void setAllowedOriginsPattern(ApiSecurity apiSecurity) { String corsAccessPattern = apiSecurity.getCorsAccessPattern(); if (!StringUtils.isEmpty(corsAccessPattern)) { allowedOriginsPattern = corsAccessPattern; } } }
GateConfig(ServiceSettings gate, Security security) { super(gate); server.ssl = security.getApiSecurity().getSsl(); }
public void setSpringSsl(String deploymentName, SpringSsl apacheSsl) { ApiSecurity uiSecurity = getApiSecurity(deploymentName); uiSecurity.setSsl(apacheSsl); }
@Override protected void executeThis() { String currentDeployment = getCurrentDeployment(); ApiSecurity apiSecurity = new OperationHandler<ApiSecurity>() .setOperation(Daemon.getApiSecurity(currentDeployment, false)) .setFailureMesssage("Failed to load API security settings.") .get(); int originalHash = apiSecurity.hashCode(); apiSecurity.setOverrideBaseUrl(isSet(overrideBaseUrl) ? overrideBaseUrl : apiSecurity.getOverrideBaseUrl()); apiSecurity.setCorsAccessPattern(isSet(corsAccessPattern) ? corsAccessPattern : apiSecurity.getCorsAccessPattern()); if (originalHash == apiSecurity.hashCode()) { AnsiUi.failure("No changes supplied."); return; } new OperationHandler<Void>() .setOperation(Daemon.setApiSecurity(currentDeployment, !noValidate, apiSecurity)) .setFailureMesssage("Failed to edit API security settings.") .setFailureMesssage("Successfully updated API security settings.") .get(); } }
public Settings(ApiSecurity apiSecurity, List<String> profiles) { setProfiles(profiles); setOverrideBaseUrl(apiSecurity.getOverrideBaseUrl()); if (apiSecurity.getSsl().isEnabled()) { scheme = "https"; } } }
@Override public void validate(ConfigProblemSetBuilder p, Security n) { DeploymentConfiguration deploymentConfiguration = n.parentOfType(DeploymentConfiguration.class); boolean localhostAccess = StringUtils.isEmpty(n.getApiSecurity().getOverrideBaseUrl()) || StringUtils.isEmpty(n.getUiSecurity().getOverrideBaseUrl()) ; switch (deploymentConfiguration.getDeploymentEnvironment().getType()) { case Distributed: if (localhostAccess) { p.addProblem(Problem.Severity.WARNING, "Your UI or API domain does not have override base URLs set " + "even though your Spinnaker deployment is a Distributed deployment on a remote cloud provider. " + "As a result, you will need to open SSH tunnels against that deployment to access Spinnaker.") .setRemediation("We recommend that you instead configure an authentication mechanism (OAuth2, SAML2, or x509) " + "to make it easier to access Spinnaker securely, and then register the intended Domain and IP addresses " + "that your publicly facing services will be using."); // TODO(lwander) point to a guide here } break; case LocalDebian: break; } } }
@Override protected void executeThis() { String currentDeployment = getCurrentDeployment(); ApiSecurity apiSecurity = new OperationHandler<ApiSecurity>() .setOperation(Daemon.getApiSecurity(currentDeployment, false)) .setFailureMesssage("Failed to load API security settings.") .get(); int originalHash = apiSecurity.hashCode(); apiSecurity.setOverrideBaseUrl(isSet(overrideBaseUrl) ? overrideBaseUrl : apiSecurity.getOverrideBaseUrl()); apiSecurity.setCorsAccessPattern(isSet(corsAccessPattern) ? corsAccessPattern : apiSecurity.getCorsAccessPattern()); if (originalHash == apiSecurity.hashCode()) { AnsiUi.failure("No changes supplied."); return; } new OperationHandler<Void>() .setOperation(Daemon.setApiSecurity(currentDeployment, !noValidate, apiSecurity)) .setFailureMesssage("Failed to edit API security settings.") .setFailureMesssage("Successfully updated API security settings.") .get(); } }
public Settings(ApiSecurity apiSecurity, List<String> profiles) { setProfiles(profiles); setOverrideBaseUrl(apiSecurity.getOverrideBaseUrl()); if (apiSecurity.getSsl().isEnabled()) { scheme = "https"; } } }
@Override public void validate(ConfigProblemSetBuilder p, Security n) { DeploymentConfiguration deploymentConfiguration = n.parentOfType(DeploymentConfiguration.class); boolean localhostAccess = StringUtils.isEmpty(n.getApiSecurity().getOverrideBaseUrl()) || StringUtils.isEmpty(n.getUiSecurity().getOverrideBaseUrl()) ; switch (deploymentConfiguration.getDeploymentEnvironment().getType()) { case Distributed: if (localhostAccess) { p.addProblem(Problem.Severity.WARNING, "Your UI or API domain does not have override base URLs set " + "even though your Spinnaker deployment is a Distributed deployment on a remote cloud provider. " + "As a result, you will need to open SSH tunnels against that deployment to access Spinnaker.") .setRemediation("We recommend that you instead configure an authentication mechanism (OAuth2, SAML2, or x509) " + "to make it easier to access Spinnaker securely, and then register the intended Domain and IP addresses " + "that your publicly facing services will be using."); // TODO(lwander) point to a guide here } break; case LocalDebian: break; } } }
void setAllowedOriginsPattern(ApiSecurity apiSecurity) { String corsAccessPattern = apiSecurity.getCorsAccessPattern(); if (!StringUtils.isEmpty(corsAccessPattern)) { allowedOriginsPattern = corsAccessPattern; } } }
GateConfig(ServiceSettings gate, Security security) { super(gate); server.ssl = security.getApiSecurity().getSsl(); }
public void setSpringSsl(String deploymentName, SpringSsl apacheSsl) { ApiSecurity uiSecurity = getApiSecurity(deploymentName); uiSecurity.setSsl(apacheSsl); }