For some endpoints, they are expected to be called by cron jobs and task queues only. For them, enforce by checking app engine headers for cron and task queue requests.
The following revision refers to this bug: https://chromium.googlesource.com/infra/infra/+/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09 commit 7397dbbc200f1fcc44f7ffc1adc18a98437e3a09 Author: Shuotao Gao <stgao@chromium.org> Date: Wed Aug 23 22:51:16 2017 [Findit] Add permission APP_SELF for cron jobs and task queues. 1. Add a new permission APP_SELF for http endpoints that only allow requests from cron jobs and task queues. 2. Switch the permission of all http handlers for cron jobs and task queues from ADMIN/CORP_USER to APP_SELF. 3. Move task queue handlers to /waterfall/task/* and cron job handlers to /waterfall/cron/*. 4. Move cron jobs handlers to module waterfall-backend. Bug: 757551 Change-Id: I9669d9c22bd5e92c4f94eacf1ed6409359cba611 Reviewed-on: https://chromium-review.googlesource.com/624706 Reviewed-by: Chan Li <chanli@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Shuotao Gao <stgao@chromium.org> [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/dispatch.yaml [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/process_flake_analysis_request.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/test/check_reverted_cls_test.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/calculate_confidence_scores.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/process_flake_swarming_task_request.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/main.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/test/obscure_emails_test.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/common/constants.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/module-waterfall-backend.yaml [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/gae_libs/handlers/test/base_handler_test.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/test/process_failure_analysis_requests_test.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/process_failure_analysis_requests.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/cron.yaml [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/test/periodic_bot_update_test.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/check_reverted_cls.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/test/calculate_confidence_scores_test.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/obscure_emails.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/test/process_flake_swarming_task_request_test.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/collect_tree_closures.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/test/collect_tree_closures_test.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/test/process_flake_analysis_request_test.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/handlers/periodic_bot_update.py [modify] https://crrev.com/7397dbbc200f1fcc44f7ffc1adc18a98437e3a09/appengine/findit/gae_libs/handlers/base_handler.py
Comment 1 by st...@chromium.org
, Aug 21 2017