chore(auth): Allow anonymous requests from Igor to Echo (#447)

Without this the log is spammed with warnings about missing auth headers
spinnaker · Jun 3, 2019 · ee88d13 · ee88d13
1 parent 60ec8b7
commit ee88d13
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 13 deletions.
diff --git a/igor-web/src/main/groovy/com/netflix/spinnaker/igor/docker/DockerMonitor.groovy b/igor-web/src/main/groovy/com/netflix/spinnaker/igor/docker/DockerMonitor.groovy
@@ -31,6 +31,7 @@ import com.netflix.spinnaker.igor.polling.DeltaItem
 import com.netflix.spinnaker.igor.polling.LockService
 import com.netflix.spinnaker.igor.polling.PollContext
 import com.netflix.spinnaker.igor.polling.PollingDelta
+import com.netflix.spinnaker.security.AuthenticatedRequest
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.stereotype.Service
@@ -181,13 +182,15 @@ class DockerMonitor extends CommonPollingMonitor<ImageDelta, DockerPollingDelta>
         GenericArtifact dockerArtifact = new GenericArtifact("docker", image.repository, image.tag, "${image.registry}/${image.repository}:${image.tag}")
         dockerArtifact.metadata = [registry: image.registry]
 
-        echoService.get().postEvent(new DockerEvent(content: new DockerEvent.Content(
+        AuthenticatedRequest.allowAnonymous {
+          echoService.get().postEvent(new DockerEvent(content: new DockerEvent.Content(
             registry: image.registry,
             repository: image.repository,
             tag: image.tag,
             digest: image.digest,
             account: image.account,
-        ), artifact: dockerArtifact))
+          ), artifact: dockerArtifact))
+        }
     }
 
     @Override

diff --git a/igor-web/src/main/groovy/com/netflix/spinnaker/igor/gitlabci/GitlabCiBuildMonitor.java b/igor-web/src/main/groovy/com/netflix/spinnaker/igor/gitlabci/GitlabCiBuildMonitor.java
@@ -34,6 +34,7 @@
 import com.netflix.spinnaker.igor.model.BuildServiceProvider;
 import com.netflix.spinnaker.igor.polling.*;
 import com.netflix.spinnaker.igor.service.BuildServices;
+import com.netflix.spinnaker.security.AuthenticatedRequest;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -232,7 +233,7 @@ private void sendEvent(
 
     GenericBuildEvent event = new GenericBuildEvent();
     event.setContent(content);
-    echoService.get().postEvent(event);
+    AuthenticatedRequest.allowAnonymous(() -> echoService.get().postEvent(event));
   }
 
   @Override

diff --git a/igor-web/src/main/groovy/com/netflix/spinnaker/igor/jenkins/JenkinsBuildMonitor.groovy b/igor-web/src/main/groovy/com/netflix/spinnaker/igor/jenkins/JenkinsBuildMonitor.groovy
@@ -34,6 +34,7 @@ import com.netflix.spinnaker.igor.polling.LockService
 import com.netflix.spinnaker.igor.polling.PollContext
 import com.netflix.spinnaker.igor.polling.PollingDelta
 import com.netflix.spinnaker.igor.service.BuildServices
+import com.netflix.spinnaker.security.AuthenticatedRequest
 import groovy.time.TimeCategory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.beans.factory.annotation.Value
@@ -227,7 +228,9 @@ class JenkinsBuildMonitor extends CommonPollingMonitor<JobDelta, JobPollingDelta
             registry.counter(missedNotificationId.withTag("monitor", getClass().simpleName)).increment()
             return
         }
-        echoService.get().postEvent(new BuildEvent(content: new BuildContent(project: project, master: master)))
+        AuthenticatedRequest.allowAnonymous {
+            echoService.get().postEvent(new BuildEvent(content: new BuildContent(project: project, master: master)))
+        }
     }
 
     private static class JobPollingDelta implements PollingDelta<JobDelta> {

diff --git a/igor-web/src/main/groovy/com/netflix/spinnaker/igor/wercker/WerckerBuildMonitor.groovy b/igor-web/src/main/groovy/com/netflix/spinnaker/igor/wercker/WerckerBuildMonitor.groovy
@@ -8,6 +8,8 @@
  */
 package com.netflix.spinnaker.igor.wercker
 
+import com.netflix.spinnaker.security.AuthenticatedRequest
+
 import static com.netflix.spinnaker.igor.wercker.model.Run.finishedAtComparator
 import static com.netflix.spinnaker.igor.wercker.model.Run.startedAtComparator
 import static net.logstash.logback.argument.StructuredArguments.kv
@@ -261,10 +263,12 @@ class WerckerBuildMonitor extends CommonPollingMonitor<PipelineDelta, PipelinePo
         if (!echoService.isPresent()) {
             log.warn("Cannot send build notification: Echo is not configured")
             registry.counter(missedNotificationId.withTag("monitor", getClass().simpleName)).increment()
-            return false;
+            return false
+        }
+        AuthenticatedRequest.allowAnonymous {
+            echoService.get().postEvent(new GenericBuildEvent(content: new GenericBuildContent(project: project, master: master, type: "wercker")))
         }
-        echoService.get().postEvent(new GenericBuildEvent(content: new GenericBuildContent(project: project, master: master, type: "wercker")))
-        return true;
+        return true
     }
 
     private static class PipelinePollingDelta implements PollingDelta<PipelineDelta> {

diff --git a/igor-web/src/main/java/com/netflix/spinnaker/igor/artifactory/ArtifactoryBuildMonitor.java b/igor-web/src/main/java/com/netflix/spinnaker/igor/artifactory/ArtifactoryBuildMonitor.java
@@ -29,6 +29,7 @@
 import com.netflix.spinnaker.igor.history.model.ArtifactoryEvent;
 import com.netflix.spinnaker.igor.polling.*;
 import com.netflix.spinnaker.kork.artifacts.model.Artifact;
+import com.netflix.spinnaker.security.AuthenticatedRequest;
 import java.io.IOException;
 import java.time.Instant;
 import java.util.Collections;
@@ -195,9 +196,11 @@ private void postEvent(Artifact artifact, String name) {
           .increment();
     } else {
       if (artifact != null) {
-        echoService
-            .get()
-            .postEvent(new ArtifactoryEvent(new ArtifactoryEvent.Content(name, artifact)));
+        AuthenticatedRequest.allowAnonymous(
+            () ->
+                echoService
+                    .get()
+                    .postEvent(new ArtifactoryEvent(new ArtifactoryEvent.Content(name, artifact))));
       }
     }
   }

diff --git a/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/ConcourseBuildMonitor.java b/igor-web/src/main/java/com/netflix/spinnaker/igor/concourse/ConcourseBuildMonitor.java
@@ -30,6 +30,7 @@
 import com.netflix.spinnaker.igor.history.model.GenericBuildEvent;
 import com.netflix.spinnaker.igor.polling.*;
 import com.netflix.spinnaker.igor.service.BuildServices;
+import com.netflix.spinnaker.security.AuthenticatedRequest;
 import java.util.Date;
 import java.util.List;
 import java.util.Objects;
@@ -178,7 +179,7 @@ private void sendEventForBuild(ConcourseProperties.Host host, Job job, GenericBu
       GenericBuildEvent event = new GenericBuildEvent();
       event.setContent(content);
 
-      echoService.get().postEvent(event);
+      AuthenticatedRequest.allowAnonymous(() -> echoService.get().postEvent(event));
     } else {
       log.warn("Cannot send build event notification: Echo is not configured");
       log.info("({}) unable to push event for :" + build.getFullDisplayName());

diff --git a/igor-web/src/main/java/com/netflix/spinnaker/igor/health/EchoServiceHealthIndicator.java b/igor-web/src/main/java/com/netflix/spinnaker/igor/health/EchoServiceHealthIndicator.java
@@ -22,6 +22,7 @@
 import com.netflix.spinnaker.igor.build.model.GenericProject;
 import com.netflix.spinnaker.igor.history.EchoService;
 import com.netflix.spinnaker.igor.history.model.*;
+import com.netflix.spinnaker.security.AuthenticatedRequest;
 import java.util.Optional;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicLong;
@@ -76,7 +77,7 @@ void checkHealth() {
     echoService.ifPresent(
         s -> {
           try {
-            s.postEvent(event);
+            AuthenticatedRequest.allowAnonymous(() -> s.postEvent(event));
             upOnce.set(true);
             errors.set(0);
             lastException.set(null);

diff --git a/igor-web/src/main/java/com/netflix/spinnaker/igor/travis/TravisBuildMonitor.java b/igor-web/src/main/java/com/netflix/spinnaker/igor/travis/TravisBuildMonitor.java
@@ -38,6 +38,7 @@
 import com.netflix.spinnaker.igor.travis.client.model.v3.V3Job;
 import com.netflix.spinnaker.igor.travis.service.TravisBuildConverter;
 import com.netflix.spinnaker.igor.travis.service.TravisService;
+import com.netflix.spinnaker.security.AuthenticatedRequest;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
@@ -279,7 +280,7 @@ private void sendEventForBuild(
         GenericBuildEvent event = new GenericBuildEvent();
         event.setContent(content);
 
-        echoService.get().postEvent(event);
+        AuthenticatedRequest.allowAnonymous(() -> echoService.get().postEvent(event));
       } else {
         log.warn("Cannot send build event notification: Echo is not configured");
         log.info(