Add read-only mode to reject write operations#230
Merged
Conversation
dosubot
Bot
added
size:L
Member
Author
em3s
reviewed
Mar 30, 2026
| import org.springframework.test.context.TestPropertySource | ||
|
|
||
| @TestPropertySource(properties = ["actionbase.read-only=true"]) | ||
| class ReadOnlyModeStartUpTest : E2ETestBase() { |
Contributor
There was a problem hiding this comment.
We should also cover the case actionbase.read-only=false, even though other tests cover it implicitly.
Member
Author
There was a problem hiding this comment.
Done in c1fcea1. Added StartUpWithReadOnlyDisabledTest (read-only=false) and a default case test in StartUpTest (read-only not configured).
em3s
reviewed
Mar 30, 2026
|
|
||
| @Test | ||
| fun `should allow GET requests on graph v2 paths`() { | ||
| val exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/graph/v2/service/s/label/l/edge")) |
Contributor
There was a problem hiding this comment.
Please define ALL paths as constants like READ_PATHS = ..., WRITE_PATHS = ... and consolidate the test cases.
Member
Author
There was a problem hiding this comment.
eazyhozy
changed the title
em3s
reviewed
Mar 30, 2026
Contributor
|
Reviewed. Please address the comments. @eazyhozy |
em3s
reviewed
Mar 30, 2026
Member
Author
|
@em3s Addressed all 4 feedback items. Ready for re-review. |
em3s
reviewed
Mar 30, 2026
| private val log = LoggerFactory.getLogger(ReadOnlyRequestFilter::class.java) | ||
|
|
||
| private val paths = setOf("/graph/v2", "/graph/v3") | ||
| private val readMethods = setOf(HttpMethod.GET, HttpMethod.HEAD, HttpMethod.OPTIONS) |
Contributor
There was a problem hiding this comment.
We only use GET.
private val readMethods = setOf(HttpMethod.GET) or private val readMethod = HttpMethod.GET
em3s
reviewed
Mar 30, 2026
|
|
||
| @ObjectSourceParameterizedTest | ||
| @ObjectSource( | ||
| """ |
Contributor
There was a problem hiding this comment.
split into get and post cases. (means two tests)
and please add all paths.
Member
Author
There was a problem hiding this comment.
Done in cef984e. Split into should allow GET requests on graph paths and should allow read-only POST requests. Added scan, count, counts, agg paths.
em3s
reviewed
Mar 30, 2026
| path: /graph/v3/databases/db/tables/t | ||
| - method: DELETE | ||
| path: /graph/v2/admin/service/test | ||
| - method: PATCH |
Contributor
|
Please check the updates. |
Member
Author
dosubot
Bot
added
size:XL
Member
Author
|
@em3s Merged main and synced endpoint constants — added edges/cache/{cache}, removed POST /graph/v2/query (deleted in main). Force-pushed to fix incorrect committer on my 2 commits. |
eazyhozy
force-pushed
the
feat/read-only-mode
branch
from
05303a5 to
935749c
Compare
dosubot
Bot
added
size:XXL
Introduce ReadOnlyRequestFilter that blocks mutating HTTP methods (POST, PUT, DELETE, PATCH) on /graph/v2 and /graph/v3 paths when actionbase.read-only=true. Read-only POST endpoints (/edges/get, /multi-edges/ids, /query) are allowlisted. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
- Add ReadOnlyModeDisabledStartUpTest (actionbase.read-only=false) - Add default case test in StartUpTest (read-only not configured) Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
…urce - Merge ReadOnlyModeStartUpTest and ReadOnlyModeDisabledStartUpTest into StartUpTest.kt - Use @ObjectSourceParameterizedTest for read-only enabled/disabled cases - Add default (not configured) case in StartUpTest - Delete separate test files Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
…estFilterTest Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
…ReadOnlyRequestFilterTest Constants serve as programmatic reference, @ObjectSource YAML serves as independent spec-level assertions. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
- protectedPaths -> paths - mutatingMethods -> readMethods (inverted to allowlist) - readOnlyPostSuffixes -> readSuffixes, isReadOnlyPost -> isRead - Add strategy comment - Early return for allowed cases Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
…e PATCH - readMethods set -> readMethod = HttpMethod.GET - Split allowed test into GET and read-only POST cases - Add all graph query paths (scan, count, counts, agg) - Remove PATCH (not used) Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
- GET: all v2/v3 query, admin, metadata, datastore endpoints - Read-only POST: /query, /edges/get, /multi-edges/ids - Blocked write: all v2/v3 POST/PUT/DELETE mutation endpoints - Outside protected paths: PUT /graph/health/readiness - readMethods -> readMethod (GET only) - Remove PATCH (not used) - Remove actuator paths from test (no write calls expected) Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
…ases Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…lter coverage - Extract EndpointScanner to testFixtures for reusable controller annotation scanning - Replace ObjectSource with MethodSource backed by reflection-scanned endpoints - Declare all endpoints in READ/WRITE/NON_GRAPH constants with verbatim annotation paths - Exhaustiveness test ensures scanned endpoints match declared constants - Add Content-Type: application/json to read-only filter 403 response Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ery) Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
eazyhozy
force-pushed
the
feat/read-only-mode
branch
from
935749c to
77bddcf
Compare
dosubot
Bot
added
size:XL
Member
Author
|
@em3s Accidentally pushed a broken rebase that included main commits in the PR diff. To fix this, I reset to main and cherry-picked all PR commits preserving original author/committer. Force-pushed as a result. If you have a local checkout, please run: |
- Replace explicit lambda parameter with `it` for cleaner syntax
em3s
pushed a commit
that referenced
this pull request
Apr 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add a read-only mode that rejects write operations at the WebFilter level.
Closes #229
Changes
readOnlyproperty toServerProperties(actionbase.read-only, default:false)ReadOnlyRequestFilterthat blocks non-GET methods on/graph/v2and/graph/v3paths/edges/get,/multi-edges/ids,/query)Usage
To enable read-only mode, set
actionbase.read-onlyin the application profile:Or, to inject via environment variable (e.g. K8s manifest):
No configuration is needed to keep the default behavior (read-only disabled).
How to Test
./gradlew :server:test --tests "*ReadOnlyRequestFilterTest*"— unit tests./gradlew :server:test --tests "*StartUp*"— E2E startup tests./gradlew :server:test— full regression