class ZoneApiHandler method proxy.
private HttpResponse proxy(HttpRequest request) {
Path path = new Path(request.getUri().getPath());
if (!path.matches("/zone/v2/{environment}/{region}/{*}")) {
return notFound(path);
}
ZoneId zoneId = ZoneId.from(path.get("environment"), path.get("region"));
if (!zoneRegistry.hasZone(zoneId)) {
throw new IllegalArgumentException("No such zone: " + zoneId.value());
}
try {
return proxy.handle(new ProxyRequest(request, "/zone/v2/"));
} catch (ProxyException | IOException e) {
throw new RuntimeException(e);
}
}
Also used :
Path(com.yahoo.vespa.hosted.controller.restapi.Path)
ZoneId(com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneId)
ProxyException(com.yahoo.vespa.hosted.controller.proxy.ProxyException)
IOException(java.io.IOException)
ProxyRequest(com.yahoo.vespa.hosted.controller.proxy.ProxyRequest)
Example 3 with Path
use of com.yahoo.vespa.hosted.controller.restapi.Path in project vespa by vespa-engine.
the class PathTest method testPath.
@Test
public void testPath() {
assertFalse(new Path("").matches("/a/{foo}/bar/{b}"));
;
assertFalse(new Path("///").matches("/a/{foo}/bar/{b}"));
;
assertFalse(new Path("///foo").matches("/a/{foo}/bar/{b}"));
;
assertFalse(new Path("///bar/").matches("/a/{foo}/bar/{b}"));
;
Path path = new Path("/a/1/bar/fuz");
assertTrue(path.matches("/a/{foo}/bar/{b}"));
;
assertEquals("1", path.get("foo"));
assertEquals("fuz", path.get("b"));
}Aggregations
Path (com.yahoo.vespa.hosted.controller.restapi.Path)3
Method (com.yahoo.jdisc.http.HttpRequest.Method)1
AthenzPrincipal (com.yahoo.vespa.athenz.api.AthenzPrincipal)1
ZoneId (com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneId)1
ProxyException (com.yahoo.vespa.hosted.controller.proxy.ProxyException)1
ProxyRequest (com.yahoo.vespa.hosted.controller.proxy.ProxyRequest)1
IOException (java.io.IOException)1
ForbiddenException (javax.ws.rs.ForbiddenException)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
Test (org.junit.Test)1
