Skip to content

Commit

Permalink
fix(authorization): Sync roles after an application is created (#619)
Browse files Browse the repository at this point in the history
* sync roles after an application is created

* stub fiat service

* Apply suggestions from code review

Co-Authored-By: Cameron Fieber <cameron@fieber.ca>

* fix fiat service stub
  • Loading branch information
AbdulRahmanAlHamali authored and mergify[bot] committed Oct 28, 2019
1 parent 7e7c898 commit 7f91a48
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.netflix.spinnaker.front50.controllers.v2

import com.netflix.spinnaker.fiat.shared.FiatService
import com.netflix.spinnaker.front50.controllers.exception.InvalidApplicationRequestException
import com.netflix.spinnaker.front50.events.ApplicationEventListener
import com.netflix.spinnaker.front50.exception.NotFoundException
Expand Down Expand Up @@ -59,6 +60,9 @@ public class ApplicationsController {
@Autowired(required = false)
List<ApplicationEventListener> applicationEventListeners = []

@Autowired
Optional<FiatService> fiatService;

@PreAuthorize("#restricted ? @fiatPermissionEvaluator.storeWholePermission() : true")
@PostFilter("#restricted ? hasPermission(filterObject.name, 'APPLICATION', 'READ') : true")
@ApiOperation(value = "", notes = """Fetch all applications.
Expand Down Expand Up @@ -98,7 +102,13 @@ public class ApplicationsController {
@ApiOperation(value = "", notes = "Create an application")
@RequestMapping(method = RequestMethod.POST)
Application create(@RequestBody final Application app) {
return getApplication().initialize(app).withName(app.getName()).save()
Application createdApplication = getApplication().initialize(app).withName(app.getName()).save()
try {
fiatService.ifPresent { it.sync() }
} catch (Exception ignored) {
log.warn("failed to trigger fiat permission sync", ignored)
}
return createdApplication
}

@PreAuthorize("hasPermission(#applicationName, 'APPLICATION', 'WRITE')")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import com.amazonaws.ClientConfiguration
import com.amazonaws.services.s3.AmazonS3Client
import com.fasterxml.jackson.databind.ObjectMapper
import com.netflix.spectator.api.NoopRegistry
import com.netflix.spinnaker.fiat.shared.FiatService
import com.netflix.spinnaker.front50.exception.NotFoundException
import com.netflix.spinnaker.front50.model.DefaultObjectKeyLoader
import com.netflix.spinnaker.front50.model.S3StorageService
Expand Down Expand Up @@ -75,6 +76,9 @@ abstract class ApplicationsControllerTck extends Specification {
@Shared
PipelineStrategyDAO pipelineStrategyDAO = Stub(PipelineStrategyDAO)

@Shared
Optional<FiatService> fiatService = Optional.empty();

void setup() {
this.dao = createApplicationDAO()
this.controller = new ApplicationsController(
Expand All @@ -84,7 +88,8 @@ abstract class ApplicationsControllerTck extends Specification {
pipelineStrategyDAO: pipelineStrategyDAO,
pipelineDAO: pipelineDAO,
applicationValidators: [new HasNameValidator(), new HasEmailValidator()],
messageSource: new StaticMessageSource()
messageSource: new StaticMessageSource(),
fiatService: fiatService
)
this.mockMvc = MockMvcBuilders.standaloneSetup(controller).build()
}
Expand Down

0 comments on commit 7f91a48

Please sign in to comment.