Remove AUTH_INTERNAL_ONLY (#393)

Endpoints annotated with AUTH_INTERNAL_ONLY used to be accessible
manually with an internal RPC tool that adds App Engine specific HTTP
headers to a request to make it look like it comes from App Engine
(hence internal). This tool is used by admins to hit such endpoints
during debugging, making them effectively AUTH_INTERNAL_OR_ADMIN.

This RPC tool has never been made available outside Google so the open
source admins do not have such ability. A recent change in the RPC tool
made this hack stop working internally as well. This PR replaces all
all occurances of AUTH_INTERNAL_ONLY with AUTH_INTERNAL_OR_ADMIN and
brings the open source build into feature parity with the internal
version.

Also fixed a few issues the router tests.
This commit is contained in:
Lai Jiang 2019-12-04 12:52:18 -05:00 committed by GitHub
parent 1e1c8cdd80
commit 369c1259fb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
44 changed files with 89 additions and 102 deletions

View file

@ -16,7 +16,7 @@ package google.registry.request;
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth8.assertThat;
import static google.registry.request.auth.Auth.AUTH_INTERNAL_ONLY;
import static google.registry.request.auth.Auth.AUTH_INTERNAL_OR_ADMIN;
import static google.registry.testing.JUnitBackports.assertThrows;
import java.util.Optional;
@ -45,7 +45,7 @@ public final class RouterTest {
////////////////////////////////////////////////////////////////////////////////////////////////
@Action(service = Action.Service.DEFAULT, path = "/sloth", auth = AUTH_INTERNAL_ONLY)
@Action(service = Action.Service.DEFAULT, path = "/sloth", auth = AUTH_INTERNAL_OR_ADMIN)
public static final class SlothTask implements Runnable {
@Override
public void run() {}
@ -79,7 +79,7 @@ public final class RouterTest {
service = Action.Service.DEFAULT,
path = "/prefix",
isPrefix = true,
auth = AUTH_INTERNAL_ONLY)
auth = AUTH_INTERNAL_OR_ADMIN)
public static final class PrefixTask implements Runnable {
@Override
public void run() {}
@ -109,7 +109,7 @@ public final class RouterTest {
service = Action.Service.DEFAULT,
path = "/prefix/long",
isPrefix = true,
auth = AUTH_INTERNAL_ONLY)
auth = AUTH_INTERNAL_OR_ADMIN)
public static final class LongTask implements Runnable {
@Override
public void run() {}
@ -164,7 +164,7 @@ public final class RouterTest {
@Action(
service = Action.Service.DEFAULT,
path = "/samePathAsOtherTask",
auth = AUTH_INTERNAL_ONLY)
auth = AUTH_INTERNAL_OR_ADMIN)
public static final class DuplicateTask1 implements Runnable {
@Override
public void run() {}
@ -173,7 +173,7 @@ public final class RouterTest {
@Action(
service = Action.Service.DEFAULT,
path = "/samePathAsOtherTask",
auth = AUTH_INTERNAL_ONLY)
auth = AUTH_INTERNAL_OR_ADMIN)
public static final class DuplicateTask2 implements Runnable {
@Override
public void run() {}

View file

@ -53,7 +53,7 @@ public class RequestAuthenticatorTest {
AuthLevel.NONE,
UserPolicy.IGNORED);
private static final AuthSettings AUTH_INTERNAL_ONLY = AuthSettings.create(
private static final AuthSettings AUTH_INTERNAL_OR_ADMIN = AuthSettings.create(
ImmutableList.of(AuthMethod.INTERNAL),
AuthLevel.APP,
UserPolicy.IGNORED);
@ -157,7 +157,7 @@ public class RequestAuthenticatorTest {
@Test
public void testInternalAuth_notInvokedInternally() {
Optional<AuthResult> authResult = runTest(mockUserService, AUTH_INTERNAL_ONLY);
Optional<AuthResult> authResult = runTest(mockUserService, AUTH_INTERNAL_OR_ADMIN);
verifyZeroInteractions(mockUserService);
assertThat(authResult).isEmpty();
@ -167,7 +167,7 @@ public class RequestAuthenticatorTest {
public void testInternalAuth_success() {
when(req.getHeader("X-AppEngine-QueueName")).thenReturn("__cron");
Optional<AuthResult> authResult = runTest(mockUserService, AUTH_INTERNAL_ONLY);
Optional<AuthResult> authResult = runTest(mockUserService, AUTH_INTERNAL_OR_ADMIN);
verifyZeroInteractions(mockUserService);
assertThat(authResult).isPresent();

View file

@ -37,18 +37,18 @@ public class GoldenFileTestHelper {
String goldenFileDescription = null;
private static final String UPDATE_COMMAND =
"nomulus -e localhost %1$s > %2$s";
"../gradlew nomulus && java -jar build/libs/nomulus.jar -e localhost %s > %s";
private static final String UPDATE_INSTRUCTIONS =
Joiner.on('\n')
.join(
"",
"-------------------------------------------------------------------------------",
"Your changes affect the %3$s. To update the checked-in version, run:",
"Your changes affect the %s. To update the checked-in version, run the following"
+ " command in the core project:",
UPDATE_COMMAND,
"");
public static GoldenFileTestHelper assertThat(String actualValue) {
return new GoldenFileTestHelper().setActualValue(actualValue);
}
@ -82,9 +82,9 @@ public class GoldenFileTestHelper {
actualValue, expectedValue);
assertWithMessage(
UPDATE_INSTRUCTIONS,
goldenFileDescription,
nomulusCommand,
filePath(context, filename),
goldenFileDescription)
filePath(context, filename))
.fail();
}
}

View file

@ -1,43 +1,43 @@
PATH CLASS METHODS OK AUTH_METHODS MIN USER_POLICY
/_dr/cron/commitLogCheckpoint CommitLogCheckpointAction GET y INTERNAL APP IGNORED
/_dr/cron/commitLogFanout CommitLogFanoutAction GET y INTERNAL APP IGNORED
/_dr/cron/fanout TldFanoutAction GET y INTERNAL APP IGNORED
/_dr/cron/readDnsQueue ReadDnsQueueAction GET y INTERNAL APP IGNORED
/_dr/dnsRefresh RefreshDnsAction GET y INTERNAL APP IGNORED
/_dr/task/backupDatastore BackupDatastoreAction POST y INTERNAL APP IGNORED
/_dr/task/brdaCopy BrdaCopyAction POST y INTERNAL APP IGNORED
/_dr/task/checkDatastoreBackup CheckBackupAction POST,GET y INTERNAL APP IGNORED
/_dr/cron/commitLogCheckpoint CommitLogCheckpointAction GET y INTERNAL,API APP ADMIN
/_dr/cron/commitLogFanout CommitLogFanoutAction GET y INTERNAL,API APP ADMIN
/_dr/cron/fanout TldFanoutAction GET y INTERNAL,API APP ADMIN
/_dr/cron/readDnsQueue ReadDnsQueueAction GET y INTERNAL,API APP ADMIN
/_dr/dnsRefresh RefreshDnsAction GET y INTERNAL,API APP ADMIN
/_dr/task/backupDatastore BackupDatastoreAction POST y INTERNAL,API APP ADMIN
/_dr/task/brdaCopy BrdaCopyAction POST y INTERNAL,API APP ADMIN
/_dr/task/checkDatastoreBackup CheckBackupAction POST,GET y INTERNAL,API APP ADMIN
/_dr/task/copyDetailReports CopyDetailReportsAction POST n INTERNAL,API APP ADMIN
/_dr/task/deleteContactsAndHosts DeleteContactsAndHostsAction GET n INTERNAL APP IGNORED
/_dr/task/deleteLoadTestData DeleteLoadTestDataAction POST n INTERNAL APP IGNORED
/_dr/task/deleteOldCommitLogs DeleteOldCommitLogsAction GET n INTERNAL APP IGNORED
/_dr/task/deleteProberData DeleteProberDataAction POST n INTERNAL APP IGNORED
/_dr/task/expandRecurringBillingEvents ExpandRecurringBillingEventsAction GET n INTERNAL APP IGNORED
/_dr/task/exportCommitLogDiff ExportCommitLogDiffAction POST y INTERNAL APP IGNORED
/_dr/task/exportDomainLists ExportDomainListsAction POST n INTERNAL APP IGNORED
/_dr/task/exportPremiumTerms ExportPremiumTermsAction POST n INTERNAL APP IGNORED
/_dr/task/exportReservedTerms ExportReservedTermsAction POST n INTERNAL APP IGNORED
/_dr/task/generateInvoices GenerateInvoicesAction POST n INTERNAL APP IGNORED
/_dr/task/generateSpec11 GenerateSpec11ReportAction POST n INTERNAL APP IGNORED
/_dr/task/icannReportingStaging IcannReportingStagingAction POST n INTERNAL APP IGNORED
/_dr/task/deleteContactsAndHosts DeleteContactsAndHostsAction GET n INTERNAL,API APP ADMIN
/_dr/task/deleteLoadTestData DeleteLoadTestDataAction POST n INTERNAL,API APP ADMIN
/_dr/task/deleteOldCommitLogs DeleteOldCommitLogsAction GET n INTERNAL,API APP ADMIN
/_dr/task/deleteProberData DeleteProberDataAction POST n INTERNAL,API APP ADMIN
/_dr/task/expandRecurringBillingEvents ExpandRecurringBillingEventsAction GET n INTERNAL,API APP ADMIN
/_dr/task/exportCommitLogDiff ExportCommitLogDiffAction POST y INTERNAL,API APP ADMIN
/_dr/task/exportDomainLists ExportDomainListsAction POST n INTERNAL,API APP ADMIN
/_dr/task/exportPremiumTerms ExportPremiumTermsAction POST n INTERNAL,API APP ADMIN
/_dr/task/exportReservedTerms ExportReservedTermsAction POST n INTERNAL,API APP ADMIN
/_dr/task/generateInvoices GenerateInvoicesAction POST n INTERNAL,API APP ADMIN
/_dr/task/generateSpec11 GenerateSpec11ReportAction POST n INTERNAL,API APP ADMIN
/_dr/task/icannReportingStaging IcannReportingStagingAction POST n INTERNAL,API APP ADMIN
/_dr/task/icannReportingUpload IcannReportingUploadAction POST n INTERNAL,API APP ADMIN
/_dr/task/nordnUpload NordnUploadAction POST y INTERNAL APP IGNORED
/_dr/task/nordnVerify NordnVerifyAction POST y INTERNAL APP IGNORED
/_dr/task/pollBigqueryJob BigqueryPollJobAction GET,POST y INTERNAL APP IGNORED
/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y INTERNAL APP IGNORED
/_dr/task/nordnUpload NordnUploadAction POST y INTERNAL,API APP ADMIN
/_dr/task/nordnVerify NordnVerifyAction POST y INTERNAL,API APP ADMIN
/_dr/task/pollBigqueryJob BigqueryPollJobAction GET,POST y INTERNAL,API APP ADMIN
/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y INTERNAL,API APP ADMIN
/_dr/task/publishInvoices PublishInvoicesAction POST n INTERNAL,API APP ADMIN
/_dr/task/publishSpec11 PublishSpec11ReportAction POST n INTERNAL,API APP ADMIN
/_dr/task/rdeReport RdeReportAction POST n INTERNAL APP IGNORED
/_dr/task/rdeStaging RdeStagingAction GET,POST n INTERNAL APP IGNORED
/_dr/task/rdeUpload RdeUploadAction POST n INTERNAL APP IGNORED
/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction GET n INTERNAL APP IGNORED
/_dr/task/rdeReport RdeReportAction POST n INTERNAL,API APP ADMIN
/_dr/task/rdeStaging RdeStagingAction GET,POST n INTERNAL,API APP ADMIN
/_dr/task/rdeUpload RdeUploadAction POST n INTERNAL,API APP ADMIN
/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction GET n INTERNAL,API APP ADMIN
/_dr/task/resaveAllEppResources ResaveAllEppResourcesAction GET n INTERNAL,API APP ADMIN
/_dr/task/resaveEntity ResaveEntityAction POST n INTERNAL,API APP ADMIN
/_dr/task/syncGroupMembers SyncGroupMembersAction POST n INTERNAL APP IGNORED
/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n INTERNAL APP IGNORED
/_dr/task/tmchCrl TmchCrlAction POST y INTERNAL APP IGNORED
/_dr/task/tmchDnl TmchDnlAction POST y INTERNAL APP IGNORED
/_dr/task/tmchSmdrl TmchSmdrlAction POST y INTERNAL APP IGNORED
/_dr/task/syncGroupMembers SyncGroupMembersAction POST n INTERNAL,API APP ADMIN
/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n INTERNAL,API APP ADMIN
/_dr/task/tmchCrl TmchCrlAction POST y INTERNAL,API APP ADMIN
/_dr/task/tmchDnl TmchDnlAction POST y INTERNAL,API APP ADMIN
/_dr/task/tmchSmdrl TmchSmdrlAction POST y INTERNAL,API APP ADMIN
/_dr/task/updateRegistrarRdapBaseUrls UpdateRegistrarRdapBaseUrlsAction GET y INTERNAL,API APP ADMIN
/_dr/task/updateSnapshotView UpdateSnapshotViewAction POST n INTERNAL APP IGNORED
/_dr/task/uploadDatastoreBackup UploadDatastoreBackupAction POST n INTERNAL APP IGNORED
/_dr/task/updateSnapshotView UpdateSnapshotViewAction POST n INTERNAL,API APP ADMIN
/_dr/task/uploadDatastoreBackup UploadDatastoreBackupAction POST n INTERNAL,API APP ADMIN

View file

@ -13,8 +13,8 @@ PATH CLASS METHODS OK AUTH
/_dr/epptool EppToolAction POST n INTERNAL,API APP ADMIN
/_dr/loadtest LoadTestAction POST y INTERNAL,API APP ADMIN
/_dr/task/generateZoneFiles GenerateZoneFilesAction POST n INTERNAL,API APP ADMIN
/_dr/task/killAllCommitLogs KillAllCommitLogsAction POST n INTERNAL APP IGNORED
/_dr/task/killAllEppResources KillAllEppResourcesAction POST n INTERNAL APP IGNORED
/_dr/task/killAllCommitLogs KillAllCommitLogsAction POST n INTERNAL,API APP ADMIN
/_dr/task/killAllEppResources KillAllEppResourcesAction POST n INTERNAL,API APP ADMIN
/_dr/task/refreshDnsForAllDomains RefreshDnsForAllDomainsAction GET n INTERNAL,API APP ADMIN
/_dr/task/resaveAllHistoryEntries ResaveAllHistoryEntriesAction GET n INTERNAL,API APP ADMIN
/_dr/task/restoreCommitLogs RestoreCommitLogsAction POST y INTERNAL,API APP ADMIN