Require group / permissions for accessing teletraan (#1648)

* Added group validation fix ruff * fixed group rquired * spotless apply * Revert "spotless apply" This reverts commit 62b16fc.
pinterest · Jul 2, 2024 · c9ed0fb · c9ed0fb
1 parent bf2d606
commit c9ed0fb
Show file tree

Hide file tree

Showing 37 changed files with 49 additions and 77 deletions.
diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Agents.java
@@ -24,7 +24,6 @@
 import io.swagger.annotations.*;
 import java.util.Collection;
 import java.util.List;
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
@@ -34,7 +33,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/agents")
 @Api(tags = "Agents")
 @SwaggerDefinition(

diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Builds.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Builds.java
@@ -35,15 +35,14 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
 import javax.ws.rs.core.*;
 import java.net.URI;
 import java.util.List;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/builds")
 @Api(tags = "Builds")
 @SwaggerDefinition(

diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Commits.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Commits.java
@@ -20,17 +20,18 @@
 
 import com.google.common.base.Optional;
 import com.pinterest.deployservice.bean.CommitBean;
+import com.pinterest.deployservice.bean.TeletraanPrincipalRole;
 import com.pinterest.deployservice.scm.SourceControlManagerProxy;
 import com.pinterest.teletraan.TeletraanServiceContext;
 import io.swagger.annotations.*;
 
-import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import java.util.List;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/commits")
 @Api(tags="Commits")
 @SwaggerDefinition(

diff --git a/...ice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/DeployCandidates.java b/...ice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/DeployCandidates.java
@@ -17,7 +17,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.Consumes;
@@ -29,7 +28,7 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.SecurityContext;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/system")
 @Api(tags = "Hosts and Systems")
 @Produces(MediaType.APPLICATION_JSON)
@@ -74,4 +73,3 @@ public DeployCandidatesResponse getDeployCandidates(@Context SecurityContext sc,
         return resp;
     }
 }
-
diff --git a/...ce/teletraanservice/src/main/java/com/pinterest/teletraan/resource/DeployConstraints.java b/...ce/teletraanservice/src/main/java/com/pinterest/teletraan/resource/DeployConstraints.java
@@ -14,7 +14,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
@@ -25,7 +24,7 @@
 import java.util.List;
 
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/deploy_constraint")
 @Api(tags = "Deploy Constraints")
 @SwaggerDefinition(

diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Deploys.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/Deploys.java
@@ -40,7 +40,6 @@
 
 import java.util.List;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
@@ -62,7 +61,7 @@
 import io.swagger.annotations.SwaggerDefinition;
 import io.swagger.annotations.Tag;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/deploys")
 @Api(tags = "Deploys")
 @SwaggerDefinition(

diff --git a/...vice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvAgentConfigs.java b/...vice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvAgentConfigs.java
@@ -31,7 +31,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
@@ -40,7 +39,7 @@
 import javax.ws.rs.core.SecurityContext;
 import java.util.Map;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/agent_configs")
 @Api(value = "/Environments", description = "Environment info APIs")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...oy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvAgents.java b/...oy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvAgents.java
@@ -25,7 +25,6 @@
 
 import io.swagger.annotations.*;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.constraints.NotNull;
 import org.slf4j.Logger;
@@ -38,7 +37,7 @@
 import javax.ws.rs.core.SecurityContext;
 import java.util.List;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/agents")
 @Api(tags = "Agents")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...oy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvAlarms.java b/...oy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvAlarms.java
@@ -33,7 +33,6 @@
 
 import java.util.List;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.Consumes;
@@ -46,7 +45,7 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.SecurityContext;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/alarms")
 @Api(tags = "Environments")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...oy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvAlerts.java b/...oy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvAlerts.java
@@ -48,7 +48,6 @@
 import java.util.List;
 import java.util.Map;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
@@ -61,7 +60,7 @@
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.SecurityContext;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/alerts")
 @Api("ExternalAlerts")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...ervice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvCapacities.java b/...ervice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvCapacities.java
@@ -31,7 +31,6 @@
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.StringUtils;
 import javax.validation.constraints.NotEmpty;
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.constraints.NotNull;
 import org.slf4j.Logger;
@@ -51,7 +50,7 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.SecurityContext;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/capacity")
 @Api(tags = "Environments")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...y-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvDeploys.java b/...y-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvDeploys.java
@@ -34,7 +34,6 @@
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import javax.validation.constraints.NotEmpty;
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.constraints.NotNull;
 import org.slf4j.Logger;
@@ -47,7 +46,7 @@
 import java.util.Collections;
 import java.util.List;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/deploys")
 @Api(tags = "Deploys")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...ervice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvGroupRoles.java b/...ervice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvGroupRoles.java
@@ -23,15 +23,14 @@
 
 import io.swagger.annotations.*;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
 import javax.ws.rs.core.*;
 import java.util.List;
 
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/group_roles")
 @Api(tags = "Group Roles")
 @SwaggerDefinition(

diff --git a/...y-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvHistory.java b/...y-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvHistory.java
@@ -17,6 +17,7 @@
 
 import com.pinterest.deployservice.bean.ConfigHistoryBean;
 import com.pinterest.deployservice.bean.EnvironBean;
+import com.pinterest.deployservice.bean.TeletraanPrincipalRole;
 import com.pinterest.deployservice.dao.ConfigHistoryDAO;
 import com.pinterest.deployservice.dao.EnvironDAO;
 import com.pinterest.teletraan.TeletraanServiceContext;
@@ -27,7 +28,7 @@
 
 import java.util.List;
 
-import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
@@ -37,7 +38,7 @@
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/history")
 @Api(tags = "Environments")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvHostTags.java b/...-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvHostTags.java
@@ -18,7 +18,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
@@ -27,7 +26,7 @@
 import java.util.*;
 
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/host_tags")
 @Api(tags = "Hosts Tags")
 @SwaggerDefinition(

diff --git a/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvHosts.java b/deploy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvHosts.java
@@ -37,7 +37,6 @@
 import java.util.Collection;
 import java.util.Optional;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.Consumes;
@@ -51,7 +50,7 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.SecurityContext;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/hosts")
 @Api(tags = "Hosts")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...y-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvMetrics.java b/...y-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvMetrics.java
@@ -33,7 +33,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
@@ -42,7 +41,7 @@
 import javax.ws.rs.core.SecurityContext;
 import java.util.List;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/metrics")
 @Api(tags = "Environments")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvPromotes.java b/...-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvPromotes.java
@@ -33,15 +33,14 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.SecurityContext;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/promotes")
 @Api(tags = "Environments")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...ice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvScriptConfigs.java b/...ice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvScriptConfigs.java
@@ -32,7 +32,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
@@ -41,7 +40,7 @@
 import javax.ws.rs.core.SecurityContext;
 import java.util.Map;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}/script_configs")
 @Api(tags = "Environments")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...oy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvStages.java b/...oy-service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvStages.java
@@ -19,7 +19,6 @@
 import java.util.Map;
 import java.util.UUID;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
@@ -62,7 +61,7 @@
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/{stageName : [a-zA-Z0-9\\-_]+}")
 @Api(tags = "Environments")
 @Produces(MediaType.APPLICATION_JSON)
@@ -271,4 +270,4 @@ private void stageTypeValidate(EnvironBean origBean, EnvironBean newBean) throws
                 "Modification of Production stage type (PRODUCTION, CANARY, CONTROL) is not allowed!");
         }
     }
-}
+}
diff --git a/...ervice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvTokenRoles.java b/...ervice/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvTokenRoles.java
@@ -25,14 +25,13 @@
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
 import javax.ws.rs.core.*;
 import java.util.List;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/token_roles")
 @Api(value = "Script Tokens")
 @Produces(MediaType.APPLICATION_JSON)

diff --git a/...service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvUserRoles.java b/...service/teletraanservice/src/main/java/com/pinterest/teletraan/resource/EnvUserRoles.java
@@ -23,14 +23,13 @@
 
 import io.swagger.annotations.*;
 
-import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 import javax.validation.Valid;
 import javax.ws.rs.*;
 import javax.ws.rs.core.*;
 import java.util.List;
 
-@PermitAll
+@RolesAllowed(TeletraanPrincipalRole.Names.READ)
 @Path("/v1/envs/{envName : [a-zA-Z0-9\\-_]+}/user_roles")
 @Api(tags = "User Roles")
 @SwaggerDefinition(