fix(logs): Allow anonymous calls (spinnaker#2892)

Explicitly allow anonymous calls for dependent pipeline starter querying front50 and ephemeral cluster poller.
nscmcgrath · May 8, 2019 · 053cb58 · 053cb58
1 parent 89786b8
commit 053cb58
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 31 deletions.
diff --git a/...in/groovy/com/netflix/spinnaker/orca/clouddriver/pollers/EphemeralServerGroupsPoller.java b/...in/groovy/com/netflix/spinnaker/orca/clouddriver/pollers/EphemeralServerGroupsPoller.java
@@ -146,36 +146,40 @@ protected void tick() {
   }
 
   private List<EphemeralServerGroupTag> fetchEphemeralServerGroupTags() {
-    List<EntityTags> allEntityTags = retrySupport.retry(() -> objectMapper.convertValue(
-      oortService.getEntityTags(ImmutableMap.<String, String>builder()
-        .put("tag:" + TTL_TAG, "*")
-        .put("entityType", "servergroup")
-        .build()
-      ),
-      new TypeReference<List<EntityTags>>() {
-      }
-    ), 15, 2000, false);
-
-    return allEntityTags.stream()
-      .map(e -> e.tags.stream()
-        .filter(t -> TTL_TAG.equalsIgnoreCase(t.name))
-        .map(t -> {
-          EphemeralServerGroupTag ephemeralServerGroupTag = objectMapper.convertValue(t.value, EphemeralServerGroupTag.class);
-          ephemeralServerGroupTag.id = e.id;
-          ephemeralServerGroupTag.account = e.entityRef.account;
-          ephemeralServerGroupTag.location = e.entityRef.region;
-          ephemeralServerGroupTag.application = e.entityRef.application;
-          ephemeralServerGroupTag.serverGroup = e.entityRef.entityId;
-          ephemeralServerGroupTag.cloudProvider = e.entityRef.cloudProvider;
-
-          return ephemeralServerGroupTag;
-        })
-        .findFirst()
-        .orElse(null)
-      )
-      .filter(Objects::nonNull)
-      .filter(t -> t.expiry.isBefore(ZonedDateTime.now(ZoneOffset.UTC)))
-      .collect(Collectors.toList());
+    try {
+      List<EntityTags> allEntityTags = AuthenticatedRequest.allowAnonymous(() -> retrySupport.retry(() -> objectMapper.convertValue(
+        oortService.getEntityTags(ImmutableMap.<String, String>builder()
+          .put("tag:" + TTL_TAG, "*")
+          .put("entityType", "servergroup")
+          .build()
+        ),
+        new TypeReference<List<EntityTags>>() {
+        }
+      ), 15, 2000, false));
+
+      return allEntityTags.stream()
+        .map(e -> e.tags.stream()
+          .filter(t -> TTL_TAG.equalsIgnoreCase(t.name))
+          .map(t -> {
+            EphemeralServerGroupTag ephemeralServerGroupTag = objectMapper.convertValue(t.value, EphemeralServerGroupTag.class);
+            ephemeralServerGroupTag.id = e.id;
+            ephemeralServerGroupTag.account = e.entityRef.account;
+            ephemeralServerGroupTag.location = e.entityRef.region;
+            ephemeralServerGroupTag.application = e.entityRef.application;
+            ephemeralServerGroupTag.serverGroup = e.entityRef.entityId;
+            ephemeralServerGroupTag.cloudProvider = e.entityRef.cloudProvider;
+
+            return ephemeralServerGroupTag;
+          })
+          .findFirst()
+          .orElse(null)
+        )
+        .filter(Objects::nonNull)
+        .filter(t -> t.expiry.isBefore(ZonedDateTime.now(ZoneOffset.UTC)))
+        .collect(Collectors.toList());
+    } catch (Exception e) {
+      throw new IllegalStateException(e);
+    }
   }
 
   private Map<String, Object> buildCleanupOperation(EphemeralServerGroupTag ephemeralServerGroupTag,

diff --git a/...roovy/com/netflix/spinnaker/orca/front50/spring/DependentPipelineExecutionListener.groovy b/...roovy/com/netflix/spinnaker/orca/front50/spring/DependentPipelineExecutionListener.groovy
@@ -26,6 +26,7 @@ import com.netflix.spinnaker.orca.listeners.Persister
 import com.netflix.spinnaker.orca.pipeline.model.Execution
 import com.netflix.spinnaker.orca.pipeline.util.ContextParameterProcessor
 import com.netflix.spinnaker.orca.pipelinetemplate.V2Util
+import com.netflix.spinnaker.security.AuthenticatedRequest
 import com.netflix.spinnaker.security.User
 import groovy.transform.CompileDynamic
 import groovy.util.logging.Slf4j
@@ -68,7 +69,7 @@ class DependentPipelineExecutionListener implements ExecutionListener {
     }
 
     def status = convertStatus(execution)
-    def allPipelines = front50Service.getAllPipelines()
+    def allPipelines = AuthenticatedRequest.allowAnonymous({front50Service.getAllPipelines()})
     if (executionPreprocessors) {
       // Resolve templated pipelines if enabled.
       allPipelines = allPipelines.collect { pipeline ->