From 7f91a48dd08fa69e7479dfdf8274d514565cfaae Mon Sep 17 00:00:00 2001 From: AbdulRahmanAlHamali Date: Mon, 28 Oct 2019 11:34:41 -0400 Subject: [PATCH] fix(authorization): Sync roles after an application is created (#619) * sync roles after an application is created * stub fiat service * Apply suggestions from code review Co-Authored-By: Cameron Fieber * fix fiat service stub --- .../controllers/v2/ApplicationsController.groovy | 12 +++++++++++- .../controllers/v2/ApplicationsControllerTck.groovy | 7 ++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/front50-web/src/main/groovy/com/netflix/spinnaker/front50/controllers/v2/ApplicationsController.groovy b/front50-web/src/main/groovy/com/netflix/spinnaker/front50/controllers/v2/ApplicationsController.groovy index cb70e95eb..7e6015c8f 100644 --- a/front50-web/src/main/groovy/com/netflix/spinnaker/front50/controllers/v2/ApplicationsController.groovy +++ b/front50-web/src/main/groovy/com/netflix/spinnaker/front50/controllers/v2/ApplicationsController.groovy @@ -1,5 +1,6 @@ package com.netflix.spinnaker.front50.controllers.v2 +import com.netflix.spinnaker.fiat.shared.FiatService import com.netflix.spinnaker.front50.controllers.exception.InvalidApplicationRequestException import com.netflix.spinnaker.front50.events.ApplicationEventListener import com.netflix.spinnaker.front50.exception.NotFoundException @@ -59,6 +60,9 @@ public class ApplicationsController { @Autowired(required = false) List applicationEventListeners = [] + @Autowired + Optional fiatService; + @PreAuthorize("#restricted ? @fiatPermissionEvaluator.storeWholePermission() : true") @PostFilter("#restricted ? hasPermission(filterObject.name, 'APPLICATION', 'READ') : true") @ApiOperation(value = "", notes = """Fetch all applications. @@ -98,7 +102,13 @@ public class ApplicationsController { @ApiOperation(value = "", notes = "Create an application") @RequestMapping(method = RequestMethod.POST) Application create(@RequestBody final Application app) { - return getApplication().initialize(app).withName(app.getName()).save() + Application createdApplication = getApplication().initialize(app).withName(app.getName()).save() + try { + fiatService.ifPresent { it.sync() } + } catch (Exception ignored) { + log.warn("failed to trigger fiat permission sync", ignored) + } + return createdApplication } @PreAuthorize("hasPermission(#applicationName, 'APPLICATION', 'WRITE')") diff --git a/front50-web/src/test/groovy/com/netflix/spinnaker/front50/controllers/v2/ApplicationsControllerTck.groovy b/front50-web/src/test/groovy/com/netflix/spinnaker/front50/controllers/v2/ApplicationsControllerTck.groovy index ff08ba60d..387a3c813 100644 --- a/front50-web/src/test/groovy/com/netflix/spinnaker/front50/controllers/v2/ApplicationsControllerTck.groovy +++ b/front50-web/src/test/groovy/com/netflix/spinnaker/front50/controllers/v2/ApplicationsControllerTck.groovy @@ -21,6 +21,7 @@ import com.amazonaws.ClientConfiguration import com.amazonaws.services.s3.AmazonS3Client import com.fasterxml.jackson.databind.ObjectMapper import com.netflix.spectator.api.NoopRegistry +import com.netflix.spinnaker.fiat.shared.FiatService import com.netflix.spinnaker.front50.exception.NotFoundException import com.netflix.spinnaker.front50.model.DefaultObjectKeyLoader import com.netflix.spinnaker.front50.model.S3StorageService @@ -75,6 +76,9 @@ abstract class ApplicationsControllerTck extends Specification { @Shared PipelineStrategyDAO pipelineStrategyDAO = Stub(PipelineStrategyDAO) + @Shared + Optional fiatService = Optional.empty(); + void setup() { this.dao = createApplicationDAO() this.controller = new ApplicationsController( @@ -84,7 +88,8 @@ abstract class ApplicationsControllerTck extends Specification { pipelineStrategyDAO: pipelineStrategyDAO, pipelineDAO: pipelineDAO, applicationValidators: [new HasNameValidator(), new HasEmailValidator()], - messageSource: new StaticMessageSource() + messageSource: new StaticMessageSource(), + fiatService: fiatService ) this.mockMvc = MockMvcBuilders.standaloneSetup(controller).build() }