This is an automated email from the ASF dual-hosted git repository.
akshayrai09 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pinot.git
The following commit(s) were added to refs/heads/master by this push:
new e71ac1b [TE] Do not authorize when auth is disabled (#4414)
e71ac1b is described below
commit e71ac1b34dbd96d832ed98c89c36195bf17dad83
Author: Akshay Rai <[email protected]>
AuthorDate: Tue Jul 9 15:42:25 2019 -0700
[TE] Do not authorize when auth is disabled (#4414)
---
.../apache/pinot/thirdeye/detection/yaml/YamlResource.java | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git
a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/detection/yaml/YamlResource.java
b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/detection/yaml/YamlResource.java
index 4f70613..7515251 100644
---
a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/detection/yaml/YamlResource.java
+++
b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/detection/yaml/YamlResource.java
@@ -412,6 +412,10 @@ public class YamlResource {
}
private boolean isServiceAccount(ThirdEyePrincipal user) {
+ if (user == null || user.getSessionKey() == null) {
+ return false;
+ }
+
List<Predicate> predicates = new ArrayList<>();
predicates.add(Predicate.EQ(PROP_SESSION_KEY, user.getSessionKey()));
predicates.add(Predicate.EQ(PROP_PRINCIPAL_TYPE, PROP_SERVICE));
@@ -421,6 +425,7 @@ public class YamlResource {
}
private void validateConfigOwner(ThirdEyePrincipal user, List<String>
owners) {
+ Preconditions.checkNotNull(user.getName(), "Unable to retrieve the user
name from the request");
if (owners == null || !owners.contains(user.getName())) {
throw new NotAuthorizedException("Service account " + user.getName() + "
is not authorized to access this resource.");
}
@@ -431,11 +436,6 @@ public class YamlResource {
* of modifying other configs when making programmatic calls.
*/
private void authorizeUser(ThirdEyePrincipal user, long id, String
authEntity) {
- if (user == null || StringUtils.isBlank(user.getName()) ||
StringUtils.isBlank(user.getSessionKey())) {
- throw new NotAuthorizedException("Unable to find the credentials/token
in the request");
- }
-
- // Authorize only service accounts
if (isServiceAccount(user)) {
if (authEntity.equals(PROP_DETECTION)) {
DetectionConfigDTO detectionConfig =
this.detectionConfigDAO.findById(id);
@@ -444,8 +444,9 @@ public class YamlResource {
DetectionAlertConfigDTO subscriptionConfig =
this.detectionAlertConfigDAO.findById(id);
validateConfigOwner(user, subscriptionConfig.getOwners());
}
+
+ LOG.info("Service account " + user.getName() + " authorized
successfully");
}
- LOG.info("User " + user.getName() + " authorized successfully");
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
