From bd3bc962ac4c549dc6cc6cb421a8920a1acae802 Mon Sep 17 00:00:00 2001
From: Daniel Reynaud <dreynaud@netflix.com>
Date: Mon, 2 Nov 2020 16:25:18 -0800
Subject: [PATCH] chore(logs): allow anonymous front50 artifact fetching

---
 .../clouddriver-artifacts.gradle              |  1 +
 .../front50/Front50ArtifactCredentials.java   | 25 +++++++++++++------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/clouddriver-artifacts/clouddriver-artifacts.gradle b/clouddriver-artifacts/clouddriver-artifacts.gradle
index 0dee8c0582f..8dd08ec15d3 100644
--- a/clouddriver-artifacts/clouddriver-artifacts.gradle
+++ b/clouddriver-artifacts/clouddriver-artifacts.gradle
@@ -17,6 +17,7 @@ dependencies {
   implementation "com.netflix.spinnaker.kork:kork-artifacts"
   implementation "com.netflix.spinnaker.kork:kork-annotations"
   implementation "com.netflix.spinnaker.kork:kork-exceptions"
+  implementation "com.netflix.spinnaker.kork:kork-security"
   implementation "com.oracle.oci.sdk:oci-java-sdk-core"
   implementation "com.squareup.okhttp:okhttp"
   implementation "com.sun.jersey:jersey-client:1.9.1"
diff --git a/clouddriver-artifacts/src/main/java/com/netflix/spinnaker/clouddriver/artifacts/front50/Front50ArtifactCredentials.java b/clouddriver-artifacts/src/main/java/com/netflix/spinnaker/clouddriver/artifacts/front50/Front50ArtifactCredentials.java
index b90a34298b2..c8f4156616e 100644
--- a/clouddriver-artifacts/src/main/java/com/netflix/spinnaker/clouddriver/artifacts/front50/Front50ArtifactCredentials.java
+++ b/clouddriver-artifacts/src/main/java/com/netflix/spinnaker/clouddriver/artifacts/front50/Front50ArtifactCredentials.java
@@ -24,6 +24,7 @@
 import com.netflix.spinnaker.clouddriver.core.services.Front50Service;
 import com.netflix.spinnaker.kork.annotations.NonnullByDefault;
 import com.netflix.spinnaker.kork.artifacts.model.Artifact;
+import com.netflix.spinnaker.security.AuthenticatedRequest;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -65,17 +66,25 @@ public InputStream download(Artifact artifact) throws IOException {
     }
 
     Map pipelineTemplate;
-    reference = reference.substring(URL_PREFIX.length());
-    if (reference.contains("@sha256:")) {
-      SplitResult result = splitReferenceOnToken(reference, "@sha256:");
+    String artifactId = reference.substring(URL_PREFIX.length());
+    if (artifactId.contains("@sha256:")) {
+      SplitResult result = splitReferenceOnToken(artifactId, "@sha256:");
       pipelineTemplate =
-          front50Service.getV2PipelineTemplate(result.pipelineTemplateId, "", result.version);
-    } else if (reference.contains(":")) {
-      SplitResult result = splitReferenceOnToken(reference, ":");
+          AuthenticatedRequest.allowAnonymous(
+              () ->
+                  front50Service.getV2PipelineTemplate(
+                      result.pipelineTemplateId, "", result.version));
+    } else if (artifactId.contains(":")) {
+      SplitResult result = splitReferenceOnToken(artifactId, ":");
       pipelineTemplate =
-          front50Service.getV2PipelineTemplate(result.pipelineTemplateId, result.version, "");
+          AuthenticatedRequest.allowAnonymous(
+              () ->
+                  front50Service.getV2PipelineTemplate(
+                      result.pipelineTemplateId, result.version, ""));
     } else {
-      pipelineTemplate = front50Service.getV2PipelineTemplate(reference, "", "");
+      pipelineTemplate =
+          AuthenticatedRequest.allowAnonymous(
+              () -> front50Service.getV2PipelineTemplate(artifactId, "", ""));
     }
 
     return new ByteArrayInputStream(objectMapper.writeValueAsBytes(pipelineTemplate));