From b418f9aa89b06f2676c58af50b8dafdac19f3328 Mon Sep 17 00:00:00 2001 From: emanipravallika Date: Fri, 13 Sep 2024 09:49:51 +0530 Subject: [PATCH 1/4] OP-22435: BugFix-WU-webhook-trigger for x509-admin users on skipping the validation in ISD. --- .../ApplicationIdRbacInterceptor.java | 3 +- .../ApprovalGateIdRbacInterceptor.java | 4 +- ...ApprovalGateInstanceIdRbacInterceptor.java | 4 +- .../ApprovalPolicyIdInterceptor.java | 4 +- .../CustomGatesTriggerRbacInterceptor.java | 4 +- .../FeatureVisibilityRbacInterceptor.java | 4 +- .../interceptors/GateIdRbacInterceptor.java | 4 +- .../PipelineIdRbacInterceptor.java | 3 +- .../ServiceIdRbacInterceptor.java | 3 +- .../gate/rbac/ApplicationFeatureRbac.java | 74 +++++++++++++++++-- 10 files changed, 85 insertions(+), 22 deletions(-) diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApplicationIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApplicationIdRbacInterceptor.java index 0547e03a32..84905ed1d2 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApplicationIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApplicationIdRbacInterceptor.java @@ -35,6 +35,7 @@ public class ApplicationIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + log.debug("***********Start of the preHandle -- ApplicationIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -43,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - + log.debug("***********End of the preHandle -- ApplicationIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateIdRbacInterceptor.java index b9e43988de..8cefdb1f60 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateIdRbacInterceptor.java @@ -35,7 +35,7 @@ public class ApprovalGateIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - + log.debug("***********Start of the preHandle -- ApprovalGateIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - + log.debug("***********End of the preHandle -- ApprovalGateIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateInstanceIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateInstanceIdRbacInterceptor.java index 56e60f5204..65fa2f58a0 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateInstanceIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateInstanceIdRbacInterceptor.java @@ -35,7 +35,7 @@ public class ApprovalGateInstanceIdRbacInterceptor implements HandlerInterceptor @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - + log.debug("***********Start of the preHandle -- ApprovalGateInstanceIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - + log.debug("***********End of the preHandle -- ApprovalGateInstanceIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalPolicyIdInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalPolicyIdInterceptor.java index c8eba4d448..14fd0b58c8 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalPolicyIdInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalPolicyIdInterceptor.java @@ -35,7 +35,7 @@ public class ApprovalPolicyIdInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - + log.debug("***********Start of the preHandle -- ApprovalPolicyIdInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - + log.debug("***********End of the preHandle -- ApprovalPolicyIdInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/CustomGatesTriggerRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/CustomGatesTriggerRbacInterceptor.java index 3fafaa0597..57911293bb 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/CustomGatesTriggerRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/CustomGatesTriggerRbacInterceptor.java @@ -37,7 +37,7 @@ public class CustomGatesTriggerRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - + log.debug("***********Start of the preHandle -- CustomGatesTriggerRbacInterceptor"); Optional.ofNullable(request.getHeader("x-spinnaker-user")) .orElseThrow( () -> new XSpinnakerUserHeaderMissingException("x-spinnaker-user header missing")); @@ -50,7 +50,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - + log.debug("***********End of the preHandle -- CustomGatesTriggerRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/FeatureVisibilityRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/FeatureVisibilityRbacInterceptor.java index f2b72e883f..2d67ebdac3 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/FeatureVisibilityRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/FeatureVisibilityRbacInterceptor.java @@ -46,12 +46,14 @@ public class FeatureVisibilityRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.info("request intercepted to authorize if the user is having feature visibility"); + log.debug("***********Start of the preHandle -- FeatureVisibilityRbacInterceptor"); + log.info("request intercepted to authorize if the user is having feature visibility "); String origin = request.getHeader(HttpHeaders.ORIGIN); if (origin != null && customGatePlugins.contains(origin)) { return true; } applicationFeatureRbac.authorizeUserForFeatureVisibility(request.getUserPrincipal().getName()); + log.debug("***********End of the preHandle -- FeatureVisibilityRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/GateIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/GateIdRbacInterceptor.java index 504fedaa55..aec0963668 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/GateIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/GateIdRbacInterceptor.java @@ -35,7 +35,7 @@ public class GateIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - + log.debug("***********Start of the preHandle -- GateIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - + log.debug("***********End of the preHandle -- GateIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/PipelineIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/PipelineIdRbacInterceptor.java index b31ff23ffe..91e4808958 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/PipelineIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/PipelineIdRbacInterceptor.java @@ -46,6 +46,7 @@ public class PipelineIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + log.debug("***********Start of the preHandle -- PipelineIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -59,7 +60,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - + log.debug("***********End of the preHandle -- PipelineIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ServiceIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ServiceIdRbacInterceptor.java index b2d376de31..56559a3e86 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ServiceIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ServiceIdRbacInterceptor.java @@ -35,6 +35,7 @@ public class ServiceIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + log.debug("***********Start of the preHandle -- ServiceIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -43,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - + log.debug("***********End of the preHandle -- ServiceIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java index 8b3ae955ff..cd4241deab 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java @@ -20,6 +20,7 @@ import com.google.gson.JsonObject; import com.netflix.spinnaker.gate.model.PermissionModel; import com.netflix.spinnaker.gate.services.OesAuthorizationService; +import com.netflix.spinnaker.gate.services.PermissionService; import com.opsmx.spinnaker.gate.enums.PermissionEnum; import com.opsmx.spinnaker.gate.enums.RbacFeatureType; import com.opsmx.spinnaker.gate.exception.AccessForbiddenException; @@ -43,6 +44,9 @@ public class ApplicationFeatureRbac { @Autowired private OesAuthorizationService oesAuthorizationService; + @Autowired + PermissionService permissionService; + public static final List runtime_access = new ArrayList<>(); public static final List applicationFeatureRbacEndpoints = new ArrayList<>(); public static final List endpointsWithApplicationId = new ArrayList<>(); @@ -71,13 +75,17 @@ public class ApplicationFeatureRbac { public void authorizeUserForFeatureVisibility(String userName) { Boolean isFeatureVisibility; - + log.debug("validating the user for FeatureVisibility"); + if (permissionService.isAdmin(userName)) { + log.info("{} is admin, Hence not validating with ISD", userName); + return; + } isFeatureVisibility = - Boolean.parseBoolean( - oesAuthorizationService - .isFeatureVisibility(userName, RbacFeatureType.APP.name(), userName) - .getBody() - .get("isEnabled")); + Boolean.parseBoolean( + oesAuthorizationService + .isFeatureVisibility(userName, RbacFeatureType.APP.name(), userName) + .getBody() + .get("isEnabled")); log.info("is feature visibility enabled : {}", isFeatureVisibility); if (!isFeatureVisibility) { throw new AccessForbiddenException( @@ -86,8 +94,12 @@ public void authorizeUserForFeatureVisibility(String userName) { } public void authorizeUserForApplicationId( - String username, String endpointUrl, String httpMethod) { - + String username, String endpointUrl, String httpMethod) { + log.debug("validating the user for ApplicationId"); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } HttpMethod method = HttpMethod.valueOf(httpMethod); Integer applicationId = getApplicationId(endpointUrl); PermissionModel permission; @@ -176,6 +188,11 @@ private Integer getApplicationId(String endpoint) { public void authorizeUserForServiceId(String username, String endpointUrl, String httpMethod) { + log.debug("validating the user for ServiceId"); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } HttpMethod method = HttpMethod.valueOf(httpMethod); Integer serviceId = getServiceId(endpointUrl); Boolean isAuthorized; @@ -262,6 +279,11 @@ private Integer getServiceId(String endpoint) { public void authorizeUserForPipelineId(String username, String endpointUrl, String httpMethod) { + log.debug("validating the user for PipelineId"); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } HttpMethod method = HttpMethod.valueOf(httpMethod); Integer pipelineId = getPipelineId(endpointUrl); Boolean isAuthorized; @@ -350,6 +372,11 @@ private Integer getPipelineId(String endpoint) { public void authorizeUserForGateId(String username, String endpointUrl, String httpMethod) { + log.debug("validating the user for GateId"); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } HttpMethod method = HttpMethod.valueOf(httpMethod); Integer gateId = getGateId(endpointUrl); Boolean isAuthorized; @@ -442,6 +469,11 @@ private Integer getGateId(String endpoint) { public void authorizeUserForApprovalGateId( String username, String endpointUrl, String httpMethod) { + log.debug("validating the user for GateId"); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } HttpMethod method = HttpMethod.valueOf(httpMethod); Integer approvalGateId = getApprovalGateId(endpointUrl); Boolean isAuthorized; @@ -529,6 +561,11 @@ private Integer getApprovalGateId(String endpoint) { public void authorizeUserForApprovalGateInstanceId( String username, String endpointUrl, String httpMethod) { + log.debug("validating the user for ApprovalGateInstanceId"); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } HttpMethod method = HttpMethod.valueOf(httpMethod); Integer approvalGateInstanceId = getApprovalGateInstanceId(endpointUrl); Boolean isAuthorized; @@ -618,6 +655,11 @@ private Integer getApprovalGateInstanceId(String endpoint) { public void authorizeUserForApprovalPolicyId( String username, String endpointUrl, String httpMethod) { + log.debug("validating the user for ApprovalPolicyId"); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } HttpMethod method = HttpMethod.valueOf(httpMethod); Integer approvalPolicyId = getApprovalPolicyId(endpointUrl); Boolean isAuthorized; @@ -720,7 +762,12 @@ private String readXSpinnakerUserFromHeader(HttpServletRequest request) { public void authorizeUserForApprovalGateTrigger(HttpServletRequest request) { + log.debug("validating the user for ApprovalGateTrigger"); String username = readXSpinnakerUserFromHeader(request); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } String endpointUrl = request.getRequestURI(); Integer approvalGateId = getApprovalGateId(endpointUrl); @@ -757,7 +804,13 @@ public void authorizeUserForApprovalGateTrigger(HttpServletRequest request) { public void authorizeUserForPolicyGateTrigger(HttpServletRequest request, Object input) { + log.debug("validating the user for ApprovalGateTrigger"); + String username = readXSpinnakerUserFromHeader(request); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } String endpointUrl = request.getRequestURI(); String inputStr = gson.toJson(input); @@ -805,7 +858,12 @@ public void authorizeUserForPolicyGateTrigger(HttpServletRequest request, Object public void authorizeUserForVerificationAndTestVerificationGateTrigger( HttpServletRequest request, Object input) { + log.debug("validating the user for ApprovalGateTrigger"); String username = readXSpinnakerUserFromHeader(request); + if (permissionService.isAdmin(username)) { + log.info("{} is admin, Hence not validating with ISD", username); + return; + } String endpointUrl = request.getRequestURI(); String inputStr = gson.toJson(input); From edd5c7cf4e3c989916ea0a76a9784055ce50de7d Mon Sep 17 00:00:00 2001 From: emanipravallika Date: Fri, 13 Sep 2024 13:16:48 +0530 Subject: [PATCH 2/4] OP-22435: Addressed the comments - Added log statements --- .../ApplicationIdRbacInterceptor.java | 4 +- .../ApprovalGateIdRbacInterceptor.java | 4 +- ...ApprovalGateInstanceIdRbacInterceptor.java | 4 +- .../ApprovalPolicyIdInterceptor.java | 4 +- .../CustomGatesTriggerRbacInterceptor.java | 4 +- .../FeatureVisibilityRbacInterceptor.java | 4 +- .../interceptors/GateIdRbacInterceptor.java | 4 +- .../PipelineIdRbacInterceptor.java | 4 +- .../ServiceIdRbacInterceptor.java | 4 +- .../gate/rbac/ApplicationFeatureRbac.java | 44 +++++++++++++++---- 10 files changed, 54 insertions(+), 26 deletions(-) diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApplicationIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApplicationIdRbacInterceptor.java index 84905ed1d2..dfc8d36341 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApplicationIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApplicationIdRbacInterceptor.java @@ -35,7 +35,7 @@ public class ApplicationIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.debug("***********Start of the preHandle -- ApplicationIdRbacInterceptor"); + log.debug("Start of the preHandle -- ApplicationIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - log.debug("***********End of the preHandle -- ApplicationIdRbacInterceptor"); + log.debug("End of the preHandle -- ApplicationIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateIdRbacInterceptor.java index 8cefdb1f60..b7914ae43d 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateIdRbacInterceptor.java @@ -35,7 +35,7 @@ public class ApprovalGateIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.debug("***********Start of the preHandle -- ApprovalGateIdRbacInterceptor"); + log.debug("Start of the preHandle -- ApprovalGateIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - log.debug("***********End of the preHandle -- ApprovalGateIdRbacInterceptor"); + log.debug("End of the preHandle -- ApprovalGateIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateInstanceIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateInstanceIdRbacInterceptor.java index 65fa2f58a0..8470dc02e2 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateInstanceIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalGateInstanceIdRbacInterceptor.java @@ -35,7 +35,7 @@ public class ApprovalGateInstanceIdRbacInterceptor implements HandlerInterceptor @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.debug("***********Start of the preHandle -- ApprovalGateInstanceIdRbacInterceptor"); + log.debug("Start of the preHandle -- ApprovalGateInstanceIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - log.debug("***********End of the preHandle -- ApprovalGateInstanceIdRbacInterceptor"); + log.debug("End of the preHandle -- ApprovalGateInstanceIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalPolicyIdInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalPolicyIdInterceptor.java index 14fd0b58c8..ead20b4ab3 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalPolicyIdInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ApprovalPolicyIdInterceptor.java @@ -35,7 +35,7 @@ public class ApprovalPolicyIdInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.debug("***********Start of the preHandle -- ApprovalPolicyIdInterceptor"); + log.debug("Start of the preHandle -- ApprovalPolicyIdInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - log.debug("***********End of the preHandle -- ApprovalPolicyIdInterceptor"); + log.debug("End of the preHandle -- ApprovalPolicyIdInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/CustomGatesTriggerRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/CustomGatesTriggerRbacInterceptor.java index 57911293bb..64a15eec48 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/CustomGatesTriggerRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/CustomGatesTriggerRbacInterceptor.java @@ -37,7 +37,7 @@ public class CustomGatesTriggerRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.debug("***********Start of the preHandle -- CustomGatesTriggerRbacInterceptor"); + log.debug("Start of the preHandle -- CustomGatesTriggerRbacInterceptor"); Optional.ofNullable(request.getHeader("x-spinnaker-user")) .orElseThrow( () -> new XSpinnakerUserHeaderMissingException("x-spinnaker-user header missing")); @@ -50,7 +50,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - log.debug("***********End of the preHandle -- CustomGatesTriggerRbacInterceptor"); + log.debug("End of the preHandle -- CustomGatesTriggerRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/FeatureVisibilityRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/FeatureVisibilityRbacInterceptor.java index 2d67ebdac3..0f548b1188 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/FeatureVisibilityRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/FeatureVisibilityRbacInterceptor.java @@ -46,14 +46,14 @@ public class FeatureVisibilityRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.debug("***********Start of the preHandle -- FeatureVisibilityRbacInterceptor"); + log.debug("Start of the preHandle -- FeatureVisibilityRbacInterceptor"); log.info("request intercepted to authorize if the user is having feature visibility "); String origin = request.getHeader(HttpHeaders.ORIGIN); if (origin != null && customGatePlugins.contains(origin)) { return true; } applicationFeatureRbac.authorizeUserForFeatureVisibility(request.getUserPrincipal().getName()); - log.debug("***********End of the preHandle -- FeatureVisibilityRbacInterceptor"); + log.debug("End of the preHandle -- FeatureVisibilityRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/GateIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/GateIdRbacInterceptor.java index aec0963668..0c7ff37842 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/GateIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/GateIdRbacInterceptor.java @@ -35,7 +35,7 @@ public class GateIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.debug("***********Start of the preHandle -- GateIdRbacInterceptor"); + log.debug("Start of the preHandle -- GateIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - log.debug("***********End of the preHandle -- GateIdRbacInterceptor"); + log.debug("End of the preHandle -- GateIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/PipelineIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/PipelineIdRbacInterceptor.java index 91e4808958..ef174afd6b 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/PipelineIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/PipelineIdRbacInterceptor.java @@ -46,7 +46,7 @@ public class PipelineIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.debug("***********Start of the preHandle -- PipelineIdRbacInterceptor"); + log.debug("Start of the preHandle -- PipelineIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -60,7 +60,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - log.debug("***********End of the preHandle -- PipelineIdRbacInterceptor"); + log.debug("End of the preHandle -- PipelineIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ServiceIdRbacInterceptor.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ServiceIdRbacInterceptor.java index 56559a3e86..392a050f21 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ServiceIdRbacInterceptor.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/interceptors/ServiceIdRbacInterceptor.java @@ -35,7 +35,7 @@ public class ServiceIdRbacInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - log.debug("***********Start of the preHandle -- ServiceIdRbacInterceptor"); + log.debug("Start of the preHandle -- ServiceIdRbacInterceptor"); try { log.info( "Request intercepted for authorizing if the user is having enough access to perform the action"); @@ -44,7 +44,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons } catch (NumberFormatException nfe) { log.debug("Ignoring the rbac check as it threw number format exception"); } - log.debug("***********End of the preHandle -- ServiceIdRbacInterceptor"); + log.debug("End of the preHandle -- ServiceIdRbacInterceptor"); return true; } } diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java index cd4241deab..af0e837a75 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java @@ -44,8 +44,7 @@ public class ApplicationFeatureRbac { @Autowired private OesAuthorizationService oesAuthorizationService; - @Autowired - PermissionService permissionService; + @Autowired PermissionService permissionService; public static final List runtime_access = new ArrayList<>(); public static final List applicationFeatureRbacEndpoints = new ArrayList<>(); @@ -75,26 +74,29 @@ public class ApplicationFeatureRbac { public void authorizeUserForFeatureVisibility(String userName) { Boolean isFeatureVisibility; + log.debug("Start of the authorizeUserForFeatureVisibility"); log.debug("validating the user for FeatureVisibility"); if (permissionService.isAdmin(userName)) { log.info("{} is admin, Hence not validating with ISD", userName); return; } isFeatureVisibility = - Boolean.parseBoolean( - oesAuthorizationService - .isFeatureVisibility(userName, RbacFeatureType.APP.name(), userName) - .getBody() - .get("isEnabled")); + Boolean.parseBoolean( + oesAuthorizationService + .isFeatureVisibility(userName, RbacFeatureType.APP.name(), userName) + .getBody() + .get("isEnabled")); log.info("is feature visibility enabled : {}", isFeatureVisibility); if (!isFeatureVisibility) { throw new AccessForbiddenException( "You do not have permission for the feature type : " + RbacFeatureType.APP.description); } + log.debug("End of the authorizeUserForFeatureVisibility"); } public void authorizeUserForApplicationId( - String username, String endpointUrl, String httpMethod) { + String username, String endpointUrl, String httpMethod) { + log.debug("Start of the authorizeUserForApplicationId"); log.debug("validating the user for ApplicationId"); if (permissionService.isAdmin(username)) { log.info("{} is admin, Hence not validating with ISD", username); @@ -122,6 +124,7 @@ public void authorizeUserForApplicationId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForApplicationId"); break; case "PUT": @@ -159,6 +162,7 @@ public void authorizeUserForApplicationId( + TO_PERFORM_THIS_OPERATION); } } + log.debug("End of the authorizeUserForApplicationId"); break; } } @@ -188,6 +192,7 @@ private Integer getApplicationId(String endpoint) { public void authorizeUserForServiceId(String username, String endpointUrl, String httpMethod) { + log.debug("Start of the authorizeUserForServiceId"); log.debug("validating the user for ServiceId"); if (permissionService.isAdmin(username)) { log.info("{} is admin, Hence not validating with ISD", username); @@ -226,6 +231,7 @@ public void authorizeUserForServiceId(String username, String endpointUrl, Strin + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForServiceId"); break; case "PUT": @@ -256,6 +262,7 @@ public void authorizeUserForServiceId(String username, String endpointUrl, Strin + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForServiceId"); break; } } @@ -279,6 +286,7 @@ private Integer getServiceId(String endpoint) { public void authorizeUserForPipelineId(String username, String endpointUrl, String httpMethod) { + log.debug("Start of the authorizeUserForPipelineId"); log.debug("validating the user for PipelineId"); if (permissionService.isAdmin(username)) { log.info("{} is admin, Hence not validating with ISD", username); @@ -317,6 +325,7 @@ public void authorizeUserForPipelineId(String username, String endpointUrl, Stri + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForPipelineId"); break; case "PUT": @@ -349,6 +358,7 @@ public void authorizeUserForPipelineId(String username, String endpointUrl, Stri + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForPipelineId"); break; } } @@ -372,6 +382,7 @@ private Integer getPipelineId(String endpoint) { public void authorizeUserForGateId(String username, String endpointUrl, String httpMethod) { + log.debug("Start of the authorizeUserForGateId"); log.debug("validating the user for GateId"); if (permissionService.isAdmin(username)) { log.info("{} is admin, Hence not validating with ISD", username); @@ -410,6 +421,7 @@ public void authorizeUserForGateId(String username, String endpointUrl, String h + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForGateId"); break; case "PUT": @@ -439,6 +451,7 @@ public void authorizeUserForGateId(String username, String endpointUrl, String h + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForGateId"); break; } } @@ -469,6 +482,7 @@ private Integer getGateId(String endpoint) { public void authorizeUserForApprovalGateId( String username, String endpointUrl, String httpMethod) { + log.debug("Start of the authorizeUserForApprovalGateId"); log.debug("validating the user for GateId"); if (permissionService.isAdmin(username)) { log.info("{} is admin, Hence not validating with ISD", username); @@ -508,6 +522,7 @@ public void authorizeUserForApprovalGateId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForApprovalGateId"); break; case "PUT": @@ -540,6 +555,7 @@ public void authorizeUserForApprovalGateId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForApprovalGateId"); break; } } @@ -561,6 +577,7 @@ private Integer getApprovalGateId(String endpoint) { public void authorizeUserForApprovalGateInstanceId( String username, String endpointUrl, String httpMethod) { + log.debug("Start of the authorizeUserForApprovalGateInstanceId"); log.debug("validating the user for ApprovalGateInstanceId"); if (permissionService.isAdmin(username)) { log.info("{} is admin, Hence not validating with ISD", username); @@ -602,6 +619,7 @@ public void authorizeUserForApprovalGateInstanceId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForApprovalGateInstanceId"); break; case "PUT": @@ -634,6 +652,7 @@ public void authorizeUserForApprovalGateInstanceId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForApprovalGateInstanceId"); break; } } @@ -655,6 +674,7 @@ private Integer getApprovalGateInstanceId(String endpoint) { public void authorizeUserForApprovalPolicyId( String username, String endpointUrl, String httpMethod) { + log.debug("Start of the authorizeUserForApprovalPolicyId"); log.debug("validating the user for ApprovalPolicyId"); if (permissionService.isAdmin(username)) { log.info("{} is admin, Hence not validating with ISD", username); @@ -696,6 +716,7 @@ public void authorizeUserForApprovalPolicyId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForApprovalPolicyId"); break; case "PUT": @@ -728,6 +749,7 @@ public void authorizeUserForApprovalPolicyId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForApprovalPolicyId"); break; } } @@ -762,6 +784,7 @@ private String readXSpinnakerUserFromHeader(HttpServletRequest request) { public void authorizeUserForApprovalGateTrigger(HttpServletRequest request) { + log.debug("Start of the authorizeUserForApprovalGateTrigger"); log.debug("validating the user for ApprovalGateTrigger"); String username = readXSpinnakerUserFromHeader(request); if (permissionService.isAdmin(username)) { @@ -800,10 +823,12 @@ public void authorizeUserForApprovalGateTrigger(HttpServletRequest request) { + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForApprovalGateTrigger"); } public void authorizeUserForPolicyGateTrigger(HttpServletRequest request, Object input) { + log.debug("Start of the authorizeUserForPolicyGateTrigger"); log.debug("validating the user for ApprovalGateTrigger"); String username = readXSpinnakerUserFromHeader(request); @@ -853,11 +878,13 @@ public void authorizeUserForPolicyGateTrigger(HttpServletRequest request, Object + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForPolicyGateTrigger"); } public void authorizeUserForVerificationAndTestVerificationGateTrigger( HttpServletRequest request, Object input) { + log.debug("Start of the authorizeUserForVerificationAndTestVerificationGateTrigger"); log.debug("validating the user for ApprovalGateTrigger"); String username = readXSpinnakerUserFromHeader(request); if (permissionService.isAdmin(username)) { @@ -903,6 +930,7 @@ public void authorizeUserForVerificationAndTestVerificationGateTrigger( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } + log.debug("End of the authorizeUserForVerificationAndTestVerificationGateTrigger"); } private static void populateDashboardServiceApis() { From 85711657983b96bf7bd9685535425c77b0c55d39 Mon Sep 17 00:00:00 2001 From: emanipravallika Date: Fri, 13 Sep 2024 13:20:20 +0530 Subject: [PATCH 3/4] OP-22435: Addressed the comments - Added log statements --- .../com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java index af0e837a75..dce83918fc 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java @@ -44,7 +44,7 @@ public class ApplicationFeatureRbac { @Autowired private OesAuthorizationService oesAuthorizationService; - @Autowired PermissionService permissionService; + @Autowired private PermissionService permissionService; public static final List runtime_access = new ArrayList<>(); public static final List applicationFeatureRbacEndpoints = new ArrayList<>(); From 745ab8076e2ae304f8d2ac9da003dfd9325e9c16 Mon Sep 17 00:00:00 2001 From: emanipravallika Date: Fri, 13 Sep 2024 13:31:42 +0530 Subject: [PATCH 4/4] OP-22435: Addressed the comments --- .../gate/rbac/ApplicationFeatureRbac.java | 21 +++++++------------ 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java b/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java index dce83918fc..4598cfbe30 100644 --- a/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java +++ b/gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java @@ -124,7 +124,6 @@ public void authorizeUserForApplicationId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForApplicationId"); break; case "PUT": @@ -162,9 +161,9 @@ public void authorizeUserForApplicationId( + TO_PERFORM_THIS_OPERATION); } } - log.debug("End of the authorizeUserForApplicationId"); break; } + log.debug("End of the authorizeUserForApplicationId"); } private Integer getApplicationId(String endpoint) { @@ -231,7 +230,6 @@ public void authorizeUserForServiceId(String username, String endpointUrl, Strin + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForServiceId"); break; case "PUT": @@ -262,9 +260,9 @@ public void authorizeUserForServiceId(String username, String endpointUrl, Strin + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForServiceId"); break; } + log.debug("End of the authorizeUserForServiceId"); } private Integer getServiceId(String endpoint) { @@ -325,7 +323,6 @@ public void authorizeUserForPipelineId(String username, String endpointUrl, Stri + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForPipelineId"); break; case "PUT": @@ -358,9 +355,9 @@ public void authorizeUserForPipelineId(String username, String endpointUrl, Stri + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForPipelineId"); break; } + log.debug("End of the authorizeUserForPipelineId"); } private Integer getPipelineId(String endpoint) { @@ -421,7 +418,6 @@ public void authorizeUserForGateId(String username, String endpointUrl, String h + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForGateId"); break; case "PUT": @@ -451,9 +447,9 @@ public void authorizeUserForGateId(String username, String endpointUrl, String h + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForGateId"); break; } + log.debug("End of the authorizeUserForGateId"); } private Integer getGateId(String endpoint) { @@ -522,7 +518,6 @@ public void authorizeUserForApprovalGateId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForApprovalGateId"); break; case "PUT": @@ -555,9 +550,9 @@ public void authorizeUserForApprovalGateId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForApprovalGateId"); break; } + log.debug("End of the authorizeUserForApprovalGateId"); } private Integer getApprovalGateId(String endpoint) { @@ -619,7 +614,6 @@ public void authorizeUserForApprovalGateInstanceId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForApprovalGateInstanceId"); break; case "PUT": @@ -652,9 +646,9 @@ public void authorizeUserForApprovalGateInstanceId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForApprovalGateInstanceId"); break; } + log.debug("End of the authorizeUserForApprovalGateInstanceId"); } private Integer getApprovalGateInstanceId(String endpoint) { @@ -716,7 +710,6 @@ public void authorizeUserForApprovalPolicyId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForApprovalPolicyId"); break; case "PUT": @@ -749,9 +742,9 @@ public void authorizeUserForApprovalPolicyId( + RbacFeatureType.APP.description + TO_PERFORM_THIS_OPERATION); } - log.debug("End of the authorizeUserForApprovalPolicyId"); break; } + log.debug("End of the authorizeUserForApprovalPolicyId"); } private Integer getApprovalPolicyId(String endpoint) {