Limiting spawn to fetch log from only minions.

hydra-main/src/main/java/com/addthis/hydra/job/web/SpawnServiceConfiguration.java

@@ -44,6 +44,7 @@ public class SpawnServiceConfiguration {
     @Nullable public final String keyStorePath;
     @Nullable public final String keyStorePassword;
     @Nullable public final String keyManagerPassword;
+    @Nullable public final String minionHostnameAllowed;
 
     public static final SpawnServiceConfiguration SINGLETON;
 
@@ -70,7 +71,8 @@ public SpawnServiceConfiguration(@JsonProperty(value = "webPort", required = tru
                                      @JsonProperty(value = "groupLogDir") String groupLogDir,
                                      @JsonProperty(value = "keyStorePath") String keyStorePath,
                                      @JsonProperty(value = "keyStorePassword") String keyStorePassword,
-                                     @JsonProperty(value = "keyManagerPassword") String keyManagerPassword) {
+                                     @JsonProperty(value = "keyManagerPassword") String keyManagerPassword,
+                                     @JsonProperty(value = "minionHostnameAllowed") String minionHostnameAllowed){
         this.webPort = webPort;
         this.webPortSSL = webPortSSL;
         this.requireSSL = requireSSL;
@@ -86,6 +88,7 @@ public SpawnServiceConfiguration(@JsonProperty(value = "webPort", required = tru
         this.keyStorePath = keyStorePath;
         this.keyStorePassword = keyStorePassword;
         this.keyManagerPassword = keyManagerPassword;
+        this.minionHostnameAllowed = minionHostnameAllowed;
     }
 
 }

hydra-main/src/main/java/com/addthis/hydra/job/web/resources/JobsResource.java

@@ -121,10 +121,12 @@ public class JobsResource implements Closeable {
     private final JobRequestHandler requestHandler;
     private final CodecJackson validationCodec;
     private final CloseableHttpClient httpClient;
+    private final String minionHostnameAllowed;
 
     public JobsResource(Spawn spawn, SpawnServiceConfiguration configuration, JobRequestHandler requestHandler) {
         this.spawn = spawn;
         this.maxLogFileLines = configuration.maxLogFileLines;
+        this.minionHostnameAllowed = configuration.minionHostnameAllowed;
         this.requestHandler = requestHandler;
         this.httpClient = HttpClients.createDefault();
         CodecJackson defaultCodec = Jackson.defaultCodec();
@@ -918,6 +920,9 @@ public Response getJobTaskLog(@PathParam("jobID") String jobID,
             if (minion == null) {
                 body.put("error", "Missing required query parameter 'minion'");
                 return Response.status(Response.Status.BAD_REQUEST).entity(body.toString()).build();
+            } else if (!minion.matches(minionHostnameAllowed)) {
+                body.put("error", "This 'minion' is not an allowed host");
+                return Response.status(Response.Status.BAD_REQUEST).entity(body.toString()).build();
             } else if (node == null) {
                 body.put("error", "Missing required query parameter 'node'");
                 return Response.status(Response.Status.BAD_REQUEST).entity(body.toString()).build();