From c5838b2c7fe4803970c0f8aba49ec09a448f1ff7 Mon Sep 17 00:00:00 2001 From: kripanshdevtron Date: Sat, 3 Sep 2022 00:37:49 +0530 Subject: [PATCH 1/4] ignnore auth check in autocomplete --- api/cluster/EnvironmentRestHandler.go | 35 +++++++++++++++------------ api/team/TeamRestHandler.go | 31 +++++++++++++----------- 2 files changed, 36 insertions(+), 30 deletions(-) diff --git a/api/cluster/EnvironmentRestHandler.go b/api/cluster/EnvironmentRestHandler.go index 3ce6bbbe87..c8002e4699 100644 --- a/api/cluster/EnvironmentRestHandler.go +++ b/api/cluster/EnvironmentRestHandler.go @@ -20,6 +20,7 @@ package cluster import ( "encoding/json" "net/http" + "os" "regexp" "strconv" "strings" @@ -275,29 +276,31 @@ func (impl EnvironmentRestHandlerImpl) GetEnvironmentListForAutocomplete(w http. dbElapsedTime := time.Since(start) token := r.Header.Get("token") - emailId, _ := impl.userService.GetEmailFromToken(token) - // RBAC enforcer applying - var grantedEnvironment []request.EnvironmentBean + ignoreAuthCheck := os.Getenv("IGNORE_AUTOCOMPLETE_AUTH_CHECK") + ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) + var grantedEnvironment = environments start = time.Now() - var envIdentifierList []string - for _, item := range environments { - envIdentifierList = append(envIdentifierList, strings.ToLower(item.EnvironmentIdentifier)) - } - - result := impl.enforcer.EnforceByEmailInBatch(emailId, casbin.ResourceGlobalEnvironment, casbin.ActionGet, envIdentifierList) + if !ignoreAuthCheckValue { + grantedEnvironment = make([]request.EnvironmentBean, 0) + emailId, _ := impl.userService.GetEmailFromToken(token) + // RBAC enforcer applying + var envIdentifierList []string + for _, item := range environments { + envIdentifierList = append(envIdentifierList, strings.ToLower(item.EnvironmentIdentifier)) + } - for _, item := range environments { - if hasAccess := result[strings.ToLower(item.EnvironmentIdentifier)]; hasAccess { - grantedEnvironment = append(grantedEnvironment, item) + result := impl.enforcer.EnforceByEmailInBatch(emailId, casbin.ResourceGlobalEnvironment, casbin.ActionGet, envIdentifierList) + for _, item := range environments { + if hasAccess := result[strings.ToLower(item.EnvironmentIdentifier)]; hasAccess { + grantedEnvironment = append(grantedEnvironment, item) + } } + //RBAC enforcer Ends } elapsedTime := time.Since(start) impl.logger.Infow("Env elapsed Time for enforcer", "dbElapsedTime", dbElapsedTime, "elapsedTime", elapsedTime, "token", token, "envSize", len(grantedEnvironment)) - //RBAC enforcer Ends - if len(grantedEnvironment) == 0 { - grantedEnvironment = make([]request.EnvironmentBean, 0) - } + common.WriteJsonResp(w, err, grantedEnvironment, http.StatusOK) } diff --git a/api/team/TeamRestHandler.go b/api/team/TeamRestHandler.go index a3f2550ccd..4107ccba9a 100644 --- a/api/team/TeamRestHandler.go +++ b/api/team/TeamRestHandler.go @@ -29,6 +29,7 @@ import ( "go.uber.org/zap" "gopkg.in/go-playground/validator.v9" "net/http" + "os" "strconv" "strings" "time" @@ -245,29 +246,31 @@ func (impl TeamRestHandlerImpl) FetchForAutocomplete(w http.ResponseWriter, r *h return } dbElapsedTime := time.Since(start) + ignoreAuthCheck := os.Getenv("IGNORE_AUTOCOMPLETE_AUTH_CHECK") + ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) token := r.Header.Get("token") - emailId, _ := impl.userService.GetEmailFromToken(token) + var grantedTeams = teams start = time.Now() - // RBAC enforcer applying - var teamNameList []string - for _, item := range teams { - teamNameList = append(teamNameList, strings.ToLower(item.Name)) - } + if !ignoreAuthCheckValue { + grantedTeams = make([]team.TeamRequest, 0) + emailId, _ := impl.userService.GetEmailFromToken(token) + // RBAC enforcer applying + var teamNameList []string + for _, item := range teams { + teamNameList = append(teamNameList, strings.ToLower(item.Name)) + } - result := impl.enforcer.EnforceByEmailInBatch(emailId, casbin.ResourceTeam, casbin.ActionGet, teamNameList) + result := impl.enforcer.EnforceByEmailInBatch(emailId, casbin.ResourceTeam, casbin.ActionGet, teamNameList) - var grantedTeams []team.TeamRequest - for _, item := range teams { - if hasAccess := result[strings.ToLower(item.Name)]; hasAccess { - grantedTeams = append(grantedTeams, item) + for _, item := range teams { + if hasAccess := result[strings.ToLower(item.Name)]; hasAccess { + grantedTeams = append(grantedTeams, item) + } } } impl.logger.Infow("Team elapsed Time for enforcer", "dbElapsedTime", dbElapsedTime, "elapsedTime", time.Since(start), "token", token, "envSize", len(grantedTeams)) //RBAC enforcer Ends - if len(grantedTeams) == 0 { - grantedTeams = make([]team.TeamRequest, 0) - } common.WriteJsonResp(w, err, grantedTeams, http.StatusOK) } From ab2f0079da0437d1b40e7e5de10f6eb40683638f Mon Sep 17 00:00:00 2001 From: kripanshdevtron Date: Sat, 3 Sep 2022 14:27:03 +0530 Subject: [PATCH 2/4] refactoring done --- api/cluster/EnvironmentRestHandler.go | 9 ++++--- api/team/TeamRestHandler.go | 37 +++++++++++++++------------ util/CommonConstant.go | 1 + 3 files changed, 27 insertions(+), 20 deletions(-) diff --git a/api/cluster/EnvironmentRestHandler.go b/api/cluster/EnvironmentRestHandler.go index c8002e4699..11bace1f9f 100644 --- a/api/cluster/EnvironmentRestHandler.go +++ b/api/cluster/EnvironmentRestHandler.go @@ -31,6 +31,7 @@ import ( delete2 "github.com/devtron-labs/devtron/pkg/delete" "github.com/devtron-labs/devtron/pkg/user" "github.com/devtron-labs/devtron/pkg/user/casbin" + "github.com/devtron-labs/devtron/util" "github.com/gorilla/mux" "github.com/pkg/errors" "go.uber.org/zap" @@ -59,12 +60,15 @@ type EnvironmentRestHandlerImpl struct { validator *validator.Validate enforcer casbin.Enforcer deleteService delete2.DeleteService + ignoreAuthCheckValue bool } func NewEnvironmentRestHandlerImpl(svc request.EnvironmentService, logger *zap.SugaredLogger, userService user.UserService, validator *validator.Validate, enforcer casbin.Enforcer, deleteService delete2.DeleteService, ) *EnvironmentRestHandlerImpl { + ignoreAuthCheck := os.Getenv(util.IgnoreAutocompleteAuthCheck) + ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) return &EnvironmentRestHandlerImpl{ environmentClusterMappingsService: svc, logger: logger, @@ -72,6 +76,7 @@ func NewEnvironmentRestHandlerImpl(svc request.EnvironmentService, logger *zap.S validator: validator, enforcer: enforcer, deleteService: deleteService, + ignoreAuthCheckValue: ignoreAuthCheckValue, } } @@ -276,11 +281,9 @@ func (impl EnvironmentRestHandlerImpl) GetEnvironmentListForAutocomplete(w http. dbElapsedTime := time.Since(start) token := r.Header.Get("token") - ignoreAuthCheck := os.Getenv("IGNORE_AUTOCOMPLETE_AUTH_CHECK") - ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) var grantedEnvironment = environments start = time.Now() - if !ignoreAuthCheckValue { + if !impl.ignoreAuthCheckValue { grantedEnvironment = make([]request.EnvironmentBean, 0) emailId, _ := impl.userService.GetEmailFromToken(token) // RBAC enforcer applying diff --git a/api/team/TeamRestHandler.go b/api/team/TeamRestHandler.go index 4107ccba9a..6d8082200b 100644 --- a/api/team/TeamRestHandler.go +++ b/api/team/TeamRestHandler.go @@ -25,6 +25,7 @@ import ( "github.com/devtron-labs/devtron/pkg/team" "github.com/devtron-labs/devtron/pkg/user" "github.com/devtron-labs/devtron/pkg/user/casbin" + "github.com/devtron-labs/devtron/util" "github.com/gorilla/mux" "go.uber.org/zap" "gopkg.in/go-playground/validator.v9" @@ -48,13 +49,14 @@ type TeamRestHandler interface { } type TeamRestHandlerImpl struct { - logger *zap.SugaredLogger - teamService team.TeamService - userService user.UserService - validator *validator.Validate - enforcer casbin.Enforcer - userAuthService user.UserAuthService - deleteService delete2.DeleteService + logger *zap.SugaredLogger + teamService team.TeamService + userService user.UserService + validator *validator.Validate + enforcer casbin.Enforcer + userAuthService user.UserAuthService + deleteService delete2.DeleteService + ignoreAuthCheckValue bool } func NewTeamRestHandlerImpl(logger *zap.SugaredLogger, @@ -64,14 +66,17 @@ func NewTeamRestHandlerImpl(logger *zap.SugaredLogger, validator *validator.Validate, userAuthService user.UserAuthService, deleteService delete2.DeleteService, ) *TeamRestHandlerImpl { + ignoreAuthCheck := os.Getenv(util.IgnoreAutocompleteAuthCheck) + ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) return &TeamRestHandlerImpl{ - logger: logger, - teamService: teamService, - userService: userService, - validator: validator, - enforcer: enforcer, - userAuthService: userAuthService, - deleteService: deleteService, + logger: logger, + teamService: teamService, + userService: userService, + validator: validator, + enforcer: enforcer, + userAuthService: userAuthService, + deleteService: deleteService, + ignoreAuthCheckValue: ignoreAuthCheckValue, } } @@ -246,12 +251,10 @@ func (impl TeamRestHandlerImpl) FetchForAutocomplete(w http.ResponseWriter, r *h return } dbElapsedTime := time.Since(start) - ignoreAuthCheck := os.Getenv("IGNORE_AUTOCOMPLETE_AUTH_CHECK") - ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) token := r.Header.Get("token") var grantedTeams = teams start = time.Now() - if !ignoreAuthCheckValue { + if !impl.ignoreAuthCheckValue { grantedTeams = make([]team.TeamRequest, 0) emailId, _ := impl.userService.GetEmailFromToken(token) // RBAC enforcer applying diff --git a/util/CommonConstant.go b/util/CommonConstant.go index 6505d153cb..7e262f0ac0 100644 --- a/util/CommonConstant.go +++ b/util/CommonConstant.go @@ -30,4 +30,5 @@ const ( ConfigMapSecretUsageTypeEnvironment string = "environment" ConfigMapSecretUsageTypeVolume string = "volume" YamlSeparator string = "---\n" + IgnoreAutocompleteAuthCheck string = "IGNORE_AUTOCOMPLETE_AUTH_CHECK" ) From 9aaa0e612d8ba942a40a516d23f46512498fdff5 Mon Sep 17 00:00:00 2001 From: kripanshdevtron Date: Sat, 3 Sep 2022 14:43:22 +0530 Subject: [PATCH 3/4] logging added --- api/cluster/EnvironmentRestHandler.go | 1 + api/team/TeamRestHandler.go | 1 + 2 files changed, 2 insertions(+) diff --git a/api/cluster/EnvironmentRestHandler.go b/api/cluster/EnvironmentRestHandler.go index 11bace1f9f..daed5e25b6 100644 --- a/api/cluster/EnvironmentRestHandler.go +++ b/api/cluster/EnvironmentRestHandler.go @@ -69,6 +69,7 @@ func NewEnvironmentRestHandlerImpl(svc request.EnvironmentService, logger *zap.S ) *EnvironmentRestHandlerImpl { ignoreAuthCheck := os.Getenv(util.IgnoreAutocompleteAuthCheck) ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) + logger.Infow("evironment rest handler initialized", "ignoreAuthCheckValue", ignoreAuthCheckValue) return &EnvironmentRestHandlerImpl{ environmentClusterMappingsService: svc, logger: logger, diff --git a/api/team/TeamRestHandler.go b/api/team/TeamRestHandler.go index 6d8082200b..8cb82693e3 100644 --- a/api/team/TeamRestHandler.go +++ b/api/team/TeamRestHandler.go @@ -68,6 +68,7 @@ func NewTeamRestHandlerImpl(logger *zap.SugaredLogger, ) *TeamRestHandlerImpl { ignoreAuthCheck := os.Getenv(util.IgnoreAutocompleteAuthCheck) ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) + logger.Infow("team rest handler initialized", "ignoreAuthCheckValue", ignoreAuthCheckValue) return &TeamRestHandlerImpl{ logger: logger, teamService: teamService, From 74ca94766193a140d3b7ab764277f717728e61c3 Mon Sep 17 00:00:00 2001 From: kripanshdevtron Date: Sat, 3 Sep 2022 17:54:48 +0530 Subject: [PATCH 4/4] refactoring done --- api/bean/AutocompleteConfig.go | 5 +++ api/cluster/EnvironmentRestHandler.go | 20 ++++++----- api/team/TeamRestHandler.go | 49 +++++++++++++++------------ util/CommonConstant.go | 1 - 4 files changed, 44 insertions(+), 31 deletions(-) create mode 100644 api/bean/AutocompleteConfig.go diff --git a/api/bean/AutocompleteConfig.go b/api/bean/AutocompleteConfig.go new file mode 100644 index 0000000000..8678b6abf2 --- /dev/null +++ b/api/bean/AutocompleteConfig.go @@ -0,0 +1,5 @@ +package bean + +type Config struct { + IgnoreAuthCheck bool `env:"IGNORE_AUTOCOMPLETE_AUTH_CHECK" envDefault:"false"` +} diff --git a/api/cluster/EnvironmentRestHandler.go b/api/cluster/EnvironmentRestHandler.go index daed5e25b6..dc06935036 100644 --- a/api/cluster/EnvironmentRestHandler.go +++ b/api/cluster/EnvironmentRestHandler.go @@ -19,8 +19,9 @@ package cluster import ( "encoding/json" + "github.com/caarlos0/env/v6" + "github.com/devtron-labs/devtron/api/bean" "net/http" - "os" "regexp" "strconv" "strings" @@ -31,7 +32,6 @@ import ( delete2 "github.com/devtron-labs/devtron/pkg/delete" "github.com/devtron-labs/devtron/pkg/user" "github.com/devtron-labs/devtron/pkg/user/casbin" - "github.com/devtron-labs/devtron/util" "github.com/gorilla/mux" "github.com/pkg/errors" "go.uber.org/zap" @@ -60,16 +60,20 @@ type EnvironmentRestHandlerImpl struct { validator *validator.Validate enforcer casbin.Enforcer deleteService delete2.DeleteService - ignoreAuthCheckValue bool + cfg *bean.Config } func NewEnvironmentRestHandlerImpl(svc request.EnvironmentService, logger *zap.SugaredLogger, userService user.UserService, validator *validator.Validate, enforcer casbin.Enforcer, deleteService delete2.DeleteService, ) *EnvironmentRestHandlerImpl { - ignoreAuthCheck := os.Getenv(util.IgnoreAutocompleteAuthCheck) - ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) - logger.Infow("evironment rest handler initialized", "ignoreAuthCheckValue", ignoreAuthCheckValue) + cfg := &bean.Config{} + err := env.Parse(cfg) + if err != nil { + logger.Errorw("error occurred while parsing config ", "err", err) + cfg.IgnoreAuthCheck = false + } + logger.Infow("evironment rest handler initialized", "ignoreAuthCheckValue", cfg.IgnoreAuthCheck) return &EnvironmentRestHandlerImpl{ environmentClusterMappingsService: svc, logger: logger, @@ -77,7 +81,7 @@ func NewEnvironmentRestHandlerImpl(svc request.EnvironmentService, logger *zap.S validator: validator, enforcer: enforcer, deleteService: deleteService, - ignoreAuthCheckValue: ignoreAuthCheckValue, + cfg: cfg, } } @@ -284,7 +288,7 @@ func (impl EnvironmentRestHandlerImpl) GetEnvironmentListForAutocomplete(w http. token := r.Header.Get("token") var grantedEnvironment = environments start = time.Now() - if !impl.ignoreAuthCheckValue { + if !impl.cfg.IgnoreAuthCheck { grantedEnvironment = make([]request.EnvironmentBean, 0) emailId, _ := impl.userService.GetEmailFromToken(token) // RBAC enforcer applying diff --git a/api/team/TeamRestHandler.go b/api/team/TeamRestHandler.go index 8cb82693e3..2fedfac7f3 100644 --- a/api/team/TeamRestHandler.go +++ b/api/team/TeamRestHandler.go @@ -20,17 +20,17 @@ package team import ( "encoding/json" "fmt" + "github.com/caarlos0/env/v6" + "github.com/devtron-labs/devtron/api/bean" "github.com/devtron-labs/devtron/api/restHandler/common" delete2 "github.com/devtron-labs/devtron/pkg/delete" "github.com/devtron-labs/devtron/pkg/team" "github.com/devtron-labs/devtron/pkg/user" "github.com/devtron-labs/devtron/pkg/user/casbin" - "github.com/devtron-labs/devtron/util" "github.com/gorilla/mux" "go.uber.org/zap" "gopkg.in/go-playground/validator.v9" "net/http" - "os" "strconv" "strings" "time" @@ -49,14 +49,14 @@ type TeamRestHandler interface { } type TeamRestHandlerImpl struct { - logger *zap.SugaredLogger - teamService team.TeamService - userService user.UserService - validator *validator.Validate - enforcer casbin.Enforcer - userAuthService user.UserAuthService - deleteService delete2.DeleteService - ignoreAuthCheckValue bool + logger *zap.SugaredLogger + teamService team.TeamService + userService user.UserService + validator *validator.Validate + enforcer casbin.Enforcer + userAuthService user.UserAuthService + deleteService delete2.DeleteService + cfg *bean.Config } func NewTeamRestHandlerImpl(logger *zap.SugaredLogger, @@ -66,18 +66,23 @@ func NewTeamRestHandlerImpl(logger *zap.SugaredLogger, validator *validator.Validate, userAuthService user.UserAuthService, deleteService delete2.DeleteService, ) *TeamRestHandlerImpl { - ignoreAuthCheck := os.Getenv(util.IgnoreAutocompleteAuthCheck) - ignoreAuthCheckValue, _ := strconv.ParseBool(ignoreAuthCheck) - logger.Infow("team rest handler initialized", "ignoreAuthCheckValue", ignoreAuthCheckValue) + cfg := &bean.Config{} + err := env.Parse(cfg) + if err != nil { + logger.Errorw("error occurred while parsing config ", "err", err) + cfg.IgnoreAuthCheck = false + } + + logger.Infow("team rest handler initialized", "ignoreAuthCheckValue", cfg.IgnoreAuthCheck) return &TeamRestHandlerImpl{ - logger: logger, - teamService: teamService, - userService: userService, - validator: validator, - enforcer: enforcer, - userAuthService: userAuthService, - deleteService: deleteService, - ignoreAuthCheckValue: ignoreAuthCheckValue, + logger: logger, + teamService: teamService, + userService: userService, + validator: validator, + enforcer: enforcer, + userAuthService: userAuthService, + deleteService: deleteService, + cfg: cfg, } } @@ -255,7 +260,7 @@ func (impl TeamRestHandlerImpl) FetchForAutocomplete(w http.ResponseWriter, r *h token := r.Header.Get("token") var grantedTeams = teams start = time.Now() - if !impl.ignoreAuthCheckValue { + if !impl.cfg.IgnoreAuthCheck { grantedTeams = make([]team.TeamRequest, 0) emailId, _ := impl.userService.GetEmailFromToken(token) // RBAC enforcer applying diff --git a/util/CommonConstant.go b/util/CommonConstant.go index 7e262f0ac0..6505d153cb 100644 --- a/util/CommonConstant.go +++ b/util/CommonConstant.go @@ -30,5 +30,4 @@ const ( ConfigMapSecretUsageTypeEnvironment string = "environment" ConfigMapSecretUsageTypeVolume string = "volume" YamlSeparator string = "---\n" - IgnoreAutocompleteAuthCheck string = "IGNORE_AUTOCOMPLETE_AUTH_CHECK" )