Skip to content

Commit

Permalink
fix: consistency checks on environment instances
Browse files Browse the repository at this point in the history
  • Loading branch information
@phiz71
phiz71 committed Mar 20, 2024
1 parent d4c2d93 commit 212a058
Show file tree
Hide file tree
Showing 4 changed files with 89 additions and 3 deletions.
35 changes: 34 additions & 1 deletion ...nt-rest/src/main/java/io/gravitee/rest/api/management/rest/resource/InstanceResource.java
View file
Expand Up @@ -16,13 +16,17 @@
package io.gravitee.rest.api.management.rest.resource;

import io.gravitee.common.http.MediaType;
import io.gravitee.repository.management.model.Organization;
import io.gravitee.rest.api.model.InstanceEntity;
import io.gravitee.rest.api.model.OrganizationEntity;
import io.gravitee.rest.api.model.permissions.RolePermission;
import io.gravitee.rest.api.model.permissions.RolePermissionAction;
import io.gravitee.rest.api.rest.annotation.Permission;
import io.gravitee.rest.api.rest.annotation.Permissions;
import io.gravitee.rest.api.service.InstanceService;
import io.gravitee.rest.api.service.OrganizationService;
import io.gravitee.rest.api.service.common.GraviteeContext;
import io.gravitee.rest.api.service.exceptions.InstanceNotFoundException;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.inject.Inject;
Expand All @@ -32,6 +36,10 @@
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.container.ResourceContext;
import jakarta.ws.rs.core.Context;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.jetbrains.annotations.NotNull;

/**
* @author David BRASSELY (david.brassely at graviteesource.com)
Expand All @@ -47,6 +55,9 @@ public class InstanceResource {
@Inject
private InstanceService instanceService;

@Inject
private OrganizationService organizationService;

@PathParam("instance")
private String instance;

Expand All @@ -55,11 +66,33 @@ public class InstanceResource {
@Operation(summary = "Get a gateway instance")
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_INSTANCE, acls = RolePermissionAction.READ) })
public InstanceEntity getInstance() {
return instanceService.findByEvent(GraviteeContext.getExecutionContext(), this.instance);
InstanceEntity instanceEntity = instanceService.findByEvent(GraviteeContext.getExecutionContext(), this.instance);
if (
isInstanceAccessibleByEnv(instanceEntity.getEnvironments(), GraviteeContext.getCurrentEnvironment()) &&
isInstanceAccessibleByOrga(instanceEntity.getOrganizationsHrids(), GraviteeContext.getCurrentOrganization())
) {
return instanceEntity;
}
throw new InstanceNotFoundException(instance);
}

@Path("monitoring/{gatewayId}")
public MonitoringResource getMonitoringResource() {
return resourceContext.getResource(MonitoringResource.class);
}

private boolean isInstanceAccessibleByOrga(List<String> organizationsHrids, String currentOrganization) {
if (organizationsHrids == null || organizationsHrids.isEmpty()) {
return true;
}
return organizationService
.findByHrids(new HashSet<>(organizationsHrids))
.stream()
.map(OrganizationEntity::getId)
.anyMatch(id -> id.equalsIgnoreCase(currentOrganization));
}

private boolean isInstanceAccessibleByEnv(Set<String> environments, String currentEnvironment) {
return environments == null || environments.isEmpty() || environments.contains(currentEnvironment);
}
}
42 changes: 42 additions & 0 deletions ...-rest/src/main/java/io/gravitee/rest/api/management/rest/resource/MonitoringResource.java
View file
Expand Up @@ -16,18 +16,28 @@
package io.gravitee.rest.api.management.rest.resource;

import io.gravitee.common.http.MediaType;
import io.gravitee.rest.api.model.InstanceEntity;
import io.gravitee.rest.api.model.OrganizationEntity;
import io.gravitee.rest.api.model.monitoring.MonitoringData;
import io.gravitee.rest.api.model.permissions.RolePermission;
import io.gravitee.rest.api.model.permissions.RolePermissionAction;
import io.gravitee.rest.api.rest.annotation.Permission;
import io.gravitee.rest.api.rest.annotation.Permissions;
import io.gravitee.rest.api.service.InstanceService;
import io.gravitee.rest.api.service.MonitoringService;
import io.gravitee.rest.api.service.OrganizationService;
import io.gravitee.rest.api.service.common.GraviteeContext;
import io.gravitee.rest.api.service.exceptions.InstanceNotFoundException;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/**
* @author Azize ELAMRANI (azize.elamrani at graviteesource.com)
Expand All @@ -40,11 +50,43 @@ public class MonitoringResource extends AbstractResource {
@Inject
private MonitoringService monitoringService;

@Inject
private InstanceService instanceService;

@Inject
private OrganizationService organizationService;

@PathParam("instance")
@Parameter(name = "instance", hidden = true)
private String instance;

@GET
@Produces(MediaType.APPLICATION_JSON)
@Operation(summary = "Get monitoring metrics for a gateway instance")
@Permissions({ @Permission(value = RolePermission.ENVIRONMENT_PLATFORM, acls = RolePermissionAction.READ) })
public MonitoringData getInstanceMonitoring(@PathParam("gatewayId") String gatewayId) {
InstanceEntity instanceEntity = instanceService.findByEvent(GraviteeContext.getExecutionContext(), this.instance);
if (
!isInstanceAccessibleByEnv(instanceEntity.getEnvironments(), GraviteeContext.getCurrentEnvironment()) ||
!isInstanceAccessibleByOrga(instanceEntity.getOrganizationsHrids(), GraviteeContext.getCurrentOrganization())
) {
throw new InstanceNotFoundException(instance);
}
return monitoringService.findMonitoring(gatewayId);
}

private boolean isInstanceAccessibleByOrga(List<String> organizationsHrids, String currentOrganization) {
if (organizationsHrids == null || organizationsHrids.isEmpty()) {
return true;
}
return organizationService
.findByHrids(new HashSet<>(organizationsHrids))
.stream()
.map(OrganizationEntity::getId)
.anyMatch(id -> id.equalsIgnoreCase(currentOrganization));
}

private boolean isInstanceAccessibleByEnv(Set<String> environments, String currentEnvironment) {
return environments == null || environments.isEmpty() || environments.contains(currentEnvironment);
}
}
5 changes: 3 additions & 2 deletions ...apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/OrganizationService.java
View file
Expand Up @@ -15,11 +15,10 @@
*/
package io.gravitee.rest.api.service;

import io.gravitee.definition.model.Organization;
import io.gravitee.rest.api.model.OrganizationEntity;
import io.gravitee.rest.api.model.UpdateOrganizationEntity;
import io.gravitee.rest.api.service.common.ExecutionContext;
import java.util.Collection;
import java.util.Set;

/**
* @author Florent CHAMFROY (florent.chamfroy at graviteesource.com)
Expand Down Expand Up @@ -50,4 +49,6 @@ public interface OrganizationService {
OrganizationEntity getDefaultOrInitialize();

OrganizationEntity findByCockpitId(String cockpitId);

Set<OrganizationEntity> findByHrids(Set<String> hrids);
}
10 changes: 10 additions & 0 deletions ...-api-service/src/main/java/io/gravitee/rest/api/service/impl/OrganizationServiceImpl.java
View file
Expand Up @@ -273,4 +273,14 @@ public OrganizationEntity findByCockpitId(String cockpitId) {
throw new TechnicalManagementException("An error occurs while trying to find organization by cockpit id " + cockpitId, ex);
}
}

@Override
public Set<OrganizationEntity> findByHrids(Set<String> hrids) {
try {
return organizationRepository.findByHrids(hrids).stream().map(this::convert).collect(Collectors.toSet());
} catch (TechnicalException ex) {
LOGGER.error("An error occurs while trying to list all organizations", ex);
throw new TechnicalManagementException("An error occurs while trying to list all organizations", ex);
}
}
}

0 comments on commit 212a058

Please sign in to comment.