From 796b78138de5e1aa0998414f9ee3a228643684d4 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Tue, 12 Jul 2022 12:20:41 -0400 Subject: [PATCH 1/8] chore(permissions): extract PermissionedAction interface --- .../net/security/PermissionedAction.java | 44 +++++++++++++++++++ .../cryostat/net/web/http/RequestHandler.java | 8 +--- 2 files changed, 46 insertions(+), 6 deletions(-) create mode 100644 src/main/java/io/cryostat/net/security/PermissionedAction.java diff --git a/src/main/java/io/cryostat/net/security/PermissionedAction.java b/src/main/java/io/cryostat/net/security/PermissionedAction.java new file mode 100644 index 0000000000..864d6b9dc0 --- /dev/null +++ b/src/main/java/io/cryostat/net/security/PermissionedAction.java @@ -0,0 +1,44 @@ +/* + * Copyright The Cryostat Authors + * + * The Universal Permissive License (UPL), Version 1.0 + * + * Subject to the condition set forth below, permission is hereby granted to any + * person obtaining a copy of this software, associated documentation and/or data + * (collectively the "Software"), free of charge and under any and all copyright + * rights in the Software, and any and all patent rights owned or freely + * licensable by each licensor hereunder covering either (i) the unmodified + * Software as contributed to or provided by such licensor, or (ii) the Larger + * Works (as defined below), to deal in both + * + * (a) the Software, and + * (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if + * one is included with the Software (each a "Larger Work" to which the Software + * is contributed by such licensors), + * + * without restriction, including without limitation the rights to copy, create + * derivative works of, display, perform, and distribute the Software and make, + * use, sell, offer for sale, import, export, have made, and have sold the + * Software and the Larger Work(s), and to sublicense the foregoing rights on + * either these or other terms. + * + * This license is subject to the following condition: + * The above copyright notice and either this complete permission notice or at + * a minimum a reference to the UPL must be included in all copies or + * substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +package io.cryostat.net.security; + +import java.util.Set; + +public interface PermissionedAction { + Set resourceActions(); +} diff --git a/src/main/java/io/cryostat/net/web/http/RequestHandler.java b/src/main/java/io/cryostat/net/web/http/RequestHandler.java index 3eb32b175d..fde6baa68f 100644 --- a/src/main/java/io/cryostat/net/web/http/RequestHandler.java +++ b/src/main/java/io/cryostat/net/web/http/RequestHandler.java @@ -37,16 +37,14 @@ */ package io.cryostat.net.web.http; -import java.util.Set; - -import io.cryostat.net.security.ResourceAction; +import io.cryostat.net.security.PermissionedAction; import io.cryostat.net.web.http.api.ApiVersion; import io.vertx.core.Handler; import io.vertx.core.http.HttpMethod; import io.vertx.ext.web.RoutingContext; -public interface RequestHandler extends Handler { +public interface RequestHandler extends Handler, PermissionedAction { /** Lower number == higher priority handler */ static final int DEFAULT_PRIORITY = 100; @@ -71,8 +69,6 @@ default String basePath() { HttpMethod httpMethod(); - Set resourceActions(); - default boolean isAvailable() { return true; } From 91e8c55f475a4a2ecb7cd29be2798dca1f95a8ce Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Tue, 12 Jul 2022 12:45:04 -0400 Subject: [PATCH 2/8] chore(graphql): mark all fetchers/mutators with resource actions --- .../api/v2/graph/ActiveRecordingsFetcher.java | 14 ++++++++++++- .../api/v2/graph/ArchiveRecordingMutator.java | 18 ++++++++++++++++- .../v2/graph/ArchivedRecordingsFetcher.java | 12 ++++++++++- .../graph/DeleteActiveRecordingMutator.java | 19 +++++++++++++++++- .../graph/DeleteArchivedRecordingMutator.java | 14 ++++++++++++- .../graph/EnvironmentNodeChildrenFetcher.java | 13 +++++++++++- .../graph/EnvironmentNodeRecurseFetcher.java | 13 +++++++++++- .../api/v2/graph/EnvironmentNodesFetcher.java | 12 ++++++++++- .../web/http/api/v2/graph/NodeFetcher.java | 13 +++++++++++- .../http/api/v2/graph/RecordingsFetcher.java | 16 ++++++++++++++- .../http/api/v2/graph/RootNodeFetcher.java | 12 ++++++++++- .../api/v2/graph/SnapshotOnTargetMutator.java | 20 ++++++++++++++++++- .../graph/StartRecordingOnTargetMutator.java | 18 ++++++++++++++++- .../api/v2/graph/StopRecordingMutator.java | 18 ++++++++++++++++- .../v2/graph/TargetNodeRecurseFetcher.java | 12 ++++++++++- .../http/api/v2/graph/TargetNodesFetcher.java | 14 ++++++++++++- 16 files changed, 222 insertions(+), 16 deletions(-) diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java index 572176e851..0982646226 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java @@ -38,23 +38,35 @@ package io.cryostat.net.web.http.api.v2.graph; import java.util.ArrayList; +import java.util.EnumSet; import java.util.List; import java.util.Objects; +import java.util.Set; import java.util.stream.Collectors; import javax.inject.Inject; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.RecordingsFetcher.Recordings; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class ActiveRecordingsFetcher implements DataFetcher> { +class ActiveRecordingsFetcher + implements DataFetcher>, PermissionedAction { @Inject ActiveRecordingsFetcher() {} + @Override + public Set resourceActions() { + EnumSet actions = + EnumSet.of(ResourceAction.READ_RECORDING, ResourceAction.READ_TARGET); + return actions; + } + public List get(DataFetchingEnvironment environment) throws Exception { Recordings source = environment.getSource(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java index c590567546..09db8156dc 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java @@ -37,10 +37,15 @@ */ package io.cryostat.net.web.http.api.v2.graph; +import java.util.EnumSet; +import java.util.Set; + import javax.inject.Inject; import io.cryostat.configuration.CredentialsManager; import io.cryostat.net.ConnectionDescriptor; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.ServiceRef; import io.cryostat.recordings.RecordingArchiveHelper; import io.cryostat.rules.ArchivedRecordingInfo; @@ -48,7 +53,7 @@ import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class ArchiveRecordingMutator implements DataFetcher { +class ArchiveRecordingMutator implements DataFetcher, PermissionedAction { private final RecordingArchiveHelper recordingArchiveHelper; private final CredentialsManager credentialsManager; @@ -60,6 +65,17 @@ class ArchiveRecordingMutator implements DataFetcher { this.credentialsManager = credentialsManager; } + @Override + public Set resourceActions() { + EnumSet actions = + EnumSet.of( + ResourceAction.READ_TARGET, + ResourceAction.CREATE_RECORDING, + ResourceAction.READ_RECORDING, + ResourceAction.READ_CREDENTIALS); + return actions; + } + @Override public ArchivedRecordingInfo get(DataFetchingEnvironment environment) throws Exception { GraphRecordingDescriptor source = environment.getSource(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java index eee55b154e..2bac9dba8f 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java @@ -38,12 +38,16 @@ package io.cryostat.net.web.http.api.v2.graph; import java.util.ArrayList; +import java.util.EnumSet; import java.util.List; import java.util.Objects; +import java.util.Set; import java.util.stream.Collectors; import javax.inject.Inject; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.ArchivedRecordingsFetcher.Archived; import io.cryostat.net.web.http.api.v2.graph.RecordingsFetcher.Recordings; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; @@ -58,11 +62,17 @@ justification = "The Archived and AggregateInfo fields are serialized and returned to the client by" + " the GraphQL engine") -class ArchivedRecordingsFetcher implements DataFetcher { +class ArchivedRecordingsFetcher implements DataFetcher, PermissionedAction { @Inject ArchivedRecordingsFetcher() {} + @Override + public Set resourceActions() { + EnumSet actions = EnumSet.of(ResourceAction.READ_RECORDING); + return actions; + } + public Archived get(DataFetchingEnvironment environment) throws Exception { Recordings source = environment.getSource(); FilterInput filter = FilterInput.from(environment); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java index 0ff0630893..ddb4c1a7ea 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java @@ -37,17 +37,23 @@ */ package io.cryostat.net.web.http.api.v2.graph; +import java.util.EnumSet; +import java.util.Set; + import javax.inject.Inject; import io.cryostat.configuration.CredentialsManager; import io.cryostat.net.ConnectionDescriptor; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.ServiceRef; import io.cryostat.recordings.RecordingTargetHelper; import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class DeleteActiveRecordingMutator implements DataFetcher { +class DeleteActiveRecordingMutator + implements DataFetcher, PermissionedAction { private final RecordingTargetHelper recordingTargetHelper; private final CredentialsManager credentialsManager; @@ -59,6 +65,17 @@ class DeleteActiveRecordingMutator implements DataFetcher resourceActions() { + EnumSet actions = + EnumSet.of( + ResourceAction.DELETE_RECORDING, + ResourceAction.READ_TARGET, + ResourceAction.UPDATE_TARGET, + ResourceAction.DELETE_CREDENTIALS); + return actions; + } + @Override public GraphRecordingDescriptor get(DataFetchingEnvironment environment) throws Exception { GraphRecordingDescriptor source = environment.getSource(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java index 84798ac783..b8faa36d84 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java @@ -37,15 +37,21 @@ */ package io.cryostat.net.web.http.api.v2.graph; +import java.util.EnumSet; +import java.util.Set; + import javax.inject.Inject; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.recordings.RecordingArchiveHelper; import io.cryostat.rules.ArchivedRecordingInfo; import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class DeleteArchivedRecordingMutator implements DataFetcher { +class DeleteArchivedRecordingMutator + implements DataFetcher, PermissionedAction { private final RecordingArchiveHelper recordingArchiveHelper; @@ -54,6 +60,12 @@ class DeleteArchivedRecordingMutator implements DataFetcher resourceActions() { + EnumSet actions = EnumSet.of(ResourceAction.DELETE_RECORDING); + return actions; + } + @Override public ArchivedRecordingInfo get(DataFetchingEnvironment environment) throws Exception { ArchivedRecordingInfo source = environment.getSource(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java index c9aa89e52c..d43cbce98b 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java @@ -38,15 +38,26 @@ package io.cryostat.net.web.http.api.v2.graph; import java.util.ArrayList; +import java.util.EnumSet; import java.util.List; +import java.util.Set; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class EnvironmentNodeChildrenFetcher implements DataFetcher> { +class EnvironmentNodeChildrenFetcher + implements DataFetcher>, PermissionedAction { + + @Override + public Set resourceActions() { + EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); + return actions; + } @Override public List get(DataFetchingEnvironment environment) throws Exception { diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java index 3e4e87658d..e7b4d1d5a9 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java @@ -38,8 +38,12 @@ package io.cryostat.net.web.http.api.v2.graph; import java.util.ArrayList; +import java.util.EnumSet; import java.util.List; +import java.util.Set; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; import io.cryostat.platform.discovery.TargetNode; @@ -48,7 +52,14 @@ import graphql.schema.DataFetchingEnvironment; import graphql.schema.DataFetchingEnvironmentImpl; -class EnvironmentNodeRecurseFetcher implements DataFetcher> { +class EnvironmentNodeRecurseFetcher + implements DataFetcher>, PermissionedAction { + + @Override + public Set resourceActions() { + EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); + return actions; + } @Override public List get(DataFetchingEnvironment environment) throws Exception { diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java index 36a936b41f..0bb858e057 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java @@ -39,6 +39,7 @@ import java.util.ArrayList; import java.util.Collection; +import java.util.EnumSet; import java.util.HashSet; import java.util.List; import java.util.Objects; @@ -47,6 +48,8 @@ import javax.inject.Inject; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; @@ -54,7 +57,7 @@ import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class EnvironmentNodesFetcher implements DataFetcher> { +class EnvironmentNodesFetcher implements DataFetcher>, PermissionedAction { private final RootNodeFetcher rootNodeFetcher; @@ -63,6 +66,13 @@ class EnvironmentNodesFetcher implements DataFetcher> { this.rootNodeFetcher = rootNodeFetcher; } + @Override + public Set resourceActions() { + EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); + actions.addAll(rootNodeFetcher.resourceActions()); + return actions; + } + @Override public List get(DataFetchingEnvironment environment) throws Exception { FilterInput filter = FilterInput.from(environment); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java index f36b9a74e7..a93f55dd03 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java @@ -37,18 +37,22 @@ */ package io.cryostat.net.web.http.api.v2.graph; +import java.util.EnumSet; import java.util.NoSuchElementException; import java.util.Objects; +import java.util.Set; import javax.inject.Inject; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class NodeFetcher implements DataFetcher { +class NodeFetcher implements DataFetcher, PermissionedAction { private final RootNodeFetcher rootNodeFetcher; @@ -57,6 +61,13 @@ class NodeFetcher implements DataFetcher { this.rootNodeFetcher = rootNodeFetcher; } + @Override + public Set resourceActions() { + EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); + actions.addAll(rootNodeFetcher.resourceActions()); + return actions; + } + @Override public AbstractNode get(DataFetchingEnvironment environment) throws Exception { EnvironmentNode root = rootNodeFetcher.get(environment); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java index 95605b8c40..ba2f978c07 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java @@ -39,8 +39,10 @@ import java.io.IOException; import java.net.URISyntaxException; +import java.util.EnumSet; import java.util.List; import java.util.Objects; +import java.util.Set; import java.util.stream.Collectors; import javax.inject.Inject; @@ -52,6 +54,8 @@ import io.cryostat.core.log.Logger; import io.cryostat.net.ConnectionDescriptor; import io.cryostat.net.TargetConnectionManager; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.WebServer; import io.cryostat.net.web.http.api.v2.graph.RecordingsFetcher.Recordings; import io.cryostat.platform.ServiceRef; @@ -65,7 +69,7 @@ import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class RecordingsFetcher implements DataFetcher { +class RecordingsFetcher implements DataFetcher, PermissionedAction { private final TargetConnectionManager tcm; private final RecordingArchiveHelper archiveHelper; @@ -90,6 +94,16 @@ class RecordingsFetcher implements DataFetcher { this.logger = logger; } + @Override + public Set resourceActions() { + EnumSet actions = + EnumSet.of( + ResourceAction.READ_TARGET, + ResourceAction.READ_RECORDING, + ResourceAction.READ_CREDENTIALS); + return actions; + } + @Override @SuppressFBWarnings( value = "URF_UNREAD_FIELD", diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java index 379d7710f3..611e90fcc1 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java @@ -37,15 +37,20 @@ */ package io.cryostat.net.web.http.api.v2.graph; +import java.util.EnumSet; +import java.util.Set; + import javax.inject.Inject; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.PlatformClient; import io.cryostat.platform.discovery.EnvironmentNode; import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class RootNodeFetcher implements DataFetcher { +class RootNodeFetcher implements DataFetcher, PermissionedAction { private final PlatformClient client; @@ -54,6 +59,11 @@ class RootNodeFetcher implements DataFetcher { this.client = client; } + @Override + public Set resourceActions() { + return EnumSet.of(ResourceAction.READ_TARGET); + } + @Override public EnvironmentNode get(DataFetchingEnvironment environment) throws Exception { return client.getDiscoveryTree(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java index 48376b34c0..5f3c8474a1 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java @@ -37,17 +37,22 @@ */ package io.cryostat.net.web.http.api.v2.graph; +import java.util.EnumSet; +import java.util.Set; + import javax.inject.Inject; import io.cryostat.configuration.CredentialsManager; import io.cryostat.net.ConnectionDescriptor; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.TargetNode; import io.cryostat.recordings.RecordingTargetHelper; import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class SnapshotOnTargetMutator implements DataFetcher { +class SnapshotOnTargetMutator implements DataFetcher, PermissionedAction { private final RecordingTargetHelper recordingTargetHelper; private final CredentialsManager credentialsManager; @@ -59,6 +64,19 @@ class SnapshotOnTargetMutator implements DataFetcher { this.credentialsManager = credentialsManager; } + @Override + public Set resourceActions() { + EnumSet actions = + EnumSet.of( + ResourceAction.READ_RECORDING, + ResourceAction.UPDATE_RECORDING, + ResourceAction.CREATE_RECORDING, + ResourceAction.READ_TARGET, + ResourceAction.UPDATE_TARGET, + ResourceAction.READ_CREDENTIALS); + return actions; + } + @Override public GraphRecordingDescriptor get(DataFetchingEnvironment environment) throws Exception { TargetNode node = environment.getSource(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java index 0b36017d76..afe8657023 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java @@ -37,7 +37,9 @@ */ package io.cryostat.net.web.http.api.v2.graph; +import java.util.EnumSet; import java.util.Map; +import java.util.Set; import java.util.concurrent.TimeUnit; import javax.inject.Inject; @@ -51,6 +53,8 @@ import io.cryostat.jmc.serialization.HyperlinkedSerializableRecordingDescriptor; import io.cryostat.net.ConnectionDescriptor; import io.cryostat.net.TargetConnectionManager; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.WebServer; import io.cryostat.platform.discovery.TargetNode; import io.cryostat.recordings.RecordingOptionsBuilderFactory; @@ -60,7 +64,7 @@ import graphql.schema.DataFetchingEnvironment; class StartRecordingOnTargetMutator - implements DataFetcher { + implements DataFetcher, PermissionedAction { private final TargetConnectionManager targetConnectionManager; private final RecordingTargetHelper recordingTargetHelper; @@ -82,6 +86,18 @@ class StartRecordingOnTargetMutator this.webServer = webServer; } + @Override + public Set resourceActions() { + EnumSet actions = + EnumSet.of( + ResourceAction.READ_RECORDING, + ResourceAction.CREATE_RECORDING, + ResourceAction.READ_TARGET, + ResourceAction.UPDATE_TARGET, + ResourceAction.READ_CREDENTIALS); + return actions; + } + @Override public HyperlinkedSerializableRecordingDescriptor get(DataFetchingEnvironment environment) throws Exception { diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java index fff8ca6c8d..9c18c26ba5 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java @@ -37,6 +37,9 @@ */ package io.cryostat.net.web.http.api.v2.graph; +import java.util.EnumSet; +import java.util.Set; + import javax.inject.Inject; import javax.inject.Provider; @@ -45,6 +48,8 @@ import io.cryostat.configuration.CredentialsManager; import io.cryostat.net.ConnectionDescriptor; import io.cryostat.net.TargetConnectionManager; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.WebServer; import io.cryostat.platform.ServiceRef; import io.cryostat.recordings.RecordingMetadataManager; @@ -54,7 +59,7 @@ import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; -class StopRecordingMutator implements DataFetcher { +class StopRecordingMutator implements DataFetcher, PermissionedAction { private final TargetConnectionManager targetConnectionManager; private final RecordingTargetHelper recordingTargetHelper; @@ -76,6 +81,17 @@ class StopRecordingMutator implements DataFetcher { this.webServer = webServer; } + @Override + public Set resourceActions() { + EnumSet actions = + EnumSet.of( + ResourceAction.READ_RECORDING, + ResourceAction.UPDATE_RECORDING, + ResourceAction.READ_TARGET, + ResourceAction.READ_CREDENTIALS); + return actions; + } + @Override public GraphRecordingDescriptor get(DataFetchingEnvironment environment) throws Exception { GraphRecordingDescriptor source = environment.getSource(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java index ee6d2461b9..bbfdd583a4 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java @@ -38,13 +38,17 @@ package io.cryostat.net.web.http.api.v2.graph; import java.util.ArrayList; +import java.util.EnumSet; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.Set; import java.util.function.Function; import java.util.stream.Collectors; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; @@ -54,7 +58,13 @@ import graphql.schema.DataFetchingEnvironment; import graphql.schema.DataFetchingEnvironmentImpl; -class TargetNodeRecurseFetcher implements DataFetcher> { +class TargetNodeRecurseFetcher implements DataFetcher>, PermissionedAction { + + @Override + public Set resourceActions() { + EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); + return actions; + } @Override public List get(DataFetchingEnvironment environment) throws Exception { diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java index 341c82ed6e..272caf97f7 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java @@ -37,15 +37,19 @@ */ package io.cryostat.net.web.http.api.v2.graph; +import java.util.EnumSet; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.Set; import java.util.function.Function; import java.util.stream.Collectors; import javax.inject.Inject; +import io.cryostat.net.security.PermissionedAction; +import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; import io.cryostat.platform.discovery.TargetNode; @@ -53,7 +57,7 @@ import graphql.schema.DataFetchingEnvironment; import graphql.schema.DataFetchingEnvironmentImpl; -class TargetNodesFetcher implements DataFetcher> { +class TargetNodesFetcher implements DataFetcher>, PermissionedAction { private final RootNodeFetcher rootNodeFetcher; private final TargetNodeRecurseFetcher recurseFetcher; @@ -64,6 +68,14 @@ class TargetNodesFetcher implements DataFetcher> { this.recurseFetcher = recurseFetcher; } + @Override + public Set resourceActions() { + EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); + actions.addAll(rootNodeFetcher.resourceActions()); + actions.addAll(recurseFetcher.resourceActions()); + return actions; + } + @Override public List get(DataFetchingEnvironment environment) throws Exception { FilterInput filter = FilterInput.from(environment); From d8861bf3d80b3dbbfb7aaa3939f8de8d8924dc91 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Tue, 12 Jul 2022 18:54:01 -0400 Subject: [PATCH 3/8] feat(graphql): implement permissions check for each graphql fetcher/mutator --- .../AbstractPermissionedDataFetcher.java | 71 ++++++++++++++++ .../api/v2/graph/ActiveRecordingsFetcher.java | 16 ++-- .../api/v2/graph/ArchiveRecordingMutator.java | 13 ++- .../v2/graph/ArchivedRecordingsFetcher.java | 11 ++- .../graph/DeleteActiveRecordingMutator.java | 13 ++- .../graph/DeleteArchivedRecordingMutator.java | 13 ++- .../graph/EnvironmentNodeChildrenFetcher.java | 16 ++-- .../graph/EnvironmentNodeRecurseFetcher.java | 18 +++-- .../api/v2/graph/EnvironmentNodesFetcher.java | 13 ++- .../web/http/api/v2/graph/GraphModule.java | 81 ++++++++++--------- .../http/api/v2/graph/GraphQLPostHandler.java | 11 +-- .../web/http/api/v2/graph/NodeFetcher.java | 13 ++- .../http/api/v2/graph/RecordingsFetcher.java | 14 ++-- .../http/api/v2/graph/RootNodeFetcher.java | 13 ++- .../api/v2/graph/SnapshotOnTargetMutator.java | 13 ++- .../graph/StartRecordingOnTargetMutator.java | 12 +-- .../api/v2/graph/StopRecordingMutator.java | 12 +-- .../v2/graph/TargetNodeRecurseFetcher.java | 17 ++-- .../http/api/v2/graph/TargetNodesFetcher.java | 15 ++-- 19 files changed, 232 insertions(+), 153 deletions(-) create mode 100644 src/main/java/io/cryostat/net/web/http/api/v2/graph/AbstractPermissionedDataFetcher.java diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/AbstractPermissionedDataFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/AbstractPermissionedDataFetcher.java new file mode 100644 index 0000000000..f0ea44684a --- /dev/null +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/AbstractPermissionedDataFetcher.java @@ -0,0 +1,71 @@ +/* + * Copyright The Cryostat Authors + * + * The Universal Permissive License (UPL), Version 1.0 + * + * Subject to the condition set forth below, permission is hereby granted to any + * person obtaining a copy of this software, associated documentation and/or data + * (collectively the "Software"), free of charge and under any and all copyright + * rights in the Software, and any and all patent rights owned or freely + * licensable by each licensor hereunder covering either (i) the unmodified + * Software as contributed to or provided by such licensor, or (ii) the Larger + * Works (as defined below), to deal in both + * + * (a) the Software, and + * (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if + * one is included with the Software (each a "Larger Work" to which the Software + * is contributed by such licensors), + * + * without restriction, including without limitation the rights to copy, create + * derivative works of, display, perform, and distribute the Software and make, + * use, sell, offer for sale, import, export, have made, and have sold the + * Software and the Larger Work(s), and to sublicense the foregoing rights on + * either these or other terms. + * + * This license is subject to the following condition: + * The above copyright notice and either this complete permission notice or at + * a minimum a reference to the UPL must be included in all copies or + * substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +package io.cryostat.net.web.http.api.v2.graph; + +import graphql.GraphQLContext; +import graphql.schema.DataFetcher; +import graphql.schema.DataFetchingEnvironment; +import io.cryostat.net.AuthManager; +import io.cryostat.net.AuthorizationErrorException; +import io.cryostat.net.security.PermissionedAction; +import io.vertx.core.http.HttpHeaders; +import io.vertx.ext.web.RoutingContext; + +abstract class AbstractPermissionedDataFetcher implements DataFetcher, PermissionedAction { + + protected final AuthManager auth; + + AbstractPermissionedDataFetcher(AuthManager auth) { + this.auth = auth; + } + + @Override + public final T get(DataFetchingEnvironment environment) throws Exception { + GraphQLContext graphCtx = environment.getGraphQlContext(); + RoutingContext ctx = graphCtx.get(RoutingContext.class); + boolean authenticated = auth.validateHttpHeader( + () -> ctx.request().getHeader(HttpHeaders.AUTHORIZATION), resourceActions()).get(); + if (!authenticated) { + throw new AuthorizationErrorException("Unauthorized"); + } + return getAuthenticated(environment); + } + + abstract T getAuthenticated(DataFetchingEnvironment environment) throws Exception; + +} diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java index 0982646226..8bc5887812 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java @@ -46,19 +46,18 @@ import javax.inject.Inject; -import io.cryostat.net.security.PermissionedAction; +import graphql.schema.DataFetchingEnvironment; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.RecordingsFetcher.Recordings; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - -class ActiveRecordingsFetcher - implements DataFetcher>, PermissionedAction { +class ActiveRecordingsFetcher extends AbstractPermissionedDataFetcher> { @Inject - ActiveRecordingsFetcher() {} + ActiveRecordingsFetcher(AuthManager auth) { + super(auth); + } @Override public Set resourceActions() { @@ -67,7 +66,8 @@ public Set resourceActions() { return actions; } - public List get(DataFetchingEnvironment environment) + @Override + public List getAuthenticated(DataFetchingEnvironment environment) throws Exception { Recordings source = environment.getSource(); List result = new ArrayList<>(source.active); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java index 09db8156dc..bcc4d40345 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java @@ -42,25 +42,24 @@ import javax.inject.Inject; +import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; +import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; -import io.cryostat.net.security.PermissionedAction; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.ServiceRef; import io.cryostat.recordings.RecordingArchiveHelper; import io.cryostat.rules.ArchivedRecordingInfo; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - -class ArchiveRecordingMutator implements DataFetcher, PermissionedAction { +class ArchiveRecordingMutator extends AbstractPermissionedDataFetcher { private final RecordingArchiveHelper recordingArchiveHelper; private final CredentialsManager credentialsManager; @Inject ArchiveRecordingMutator( - RecordingArchiveHelper recordingArchiveHelper, CredentialsManager credentialsManager) { + AuthManager auth, RecordingArchiveHelper recordingArchiveHelper, CredentialsManager credentialsManager) { + super(auth); this.recordingArchiveHelper = recordingArchiveHelper; this.credentialsManager = credentialsManager; } @@ -77,7 +76,7 @@ public Set resourceActions() { } @Override - public ArchivedRecordingInfo get(DataFetchingEnvironment environment) throws Exception { + public ArchivedRecordingInfo getAuthenticated(DataFetchingEnvironment environment) throws Exception { GraphRecordingDescriptor source = environment.getSource(); ServiceRef target = source.target; String uri = target.getServiceUri().toString(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java index 2bac9dba8f..b4fcce792c 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java @@ -46,7 +46,8 @@ import javax.inject.Inject; -import io.cryostat.net.security.PermissionedAction; +import graphql.schema.DataFetchingEnvironment; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.ArchivedRecordingsFetcher.Archived; import io.cryostat.net.web.http.api.v2.graph.RecordingsFetcher.Recordings; @@ -62,10 +63,12 @@ justification = "The Archived and AggregateInfo fields are serialized and returned to the client by" + " the GraphQL engine") -class ArchivedRecordingsFetcher implements DataFetcher, PermissionedAction { +class ArchivedRecordingsFetcher extends AbstractPermissionedDataFetcher { @Inject - ArchivedRecordingsFetcher() {} + ArchivedRecordingsFetcher(AuthManager auth) { + super(auth); + } @Override public Set resourceActions() { @@ -73,7 +76,7 @@ public Set resourceActions() { return actions; } - public Archived get(DataFetchingEnvironment environment) throws Exception { + public Archived getAuthenticated(DataFetchingEnvironment environment) throws Exception { Recordings source = environment.getSource(); FilterInput filter = FilterInput.from(environment); List recordings = new ArrayList<>(source.archived); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java index ddb4c1a7ea..2b6e05a4c4 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java @@ -42,25 +42,24 @@ import javax.inject.Inject; +import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; +import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; -import io.cryostat.net.security.PermissionedAction; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.ServiceRef; import io.cryostat.recordings.RecordingTargetHelper; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - class DeleteActiveRecordingMutator - implements DataFetcher, PermissionedAction { + extends AbstractPermissionedDataFetcher { private final RecordingTargetHelper recordingTargetHelper; private final CredentialsManager credentialsManager; @Inject DeleteActiveRecordingMutator( - RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { + AuthManager auth, RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { + super(auth); this.recordingTargetHelper = recordingTargetHelper; this.credentialsManager = credentialsManager; } @@ -77,7 +76,7 @@ public Set resourceActions() { } @Override - public GraphRecordingDescriptor get(DataFetchingEnvironment environment) throws Exception { + public GraphRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) throws Exception { GraphRecordingDescriptor source = environment.getSource(); ServiceRef target = source.target; String uri = target.getServiceUri().toString(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java index b8faa36d84..e4705bffa3 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java @@ -42,21 +42,20 @@ import javax.inject.Inject; -import io.cryostat.net.security.PermissionedAction; +import graphql.schema.DataFetchingEnvironment; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.recordings.RecordingArchiveHelper; import io.cryostat.rules.ArchivedRecordingInfo; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - class DeleteArchivedRecordingMutator - implements DataFetcher, PermissionedAction { + extends AbstractPermissionedDataFetcher { private final RecordingArchiveHelper recordingArchiveHelper; @Inject - DeleteArchivedRecordingMutator(RecordingArchiveHelper recordingArchiveHelper) { + DeleteArchivedRecordingMutator(AuthManager auth, RecordingArchiveHelper recordingArchiveHelper) { + super(auth); this.recordingArchiveHelper = recordingArchiveHelper; } @@ -67,7 +66,7 @@ public Set resourceActions() { } @Override - public ArchivedRecordingInfo get(DataFetchingEnvironment environment) throws Exception { + public ArchivedRecordingInfo getAuthenticated(DataFetchingEnvironment environment) throws Exception { ArchivedRecordingInfo source = environment.getSource(); return recordingArchiveHelper.deleteRecording(source.getName()).get(); } diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java index d43cbce98b..bcf02dba4f 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java @@ -42,16 +42,20 @@ import java.util.List; import java.util.Set; -import io.cryostat.net.security.PermissionedAction; +import javax.inject.Inject; + +import graphql.schema.DataFetchingEnvironment; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; +class EnvironmentNodeChildrenFetcher extends AbstractPermissionedDataFetcher> { -class EnvironmentNodeChildrenFetcher - implements DataFetcher>, PermissionedAction { + @Inject + EnvironmentNodeChildrenFetcher(AuthManager auth) { + super(auth); + } @Override public Set resourceActions() { @@ -60,7 +64,7 @@ public Set resourceActions() { } @Override - public List get(DataFetchingEnvironment environment) throws Exception { + public List getAuthenticated(DataFetchingEnvironment environment) throws Exception { EnvironmentNode node = environment.getSource(); return new ArrayList<>(node.getChildren()); } diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java index e7b4d1d5a9..5712587271 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java @@ -42,18 +42,22 @@ import java.util.List; import java.util.Set; -import io.cryostat.net.security.PermissionedAction; +import javax.inject.Inject; + +import graphql.schema.DataFetchingEnvironment; +import graphql.schema.DataFetchingEnvironmentImpl; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; import io.cryostat.platform.discovery.TargetNode; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; -import graphql.schema.DataFetchingEnvironmentImpl; +class EnvironmentNodeRecurseFetcher extends AbstractPermissionedDataFetcher> { -class EnvironmentNodeRecurseFetcher - implements DataFetcher>, PermissionedAction { + @Inject + EnvironmentNodeRecurseFetcher(AuthManager auth) { + super(auth); + } @Override public Set resourceActions() { @@ -62,7 +66,7 @@ public Set resourceActions() { } @Override - public List get(DataFetchingEnvironment environment) throws Exception { + public List getAuthenticated(DataFetchingEnvironment environment) throws Exception { AbstractNode node = environment.getSource(); if (node instanceof TargetNode) { return List.of(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java index 0bb858e057..8c6e364107 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java @@ -48,21 +48,20 @@ import javax.inject.Inject; -import io.cryostat.net.security.PermissionedAction; +import graphql.schema.DataFetchingEnvironment; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - -class EnvironmentNodesFetcher implements DataFetcher>, PermissionedAction { +class EnvironmentNodesFetcher extends AbstractPermissionedDataFetcher> { private final RootNodeFetcher rootNodeFetcher; @Inject - EnvironmentNodesFetcher(RootNodeFetcher rootNodeFetcher) { + EnvironmentNodesFetcher(AuthManager auth, RootNodeFetcher rootNodeFetcher) { + super(auth); this.rootNodeFetcher = rootNodeFetcher; } @@ -74,7 +73,7 @@ public Set resourceActions() { } @Override - public List get(DataFetchingEnvironment environment) throws Exception { + public List getAuthenticated(DataFetchingEnvironment environment) throws Exception { FilterInput filter = FilterInput.from(environment); EnvironmentNode root = rootNodeFetcher.get(environment); Set nodes = flattenEnvNodes(root); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphModule.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphModule.java index 2d16542713..14327a18a3 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphModule.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphModule.java @@ -44,17 +44,6 @@ import javax.inject.Provider; import javax.inject.Singleton; -import io.cryostat.configuration.CredentialsManager; -import io.cryostat.core.log.Logger; -import io.cryostat.net.TargetConnectionManager; -import io.cryostat.net.web.WebServer; -import io.cryostat.net.web.http.RequestHandler; -import io.cryostat.platform.PlatformClient; -import io.cryostat.recordings.RecordingArchiveHelper; -import io.cryostat.recordings.RecordingMetadataManager; -import io.cryostat.recordings.RecordingOptionsBuilderFactory; -import io.cryostat.recordings.RecordingTargetHelper; - import dagger.Binds; import dagger.Module; import dagger.Provides; @@ -67,6 +56,17 @@ import graphql.schema.idl.SchemaParser; import graphql.schema.idl.TypeDefinitionRegistry; import graphql.schema.idl.TypeRuntimeWiring; +import io.cryostat.configuration.CredentialsManager; +import io.cryostat.core.log.Logger; +import io.cryostat.net.AuthManager; +import io.cryostat.net.TargetConnectionManager; +import io.cryostat.net.web.WebServer; +import io.cryostat.net.web.http.RequestHandler; +import io.cryostat.platform.PlatformClient; +import io.cryostat.recordings.RecordingArchiveHelper; +import io.cryostat.recordings.RecordingMetadataManager; +import io.cryostat.recordings.RecordingOptionsBuilderFactory; +import io.cryostat.recordings.RecordingTargetHelper; @Module public abstract class GraphModule { @@ -190,12 +190,12 @@ static GraphQL provideGraphQL( } @Provides - static RootNodeFetcher provideRootNodeFetcher(PlatformClient client) { - return new RootNodeFetcher(client); + static RootNodeFetcher provideRootNodeFetcher(AuthManager auth, PlatformClient client) { + return new RootNodeFetcher(auth, client); } @Provides - static RecordingsFetcher provideRecordingsFetcher( + static RecordingsFetcher provideRecordingsFetcher(AuthManager auth, TargetConnectionManager tcm, RecordingArchiveHelper archiveHelper, CredentialsManager credentialsManager, @@ -203,58 +203,60 @@ static RecordingsFetcher provideRecordingsFetcher( Provider webServer, Logger logger) { return new RecordingsFetcher( - tcm, archiveHelper, credentialsManager, metadataManager, webServer, logger); + auth, tcm, archiveHelper, credentialsManager, metadataManager, webServer, logger); } @Provides - static ActiveRecordingsFetcher provideActiveRecordingsFetcher() { - return new ActiveRecordingsFetcher(); + static ActiveRecordingsFetcher provideActiveRecordingsFetcher(AuthManager auth) { + return new ActiveRecordingsFetcher(auth); } @Provides - static ArchivedRecordingsFetcher provideArchivedRecordingsFetcher() { - return new ArchivedRecordingsFetcher(); + static ArchivedRecordingsFetcher provideArchivedRecordingsFetcher(AuthManager auth) { + return new ArchivedRecordingsFetcher(auth); } @Provides - static EnvironmentNodeChildrenFetcher provideEnvironmentNodeChildrenFetcher() { - return new EnvironmentNodeChildrenFetcher(); + static EnvironmentNodeChildrenFetcher provideEnvironmentNodeChildrenFetcher(AuthManager auth) { + return new EnvironmentNodeChildrenFetcher(auth); } @Provides - static TargetNodeRecurseFetcher provideTargetNodeRecurseFetcher() { - return new TargetNodeRecurseFetcher(); + static TargetNodeRecurseFetcher provideTargetNodeRecurseFetcher(AuthManager auth) { + return new TargetNodeRecurseFetcher(auth); } @Provides - static EnvironmentNodeRecurseFetcher provideEnvironmentNodeRecurseFetcher() { - return new EnvironmentNodeRecurseFetcher(); + static EnvironmentNodeRecurseFetcher provideEnvironmentNodeRecurseFetcher(AuthManager auth) { + return new EnvironmentNodeRecurseFetcher(auth); } @Provides - static NodeFetcher provideNodeFetcher(RootNodeFetcher rootNodeFetcher) { - return new NodeFetcher(rootNodeFetcher); + static NodeFetcher provideNodeFetcher(AuthManager auth, RootNodeFetcher rootNodeFetcher) { + return new NodeFetcher(auth, rootNodeFetcher); } @Provides - static EnvironmentNodesFetcher provideEnvironmentNodesFetcher(RootNodeFetcher rootNodeFetcher) { - return new EnvironmentNodesFetcher(rootNodeFetcher); + static EnvironmentNodesFetcher provideEnvironmentNodesFetcher(AuthManager auth, RootNodeFetcher rootNodeFetcher) { + return new EnvironmentNodesFetcher(auth, rootNodeFetcher); } @Provides static TargetNodesFetcher provideTargetNodesFetcher( - RootNodeFetcher rootNodeFetcher, TargetNodeRecurseFetcher recurseFetcher) { - return new TargetNodesFetcher(rootNodeFetcher, recurseFetcher); + AuthManager auth, RootNodeFetcher rootNodeFetcher, TargetNodeRecurseFetcher recurseFetcher) { + return new TargetNodesFetcher(auth, rootNodeFetcher, recurseFetcher); } @Provides static StartRecordingOnTargetMutator provideStartRecordingOnTargetMutator( + AuthManager auth, TargetConnectionManager targetConnectionManager, RecordingTargetHelper recordingTargetHelper, RecordingOptionsBuilderFactory recordingOptionsBuilderFactory, CredentialsManager credentialsManager, Provider webServer) { return new StartRecordingOnTargetMutator( + auth, targetConnectionManager, recordingTargetHelper, recordingOptionsBuilderFactory, @@ -264,24 +266,26 @@ static StartRecordingOnTargetMutator provideStartRecordingOnTargetMutator( @Provides static SnapshotOnTargetMutator provideSnapshotOnTargetMutator( - RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { - return new SnapshotOnTargetMutator(recordingTargetHelper, credentialsManager); + AuthManager auth, RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { + return new SnapshotOnTargetMutator(auth, recordingTargetHelper, credentialsManager); } @Provides static ArchiveRecordingMutator provideArchiveRecordingMutator( - RecordingArchiveHelper recordingArchiveHelper, CredentialsManager credentialsManager) { - return new ArchiveRecordingMutator(recordingArchiveHelper, credentialsManager); + AuthManager auth, RecordingArchiveHelper recordingArchiveHelper, CredentialsManager credentialsManager) { + return new ArchiveRecordingMutator(auth, recordingArchiveHelper, credentialsManager); } @Provides static StopRecordingMutator provideStopRecordingsOnTargetMutator( + AuthManager auth, TargetConnectionManager targetConnectionManager, RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager, RecordingMetadataManager metadataManager, Provider webServer) { return new StopRecordingMutator( + auth, targetConnectionManager, recordingTargetHelper, credentialsManager, @@ -291,13 +295,14 @@ static StopRecordingMutator provideStopRecordingsOnTargetMutator( @Provides static DeleteActiveRecordingMutator provideDeleteActiveRecordingMutator( + AuthManager auth, RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { - return new DeleteActiveRecordingMutator(recordingTargetHelper, credentialsManager); + return new DeleteActiveRecordingMutator(auth, recordingTargetHelper, credentialsManager); } @Provides static DeleteArchivedRecordingMutator provideDeleteArchivedRecordingMutator( - RecordingArchiveHelper recordingArchiveHelper) { - return new DeleteArchivedRecordingMutator(recordingArchiveHelper); + AuthManager auth, RecordingArchiveHelper recordingArchiveHelper) { + return new DeleteArchivedRecordingMutator(auth, recordingArchiveHelper); } } diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphQLPostHandler.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphQLPostHandler.java index 17aa2e9442..5b0fd5e787 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphQLPostHandler.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphQLPostHandler.java @@ -80,14 +80,9 @@ public HttpMethod httpMethod() { @Override public Set resourceActions() { - return EnumSet.of( - ResourceAction.READ_TARGET, - ResourceAction.CREATE_RECORDING, - ResourceAction.READ_RECORDING, - ResourceAction.UPDATE_RECORDING, - ResourceAction.DELETE_RECORDING, - ResourceAction.READ_TEMPLATE, - ResourceAction.READ_CREDENTIALS); + // no permissions directly required here. Specific permissions may be required by fetchers + // and mutators that we invoke - see AbstractPermissionedDataFetcher + return EnumSet.noneOf(ResourceAction.class); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java index a93f55dd03..3683802508 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java @@ -44,20 +44,19 @@ import javax.inject.Inject; -import io.cryostat.net.security.PermissionedAction; +import graphql.schema.DataFetchingEnvironment; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - -class NodeFetcher implements DataFetcher, PermissionedAction { +class NodeFetcher extends AbstractPermissionedDataFetcher { private final RootNodeFetcher rootNodeFetcher; @Inject - NodeFetcher(RootNodeFetcher rootNodeFetcher) { + NodeFetcher(AuthManager auth, RootNodeFetcher rootNodeFetcher) { + super(auth); this.rootNodeFetcher = rootNodeFetcher; } @@ -69,7 +68,7 @@ public Set resourceActions() { } @Override - public AbstractNode get(DataFetchingEnvironment environment) throws Exception { + public AbstractNode getAuthenticated(DataFetchingEnvironment environment) throws Exception { EnvironmentNode root = rootNodeFetcher.get(environment); String name = environment.getArgument("name"); String nodeType = environment.getArgument("nodeType"); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java index ba2f978c07..b6db077b61 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java @@ -50,11 +50,13 @@ import org.openjdk.jmc.common.unit.QuantityConversionException; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; import io.cryostat.core.log.Logger; +import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; import io.cryostat.net.TargetConnectionManager; -import io.cryostat.net.security.PermissionedAction; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.WebServer; import io.cryostat.net.web.http.api.v2.graph.RecordingsFetcher.Recordings; @@ -65,11 +67,7 @@ import io.cryostat.recordings.RecordingMetadataManager.Metadata; import io.cryostat.rules.ArchivedRecordingInfo; -import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - -class RecordingsFetcher implements DataFetcher, PermissionedAction { +class RecordingsFetcher extends AbstractPermissionedDataFetcher { private final TargetConnectionManager tcm; private final RecordingArchiveHelper archiveHelper; @@ -80,12 +78,14 @@ class RecordingsFetcher implements DataFetcher, PermissionedAction { @Inject RecordingsFetcher( + AuthManager auth, TargetConnectionManager tcm, RecordingArchiveHelper archiveHelper, CredentialsManager credentialsManager, RecordingMetadataManager metadataManager, Provider webServer, Logger logger) { + super(auth); this.tcm = tcm; this.archiveHelper = archiveHelper; this.credentialsManager = credentialsManager; @@ -110,7 +110,7 @@ public Set resourceActions() { justification = "The Recordings fields are serialized and returned to the client by the GraphQL" + " engine") - public Recordings get(DataFetchingEnvironment environment) throws Exception { + public Recordings getAuthenticated(DataFetchingEnvironment environment) throws Exception { TargetNode source = (TargetNode) environment.getSource(); ServiceRef target = source.getTarget(); String targetId = target.getServiceUri().toString(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java index 611e90fcc1..6283140a3d 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java @@ -42,20 +42,19 @@ import javax.inject.Inject; -import io.cryostat.net.security.PermissionedAction; +import graphql.schema.DataFetchingEnvironment; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.PlatformClient; import io.cryostat.platform.discovery.EnvironmentNode; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - -class RootNodeFetcher implements DataFetcher, PermissionedAction { +class RootNodeFetcher extends AbstractPermissionedDataFetcher { private final PlatformClient client; @Inject - RootNodeFetcher(PlatformClient client) { + RootNodeFetcher(AuthManager auth, PlatformClient client) { + super(auth); this.client = client; } @@ -65,7 +64,7 @@ public Set resourceActions() { } @Override - public EnvironmentNode get(DataFetchingEnvironment environment) throws Exception { + public EnvironmentNode getAuthenticated(DataFetchingEnvironment environment) throws Exception { return client.getDiscoveryTree(); } } diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java index 5f3c8474a1..f9bbdb261b 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java @@ -42,24 +42,23 @@ import javax.inject.Inject; +import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; +import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; -import io.cryostat.net.security.PermissionedAction; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.TargetNode; import io.cryostat.recordings.RecordingTargetHelper; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - -class SnapshotOnTargetMutator implements DataFetcher, PermissionedAction { +class SnapshotOnTargetMutator extends AbstractPermissionedDataFetcher { private final RecordingTargetHelper recordingTargetHelper; private final CredentialsManager credentialsManager; @Inject SnapshotOnTargetMutator( - RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { + AuthManager auth, RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { + super(auth); this.recordingTargetHelper = recordingTargetHelper; this.credentialsManager = credentialsManager; } @@ -78,7 +77,7 @@ public Set resourceActions() { } @Override - public GraphRecordingDescriptor get(DataFetchingEnvironment environment) throws Exception { + public GraphRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) throws Exception { TargetNode node = environment.getSource(); String uri = node.getTarget().getServiceUri().toString(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java index afe8657023..660da77a3d 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java @@ -48,23 +48,21 @@ import org.openjdk.jmc.flightrecorder.configuration.recording.RecordingOptionsBuilder; import org.openjdk.jmc.rjmx.services.jfr.IRecordingDescriptor; +import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; import io.cryostat.core.templates.TemplateType; import io.cryostat.jmc.serialization.HyperlinkedSerializableRecordingDescriptor; +import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; import io.cryostat.net.TargetConnectionManager; -import io.cryostat.net.security.PermissionedAction; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.WebServer; import io.cryostat.platform.discovery.TargetNode; import io.cryostat.recordings.RecordingOptionsBuilderFactory; import io.cryostat.recordings.RecordingTargetHelper; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - class StartRecordingOnTargetMutator - implements DataFetcher, PermissionedAction { + extends AbstractPermissionedDataFetcher { private final TargetConnectionManager targetConnectionManager; private final RecordingTargetHelper recordingTargetHelper; @@ -74,11 +72,13 @@ class StartRecordingOnTargetMutator @Inject StartRecordingOnTargetMutator( + AuthManager auth, TargetConnectionManager targetConnectionManager, RecordingTargetHelper recordingTargetHelper, RecordingOptionsBuilderFactory recordingOptionsBuilderFactory, CredentialsManager credentialsManager, Provider webServer) { + super(auth); this.targetConnectionManager = targetConnectionManager; this.recordingTargetHelper = recordingTargetHelper; this.recordingOptionsBuilderFactory = recordingOptionsBuilderFactory; @@ -99,7 +99,7 @@ public Set resourceActions() { } @Override - public HyperlinkedSerializableRecordingDescriptor get(DataFetchingEnvironment environment) + public HyperlinkedSerializableRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) throws Exception { TargetNode node = environment.getSource(); Map settings = environment.getArgument("recording"); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java index 9c18c26ba5..162a1ffef2 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java @@ -45,10 +45,11 @@ import org.openjdk.jmc.rjmx.services.jfr.IRecordingDescriptor; +import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; +import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; import io.cryostat.net.TargetConnectionManager; -import io.cryostat.net.security.PermissionedAction; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.WebServer; import io.cryostat.platform.ServiceRef; @@ -56,10 +57,7 @@ import io.cryostat.recordings.RecordingMetadataManager.Metadata; import io.cryostat.recordings.RecordingTargetHelper; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; - -class StopRecordingMutator implements DataFetcher, PermissionedAction { +class StopRecordingMutator extends AbstractPermissionedDataFetcher { private final TargetConnectionManager targetConnectionManager; private final RecordingTargetHelper recordingTargetHelper; @@ -69,11 +67,13 @@ class StopRecordingMutator implements DataFetcher, Per @Inject StopRecordingMutator( + AuthManager auth, TargetConnectionManager targetConnectionManager, RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager, RecordingMetadataManager metadataManager, Provider webServer) { + super(auth); this.targetConnectionManager = targetConnectionManager; this.recordingTargetHelper = recordingTargetHelper; this.credentialsManager = credentialsManager; @@ -93,7 +93,7 @@ public Set resourceActions() { } @Override - public GraphRecordingDescriptor get(DataFetchingEnvironment environment) throws Exception { + public GraphRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) throws Exception { GraphRecordingDescriptor source = environment.getSource(); ServiceRef target = source.target; String uri = target.getServiceUri().toString(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java index bbfdd583a4..6495d07f08 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java @@ -47,18 +47,23 @@ import java.util.function.Function; import java.util.stream.Collectors; -import io.cryostat.net.security.PermissionedAction; +import javax.inject.Inject; + +import graphql.schema.DataFetchingEnvironment; +import graphql.schema.DataFetchingEnvironmentImpl; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; import io.cryostat.platform.discovery.TargetNode; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; -import graphql.schema.DataFetchingEnvironmentImpl; +class TargetNodeRecurseFetcher extends AbstractPermissionedDataFetcher> { -class TargetNodeRecurseFetcher implements DataFetcher>, PermissionedAction { + @Inject + TargetNodeRecurseFetcher(AuthManager auth) { + super(auth); + } @Override public Set resourceActions() { @@ -67,7 +72,7 @@ public Set resourceActions() { } @Override - public List get(DataFetchingEnvironment environment) throws Exception { + public List getAuthenticated(DataFetchingEnvironment environment) throws Exception { AbstractNode node = environment.getSource(); FilterInput filter = FilterInput.from(environment); List result = new ArrayList<>(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java index 272caf97f7..cb2aa0fb00 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java @@ -48,22 +48,21 @@ import javax.inject.Inject; -import io.cryostat.net.security.PermissionedAction; +import graphql.schema.DataFetchingEnvironment; +import graphql.schema.DataFetchingEnvironmentImpl; +import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; import io.cryostat.platform.discovery.TargetNode; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; -import graphql.schema.DataFetchingEnvironmentImpl; - -class TargetNodesFetcher implements DataFetcher>, PermissionedAction { +class TargetNodesFetcher extends AbstractPermissionedDataFetcher> { private final RootNodeFetcher rootNodeFetcher; private final TargetNodeRecurseFetcher recurseFetcher; @Inject - TargetNodesFetcher(RootNodeFetcher rootNodefetcher, TargetNodeRecurseFetcher recurseFetcher) { + TargetNodesFetcher(AuthManager auth, RootNodeFetcher rootNodefetcher, TargetNodeRecurseFetcher recurseFetcher) { + super(auth); this.rootNodeFetcher = rootNodefetcher; this.recurseFetcher = recurseFetcher; } @@ -77,7 +76,7 @@ public Set resourceActions() { } @Override - public List get(DataFetchingEnvironment environment) throws Exception { + public List getAuthenticated(DataFetchingEnvironment environment) throws Exception { FilterInput filter = FilterInput.from(environment); List result = recurseFetcher.get( From 85dc7674682b50f6a51cccc75bdace7516522585 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Tue, 12 Jul 2022 19:25:46 -0400 Subject: [PATCH 4/8] fix(graphql): ensure GraphQLContext is not null by copying DataFetchingEnvironment --- .../web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java | 2 +- .../net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java index 5712587271..182cfac3ed 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java @@ -76,7 +76,7 @@ public List getAuthenticated(DataFetchingEnvironment environmen result.add(environmentNode); for (AbstractNode child : environmentNode.getChildren()) { DataFetchingEnvironment newEnv = - DataFetchingEnvironmentImpl.newDataFetchingEnvironment() + DataFetchingEnvironmentImpl.newDataFetchingEnvironment(environment) .source(child) .build(); result.addAll(get(newEnv)); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java index 6495d07f08..0c709ac2f9 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java @@ -81,7 +81,7 @@ public List getAuthenticated(DataFetchingEnvironment environment) th } else if (node instanceof EnvironmentNode) { for (AbstractNode child : ((EnvironmentNode) node).getChildren()) { DataFetchingEnvironment newEnv = - DataFetchingEnvironmentImpl.newDataFetchingEnvironment() + DataFetchingEnvironmentImpl.newDataFetchingEnvironment(environment) .source(child) .build(); result.addAll(get(newEnv)); From 5d71c6d46c3a7f9e40431ed43c02402461a91800 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Tue, 12 Jul 2022 19:26:06 -0400 Subject: [PATCH 5/8] chore(graphql): apply spotless formatting --- .../AbstractPermissionedDataFetcher.java | 15 ++++--- .../api/v2/graph/ActiveRecordingsFetcher.java | 6 ++- .../api/v2/graph/ArchiveRecordingMutator.java | 10 +++-- .../v2/graph/ArchivedRecordingsFetcher.java | 5 +-- .../graph/DeleteActiveRecordingMutator.java | 12 +++-- .../graph/DeleteArchivedRecordingMutator.java | 11 +++-- .../graph/EnvironmentNodeChildrenFetcher.java | 6 ++- .../graph/EnvironmentNodeRecurseFetcher.java | 8 ++-- .../api/v2/graph/EnvironmentNodesFetcher.java | 6 ++- .../web/http/api/v2/graph/GraphModule.java | 44 ++++++++++++------- .../web/http/api/v2/graph/NodeFetcher.java | 3 +- .../http/api/v2/graph/RecordingsFetcher.java | 5 ++- .../http/api/v2/graph/RootNodeFetcher.java | 3 +- .../api/v2/graph/SnapshotOnTargetMutator.java | 10 +++-- .../graph/StartRecordingOnTargetMutator.java | 9 ++-- .../api/v2/graph/StopRecordingMutator.java | 6 ++- .../v2/graph/TargetNodeRecurseFetcher.java | 5 ++- .../http/api/v2/graph/TargetNodesFetcher.java | 10 +++-- 18 files changed, 110 insertions(+), 64 deletions(-) diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/AbstractPermissionedDataFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/AbstractPermissionedDataFetcher.java index f0ea44684a..4292d79cec 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/AbstractPermissionedDataFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/AbstractPermissionedDataFetcher.java @@ -37,12 +37,13 @@ */ package io.cryostat.net.web.http.api.v2.graph; -import graphql.GraphQLContext; -import graphql.schema.DataFetcher; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.net.AuthManager; import io.cryostat.net.AuthorizationErrorException; import io.cryostat.net.security.PermissionedAction; + +import graphql.GraphQLContext; +import graphql.schema.DataFetcher; +import graphql.schema.DataFetchingEnvironment; import io.vertx.core.http.HttpHeaders; import io.vertx.ext.web.RoutingContext; @@ -58,8 +59,11 @@ abstract class AbstractPermissionedDataFetcher implements DataFetcher, Per public final T get(DataFetchingEnvironment environment) throws Exception { GraphQLContext graphCtx = environment.getGraphQlContext(); RoutingContext ctx = graphCtx.get(RoutingContext.class); - boolean authenticated = auth.validateHttpHeader( - () -> ctx.request().getHeader(HttpHeaders.AUTHORIZATION), resourceActions()).get(); + boolean authenticated = + auth.validateHttpHeader( + () -> ctx.request().getHeader(HttpHeaders.AUTHORIZATION), + resourceActions()) + .get(); if (!authenticated) { throw new AuthorizationErrorException("Unauthorized"); } @@ -67,5 +71,4 @@ public final T get(DataFetchingEnvironment environment) throws Exception { } abstract T getAuthenticated(DataFetchingEnvironment environment) throws Exception; - } diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java index 8bc5887812..b83945b5f4 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java @@ -46,13 +46,15 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.RecordingsFetcher.Recordings; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; -class ActiveRecordingsFetcher extends AbstractPermissionedDataFetcher> { +import graphql.schema.DataFetchingEnvironment; + +class ActiveRecordingsFetcher + extends AbstractPermissionedDataFetcher> { @Inject ActiveRecordingsFetcher(AuthManager auth) { diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java index bcc4d40345..4e1b71d1ad 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java @@ -42,7 +42,6 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; @@ -51,6 +50,8 @@ import io.cryostat.recordings.RecordingArchiveHelper; import io.cryostat.rules.ArchivedRecordingInfo; +import graphql.schema.DataFetchingEnvironment; + class ArchiveRecordingMutator extends AbstractPermissionedDataFetcher { private final RecordingArchiveHelper recordingArchiveHelper; @@ -58,7 +59,9 @@ class ArchiveRecordingMutator extends AbstractPermissionedDataFetcher resourceActions() { } @Override - public ArchivedRecordingInfo getAuthenticated(DataFetchingEnvironment environment) throws Exception { + public ArchivedRecordingInfo getAuthenticated(DataFetchingEnvironment environment) + throws Exception { GraphRecordingDescriptor source = environment.getSource(); ServiceRef target = source.target; String uri = target.getServiceUri().toString(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java index b4fcce792c..3f6d1d7b6f 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java @@ -46,7 +46,6 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.ArchivedRecordingsFetcher.Archived; @@ -55,7 +54,6 @@ import io.cryostat.rules.ArchivedRecordingInfo; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; -import graphql.schema.DataFetcher; import graphql.schema.DataFetchingEnvironment; @SuppressFBWarnings( @@ -63,7 +61,8 @@ justification = "The Archived and AggregateInfo fields are serialized and returned to the client by" + " the GraphQL engine") -class ArchivedRecordingsFetcher extends AbstractPermissionedDataFetcher { +class ArchivedRecordingsFetcher + extends AbstractPermissionedDataFetcher { @Inject ArchivedRecordingsFetcher(AuthManager auth) { diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java index 2b6e05a4c4..c5e1f8fd35 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java @@ -42,7 +42,6 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; @@ -50,15 +49,19 @@ import io.cryostat.platform.ServiceRef; import io.cryostat.recordings.RecordingTargetHelper; +import graphql.schema.DataFetchingEnvironment; + class DeleteActiveRecordingMutator - extends AbstractPermissionedDataFetcher { + extends AbstractPermissionedDataFetcher { private final RecordingTargetHelper recordingTargetHelper; private final CredentialsManager credentialsManager; @Inject DeleteActiveRecordingMutator( - AuthManager auth, RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { + AuthManager auth, + RecordingTargetHelper recordingTargetHelper, + CredentialsManager credentialsManager) { super(auth); this.recordingTargetHelper = recordingTargetHelper; this.credentialsManager = credentialsManager; @@ -76,7 +79,8 @@ public Set resourceActions() { } @Override - public GraphRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) throws Exception { + public GraphRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) + throws Exception { GraphRecordingDescriptor source = environment.getSource(); ServiceRef target = source.target; String uri = target.getServiceUri().toString(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java index e4705bffa3..61b71d5b08 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java @@ -42,19 +42,21 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.recordings.RecordingArchiveHelper; import io.cryostat.rules.ArchivedRecordingInfo; +import graphql.schema.DataFetchingEnvironment; + class DeleteArchivedRecordingMutator - extends AbstractPermissionedDataFetcher { + extends AbstractPermissionedDataFetcher { private final RecordingArchiveHelper recordingArchiveHelper; @Inject - DeleteArchivedRecordingMutator(AuthManager auth, RecordingArchiveHelper recordingArchiveHelper) { + DeleteArchivedRecordingMutator( + AuthManager auth, RecordingArchiveHelper recordingArchiveHelper) { super(auth); this.recordingArchiveHelper = recordingArchiveHelper; } @@ -66,7 +68,8 @@ public Set resourceActions() { } @Override - public ArchivedRecordingInfo getAuthenticated(DataFetchingEnvironment environment) throws Exception { + public ArchivedRecordingInfo getAuthenticated(DataFetchingEnvironment environment) + throws Exception { ArchivedRecordingInfo source = environment.getSource(); return recordingArchiveHelper.deleteRecording(source.getName()).get(); } diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java index bcf02dba4f..4c47d42aff 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java @@ -44,12 +44,13 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; +import graphql.schema.DataFetchingEnvironment; + class EnvironmentNodeChildrenFetcher extends AbstractPermissionedDataFetcher> { @Inject @@ -64,7 +65,8 @@ public Set resourceActions() { } @Override - public List getAuthenticated(DataFetchingEnvironment environment) throws Exception { + public List getAuthenticated(DataFetchingEnvironment environment) + throws Exception { EnvironmentNode node = environment.getSource(); return new ArrayList<>(node.getChildren()); } diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java index 182cfac3ed..b3202e0715 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java @@ -44,14 +44,15 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; -import graphql.schema.DataFetchingEnvironmentImpl; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; import io.cryostat.platform.discovery.TargetNode; +import graphql.schema.DataFetchingEnvironment; +import graphql.schema.DataFetchingEnvironmentImpl; + class EnvironmentNodeRecurseFetcher extends AbstractPermissionedDataFetcher> { @Inject @@ -66,7 +67,8 @@ public Set resourceActions() { } @Override - public List getAuthenticated(DataFetchingEnvironment environment) throws Exception { + public List getAuthenticated(DataFetchingEnvironment environment) + throws Exception { AbstractNode node = environment.getSource(); if (node instanceof TargetNode) { return List.of(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java index 8c6e364107..4243d4a83c 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java @@ -48,13 +48,14 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; +import graphql.schema.DataFetchingEnvironment; + class EnvironmentNodesFetcher extends AbstractPermissionedDataFetcher> { private final RootNodeFetcher rootNodeFetcher; @@ -73,7 +74,8 @@ public Set resourceActions() { } @Override - public List getAuthenticated(DataFetchingEnvironment environment) throws Exception { + public List getAuthenticated(DataFetchingEnvironment environment) + throws Exception { FilterInput filter = FilterInput.from(environment); EnvironmentNode root = rootNodeFetcher.get(environment); Set nodes = flattenEnvNodes(root); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphModule.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphModule.java index 14327a18a3..79f4f377f9 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphModule.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphModule.java @@ -44,6 +44,18 @@ import javax.inject.Provider; import javax.inject.Singleton; +import io.cryostat.configuration.CredentialsManager; +import io.cryostat.core.log.Logger; +import io.cryostat.net.AuthManager; +import io.cryostat.net.TargetConnectionManager; +import io.cryostat.net.web.WebServer; +import io.cryostat.net.web.http.RequestHandler; +import io.cryostat.platform.PlatformClient; +import io.cryostat.recordings.RecordingArchiveHelper; +import io.cryostat.recordings.RecordingMetadataManager; +import io.cryostat.recordings.RecordingOptionsBuilderFactory; +import io.cryostat.recordings.RecordingTargetHelper; + import dagger.Binds; import dagger.Module; import dagger.Provides; @@ -56,17 +68,6 @@ import graphql.schema.idl.SchemaParser; import graphql.schema.idl.TypeDefinitionRegistry; import graphql.schema.idl.TypeRuntimeWiring; -import io.cryostat.configuration.CredentialsManager; -import io.cryostat.core.log.Logger; -import io.cryostat.net.AuthManager; -import io.cryostat.net.TargetConnectionManager; -import io.cryostat.net.web.WebServer; -import io.cryostat.net.web.http.RequestHandler; -import io.cryostat.platform.PlatformClient; -import io.cryostat.recordings.RecordingArchiveHelper; -import io.cryostat.recordings.RecordingMetadataManager; -import io.cryostat.recordings.RecordingOptionsBuilderFactory; -import io.cryostat.recordings.RecordingTargetHelper; @Module public abstract class GraphModule { @@ -195,7 +196,8 @@ static RootNodeFetcher provideRootNodeFetcher(AuthManager auth, PlatformClient c } @Provides - static RecordingsFetcher provideRecordingsFetcher(AuthManager auth, + static RecordingsFetcher provideRecordingsFetcher( + AuthManager auth, TargetConnectionManager tcm, RecordingArchiveHelper archiveHelper, CredentialsManager credentialsManager, @@ -237,13 +239,16 @@ static NodeFetcher provideNodeFetcher(AuthManager auth, RootNodeFetcher rootNode } @Provides - static EnvironmentNodesFetcher provideEnvironmentNodesFetcher(AuthManager auth, RootNodeFetcher rootNodeFetcher) { + static EnvironmentNodesFetcher provideEnvironmentNodesFetcher( + AuthManager auth, RootNodeFetcher rootNodeFetcher) { return new EnvironmentNodesFetcher(auth, rootNodeFetcher); } @Provides static TargetNodesFetcher provideTargetNodesFetcher( - AuthManager auth, RootNodeFetcher rootNodeFetcher, TargetNodeRecurseFetcher recurseFetcher) { + AuthManager auth, + RootNodeFetcher rootNodeFetcher, + TargetNodeRecurseFetcher recurseFetcher) { return new TargetNodesFetcher(auth, rootNodeFetcher, recurseFetcher); } @@ -266,13 +271,17 @@ static StartRecordingOnTargetMutator provideStartRecordingOnTargetMutator( @Provides static SnapshotOnTargetMutator provideSnapshotOnTargetMutator( - AuthManager auth, RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { + AuthManager auth, + RecordingTargetHelper recordingTargetHelper, + CredentialsManager credentialsManager) { return new SnapshotOnTargetMutator(auth, recordingTargetHelper, credentialsManager); } @Provides static ArchiveRecordingMutator provideArchiveRecordingMutator( - AuthManager auth, RecordingArchiveHelper recordingArchiveHelper, CredentialsManager credentialsManager) { + AuthManager auth, + RecordingArchiveHelper recordingArchiveHelper, + CredentialsManager credentialsManager) { return new ArchiveRecordingMutator(auth, recordingArchiveHelper, credentialsManager); } @@ -296,7 +305,8 @@ static StopRecordingMutator provideStopRecordingsOnTargetMutator( @Provides static DeleteActiveRecordingMutator provideDeleteActiveRecordingMutator( AuthManager auth, - RecordingTargetHelper recordingTargetHelper, CredentialsManager credentialsManager) { + RecordingTargetHelper recordingTargetHelper, + CredentialsManager credentialsManager) { return new DeleteActiveRecordingMutator(auth, recordingTargetHelper, credentialsManager); } diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java index 3683802508..175cf00291 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java @@ -44,12 +44,13 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.discovery.AbstractNode; import io.cryostat.platform.discovery.EnvironmentNode; +import graphql.schema.DataFetchingEnvironment; + class NodeFetcher extends AbstractPermissionedDataFetcher { private final RootNodeFetcher rootNodeFetcher; diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java index b6db077b61..09a1b098c3 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java @@ -50,8 +50,6 @@ import org.openjdk.jmc.common.unit.QuantityConversionException; -import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; import io.cryostat.core.log.Logger; import io.cryostat.net.AuthManager; @@ -67,6 +65,9 @@ import io.cryostat.recordings.RecordingMetadataManager.Metadata; import io.cryostat.rules.ArchivedRecordingInfo; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import graphql.schema.DataFetchingEnvironment; + class RecordingsFetcher extends AbstractPermissionedDataFetcher { private final TargetConnectionManager tcm; diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java index 6283140a3d..4e1bb9d770 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RootNodeFetcher.java @@ -42,12 +42,13 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.platform.PlatformClient; import io.cryostat.platform.discovery.EnvironmentNode; +import graphql.schema.DataFetchingEnvironment; + class RootNodeFetcher extends AbstractPermissionedDataFetcher { private final PlatformClient client; diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java index f9bbdb261b..475ffd709f 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java @@ -42,7 +42,6 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; @@ -50,6 +49,8 @@ import io.cryostat.platform.discovery.TargetNode; import io.cryostat.recordings.RecordingTargetHelper; +import graphql.schema.DataFetchingEnvironment; + class SnapshotOnTargetMutator extends AbstractPermissionedDataFetcher { private final RecordingTargetHelper recordingTargetHelper; @@ -57,7 +58,9 @@ class SnapshotOnTargetMutator extends AbstractPermissionedDataFetcher resourceActions() { } @Override - public GraphRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) throws Exception { + public GraphRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) + throws Exception { TargetNode node = environment.getSource(); String uri = node.getTarget().getServiceUri().toString(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java index 660da77a3d..39a687d58a 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java @@ -48,7 +48,6 @@ import org.openjdk.jmc.flightrecorder.configuration.recording.RecordingOptionsBuilder; import org.openjdk.jmc.rjmx.services.jfr.IRecordingDescriptor; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; import io.cryostat.core.templates.TemplateType; import io.cryostat.jmc.serialization.HyperlinkedSerializableRecordingDescriptor; @@ -61,8 +60,10 @@ import io.cryostat.recordings.RecordingOptionsBuilderFactory; import io.cryostat.recordings.RecordingTargetHelper; +import graphql.schema.DataFetchingEnvironment; + class StartRecordingOnTargetMutator - extends AbstractPermissionedDataFetcher { + extends AbstractPermissionedDataFetcher { private final TargetConnectionManager targetConnectionManager; private final RecordingTargetHelper recordingTargetHelper; @@ -99,8 +100,8 @@ public Set resourceActions() { } @Override - public HyperlinkedSerializableRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) - throws Exception { + public HyperlinkedSerializableRecordingDescriptor getAuthenticated( + DataFetchingEnvironment environment) throws Exception { TargetNode node = environment.getSource(); Map settings = environment.getArgument("recording"); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java index 162a1ffef2..eadcd476d0 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java @@ -45,7 +45,6 @@ import org.openjdk.jmc.rjmx.services.jfr.IRecordingDescriptor; -import graphql.schema.DataFetchingEnvironment; import io.cryostat.configuration.CredentialsManager; import io.cryostat.net.AuthManager; import io.cryostat.net.ConnectionDescriptor; @@ -57,6 +56,8 @@ import io.cryostat.recordings.RecordingMetadataManager.Metadata; import io.cryostat.recordings.RecordingTargetHelper; +import graphql.schema.DataFetchingEnvironment; + class StopRecordingMutator extends AbstractPermissionedDataFetcher { private final TargetConnectionManager targetConnectionManager; @@ -93,7 +94,8 @@ public Set resourceActions() { } @Override - public GraphRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) throws Exception { + public GraphRecordingDescriptor getAuthenticated(DataFetchingEnvironment environment) + throws Exception { GraphRecordingDescriptor source = environment.getSource(); ServiceRef target = source.target; String uri = target.getServiceUri().toString(); diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java index 0c709ac2f9..2c4f374057 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java @@ -49,8 +49,6 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; -import graphql.schema.DataFetchingEnvironmentImpl; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; @@ -58,6 +56,9 @@ import io.cryostat.platform.discovery.EnvironmentNode; import io.cryostat.platform.discovery.TargetNode; +import graphql.schema.DataFetchingEnvironment; +import graphql.schema.DataFetchingEnvironmentImpl; + class TargetNodeRecurseFetcher extends AbstractPermissionedDataFetcher> { @Inject diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java index cb2aa0fb00..53222265f5 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java @@ -48,20 +48,24 @@ import javax.inject.Inject; -import graphql.schema.DataFetchingEnvironment; -import graphql.schema.DataFetchingEnvironmentImpl; import io.cryostat.net.AuthManager; import io.cryostat.net.security.ResourceAction; import io.cryostat.net.web.http.api.v2.graph.labels.LabelSelectorMatcher; import io.cryostat.platform.discovery.TargetNode; +import graphql.schema.DataFetchingEnvironment; +import graphql.schema.DataFetchingEnvironmentImpl; + class TargetNodesFetcher extends AbstractPermissionedDataFetcher> { private final RootNodeFetcher rootNodeFetcher; private final TargetNodeRecurseFetcher recurseFetcher; @Inject - TargetNodesFetcher(AuthManager auth, RootNodeFetcher rootNodefetcher, TargetNodeRecurseFetcher recurseFetcher) { + TargetNodesFetcher( + AuthManager auth, + RootNodeFetcher rootNodefetcher, + TargetNodeRecurseFetcher recurseFetcher) { super(auth); this.rootNodeFetcher = rootNodefetcher; this.recurseFetcher = recurseFetcher; From 7feded2bf9e29c2291dcea35680905528106a402 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Tue, 12 Jul 2022 19:47:54 -0400 Subject: [PATCH 6/8] cleanup --- .../api/v2/graph/ActiveRecordingsFetcher.java | 4 +--- .../api/v2/graph/ArchiveRecordingMutator.java | 12 +++++------- .../api/v2/graph/ArchivedRecordingsFetcher.java | 3 +-- .../v2/graph/DeleteActiveRecordingMutator.java | 12 +++++------- .../v2/graph/DeleteArchivedRecordingMutator.java | 3 +-- .../v2/graph/EnvironmentNodeChildrenFetcher.java | 3 +-- .../v2/graph/EnvironmentNodeRecurseFetcher.java | 3 +-- .../http/api/v2/graph/GraphQLPostHandler.java | 3 +-- .../web/http/api/v2/graph/RecordingsFetcher.java | 10 ++++------ .../api/v2/graph/SnapshotOnTargetMutator.java | 16 +++++++--------- .../v2/graph/StartRecordingOnTargetMutator.java | 14 ++++++-------- .../http/api/v2/graph/StopRecordingMutator.java | 12 +++++------- .../api/v2/graph/TargetNodeRecurseFetcher.java | 3 +-- 13 files changed, 39 insertions(+), 59 deletions(-) diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java index b83945b5f4..02f110d77c 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ActiveRecordingsFetcher.java @@ -63,9 +63,7 @@ class ActiveRecordingsFetcher @Override public Set resourceActions() { - EnumSet actions = - EnumSet.of(ResourceAction.READ_RECORDING, ResourceAction.READ_TARGET); - return actions; + return EnumSet.of(ResourceAction.READ_RECORDING, ResourceAction.READ_TARGET); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java index 4e1b71d1ad..2ec7fa2283 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchiveRecordingMutator.java @@ -69,13 +69,11 @@ class ArchiveRecordingMutator extends AbstractPermissionedDataFetcher resourceActions() { - EnumSet actions = - EnumSet.of( - ResourceAction.READ_TARGET, - ResourceAction.CREATE_RECORDING, - ResourceAction.READ_RECORDING, - ResourceAction.READ_CREDENTIALS); - return actions; + return EnumSet.of( + ResourceAction.READ_TARGET, + ResourceAction.CREATE_RECORDING, + ResourceAction.READ_RECORDING, + ResourceAction.READ_CREDENTIALS); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java index 3f6d1d7b6f..1e8cc41488 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java @@ -71,8 +71,7 @@ class ArchivedRecordingsFetcher @Override public Set resourceActions() { - EnumSet actions = EnumSet.of(ResourceAction.READ_RECORDING); - return actions; + return EnumSet.of(ResourceAction.READ_RECORDING); } public Archived getAuthenticated(DataFetchingEnvironment environment) throws Exception { diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java index c5e1f8fd35..71d1208bdb 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteActiveRecordingMutator.java @@ -69,13 +69,11 @@ class DeleteActiveRecordingMutator @Override public Set resourceActions() { - EnumSet actions = - EnumSet.of( - ResourceAction.DELETE_RECORDING, - ResourceAction.READ_TARGET, - ResourceAction.UPDATE_TARGET, - ResourceAction.DELETE_CREDENTIALS); - return actions; + return EnumSet.of( + ResourceAction.DELETE_RECORDING, + ResourceAction.READ_TARGET, + ResourceAction.UPDATE_TARGET, + ResourceAction.DELETE_CREDENTIALS); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java index 61b71d5b08..cf50df0549 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/DeleteArchivedRecordingMutator.java @@ -63,8 +63,7 @@ class DeleteArchivedRecordingMutator @Override public Set resourceActions() { - EnumSet actions = EnumSet.of(ResourceAction.DELETE_RECORDING); - return actions; + return EnumSet.of(ResourceAction.DELETE_RECORDING); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java index 4c47d42aff..270d732f2e 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeChildrenFetcher.java @@ -60,8 +60,7 @@ class EnvironmentNodeChildrenFetcher extends AbstractPermissionedDataFetcher resourceActions() { - EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); - return actions; + return EnumSet.of(ResourceAction.READ_TARGET); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java index b3202e0715..19a4801344 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodeRecurseFetcher.java @@ -62,8 +62,7 @@ class EnvironmentNodeRecurseFetcher extends AbstractPermissionedDataFetcher resourceActions() { - EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); - return actions; + return EnumSet.of(ResourceAction.READ_TARGET); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphQLPostHandler.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphQLPostHandler.java index 5b0fd5e787..f7e7c2d08b 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphQLPostHandler.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/GraphQLPostHandler.java @@ -37,7 +37,6 @@ */ package io.cryostat.net.web.http.api.v2.graph; -import java.util.EnumSet; import java.util.Set; import java.util.concurrent.ExecutionException; @@ -82,7 +81,7 @@ public HttpMethod httpMethod() { public Set resourceActions() { // no permissions directly required here. Specific permissions may be required by fetchers // and mutators that we invoke - see AbstractPermissionedDataFetcher - return EnumSet.noneOf(ResourceAction.class); + return ResourceAction.NONE; } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java index 09a1b098c3..f73a792ad1 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/RecordingsFetcher.java @@ -97,12 +97,10 @@ class RecordingsFetcher extends AbstractPermissionedDataFetcher { @Override public Set resourceActions() { - EnumSet actions = - EnumSet.of( - ResourceAction.READ_TARGET, - ResourceAction.READ_RECORDING, - ResourceAction.READ_CREDENTIALS); - return actions; + return EnumSet.of( + ResourceAction.READ_TARGET, + ResourceAction.READ_RECORDING, + ResourceAction.READ_CREDENTIALS); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java index 475ffd709f..4910cf2235 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/SnapshotOnTargetMutator.java @@ -68,15 +68,13 @@ class SnapshotOnTargetMutator extends AbstractPermissionedDataFetcher resourceActions() { - EnumSet actions = - EnumSet.of( - ResourceAction.READ_RECORDING, - ResourceAction.UPDATE_RECORDING, - ResourceAction.CREATE_RECORDING, - ResourceAction.READ_TARGET, - ResourceAction.UPDATE_TARGET, - ResourceAction.READ_CREDENTIALS); - return actions; + return EnumSet.of( + ResourceAction.READ_RECORDING, + ResourceAction.UPDATE_RECORDING, + ResourceAction.CREATE_RECORDING, + ResourceAction.READ_TARGET, + ResourceAction.UPDATE_TARGET, + ResourceAction.READ_CREDENTIALS); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java index 39a687d58a..102795df3e 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StartRecordingOnTargetMutator.java @@ -89,14 +89,12 @@ class StartRecordingOnTargetMutator @Override public Set resourceActions() { - EnumSet actions = - EnumSet.of( - ResourceAction.READ_RECORDING, - ResourceAction.CREATE_RECORDING, - ResourceAction.READ_TARGET, - ResourceAction.UPDATE_TARGET, - ResourceAction.READ_CREDENTIALS); - return actions; + return EnumSet.of( + ResourceAction.READ_RECORDING, + ResourceAction.CREATE_RECORDING, + ResourceAction.READ_TARGET, + ResourceAction.UPDATE_TARGET, + ResourceAction.READ_CREDENTIALS); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java index eadcd476d0..1df3f6f32e 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/StopRecordingMutator.java @@ -84,13 +84,11 @@ class StopRecordingMutator extends AbstractPermissionedDataFetcher resourceActions() { - EnumSet actions = - EnumSet.of( - ResourceAction.READ_RECORDING, - ResourceAction.UPDATE_RECORDING, - ResourceAction.READ_TARGET, - ResourceAction.READ_CREDENTIALS); - return actions; + return EnumSet.of( + ResourceAction.READ_RECORDING, + ResourceAction.UPDATE_RECORDING, + ResourceAction.READ_TARGET, + ResourceAction.READ_CREDENTIALS); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java index 2c4f374057..e5d7f1dda2 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodeRecurseFetcher.java @@ -68,8 +68,7 @@ class TargetNodeRecurseFetcher extends AbstractPermissionedDataFetcher resourceActions() { - EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); - return actions; + return EnumSet.of(ResourceAction.READ_TARGET); } @Override From d32a3aaaa802fa12a52ba2f3ee24014f41b59609 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Tue, 12 Jul 2022 19:51:16 -0400 Subject: [PATCH 7/8] don't merge resourceActions for nested queries, allow recursive engine to handle this for us --- .../net/web/http/api/v2/graph/EnvironmentNodesFetcher.java | 4 +--- .../io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java | 4 +--- .../net/web/http/api/v2/graph/TargetNodesFetcher.java | 5 +---- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java index 4243d4a83c..11d7cd0641 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/EnvironmentNodesFetcher.java @@ -68,9 +68,7 @@ class EnvironmentNodesFetcher extends AbstractPermissionedDataFetcher resourceActions() { - EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); - actions.addAll(rootNodeFetcher.resourceActions()); - return actions; + return EnumSet.of(ResourceAction.READ_TARGET); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java index 175cf00291..5baa8deea0 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/NodeFetcher.java @@ -63,9 +63,7 @@ class NodeFetcher extends AbstractPermissionedDataFetcher { @Override public Set resourceActions() { - EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); - actions.addAll(rootNodeFetcher.resourceActions()); - return actions; + return EnumSet.of(ResourceAction.READ_TARGET); } @Override diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java index 53222265f5..772d6411a2 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/TargetNodesFetcher.java @@ -73,10 +73,7 @@ class TargetNodesFetcher extends AbstractPermissionedDataFetcher resourceActions() { - EnumSet actions = EnumSet.of(ResourceAction.READ_TARGET); - actions.addAll(rootNodeFetcher.resourceActions()); - actions.addAll(recurseFetcher.resourceActions()); - return actions; + return EnumSet.of(ResourceAction.READ_TARGET); } @Override From e5d1a5deb5a76e8d404d90f27de31603ca3cced2 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Fri, 29 Jul 2022 16:42:51 -0400 Subject: [PATCH 8/8] apply spotless formatting --- .../net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java index 1e8cc41488..8975de995d 100644 --- a/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java +++ b/src/main/java/io/cryostat/net/web/http/api/v2/graph/ArchivedRecordingsFetcher.java @@ -61,8 +61,7 @@ justification = "The Archived and AggregateInfo fields are serialized and returned to the client by" + " the GraphQL engine") -class ArchivedRecordingsFetcher - extends AbstractPermissionedDataFetcher { +class ArchivedRecordingsFetcher extends AbstractPermissionedDataFetcher { @Inject ArchivedRecordingsFetcher(AuthManager auth) {