mirror of
https://github.com/google/nomulus.git
synced 2025-08-01 23:42:12 +02:00
Change @Auth to an AutoValue, and created a set of predefined Auths
We want to be safer and more explicit about the authentication needed by the many actions that exist. As such, we make the 'auth' parameter required in @Action (so it's always clear who can run a specific action) and we replace the @Auth with an enum so that only pre-approved configurations that are aptly named and documented can be used. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=162210306
This commit is contained in:
parent
5966d8077b
commit
e224a67eda
94 changed files with 614 additions and 511 deletions
|
@ -26,6 +26,7 @@ import com.googlecode.objectify.VoidWork;
|
|||
import google.registry.model.ofy.CommitLogCheckpoint;
|
||||
import google.registry.model.ofy.CommitLogCheckpointRoot;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.TaskEnqueuer;
|
||||
|
@ -43,9 +44,11 @@ import org.joda.time.DateTime;
|
|||
* <p>This action's supported method is GET rather than POST because it gets invoked via cron.
|
||||
*/
|
||||
@Action(
|
||||
path = "/_dr/cron/commitLogCheckpoint",
|
||||
method = Action.Method.GET,
|
||||
automaticallyPrintOk = true)
|
||||
path = "/_dr/cron/commitLogCheckpoint",
|
||||
method = Action.Method.GET,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class CommitLogCheckpointAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = getLoggerForCallerClass();
|
||||
|
|
|
@ -37,6 +37,7 @@ import google.registry.model.ofy.CommitLogMutation;
|
|||
import google.registry.model.translators.CommitLogRevisionsTranslatorFactory;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import javax.inject.Inject;
|
||||
|
@ -60,7 +61,10 @@ import org.joda.time.Duration;
|
|||
* EppResource.
|
||||
*
|
||||
*/
|
||||
@Action(path = "/_dr/task/deleteOldCommitLogs")
|
||||
@Action(
|
||||
path = "/_dr/task/deleteOldCommitLogs",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class DeleteOldCommitLogsAction implements Runnable {
|
||||
|
||||
private static final int NUM_REDUCE_SHARDS = 10;
|
||||
|
|
|
@ -47,6 +47,7 @@ import google.registry.model.ofy.CommitLogManifest;
|
|||
import google.registry.model.ofy.CommitLogMutation;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
|
@ -60,9 +61,11 @@ import org.joda.time.DateTime;
|
|||
|
||||
/** Action that exports the diff between two commit log checkpoints to GCS. */
|
||||
@Action(
|
||||
path = ExportCommitLogDiffAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true)
|
||||
path = ExportCommitLogDiffAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class ExportCommitLogDiffAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = getLoggerForCallerClass();
|
||||
|
|
|
@ -42,7 +42,6 @@ import google.registry.model.ofy.CommitLogMutation;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.Retrier;
|
||||
import java.io.IOException;
|
||||
|
@ -59,15 +58,10 @@ import org.joda.time.DateTime;
|
|||
|
||||
/** Restore Registry 2 commit logs from GCS to Datastore. */
|
||||
@Action(
|
||||
path = RestoreCommitLogsAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
path = RestoreCommitLogsAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class RestoreCommitLogsAction implements Runnable {
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue