From 080fed0c741cb03efab296df0cbe5d7ea6855c21 Mon Sep 17 00:00:00 2001 From: Adam Jordens Date: Tue, 8 Dec 2020 11:52:49 -0800 Subject: [PATCH] Revert "feat(pipeline executions/orca) : Added ability to add roles to manual judgment stage. (#3988)" This reverts commit b8c5a7ddbcb974b2c598f54a3ab545c00a399231. --- orca-echo/orca-echo.gradle | 2 +- .../echo/pipeline/ManualJudgmentStage.groovy | 96 +++--------------- .../util/ManualJudgmentAuthzGroupsUtil.java | 98 ------------------- .../pipeline/ManualJudgmentStageSpec.groovy | 77 ++------------- .../ManualJudgmentAuthzGroupsUtilSpec.groovy | 41 -------- .../controllers/OperationsController.groovy | 12 ++- .../orca/web/config/WebConfiguration.groovy | 7 -- 7 files changed, 27 insertions(+), 306 deletions(-) delete mode 100644 orca-echo/src/main/java/com/netflix/spinnaker/orca/echo/util/ManualJudgmentAuthzGroupsUtil.java delete mode 100644 orca-echo/src/test/groovy/com/netflix/spinnaker/orca/echo/util/ManualJudgmentAuthzGroupsUtilSpec.groovy diff --git a/orca-echo/orca-echo.gradle b/orca-echo/orca-echo.gradle index 60fb578c56..15e37c6f3d 100644 --- a/orca-echo/orca-echo.gradle +++ b/orca-echo/orca-echo.gradle @@ -27,7 +27,7 @@ dependencies { implementation("org.springframework.boot:spring-boot-autoconfigure") implementation("javax.validation:validation-api") implementation("com.netflix.spinnaker.fiat:fiat-core:$fiatVersion") - implementation("com.netflix.spinnaker.fiat:fiat-api:$fiatVersion") + testImplementation("com.squareup.retrofit:retrofit-mock") } diff --git a/orca-echo/src/main/groovy/com/netflix/spinnaker/orca/echo/pipeline/ManualJudgmentStage.groovy b/orca-echo/src/main/groovy/com/netflix/spinnaker/orca/echo/pipeline/ManualJudgmentStage.groovy index 265359526f..b477f80003 100644 --- a/orca-echo/src/main/groovy/com/netflix/spinnaker/orca/echo/pipeline/ManualJudgmentStage.groovy +++ b/orca-echo/src/main/groovy/com/netflix/spinnaker/orca/echo/pipeline/ManualJudgmentStage.groovy @@ -19,31 +19,23 @@ package com.netflix.spinnaker.orca.echo.pipeline import com.fasterxml.jackson.annotation.JsonAnyGetter import com.fasterxml.jackson.annotation.JsonAnySetter import com.fasterxml.jackson.annotation.JsonIgnore -import com.fasterxml.jackson.core.type.TypeReference -import com.fasterxml.jackson.databind.ObjectMapper -import com.google.common.annotations.VisibleForTesting -import com.google.common.base.Strings -import com.netflix.spinnaker.fiat.model.UserPermission -import com.netflix.spinnaker.fiat.shared.FiatPermissionEvaluator -import com.netflix.spinnaker.fiat.shared.FiatStatus -import com.netflix.spinnaker.orca.AuthenticatedStage +import com.netflix.spinnaker.orca.api.pipeline.models.ExecutionStatus import com.netflix.spinnaker.orca.api.pipeline.OverridableTimeoutRetryableTask +import com.netflix.spinnaker.orca.api.pipeline.models.StageExecution import com.netflix.spinnaker.orca.api.pipeline.TaskResult + +import javax.annotation.Nonnull +import java.util.concurrent.TimeUnit +import com.google.common.annotations.VisibleForTesting +import com.netflix.spinnaker.orca.* +import com.netflix.spinnaker.orca.echo.EchoService import com.netflix.spinnaker.orca.api.pipeline.graph.StageDefinitionBuilder import com.netflix.spinnaker.orca.api.pipeline.graph.TaskNode -import com.netflix.spinnaker.orca.api.pipeline.models.ExecutionStatus -import com.netflix.spinnaker.orca.api.pipeline.models.StageExecution -import com.netflix.spinnaker.orca.echo.EchoService -import com.netflix.spinnaker.orca.echo.util.ManualJudgmentAuthzGroupsUtil -import com.netflix.spinnaker.security.AuthenticatedRequest import com.netflix.spinnaker.security.User import groovy.util.logging.Slf4j import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component -import javax.annotation.Nonnull -import java.util.concurrent.TimeUnit - @Component class ManualJudgmentStage implements StageDefinitionBuilder, AuthenticatedStage { @@ -80,52 +72,21 @@ class ManualJudgmentStage implements StageDefinitionBuilder, AuthenticatedStage final long backoffPeriod = 15000 final long timeout = TimeUnit.DAYS.toMillis(3) - private final EchoService echoService - - private final FiatPermissionEvaluator fiatPermissionEvaluator - - private FiatStatus fiatStatus - - private ManualJudgmentAuthzGroupsUtil manualJudgmentAuthzGroupsUtil - - private ObjectMapper objectMapper - - @Autowired - WaitForManualJudgmentTask(Optional echoService, Optional fpe, - Optional fiatStatus, Optional objectMapper, - Optional manualJudgmentAuthzGroupsUtil) { - this.echoService = echoService.orElse(null) - this.fiatPermissionEvaluator = fpe.orElse(null) - this.fiatStatus = fiatStatus.orElse(null) - this.objectMapper = objectMapper.orElse(null) - this.manualJudgmentAuthzGroupsUtil = manualJudgmentAuthzGroupsUtil.orElse(null) - } + @Autowired(required = false) + EchoService echoService @Override TaskResult execute(StageExecution stage) { StageData stageData = stage.mapTo(StageData) - def username = AuthenticatedRequest.getSpinnakerUser().orElse(stage.lastModified ? stage.lastModified.user : "") - boolean fiatEnabled = fiatStatus ? fiatStatus.isEnabled() : false - boolean isAuthorized = false - def appPermissions - def stageRoles - if (fiatEnabled) { - stageRoles = stage.context.selectedStageRoles - if (stageRoles) { - appPermissions = getApplicationPermissions(stage) - } - } String notificationState ExecutionStatus executionStatus switch (stageData.state) { case StageData.State.CONTINUE: - isAuthorized = !fiatEnabled || checkManualJudgmentAuthorizedGroups(stageRoles, appPermissions, username) notificationState = "manualJudgmentContinue" executionStatus = ExecutionStatus.SUCCEEDED break case StageData.State.STOP: - isAuthorized = !fiatEnabled || checkManualJudgmentAuthorizedGroups(stageRoles, appPermissions, username) notificationState = "manualJudgmentStop" executionStatus = ExecutionStatus.TERMINAL break @@ -134,47 +95,12 @@ class ManualJudgmentStage implements StageDefinitionBuilder, AuthenticatedStage executionStatus = ExecutionStatus.RUNNING break } - if (!isAuthorized) { - notificationState = "manualJudgment" - executionStatus = ExecutionStatus.RUNNING - stage.context.put("judgmentStatus", "") - } + Map outputs = processNotifications(stage, stageData, notificationState) return TaskResult.builder(executionStatus).context(outputs).build() } - private Map getApplicationPermissions(StageExecution stage) { - - def applicationName = stage.execution.application - def permissions - if (applicationName) { - manualJudgmentAuthzGroupsUtil.getApplication(applicationName).ifPresent({ application -> - if (application.getPermission().permissions && application.getPermission().permissions.permissions) { - permissions = objectMapper.convertValue(application.getPermission().permissions.permissions, - new TypeReference>() {}) - } - }); - } - return permissions - } - - boolean checkManualJudgmentAuthorizedGroups(List stageRoles, Map permissions, String username) { - - if (!Strings.isNullOrEmpty(username)) { - UserPermission.View permission = fiatPermissionEvaluator.getPermission(username); - if (permission == null) { // Should never happen? - log.warn("Attempted to get user permission for '$username' but none were found.") - return false; - } - // User has to have all the pipeline roles. - def userRoles = permission.getRoles().collect { it.getName().trim() } - return ManualJudgmentAuthzGroupsUtil.checkAuthorizedGroups(userRoles, stageRoles, permissions) - } else { - return false - } - } - Map processNotifications(StageExecution stage, StageData stageData, String notificationState) { if (echoService) { // sendNotifications will be true if using the new scheme for configuration notifications. diff --git a/orca-echo/src/main/java/com/netflix/spinnaker/orca/echo/util/ManualJudgmentAuthzGroupsUtil.java b/orca-echo/src/main/java/com/netflix/spinnaker/orca/echo/util/ManualJudgmentAuthzGroupsUtil.java deleted file mode 100644 index 1f42f5f56b..0000000000 --- a/orca-echo/src/main/java/com/netflix/spinnaker/orca/echo/util/ManualJudgmentAuthzGroupsUtil.java +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright 2020 OpsMx, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.netflix.spinnaker.orca.echo.util; - -import static java.lang.String.format; - -import com.netflix.spinnaker.fiat.model.Authorization; -import com.netflix.spinnaker.kork.exceptions.SpinnakerException; -import com.netflix.spinnaker.orca.front50.Front50Service; -import com.netflix.spinnaker.orca.front50.model.Application; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import retrofit.RetrofitError; - -public class ManualJudgmentAuthzGroupsUtil { - - Front50Service front50Service; - - @Autowired - public ManualJudgmentAuthzGroupsUtil(Optional front50Service) { - this.front50Service = front50Service.orElse(null); - } - - /** - * This method checks if the logged in user has role in the manual judgment stage authorized - * groups. We fetch the user roles and check if that role is authorized in the manual judgment - * stage role. if the user role exists , then we check with the application permission roles. If - * the application permission role has 'READ' then we return false(not authorized) If the - * application permission role has 'CREATE, EXECUTE, WRITE' then we return true(authorized) - * - * @param userRoles - * @param stageRoles - * @param permissions - * @return - */ - public static boolean checkAuthorizedGroups( - List userRoles, List stageRoles, Map permissions) { - - boolean isAuthorizedGroup = false; - if (stageRoles == null || stageRoles.isEmpty()) { - return true; - } - for (String role : userRoles) { // Fetches the userRoles of the logged in user - if (stageRoles.contains( - role)) { // Checks if the user role is authorized in the manual judgment stage. - for (Map.Entry entry : - permissions.entrySet()) { // get the application permission roles. - if (Authorization.CREATE.name().equals(entry.getKey()) - || Authorization.EXECUTE.name().equals(entry.getKey()) - || Authorization.WRITE.name().equals(entry.getKey())) { - // If the application permission roles has 'CREATE, EXECUTE, WRITE', then user is - // authorized. - if (entry.getValue() != null && ((List) entry.getValue()).contains(role)) { - return true; - } - } else if (Authorization.READ.name().equals(entry.getKey())) { - // If the application permission roles has 'READ', then user is not authorized. - if (entry.getValue() != null && ((List) entry.getValue()).contains(role)) { - isAuthorizedGroup = false; - } - } - } - } - } - return isAuthorizedGroup; - } - - public Optional getApplication(String applicationName) { - try { - return Optional.of(front50Service.get(applicationName)); - } catch (RetrofitError e) { - if (e.getResponse().getStatus() == HttpStatus.NOT_FOUND.value()) { - return Optional.empty(); - } - throw new SpinnakerException( - format("Failed to retrieve application '%s'", applicationName), e); - } catch (RuntimeException re) { - return Optional.empty(); - } - } -} diff --git a/orca-echo/src/test/groovy/com/netflix/spinnaker/orca/echo/pipeline/ManualJudgmentStageSpec.groovy b/orca-echo/src/test/groovy/com/netflix/spinnaker/orca/echo/pipeline/ManualJudgmentStageSpec.groovy index 05bfa59b4e..6dba18c317 100644 --- a/orca-echo/src/test/groovy/com/netflix/spinnaker/orca/echo/pipeline/ManualJudgmentStageSpec.groovy +++ b/orca-echo/src/test/groovy/com/netflix/spinnaker/orca/echo/pipeline/ManualJudgmentStageSpec.groovy @@ -16,17 +16,9 @@ package com.netflix.spinnaker.orca.echo.pipeline -import com.fasterxml.jackson.databind.ObjectMapper -import com.netflix.spinnaker.fiat.model.UserPermission -import com.netflix.spinnaker.fiat.model.resources.Role -import com.netflix.spinnaker.fiat.shared.FiatPermissionEvaluator -import com.netflix.spinnaker.fiat.shared.FiatStatus import com.netflix.spinnaker.orca.api.pipeline.models.ExecutionStatus import com.netflix.spinnaker.orca.api.pipeline.models.StageExecution import com.netflix.spinnaker.orca.echo.EchoService -import com.netflix.spinnaker.orca.echo.util.ManualJudgmentAuthzGroupsUtil -import com.netflix.spinnaker.orca.front50.Front50Service -import com.netflix.spinnaker.orca.front50.model.Application import com.netflix.spinnaker.orca.pipeline.model.PipelineExecutionImpl import com.netflix.spinnaker.orca.pipeline.model.StageExecutionImpl import spock.lang.Specification @@ -35,41 +27,17 @@ import static com.netflix.spinnaker.orca.echo.pipeline.ManualJudgmentStage.Notif import static com.netflix.spinnaker.orca.echo.pipeline.ManualJudgmentStage.WaitForManualJudgmentTask class ManualJudgmentStageSpec extends Specification { - - EchoService echoService = Mock(EchoService) - - Front50Service front50Service = Mock(Front50Service) - - FiatPermissionEvaluator fpe = Mock(FiatPermissionEvaluator) - - FiatStatus fiatStatus = Mock() { - _ * isEnabled() >> true - } - - ManualJudgmentAuthzGroupsUtil manualJudgmentAuthzGroupsUtil = new ManualJudgmentAuthzGroupsUtil(Optional.of(front50Service)) - - ObjectMapper objectMapper = new ObjectMapper() - - def config = [ - application: [ - "name" : "orca", - "owner" : "owner", - "permissions" : [WRITE: ["foo"], READ: ["foo","baz"], EXECUTE: ["foo"]] - ], - user : "testUser" - ] - @Unroll void "should return execution status based on judgmentStatus"() { given: - def task = new WaitForManualJudgmentTask(Optional.of(echoService), Optional.of(fpe), Optional.of(fiatStatus), - Optional.of(objectMapper), Optional.of(manualJudgmentAuthzGroupsUtil)) + def task = new WaitForManualJudgmentTask() + when: def result = task.execute(new StageExecutionImpl(PipelineExecutionImpl.newPipeline("orca"), "", context)) then: - 1 * fiatStatus.isEnabled() >> { return false } result.status == expectedStatus + result.context.isEmpty() where: context || expectedStatus @@ -81,39 +49,9 @@ class ManualJudgmentStageSpec extends Specification { [judgmentStatus: "unknown"] || ExecutionStatus.RUNNING } - @Unroll - void "should return execution status based on authorizedGroups"() { - given: - 1 * fpe.getPermission('abc@somedomain.io') >> { - new UserPermission().addResources([new Role('foo'), new Role('baz')]).view - } - 1 * front50Service.get("orca") >> new Application(config.application) - - def task = new WaitForManualJudgmentTask(Optional.of(echoService), Optional.of(fpe), Optional.of(fiatStatus), - Optional.of(objectMapper), Optional.of(manualJudgmentAuthzGroupsUtil)) - - when: - def stage = new StageExecutionImpl(PipelineExecutionImpl.newPipeline("orca"), "", context) - stage.lastModified = new StageExecution.LastModifiedDetails(user: "abc@somedomain.io", allowedAccounts: ["group1"]) - def result = task.execute(stage) - - then: - result.status == expectedStatus - - where: - context || expectedStatus - [judgmentStatus: "continue", selectedStageRoles: ['foo']] || ExecutionStatus.SUCCEEDED - [judgmentStatus: "Continue", selectedStageRoles: ['foo']] || ExecutionStatus.SUCCEEDED - [judgmentStatus: "stop", selectedStageRoles: ['foo']] || ExecutionStatus.TERMINAL - [judgmentStatus: "STOP", selectedStageRoles: ['foo']] || ExecutionStatus.TERMINAL - [judgmentStatus: "Continue", selectedStageRoles: ['baz']] || ExecutionStatus.RUNNING - [judgmentStatus: "Stop", selectedStageRoles: ['baz']] || ExecutionStatus.RUNNING - } - void "should only send notifications for supported types"() { given: - def task = new WaitForManualJudgmentTask(Optional.of(echoService), Optional.of(fpe), Optional.of(fiatStatus), - Optional.of(objectMapper), Optional.of(manualJudgmentAuthzGroupsUtil)) + def task = new WaitForManualJudgmentTask(echoService: Mock(EchoService)) when: def result = task.execute(new StageExecutionImpl(PipelineExecutionImpl.newPipeline("orca"), "", [notifications: [ @@ -134,8 +72,7 @@ class ManualJudgmentStageSpec extends Specification { @Unroll void "if deprecated notification configuration is in use, only send notifications for awaiting judgment state"() { given: - def task = new WaitForManualJudgmentTask(Optional.of(echoService), Optional.of(fpe), Optional.of(fiatStatus), - Optional.of(objectMapper), Optional.of(manualJudgmentAuthzGroupsUtil)) + def task = new WaitForManualJudgmentTask(echoService: Mock(EchoService)) when: def result = task.execute(new StageExecutionImpl(PipelineExecutionImpl.newPipeline("orca"), "", [ @@ -147,7 +84,6 @@ class ManualJudgmentStageSpec extends Specification { ])) then: - 1 * fiatStatus.isEnabled() >> { return false } result.status == executionStatus if (sent) result.context.notifications?.getAt(0)?.lastNotifiedByNotificationState?.containsKey(notificationState) @@ -217,8 +153,7 @@ class ManualJudgmentStageSpec extends Specification { @Unroll void "should retain unknown fields in the notification context"() { given: - def task = new WaitForManualJudgmentTask(Optional.of(echoService), Optional.of(fpe), Optional.of(fiatStatus), - Optional.of(objectMapper), Optional.of(manualJudgmentAuthzGroupsUtil)) + def task = new WaitForManualJudgmentTask(echoService: Mock(EchoService)) def slackNotification = new Notification(type: "slack") slackNotification.setOther("customMessage", "hello slack") diff --git a/orca-echo/src/test/groovy/com/netflix/spinnaker/orca/echo/util/ManualJudgmentAuthzGroupsUtilSpec.groovy b/orca-echo/src/test/groovy/com/netflix/spinnaker/orca/echo/util/ManualJudgmentAuthzGroupsUtilSpec.groovy deleted file mode 100644 index 355f572924..0000000000 --- a/orca-echo/src/test/groovy/com/netflix/spinnaker/orca/echo/util/ManualJudgmentAuthzGroupsUtilSpec.groovy +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2020 OpsMx, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.netflix.spinnaker.orca.echo.util - -import spock.lang.Specification - -class ManualJudgmentAuthzGroupsUtilSpec extends Specification { - - - void 'should return the result based on userRoles, stageRoles and permissions'() { - - when: - def result = ManualJudgmentAuthzGroupsUtil.checkAuthorizedGroups(userRoles,stageRoles,permissions) - - then: - result == output - - where: - userRoles | stageRoles | permissions | output - ['foo','baz'] | ['foo'] | ["WRITE": ["foo"],"READ": ["foo","baz"], "EXECUTE": ["foo"]] | true - ['foo','baz'] | [] | ["WRITE": ["foo"],"READ": ["foo","baz"], "EXECUTE": ["foo"]] | true - [] | ['foo'] | ["WRITE": ["foo"],"READ": ["foo","baz"], "EXECUTE": ["foo"]] | false - ['foo','baz'] | ['baz'] | ["WRITE": ["foo"],"READ": ["foo","baz"], "EXECUTE": ["foo"]] | false - ['foo','baz'] | [] | ["":""] | true - ['foo','baz','bar'] | ['baz'] | ["WRITE": ["bar"],"READ": ["bar"], "EXECUTE": ["bar"]] | false - } -} diff --git a/orca-web/src/main/groovy/com/netflix/spinnaker/orca/controllers/OperationsController.groovy b/orca-web/src/main/groovy/com/netflix/spinnaker/orca/controllers/OperationsController.groovy index 95c5b89fd9..3c35c2fa0a 100644 --- a/orca-web/src/main/groovy/com/netflix/spinnaker/orca/controllers/OperationsController.groovy +++ b/orca-web/src/main/groovy/com/netflix/spinnaker/orca/controllers/OperationsController.groovy @@ -23,8 +23,8 @@ import com.netflix.spinnaker.fiat.shared.FiatService import com.netflix.spinnaker.fiat.shared.FiatStatus import com.netflix.spinnaker.kork.exceptions.ConfigurationException import com.netflix.spinnaker.kork.exceptions.SpinnakerException +import com.netflix.spinnaker.kork.exceptions.UserException import com.netflix.spinnaker.orca.api.pipeline.models.PipelineExecution -import com.netflix.spinnaker.orca.api.pipeline.models.Trigger import com.netflix.spinnaker.orca.clouddriver.service.JobService import com.netflix.spinnaker.orca.exceptions.OperationFailedException import com.netflix.spinnaker.orca.exceptions.PipelineTemplateValidationException @@ -33,6 +33,7 @@ import com.netflix.spinnaker.orca.front50.Front50Service import com.netflix.spinnaker.orca.front50.PipelineModelMutator import com.netflix.spinnaker.orca.igor.BuildService import com.netflix.spinnaker.orca.pipeline.ExecutionLauncher +import com.netflix.spinnaker.orca.api.pipeline.models.Trigger import com.netflix.spinnaker.orca.pipeline.persistence.ExecutionNotFoundException import com.netflix.spinnaker.orca.pipeline.persistence.ExecutionRepository import com.netflix.spinnaker.orca.pipeline.util.ArtifactUtils @@ -43,15 +44,19 @@ import com.netflix.spinnaker.security.AuthenticatedRequest import groovy.util.logging.Slf4j import javassist.NotFoundException import org.springframework.beans.factory.annotation.Autowired -import org.springframework.web.bind.annotation.* +import org.springframework.web.bind.annotation.PathVariable +import org.springframework.web.bind.annotation.RequestBody +import org.springframework.web.bind.annotation.RequestMapping +import org.springframework.web.bind.annotation.RequestMethod +import org.springframework.web.bind.annotation.RestController import retrofit.RetrofitError import retrofit.http.Query import javax.servlet.http.HttpServletResponse +import static java.net.HttpURLConnection.HTTP_NOT_FOUND; import static com.netflix.spinnaker.orca.api.pipeline.models.ExecutionType.ORCHESTRATION import static com.netflix.spinnaker.orca.api.pipeline.models.ExecutionType.PIPELINE -import static java.net.HttpURLConnection.HTTP_NOT_FOUND import static net.logstash.logback.argument.StructuredArguments.value @RestController @@ -168,6 +173,7 @@ class OperationsController { private Map orchestratePipeline(Map pipeline) { long startTime = System.currentTimeMillis() def request = objectMapper.writeValueAsString(pipeline) + Exception pipelineError = null try { pipeline = parseAndValidatePipeline(pipeline) diff --git a/orca-web/src/main/groovy/com/netflix/spinnaker/orca/web/config/WebConfiguration.groovy b/orca-web/src/main/groovy/com/netflix/spinnaker/orca/web/config/WebConfiguration.groovy index 7057fc1657..402b028430 100644 --- a/orca-web/src/main/groovy/com/netflix/spinnaker/orca/web/config/WebConfiguration.groovy +++ b/orca-web/src/main/groovy/com/netflix/spinnaker/orca/web/config/WebConfiguration.groovy @@ -16,8 +16,6 @@ package com.netflix.spinnaker.orca.web.config -import com.netflix.spinnaker.orca.echo.util.ManualJudgmentAuthzGroupsUtil -import com.netflix.spinnaker.orca.front50.Front50Service import groovy.util.logging.Slf4j import javax.servlet.Filter @@ -56,11 +54,6 @@ class WebConfiguration { return new MetricsInterceptor(registry, "controller.invocations", ["application"], ["BasicErrorController"]) } - @Bean - ManualJudgmentAuthzGroupsUtil manualJudgmentAuthzGroupsUtil(Optional front50Service) { - return new ManualJudgmentAuthzGroupsUtil(front50Service) - } - @Bean WebMvcConfigurer webMvcConfigurer(MetricsInterceptor metricsInterceptor) { return new WebMvcConfigurer() {