mirror of
https://github.com/google/nomulus.git
synced 2025-07-10 05:03:24 +02:00
Remove AUTH_INTERNAL_ONLY (#393)
Endpoints annotated with AUTH_INTERNAL_ONLY used to be accessible manually with an internal RPC tool that adds App Engine specific HTTP headers to a request to make it look like it comes from App Engine (hence internal). This tool is used by admins to hit such endpoints during debugging, making them effectively AUTH_INTERNAL_OR_ADMIN. This RPC tool has never been made available outside Google so the open source admins do not have such ability. A recent change in the RPC tool made this hack stop working internally as well. This PR replaces all all occurances of AUTH_INTERNAL_ONLY with AUTH_INTERNAL_OR_ADMIN and brings the open source build into feature parity with the internal version. Also fixed a few issues the router tests.
This commit is contained in:
parent
1e1c8cdd80
commit
369c1259fb
44 changed files with 89 additions and 102 deletions
|
@ -16,7 +16,7 @@ package google.registry.request;
|
|||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static com.google.common.truth.Truth8.assertThat;
|
||||
import static google.registry.request.auth.Auth.AUTH_INTERNAL_ONLY;
|
||||
import static google.registry.request.auth.Auth.AUTH_INTERNAL_OR_ADMIN;
|
||||
import static google.registry.testing.JUnitBackports.assertThrows;
|
||||
|
||||
import java.util.Optional;
|
||||
|
@ -45,7 +45,7 @@ public final class RouterTest {
|
|||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
@Action(service = Action.Service.DEFAULT, path = "/sloth", auth = AUTH_INTERNAL_ONLY)
|
||||
@Action(service = Action.Service.DEFAULT, path = "/sloth", auth = AUTH_INTERNAL_OR_ADMIN)
|
||||
public static final class SlothTask implements Runnable {
|
||||
@Override
|
||||
public void run() {}
|
||||
|
@ -79,7 +79,7 @@ public final class RouterTest {
|
|||
service = Action.Service.DEFAULT,
|
||||
path = "/prefix",
|
||||
isPrefix = true,
|
||||
auth = AUTH_INTERNAL_ONLY)
|
||||
auth = AUTH_INTERNAL_OR_ADMIN)
|
||||
public static final class PrefixTask implements Runnable {
|
||||
@Override
|
||||
public void run() {}
|
||||
|
@ -109,7 +109,7 @@ public final class RouterTest {
|
|||
service = Action.Service.DEFAULT,
|
||||
path = "/prefix/long",
|
||||
isPrefix = true,
|
||||
auth = AUTH_INTERNAL_ONLY)
|
||||
auth = AUTH_INTERNAL_OR_ADMIN)
|
||||
public static final class LongTask implements Runnable {
|
||||
@Override
|
||||
public void run() {}
|
||||
|
@ -164,7 +164,7 @@ public final class RouterTest {
|
|||
@Action(
|
||||
service = Action.Service.DEFAULT,
|
||||
path = "/samePathAsOtherTask",
|
||||
auth = AUTH_INTERNAL_ONLY)
|
||||
auth = AUTH_INTERNAL_OR_ADMIN)
|
||||
public static final class DuplicateTask1 implements Runnable {
|
||||
@Override
|
||||
public void run() {}
|
||||
|
@ -173,7 +173,7 @@ public final class RouterTest {
|
|||
@Action(
|
||||
service = Action.Service.DEFAULT,
|
||||
path = "/samePathAsOtherTask",
|
||||
auth = AUTH_INTERNAL_ONLY)
|
||||
auth = AUTH_INTERNAL_OR_ADMIN)
|
||||
public static final class DuplicateTask2 implements Runnable {
|
||||
@Override
|
||||
public void run() {}
|
||||
|
|
|
@ -53,7 +53,7 @@ public class RequestAuthenticatorTest {
|
|||
AuthLevel.NONE,
|
||||
UserPolicy.IGNORED);
|
||||
|
||||
private static final AuthSettings AUTH_INTERNAL_ONLY = AuthSettings.create(
|
||||
private static final AuthSettings AUTH_INTERNAL_OR_ADMIN = AuthSettings.create(
|
||||
ImmutableList.of(AuthMethod.INTERNAL),
|
||||
AuthLevel.APP,
|
||||
UserPolicy.IGNORED);
|
||||
|
@ -157,7 +157,7 @@ public class RequestAuthenticatorTest {
|
|||
|
||||
@Test
|
||||
public void testInternalAuth_notInvokedInternally() {
|
||||
Optional<AuthResult> authResult = runTest(mockUserService, AUTH_INTERNAL_ONLY);
|
||||
Optional<AuthResult> authResult = runTest(mockUserService, AUTH_INTERNAL_OR_ADMIN);
|
||||
|
||||
verifyZeroInteractions(mockUserService);
|
||||
assertThat(authResult).isEmpty();
|
||||
|
@ -167,7 +167,7 @@ public class RequestAuthenticatorTest {
|
|||
public void testInternalAuth_success() {
|
||||
when(req.getHeader("X-AppEngine-QueueName")).thenReturn("__cron");
|
||||
|
||||
Optional<AuthResult> authResult = runTest(mockUserService, AUTH_INTERNAL_ONLY);
|
||||
Optional<AuthResult> authResult = runTest(mockUserService, AUTH_INTERNAL_OR_ADMIN);
|
||||
|
||||
verifyZeroInteractions(mockUserService);
|
||||
assertThat(authResult).isPresent();
|
||||
|
|
|
@ -37,18 +37,18 @@ public class GoldenFileTestHelper {
|
|||
String goldenFileDescription = null;
|
||||
|
||||
private static final String UPDATE_COMMAND =
|
||||
"nomulus -e localhost %1$s > %2$s";
|
||||
"../gradlew nomulus && java -jar build/libs/nomulus.jar -e localhost %s > %s";
|
||||
|
||||
private static final String UPDATE_INSTRUCTIONS =
|
||||
Joiner.on('\n')
|
||||
.join(
|
||||
"",
|
||||
"-------------------------------------------------------------------------------",
|
||||
"Your changes affect the %3$s. To update the checked-in version, run:",
|
||||
"Your changes affect the %s. To update the checked-in version, run the following"
|
||||
+ " command in the core project:",
|
||||
UPDATE_COMMAND,
|
||||
"");
|
||||
|
||||
|
||||
public static GoldenFileTestHelper assertThat(String actualValue) {
|
||||
return new GoldenFileTestHelper().setActualValue(actualValue);
|
||||
}
|
||||
|
@ -82,9 +82,9 @@ public class GoldenFileTestHelper {
|
|||
actualValue, expectedValue);
|
||||
assertWithMessage(
|
||||
UPDATE_INSTRUCTIONS,
|
||||
goldenFileDescription,
|
||||
nomulusCommand,
|
||||
filePath(context, filename),
|
||||
goldenFileDescription)
|
||||
filePath(context, filename))
|
||||
.fail();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,43 +1,43 @@
|
|||
PATH CLASS METHODS OK AUTH_METHODS MIN USER_POLICY
|
||||
/_dr/cron/commitLogCheckpoint CommitLogCheckpointAction GET y INTERNAL APP IGNORED
|
||||
/_dr/cron/commitLogFanout CommitLogFanoutAction GET y INTERNAL APP IGNORED
|
||||
/_dr/cron/fanout TldFanoutAction GET y INTERNAL APP IGNORED
|
||||
/_dr/cron/readDnsQueue ReadDnsQueueAction GET y INTERNAL APP IGNORED
|
||||
/_dr/dnsRefresh RefreshDnsAction GET y INTERNAL APP IGNORED
|
||||
/_dr/task/backupDatastore BackupDatastoreAction POST y INTERNAL APP IGNORED
|
||||
/_dr/task/brdaCopy BrdaCopyAction POST y INTERNAL APP IGNORED
|
||||
/_dr/task/checkDatastoreBackup CheckBackupAction POST,GET y INTERNAL APP IGNORED
|
||||
/_dr/cron/commitLogCheckpoint CommitLogCheckpointAction GET y INTERNAL,API APP ADMIN
|
||||
/_dr/cron/commitLogFanout CommitLogFanoutAction GET y INTERNAL,API APP ADMIN
|
||||
/_dr/cron/fanout TldFanoutAction GET y INTERNAL,API APP ADMIN
|
||||
/_dr/cron/readDnsQueue ReadDnsQueueAction GET y INTERNAL,API APP ADMIN
|
||||
/_dr/dnsRefresh RefreshDnsAction GET y INTERNAL,API APP ADMIN
|
||||
/_dr/task/backupDatastore BackupDatastoreAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/brdaCopy BrdaCopyAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/checkDatastoreBackup CheckBackupAction POST,GET y INTERNAL,API APP ADMIN
|
||||
/_dr/task/copyDetailReports CopyDetailReportsAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/deleteContactsAndHosts DeleteContactsAndHostsAction GET n INTERNAL APP IGNORED
|
||||
/_dr/task/deleteLoadTestData DeleteLoadTestDataAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/deleteOldCommitLogs DeleteOldCommitLogsAction GET n INTERNAL APP IGNORED
|
||||
/_dr/task/deleteProberData DeleteProberDataAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/expandRecurringBillingEvents ExpandRecurringBillingEventsAction GET n INTERNAL APP IGNORED
|
||||
/_dr/task/exportCommitLogDiff ExportCommitLogDiffAction POST y INTERNAL APP IGNORED
|
||||
/_dr/task/exportDomainLists ExportDomainListsAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/exportPremiumTerms ExportPremiumTermsAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/exportReservedTerms ExportReservedTermsAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/generateInvoices GenerateInvoicesAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/generateSpec11 GenerateSpec11ReportAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/icannReportingStaging IcannReportingStagingAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/deleteContactsAndHosts DeleteContactsAndHostsAction GET n INTERNAL,API APP ADMIN
|
||||
/_dr/task/deleteLoadTestData DeleteLoadTestDataAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/deleteOldCommitLogs DeleteOldCommitLogsAction GET n INTERNAL,API APP ADMIN
|
||||
/_dr/task/deleteProberData DeleteProberDataAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/expandRecurringBillingEvents ExpandRecurringBillingEventsAction GET n INTERNAL,API APP ADMIN
|
||||
/_dr/task/exportCommitLogDiff ExportCommitLogDiffAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/exportDomainLists ExportDomainListsAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/exportPremiumTerms ExportPremiumTermsAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/exportReservedTerms ExportReservedTermsAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/generateInvoices GenerateInvoicesAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/generateSpec11 GenerateSpec11ReportAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/icannReportingStaging IcannReportingStagingAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/icannReportingUpload IcannReportingUploadAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/nordnUpload NordnUploadAction POST y INTERNAL APP IGNORED
|
||||
/_dr/task/nordnVerify NordnVerifyAction POST y INTERNAL APP IGNORED
|
||||
/_dr/task/pollBigqueryJob BigqueryPollJobAction GET,POST y INTERNAL APP IGNORED
|
||||
/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y INTERNAL APP IGNORED
|
||||
/_dr/task/nordnUpload NordnUploadAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/nordnVerify NordnVerifyAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/pollBigqueryJob BigqueryPollJobAction GET,POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/publishInvoices PublishInvoicesAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/publishSpec11 PublishSpec11ReportAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/rdeReport RdeReportAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/rdeStaging RdeStagingAction GET,POST n INTERNAL APP IGNORED
|
||||
/_dr/task/rdeUpload RdeUploadAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction GET n INTERNAL APP IGNORED
|
||||
/_dr/task/rdeReport RdeReportAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/rdeStaging RdeStagingAction GET,POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/rdeUpload RdeUploadAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction GET n INTERNAL,API APP ADMIN
|
||||
/_dr/task/resaveAllEppResources ResaveAllEppResourcesAction GET n INTERNAL,API APP ADMIN
|
||||
/_dr/task/resaveEntity ResaveEntityAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/syncGroupMembers SyncGroupMembersAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/tmchCrl TmchCrlAction POST y INTERNAL APP IGNORED
|
||||
/_dr/task/tmchDnl TmchDnlAction POST y INTERNAL APP IGNORED
|
||||
/_dr/task/tmchSmdrl TmchSmdrlAction POST y INTERNAL APP IGNORED
|
||||
/_dr/task/syncGroupMembers SyncGroupMembersAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/tmchCrl TmchCrlAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/tmchDnl TmchDnlAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/tmchSmdrl TmchSmdrlAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/updateRegistrarRdapBaseUrls UpdateRegistrarRdapBaseUrlsAction GET y INTERNAL,API APP ADMIN
|
||||
/_dr/task/updateSnapshotView UpdateSnapshotViewAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/uploadDatastoreBackup UploadDatastoreBackupAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/updateSnapshotView UpdateSnapshotViewAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/uploadDatastoreBackup UploadDatastoreBackupAction POST n INTERNAL,API APP ADMIN
|
||||
|
|
|
@ -13,8 +13,8 @@ PATH CLASS METHODS OK AUTH
|
|||
/_dr/epptool EppToolAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/loadtest LoadTestAction POST y INTERNAL,API APP ADMIN
|
||||
/_dr/task/generateZoneFiles GenerateZoneFilesAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/killAllCommitLogs KillAllCommitLogsAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/killAllEppResources KillAllEppResourcesAction POST n INTERNAL APP IGNORED
|
||||
/_dr/task/killAllCommitLogs KillAllCommitLogsAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/killAllEppResources KillAllEppResourcesAction POST n INTERNAL,API APP ADMIN
|
||||
/_dr/task/refreshDnsForAllDomains RefreshDnsForAllDomainsAction GET n INTERNAL,API APP ADMIN
|
||||
/_dr/task/resaveAllHistoryEntries ResaveAllHistoryEntriesAction GET n INTERNAL,API APP ADMIN
|
||||
/_dr/task/restoreCommitLogs RestoreCommitLogsAction POST y INTERNAL,API APP ADMIN
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue