Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow expensive endpoints to be disabled for non-admins #1474

Merged
merged 2 commits into from Apr 5, 2017
Merged

allow expensive endpoints to be disabled for non-admins #1474

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2e02172
allow expensive endpoints to be disabled for non-admins
Mar 28, 2017
adecaa3
fix merge conflicts with master
ssalinas Apr 4, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion SingularityBase/src/main/java/com/hubspot/singularity/SingularityAction.java
View file
Open in desktop
Expand Up @@ -11,7 +11,7 @@ public enum SingularityAction {
FREEZE_SLAVE(true), ACTIVATE_SLAVE(true), DECOMMISSION_SLAVE(true), VIEW_SLAVES(false),
FREEZE_RACK(true), ACTIVATE_RACK(true), DECOMMISSION_RACK(true), VIEW_RACKS(false),
SEND_EMAIL(true),
PROCESS_OFFERS(true), CACHE_OFFERS(true),
PROCESS_OFFERS(true), CACHE_OFFERS(true), EXPENSIVE_API_CALLS(true),
RUN_CLEANUP_POLLER(true), RUN_DEPLOY_POLLER(true), RUN_SCHEDULER_POLLER(true), RUN_EXPIRING_ACTION_POLLER(true);

private final boolean canDisable;
Expand Down
15 changes: 14 additions & 1 deletion SingularityService/src/main/java/com/hubspot/singularity/resources/RequestResource.java
View file
Open in desktop
Expand Up @@ -6,6 +6,7 @@
import static com.hubspot.singularity.WebExceptions.checkNotNullBadRequest;
import static com.hubspot.singularity.WebExceptions.checkRateLimited;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
Expand All @@ -20,6 +21,9 @@
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.google.common.base.Optional;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
Expand Down Expand Up @@ -61,6 +65,7 @@
import com.hubspot.singularity.api.SingularityUnpauseRequest;
import com.hubspot.singularity.auth.SingularityAuthorizationHelper;
import com.hubspot.singularity.data.DeployManager;
import com.hubspot.singularity.data.DisasterManager;
import com.hubspot.singularity.data.RequestManager;
import com.hubspot.singularity.data.SingularityValidator;
import com.hubspot.singularity.data.TaskManager;
Expand All @@ -82,19 +87,22 @@
@Api(description="Manages Singularity Requests, the parent object for any deployed task", value=RequestResource.PATH, position=1)
public class RequestResource extends AbstractRequestResource {
public static final String PATH = SingularityService.API_BASE_PATH + "/requests";
private static final Logger LOG = LoggerFactory.getLogger(RequestResource.class);

private final SingularityMailer mailer;
private final TaskManager taskManager;
private final RequestHelper requestHelper;
private final DisasterManager disasterManager;

@Inject
public RequestResource(SingularityValidator validator, DeployManager deployManager, TaskManager taskManager, RequestManager requestManager, SingularityMailer mailer,
SingularityAuthorizationHelper authorizationHelper, Optional<SingularityUser> user, RequestHelper requestHelper) {
SingularityAuthorizationHelper authorizationHelper, Optional<SingularityUser> user, RequestHelper requestHelper, DisasterManager disasterManager) {
super(requestManager, deployManager, user, validator, authorizationHelper);

this.mailer = mailer;
this.taskManager = taskManager;
this.requestHelper = requestHelper;
this.disasterManager = disasterManager;
}

private void submitRequest(SingularityRequest request, Optional<SingularityRequestWithState> oldRequestWithState, Optional<RequestHistoryType> historyType,
Expand Down Expand Up @@ -440,6 +448,11 @@ public List<SingularityRequestParent> getActiveRequests() {
}

private List<SingularityRequestParent> getRequestsWithDeployState(Iterable<SingularityRequestWithState> requests, final SingularityAuthorizationScope scope) {
if (!authorizationHelper.hasAdminAuthorization(user) && disasterManager.isDisabled(SingularityAction.EXPENSIVE_API_CALLS)) {
LOG.trace("Short circuting getRequestsWithDeployState() to [] due to EXPENSIVE_API_CALLS disabled");
return Collections.emptyList();
}

if (!authorizationHelper.hasAdminAuthorization(user)) {
requests = Iterables.filter(requests, new Predicate<SingularityRequestWithState>() {
@Override
Expand Down
15 changes: 14 additions & 1 deletion SingularityService/src/main/java/com/hubspot/singularity/resources/TaskResource.java
View file
Open in desktop
Expand Up @@ -59,6 +59,7 @@
import com.hubspot.singularity.api.SingularityTaskMetadataRequest;
import com.hubspot.singularity.auth.SingularityAuthorizationHelper;
import com.hubspot.singularity.config.SingularityTaskMetadataConfiguration;
import com.hubspot.singularity.data.DisasterManager;
import com.hubspot.singularity.data.RequestManager;
import com.hubspot.singularity.data.SingularityValidator;
import com.hubspot.singularity.data.SlaveManager;
Expand All @@ -85,10 +86,11 @@ public class TaskResource {
private final Optional<SingularityUser> user;
private final SingularityTaskMetadataConfiguration taskMetadataConfiguration;
private final SingularityValidator validator;
private final DisasterManager disasterManager;

@Inject
public TaskResource(TaskRequestManager taskRequestManager, TaskManager taskManager, SlaveManager slaveManager, MesosClient mesosClient, SingularityTaskMetadataConfiguration taskMetadataConfiguration,
SingularityAuthorizationHelper authorizationHelper, Optional<SingularityUser> user, RequestManager requestManager, SingularityValidator validator) {
SingularityAuthorizationHelper authorizationHelper, Optional<SingularityUser> user, RequestManager requestManager, SingularityValidator validator, DisasterManager disasterManager) {
this.taskManager = taskManager;
this.taskRequestManager = taskRequestManager;
this.taskMetadataConfiguration = taskMetadataConfiguration;
Expand All @@ -98,13 +100,19 @@ public TaskResource(TaskRequestManager taskRequestManager, TaskManager taskManag
this.authorizationHelper = authorizationHelper;
this.user = user;
this.validator = validator;
this.disasterManager = disasterManager;
}

@GET
@PropertyFiltering
@Path("/scheduled")
@ApiOperation("Retrieve list of scheduled tasks.")
public List<SingularityTaskRequest> getScheduledTasks() {
if (!authorizationHelper.hasAdminAuthorization(user) && disasterManager.isDisabled(SingularityAction.EXPENSIVE_API_CALLS)) {
LOG.trace("Short circuting getScheduledTasks() to [] due to EXPENSIVE_API_CALLS disabled");
return Collections.emptyList();
}

return taskRequestManager.getTaskRequests(ImmutableList.copyOf(authorizationHelper.filterByAuthorizedRequests(user, taskManager.getPendingTasks(), SingularityTransformHelpers.PENDING_TASK_TO_REQUEST_ID, SingularityAuthorizationScope.READ)));
}

Expand Down Expand Up @@ -186,6 +194,11 @@ public Iterable<SingularityTask> getActiveTasks() {
@Path("/cleaning")
@ApiOperation("Retrieve the list of cleaning tasks.")
public Iterable<SingularityTaskCleanup> getCleaningTasks() {
if (!authorizationHelper.hasAdminAuthorization(user) && disasterManager.isDisabled(SingularityAction.EXPENSIVE_API_CALLS)) {
LOG.trace("Short circuting getCleaningTasks() to [] due to EXPENSIVE_API_CALLS disabled");
return Collections.emptyList();
}

return authorizationHelper.filterByAuthorizedRequests(user, taskManager.getCleanupTasks(), SingularityTransformHelpers.TASK_CLEANUP_TO_REQUEST_ID, SingularityAuthorizationScope.READ);
}

Expand Down