diff --git a/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy b/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy index e44d9c9588..43ee36f56d 100644 --- a/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy +++ b/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy @@ -153,6 +153,11 @@ class AuthConfig { .antMatchers(HttpMethod.GET, '/dashboardservice/v5/agents/{agentName}/accounts/{accountName}/accountType/{accountType}/apple/automation').permitAll() .antMatchers(HttpMethod.POST, '/dashboardservice/v4/datasource/apple/automation').permitAll() .antMatchers(HttpMethod.GET, '/platformservice/v6/applications/{applicationname}/pipeline/{pipelineName}/reference/{ref}/gates/{gatesName}').permitAll() + .antMatchers(HttpMethod.GET, '/platformservice/v1/applications/{applicationName}/pipelines/{pipelineName}').permitAll() + .antMatchers(HttpMethod.POST, '/dashboardservice/v4/pipelines/{pipelineId}/gates').permitAll() + .antMatchers(HttpMethod.PUT, '/platformservice/v6/usergroups/permissions/users/{username}/resources/{resourceId}').permitAll() + .antMatchers(HttpMethod.PUT, '/visibilityservice/v4/approvalGates/{id}/connector').permitAll() + .antMatchers(HttpMethod.PUT, '/dashboardservice/v4/pipelines/{pipelineId}/gates/{gateId}').permitAll() .antMatchers('/health').permitAll() .antMatchers('/prometheus').permitAll() .antMatchers('/info').permitAll() @@ -211,6 +216,11 @@ class AuthConfig { .antMatchers(HttpMethod.GET, '/dashboardservice/v5/agents/{agentName}/accounts/{accountName}/accountType/{accountType}/apple/automation').permitAll() .antMatchers(HttpMethod.POST, '/dashboardservice/v4/datasource/apple/automation').permitAll() .antMatchers(HttpMethod.GET, '/platformservice/v6/applications/{applicationname}/pipeline/{pipelineName}/reference/{ref}/gates/{gatesName}').permitAll() + .antMatchers(HttpMethod.GET, '/platformservice/v1/applications/{applicationName}/pipelines/{pipelineName}').permitAll() + .antMatchers(HttpMethod.POST, '/dashboardservice/v4/pipelines/{pipelineId}/gates').permitAll() + .antMatchers(HttpMethod.PUT, '/platformservice/v6/usergroups/permissions/users/{username}/resources/{resourceId}').permitAll() + .antMatchers(HttpMethod.PUT, '/visibilityservice/v4/approvalGates/{id}/connector').permitAll() + .antMatchers(HttpMethod.PUT, '/dashboardservice/v4/pipelines/{pipelineId}/gates/{gateId}').permitAll() .antMatchers('/health').permitAll() .antMatchers('/prometheus').permitAll() .antMatchers('/info').permitAll() @@ -260,6 +270,11 @@ class AuthConfig { .antMatchers(HttpMethod.POST, '/webhooks/**').permitAll() .antMatchers(HttpMethod.POST, '/notifications/callbacks/**').permitAll() .antMatchers(HttpMethod.POST, '/managed/notifications/callbacks/**').permitAll() + .antMatchers(HttpMethod.GET, '/platformservice/v1/applications/{applicationName}/pipelines/{pipelineName}').permitAll() + .antMatchers(HttpMethod.POST, '/dashboardservice/v4/pipelines/{pipelineId}/gates').permitAll() + .antMatchers(HttpMethod.PUT, '/platformservice/v6/usergroups/permissions/users/{username}/resources/{resourceId}').permitAll() + .antMatchers(HttpMethod.PUT, '/visibilityservice/v4/approvalGates/{id}/connector').permitAll() + .antMatchers(HttpMethod.PUT, '/dashboardservice/v4/pipelines/{pipelineId}/gates/{gateId}').permitAll() .antMatchers('/health').permitAll() .antMatchers('/prometheus').permitAll() .antMatchers('/info').permitAll() @@ -308,6 +323,11 @@ class AuthConfig { .antMatchers('/plugins/deck/**').permitAll() .antMatchers(HttpMethod.POST, '/notifications/callbacks/**').permitAll() .antMatchers(HttpMethod.POST, '/managed/notifications/callbacks/**').permitAll() + .antMatchers(HttpMethod.GET, '/platformservice/v1/applications/{applicationName}/pipelines/{pipelineName}').permitAll() + .antMatchers(HttpMethod.POST, '/dashboardservice/v4/pipelines/{pipelineId}/gates').permitAll() + .antMatchers(HttpMethod.PUT, '/platformservice/v6/usergroups/permissions/users/{username}/resources/{resourceId}').permitAll() + .antMatchers(HttpMethod.PUT, '/visibilityservice/v4/approvalGates/{id}/connector').permitAll() + .antMatchers(HttpMethod.PUT, '/dashboardservice/v4/pipelines/{pipelineId}/gates/{gateId}').permitAll() .antMatchers('/health').permitAll() .antMatchers('/prometheus').permitAll() .antMatchers('/info').permitAll() @@ -398,6 +418,11 @@ class AuthConfig { .antMatchers(HttpMethod.GET, '/dashboardservice/v5/agents/{agentName}/accounts/{accountName}/accountType/{accountType}/apple/automation').permitAll() .antMatchers(HttpMethod.POST, '/dashboardservice/v4/datasource/apple/automation').permitAll() .antMatchers(HttpMethod.GET, '/platformservice/v6/applications/{applicationname}/pipeline/{pipelineName}/reference/{ref}/gates/{gatesName}').permitAll() + .antMatchers(HttpMethod.GET, '/platformservice/v1/applications/{applicationName}/pipelines/{pipelineName}').permitAll() + .antMatchers(HttpMethod.POST, '/dashboardservice/v4/pipelines/{pipelineId}/gates').permitAll() + .antMatchers(HttpMethod.PUT, '/platformservice/v6/usergroups/permissions/users/{username}/resources/{resourceId}').permitAll() + .antMatchers(HttpMethod.PUT, '/visibilityservice/v4/approvalGates/{id}/connector').permitAll() + .antMatchers(HttpMethod.PUT, '/dashboardservice/v4/pipelines/{pipelineId}/gates/{gateId}').permitAll() .antMatchers('/health').permitAll() .antMatchers('/prometheus').permitAll() .antMatchers('/info').permitAll() @@ -455,6 +480,11 @@ class AuthConfig { .antMatchers(HttpMethod.GET, '/dashboardservice/v5/agents/{agentName}/accounts/{accountName}/accountType/{accountType}/apple/automation').permitAll() .antMatchers(HttpMethod.POST, '/dashboardservice/v4/datasource/apple/automation').permitAll() .antMatchers(HttpMethod.GET, '/platformservice/v6/applications/{applicationname}/pipeline/{pipelineName}/reference/{ref}/gates/{gatesName}').permitAll() + .antMatchers(HttpMethod.GET, '/platformservice/v1/applications/{applicationName}/pipelines/{pipelineName}').permitAll() + .antMatchers(HttpMethod.POST, '/dashboardservice/v4/pipelines/{pipelineId}/gates').permitAll() + .antMatchers(HttpMethod.PUT, '/platformservice/v6/usergroups/permissions/users/{username}/resources/{resourceId}').permitAll() + .antMatchers(HttpMethod.PUT, '/visibilityservice/v4/approvalGates/{id}/connector').permitAll() + .antMatchers(HttpMethod.PUT, '/dashboardservice/v4/pipelines/{pipelineId}/gates/{gateId}').permitAll() .antMatchers('/health').permitAll() .antMatchers('/prometheus').permitAll() .antMatchers('/info').permitAll() @@ -487,6 +517,11 @@ class AuthConfig { .antMatchers(HttpMethod.GET,'/visibilityservice/v1/approvalGateInstances/{id}/status').permitAll() .antMatchers(HttpMethod.PUT,'/visibilityservice/v1/approvalGateInstances/{id}/spinnakerReview').permitAll() .antMatchers(HttpMethod.GET, '/platformservice/v6/applications/{applicationname}/pipeline/{pipelineName}/reference/{ref}/gates/{gatesName}').permitAll() + .antMatchers(HttpMethod.GET, '/platformservice/v1/applications/{applicationName}/pipelines/{pipelineName}').permitAll() + .antMatchers(HttpMethod.POST, '/dashboardservice/v4/pipelines/{pipelineId}/gates').permitAll() + .antMatchers(HttpMethod.PUT, '/platformservice/v6/usergroups/permissions/users/{username}/resources/{resourceId}').permitAll() + .antMatchers(HttpMethod.PUT, '/visibilityservice/v4/approvalGates/{id}/connector').permitAll() + .antMatchers(HttpMethod.PUT, '/dashboardservice/v4/pipelines/{pipelineId}/gates/{gateId}').permitAll() .antMatchers(HttpMethod.POST,'/oes/echo').permitAll() .antMatchers(HttpMethod.POST,'/oes/echo/').permitAll() .antMatchers(HttpMethod.POST,'/auditservice/v1/echo/events/data').permitAll() @@ -535,6 +570,11 @@ class AuthConfig { .antMatchers(HttpMethod.GET,'/visibilityservice/v1/approvalGateInstances/{id}/status').permitAll() .antMatchers(HttpMethod.PUT,'/visibilityservice/v1/approvalGateInstances/{id}/spinnakerReview').permitAll() .antMatchers(HttpMethod.GET, '/platformservice/v6/applications/{applicationname}/pipeline/{pipelineName}/reference/{ref}/gates/{gatesName}').permitAll() + .antMatchers(HttpMethod.GET, '/platformservice/v1/applications/{applicationName}/pipelines/{pipelineName}').permitAll() + .antMatchers(HttpMethod.POST, '/dashboardservice/v4/pipelines/{pipelineId}/gates').permitAll() + .antMatchers(HttpMethod.PUT, '/platformservice/v6/usergroups/permissions/users/{username}/resources/{resourceId}').permitAll() + .antMatchers(HttpMethod.PUT, '/visibilityservice/v4/approvalGates/{id}/connector').permitAll() + .antMatchers(HttpMethod.PUT, '/dashboardservice/v4/pipelines/{pipelineId}/gates/{gateId}').permitAll() .antMatchers(HttpMethod.POST,'/oes/echo').permitAll() .antMatchers(HttpMethod.POST,'/oes/echo/').permitAll() .antMatchers(HttpMethod.POST,'/auditservice/v1/echo/events/data').permitAll() diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxDashboardController.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxDashboardController.groovy index 7283525b69..7e49b397d6 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxDashboardController.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxDashboardController.groovy @@ -332,10 +332,15 @@ class OpsmxDashboardController { @RequestBody(required = false) Object data, HttpServletRequest request) { String cookie = "no-cookie" - if(gateInstallationMode.equals(GateInstallationModes.common)){ + if(gateInstallationMode.equals(GateInstallationModes.common) + && (request.getHeader("Origin") ==null + || !request.getHeader("Origin").equalsIgnoreCase("OpsMxApprovalStagePlugin") + || !request.getHeader("Origin").equalsIgnoreCase("OpsMxVerificationStagePlugin") + || !request.getHeader("Origin").equalsIgnoreCase("OpsMxPolicyStagePlugin"))){ cookie = request.getHeader("Cookie") } - return opsmxDashboardService.postDashboardResponse4(version, type, source, source1, cookie, data) + String user = request.getHeader("x-spinnaker-user") + return opsmxDashboardService.postDashboardResponse4(version, type, source, source1, cookie, user, data) } @ApiOperation(value = "Endpoint for dashboard rest services") @@ -432,11 +437,16 @@ class OpsmxDashboardController { @RequestBody(required = false) Object data, HttpServletRequest request) { String cookie = "no-cookie" - if(gateInstallationMode != null && gateInstallationMode.equals(GateInstallationModes.common)){ + if(gateInstallationMode.equals(GateInstallationModes.common) + && (request.getHeader("Origin") ==null + || !request.getHeader("Origin").equalsIgnoreCase("OpsMxApprovalStagePlugin") + || !request.getHeader("Origin").equalsIgnoreCase("OpsMxVerificationStagePlugin") + || !request.getHeader("Origin").equalsIgnoreCase("OpsMxPolicyStagePlugin"))){ cookie = request.getHeader("Cookie") } + String user = request.getHeader("x-spinnaker-user") - return opsmxDashboardService.updateDashboardResponse3(version, type, source, source1, source2, data, cookie) + return opsmxDashboardService.updateDashboardResponse3(version, type, source, source1, source2, data, cookie, user) } @ApiOperation(value = "Endpoint for dashboard rest services") diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxPlatformController.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxPlatformController.groovy index 587dab7eca..81b17b080d 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxPlatformController.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxPlatformController.groovy @@ -133,9 +133,13 @@ class OpsmxPlatformController { @PathVariable("source2") String source2, @RequestParam(value = "permissionId", required = false) String permissionId, @RequestParam(value = "resourceType", required = false) String resourceType, - @RequestParam(value = "featureType", required = false) String featureType) { + @RequestParam(value = "featureType", required = false) String featureType, + @RequestParam(value = "gateSearch", required = false) Boolean gateSearch, + @RequestParam(value = "gateName", required = false) String gateName, + @RequestParam(value = "refId", required = false) Integer refId, + @RequestParam(value = "gateType", required = false) String gateType) { - return opsmxPlatformService.getPlatformResponse5(version, type, source, source1, source2, permissionId, resourceType,featureType) + return opsmxPlatformService.getPlatformResponse5(version, type, source, source1, source2, permissionId, resourceType,featureType, gateSearch, gateName, refId, gateType) } @ApiOperation(value = "Endpoint for platform rest services") @@ -345,8 +349,10 @@ class OpsmxPlatformController { @PathVariable("source3") String source3, @PathVariable("source4") String source4, @RequestParam(value = "featureType", required = false) String featureType, - @RequestBody(required = false) Object data) { + @RequestBody(required = false) Object data, HttpServletRequest request) { + + String user = request.getHeader("x-spinnaker-user") - return opsmxPlatformService.updatePlatformResponse4(version, type, source, source1, source2, source3, source4, featureType,data) + return opsmxPlatformService.updatePlatformResponse4(version, type, source, source1, source2, source3, source4, featureType,user, data) } } diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxVisibilityController.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxVisibilityController.groovy index 46403bc292..cbf884b04f 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxVisibilityController.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxVisibilityController.groovy @@ -32,6 +32,7 @@ import retrofit.client.Response import org.apache.commons.io.IOUtils import org.springframework.http.HttpStatus +import javax.servlet.http.HttpServletRequest import java.util.stream.Collectors @RequestMapping("/visibilityservice") @@ -338,12 +339,15 @@ class OpsmxVisibilityController { @ApiOperation(value = "Endpoint for visibility rest services") @RequestMapping(value = "/{version}/{type}/{source}/{source1}", method = RequestMethod.PUT) Object updateVisibilityResponse2(@PathVariable("version") String version, - @PathVariable("type") String type, - @PathVariable("source") String source, - @PathVariable("source1") String source1, - @RequestBody(required = false) Object data) { + @PathVariable("type") String type, + @PathVariable("source") String source, + @PathVariable("source1") String source1, + @RequestBody(required = false) Object data, + HttpServletRequest request) { + + String user = request.getHeader("x-spinnaker-user") - return opsmxVisibilityService.updateVisibilityResponse2(version, type, source, source1, data) + return opsmxVisibilityService.updateVisibilityResponse2(version, type, source, source1, user, data) } @ApiOperation(value = "Endpoint for visibility rest services") diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxDashboardService.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxDashboardService.groovy index c2e7076039..f7c161c0e0 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxDashboardService.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxDashboardService.groovy @@ -183,6 +183,7 @@ interface OpsmxDashboardService { @Path('source') String source, @Path('source1') String source1, @Header('x-user-cookie') String cookie, + @Header('x-spinnaker-user') String user, @Body Object data) @POST("/dashboardservice/{version}/{type}/{source}/{source1}/{source2}") @@ -248,7 +249,8 @@ interface OpsmxDashboardService { @Path('source1') String source1, @Path('source2') String source2, @Body Object data, - @Header('x-user-cookie') String cookie) + @Header('x-user-cookie') String cookie, + @Header('x-spinnaker-user') String user) @PUT("/dashboardservice/{version}/{type}/{source}/{source1}/{source2}/{source3}") Object updateDashboardResponse4(@Path('version') String version, diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxPlatformService.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxPlatformService.groovy index fe8a7023c1..90d7a68f26 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxPlatformService.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxPlatformService.groovy @@ -64,7 +64,11 @@ interface OpsmxPlatformService { @Path('source2') String source2, @Query("permissionId") String permissionId, @Query("resourceType") String resourceType, - @Query("featureType") String featureType) + @Query("featureType") String featureType, + @Query("gateSearch") Boolean gateSearch, + @Query("gateName") String gateName, + @Query("refId") Integer refId, + @Query("gateType") String gateType) @GET("/platformservice/{version}/{type}/{source}/{source1}/{source2}/{source3}") Object getPlatformResponse6(@Path('version') String version, @@ -196,6 +200,7 @@ interface OpsmxPlatformService { @Path('source3') String source3, @Path('source4') String source4, @Query("featureType") String featureType, + @Header('x-spinnaker-user') String user, @Body Object data) diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxVisibilityService.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxVisibilityService.groovy index 7d7ec1d22b..67ad88b43a 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxVisibilityService.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/services/internal/OpsmxVisibilityService.groovy @@ -203,6 +203,7 @@ interface OpsmxVisibilityService { @Path('type') String type, @Path('source') String source, @Path('source1') String source1, + @Header('x-spinnaker-user') String user, @Body Object data) @PUT("/visibilityservice/{version}/{type}/{source}/{source1}/{source2}")