register canary v3 endpoint bypassed

spinnaker · Mar 8, 2021 · 681672d · 681672d
1 parent d84eee3
commit 681672d
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 32 deletions.
diff --git a/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy b/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy
@@ -100,6 +100,7 @@ class AuthConfig {
         .antMatchers(HttpMethod.GET,'/autopilot/api/v1/autopilot/canaries/{id}').permitAll()
         .antMatchers(HttpMethod.POST,'/autopilot/api/v1/registerCanary').permitAll()
         .antMatchers(HttpMethod.POST,'/autopilot/api/v2/registerCanary').permitAll()
+        .antMatchers(HttpMethod.POST,'/autopilot/api/v3/registerCanary').permitAll()
         .antMatchers(HttpMethod.GET,'/autopilot/canaries/{id}').permitAll()
         .antMatchers(HttpMethod.POST,'/visibilityservice/v1/approvalGates/{id}/trigger').permitAll()
         .antMatchers(HttpMethod.POST,'/visibilityservice/v2/approvalGates/{id}/trigger').permitAll()
@@ -147,6 +148,7 @@ class AuthConfig {
       .antMatchers(HttpMethod.POST,'/autopilot/registerCanary').permitAll()
       .antMatchers(HttpMethod.POST,'/autopilot/api/v1/registerCanary').permitAll()
       .antMatchers(HttpMethod.POST,'/autopilot/api/v2/registerCanary').permitAll()
+      .antMatchers(HttpMethod.POST,'/autopilot/api/v3/registerCanary').permitAll()
       .antMatchers(HttpMethod.GET,'/autopilot/canaries/{id}').permitAll()
       .antMatchers(HttpMethod.GET,'/autopilot/api/v2/autopilot/canaries/{id}').permitAll()
       .antMatchers(HttpMethod.GET,'/autopilot/api/v1/autopilot/canaries/{id}').permitAll()

diff --git a/...eb/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxAutopilotController.groovy b/...eb/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxAutopilotController.groovy
@@ -93,41 +93,19 @@ class OpsmxAutopilotController {
   }
 
   @ApiOperation(value = "Endpoint for autopilot rest services")
-  @RequestMapping(value = "/api/v1/registerCanary", method = RequestMethod.POST)
-  @ResponseBody Object triggerV1RegisterCanary(@RequestBody(required = false) Object data) throws Exception {
+  @RequestMapping(value = "/api/{version}/registerCanary", method = RequestMethod.POST)
+  Object triggerRegisterCanary(@PathVariable("version") String version, @RequestBody(required = false) Object data) throws Exception {
 
-    Response response = opsmxAutopilotService.triggerV1RegisterCanary(data)
+    Response response = opsmxAutopilotService.triggerRegisterCanary(version, data)
     InputStream inputStream = null
 
     try {
       HttpHeaders headers = new HttpHeaders()
       headers.add("Location", response.getHeaders().stream().filter({ header -> header.getName().trim().equalsIgnoreCase("Location") }).collect(Collectors.toList()).get(0).value)
       inputStream = response.getBody().in()
       String responseBody = new String(IOUtils.toByteArray(inputStream))
-      RegisterCanaryResponseModel registerCanaryResponseModel = gson.fromJson(responseBody, RegisterCanaryResponseModel.class)
-      return new ResponseEntity(registerCanaryResponseModel, headers, HttpStatus.valueOf(response.getStatus()))
-
-    } finally{
-      if (inputStream!=null){
-        inputStream.close()
-      }
-    }
-  }
-
-  @ApiOperation(value = "Endpoint for autopilot rest services")
-  @RequestMapping(value = "/api/v2/registerCanary", method = RequestMethod.POST)
-  @ResponseBody Object triggerV2RegisterCanary(@RequestBody(required = false) Object data) throws Exception {
-
-    Response response = opsmxAutopilotService.triggerV2RegisterCanary(data)
-    InputStream inputStream = null
-
-    try {
-      HttpHeaders headers = new HttpHeaders()
-      headers.add("Location", response.getHeaders().stream().filter({ header -> header.getName().trim().equalsIgnoreCase("Location") }).collect(Collectors.toList()).get(0).value)
-      inputStream = response.getBody().in()
-      String responseBody = new String(IOUtils.toByteArray(inputStream))
-      RegisterCanaryResponseModel registerCanaryResponseModel = gson.fromJson(responseBody, RegisterCanaryResponseModel.class)
-      return new ResponseEntity(registerCanaryResponseModel, headers, HttpStatus.valueOf(response.getStatus()))
+      //RegisterCanaryResponseModel registerCanaryResponseModel = gson.fromJson(responseBody, RegisterCanaryResponseModel.class)
+      return new ResponseEntity(responseBody, headers, HttpStatus.valueOf(response.getStatus()))
 
     } finally{
       if (inputStream!=null){

diff --git a/...src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxAutopilotService.groovy b/...src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxAutopilotService.groovy
@@ -24,11 +24,8 @@ interface OpsmxAutopilotService {
   @GET("/autopilot/canaries/debugLogsData")
   Response downloadDebugData(@Query("id") Integer canaryId)
 
-  @POST("/autopilot/api/v1/registerCanary")
-  Response triggerV1RegisterCanary(@Body Object data)
-
-  @POST("/autopilot/api/v2/registerCanary")
-  Response triggerV2RegisterCanary(@Body Object data)
+  @POST("/autopilot/api/{version}/registerCanary")
+  Response triggerRegisterCanary(@Path('version') String version, @Body Object data)
 
   @GET("/autopilot/{type}/{source}")
   Object getAutoResponse(@Path('type') String type,