Commit 850aa5ae authored by Diego Molteni's avatar Diego Molteni
Browse files

fixed service and data group

parent ef0a5eb8
......@@ -30,14 +30,6 @@ export class AuthGroups {
return 'users.datalake.admins';
}
public static seistoreServicePrefix(): string {
return 'service.seistore.' + Config.SERVICE_ENV;
}
public static systemAdminGroupName(): string {
return this.seistoreServicePrefix() + '.admin';
}
public static async createGroup(
userToken: string, groupName: string, groupDescription: string, esd: string, appkey: string) {
await DESEntitlement.createGroup(userToken, groupName,
......
......@@ -130,6 +130,7 @@ export abstract class Config implements IConfig {
// DataGroups prefix
public static DATAGROUPS_PREFIX = 'data.sdms'
public static SERVICEGROUPS_PREFIX = 'service.seistore'
// Server SSL
public static SSL_ENABLED = false;
......
......@@ -20,20 +20,20 @@ import { TenantGroups } from '../tenant';
export class SubprojectGroups {
public static groupPrefix(tenantName: string, subprojectName: string): string {
return TenantGroups.groupPrefix(tenantName) + '.' + subprojectName;
public static serviceGroupPrefix(tenantName: string, subprojectName: string): string {
return TenantGroups.serviceGroupPrefix(tenantName) + '.' + subprojectName;
}
public static serviceAdminGroupName(tenant: string, subproject: string): string {
return this.groupPrefix(tenant, subproject) + '.admin';
return this.serviceGroupPrefix(tenant, subproject) + '.admin';
}
public static serviceEditorGroupName(tenant: string, subproject: string): string {
return this.groupPrefix(tenant, subproject) + '.editor';
return this.serviceGroupPrefix(tenant, subproject) + '.editor';
}
public static serviceViewerGroupName(tenant: string, subproject: string): string {
return this.groupPrefix(tenant, subproject) + '.viewer';
return this.serviceGroupPrefix(tenant, subproject) + '.viewer';
}
public static serviceAdminGroup(tenant: string, subproject: string, esd: string): string {
......@@ -48,21 +48,26 @@ export class SubprojectGroups {
return this.serviceViewerGroupName(tenant, subproject) + '@' + esd;
}
public static serviceGroupNameRegExp(tenant: string, subproject: string): RegExp {
return new RegExp(this.serviceGroupPrefix(tenant, subproject));
}
public static dataAdminGroup(tenant: string, subproject: string, esd: string): string {
return Config.DATAGROUPS_PREFIX + '.' + tenant + '.' + subproject + '.' + uuidv4() + '.admin' + '@' + esd;
// ====================================================================================================
public static dataGroupPrefix(tenant: string, subproject: string): string {
return TenantGroups.dataGroupPrefix(tenant) + '.' + subproject;
}
public static dataViewerGroup(tenant: string, subproject: string, esd: string): string {
return Config.DATAGROUPS_PREFIX + '.' + tenant + '.' + subproject + '.' + uuidv4() + '.viewer' + '@' + esd;
public static dataAdminGroup(tenant: string, subproject: string, esd: string): string {
return this.dataGroupPrefix(tenant, subproject) + '.' + uuidv4() + '.admin' + '@' + esd;
}
public static serviceGroupNameRegExp(tenant: string, subproject: string): RegExp {
return new RegExp(SubprojectGroups.groupPrefix(tenant, subproject));
public static dataViewerGroup(tenant: string, subproject: string, esd: string): string {
return this.dataGroupPrefix(tenant, subproject) + '.' + uuidv4() + '.viewer' + '@' + esd;
}
public static dataGroupNameRegExp(tenant: string, subproject: string): RegExp {
return new RegExp(Config.DATAGROUPS_PREFIX + '.' + tenant + '.' + subproject);
return new RegExp(this.dataGroupPrefix(tenant, subproject));
}
}
......@@ -15,12 +15,16 @@
// ============================================================================
import { TenantModel } from '.';
import { AuthGroups } from '../../auth';
import { Config } from '../../cloud';
export class TenantGroups {
public static groupPrefix(tenantName: string): string {
return AuthGroups.seistoreServicePrefix() + '.' + tenantName;
public static serviceGroupPrefix(tenantName: string): string {
return Config.SERVICEGROUPS_PREFIX + '.' + Config.SERVICE_ENV + '.' + tenantName;
}
public static dataGroupPrefix(tenantName: string): string {
return Config.DATAGROUPS_PREFIX + '.' + tenantName;
}
public static adminGroupName(tenant: TenantModel): string {
......
......@@ -177,7 +177,7 @@ export class UserHandler {
req.headers.authorization, datagroup, userEmail,
tenant.esd, req[Config.DE_FORWARD_APPKEY]));
// add user as owner of the
// add user as owner of the
await AuthGroups.addUserToGroup(req.headers.authorization,
datagroup, userEmail, tenant.esd, req[Config.DE_FORWARD_APPKEY], 'OWNER');
......@@ -318,8 +318,8 @@ export class UserHandler {
tenant.esd, req[Config.DE_FORWARD_APPKEY]);
const prefix = sdPath.subproject ?
SubprojectGroups.groupPrefix(sdPath.tenant, sdPath.subproject) :
TenantGroups.groupPrefix(sdPath.tenant);
SubprojectGroups.serviceGroupPrefix(sdPath.tenant, sdPath.subproject) :
TenantGroups.serviceGroupPrefix(sdPath.tenant);
const journalClient = JournalFactoryTenantClient.get(tenant);
......
......@@ -96,28 +96,28 @@ export class UtilityHandler {
// list accessible tenants for sdpaths <sd://>
if (!sdPath.tenant) {
const tenants = await TenantDAO.getAll();
const uniqueTenants = tenants
const parititons = tenants
.map((t) => DESUtils.getDataPartitionID(t.esd))
.filter((val, index, self) => self.indexOf(val) === index);
// Fetch all entitlements for each unique tenant that the user has access to
const entitlements = [];
for (const item of uniqueTenants) {
const entitlementCalls = [];
for (const partition of parititons) {
try {
entitlements.push(await DESEntitlement.getUserGroups(
req.headers.authorization, item, req[Config.DE_FORWARD_APPKEY]));
entitlementCalls.push(await DESEntitlement.getUserGroups(
req.headers.authorization, partition, req[Config.DE_FORWARD_APPKEY]));
} catch (error) { continue; }
}
// Filter tenants which the user does not belong
return entitlements
.map((entitlementList) => entitlementList
.filter((el) => this.validateEntitlements(el) &&
el.name.startsWith(AuthGroups.seistoreServicePrefix()))
.map((el) => el.name.split('.')[3])
.filter((item, pos, self) => self.indexOf(item) === pos))
.reduce((carry, entitlementList) => carry.concat(entitlementList), []);
let groups = entitlementCalls.reduce(
(carry, groupList) => carry.concat(groupList), []) as IDESEntitlementGroupModel[];
groups = groups.filter(group => this.validateEntitlements(group)); // only valid seismic-dsm group
const listTenants: string[] = groups.map((group) => {
return group.name.startsWith(Config.SERVICEGROUPS_PREFIX) ?
group.name.split('.')[3] : group.name.split('.')[2]}); // tenant name
return listTenants.filter((item, pos, self) => self.indexOf(item) === pos); // make unique
}
// list the tenant subprojects for sdpaths <sd://tenant>
......@@ -129,26 +129,29 @@ export class UtilityHandler {
if (!sdPath.subproject) {
const entitlementTenant = DESUtils.getDataPartitionID(tenant.esd);
const groups = await DESEntitlement.getUserGroups(
let groups = await DESEntitlement.getUserGroups(
req.headers.authorization, entitlementTenant, req[Config.DE_FORWARD_APPKEY]);
// List of all the subprojects including the ones which were previously deleted
const allSubProjects = groups.filter((el) => this.validateEntitlements(el) &&
el.name.startsWith(TenantGroups.groupPrefix(sdPath.tenant)))
.map((el) => el.name.split('.')[4])
.filter((item, pos, self) => self.indexOf(item) === pos);
// Filter tenants which the user does not belong
groups = groups.filter(group => this.validateEntitlements(group)); // only valid seismic-dsm group
groups = groups.filter(group => group.name.startsWith( // get both data and service groups
TenantGroups.serviceGroupPrefix(sdPath.tenant))).concat(
groups.filter(group => group.name.startsWith(
TenantGroups.dataGroupPrefix(sdPath.tenant))));
let listSubprojects: string[] = groups.map((group) => { // retrieve the subproject name
return group.name.startsWith(Config.SERVICEGROUPS_PREFIX) ?
group.name.split('.')[4] : group.name.split('.')[3]})
listSubprojects = listSubprojects.filter((item, pos, self) => self.indexOf(item) === pos);
// Registered subprojects in the journal
const registeredSubprojects = (await SubProjectDAO.list(journalClient, sdPath.tenant))
.map(sp => sp.name)
const listRegisteredSubprojects = (
await SubProjectDAO.list(journalClient, sdPath.tenant)).map(item => item.name)
// Intersection of two lists above
return allSubProjects.filter((sp) => registeredSubprojects.includes(sp))
return listSubprojects.filter((sp) => listRegisteredSubprojects.includes(sp))
}
// list the folder content for sdpaths <sd://tenant/subproject>
const dataset = {} as DatasetModel;
dataset.tenant = sdPath.tenant;
......@@ -185,12 +188,9 @@ export class UtilityHandler {
}
private static validateEntitlements(el: IDESEntitlementGroupModel): boolean {
return (el.name.match(/\./g) || []).length === 5 &&
(el.name.endsWith(AuthRoles.admin) ||
el.name.endsWith(AuthRoles.editor) ||
el.name.endsWith(AuthRoles.viewer));
return (( el.name.startsWith(Config.SERVICEGROUPS_PREFIX) || el.name.startsWith(Config.DATAGROUPS_PREFIX)) &&
(el.name.endsWith(AuthRoles.admin) || el.name.endsWith(AuthRoles.editor) || el.name.endsWith(AuthRoles.viewer)))
}
// copy datasets (same tenancy required)
private static async cp(req: expRequest) {
......
......@@ -36,8 +36,6 @@ export class TestAuthGroups {
afterEach(() => { this.spy.restore(); });
this.datalakeUserAdminGroupName();
this.seistoreServicePrefix();
this.systemAdminGroupName();
this.createGroup();
this.clearGroup();
this.addUserToGroup();
......@@ -63,22 +61,6 @@ export class TestAuthGroups {
}
private static seistoreServicePrefix() {
Tx.sectionInit('get seistore service prefix ');
Tx.test((done: any) => {
Tx.checkTrue(AuthGroups.seistoreServicePrefix() === 'service.seistore.' + Config.SERVICE_ENV, done);
});
}
private static systemAdminGroupName() {
Tx.sectionInit('get system admin group name');
Tx.test((done: any) => {
Tx.checkTrue(AuthGroups.systemAdminGroupName() === 'service.seistore.' + Config.SERVICE_ENV + '.admin', done);
});
}
private static createGroup() {
Tx.sectionInit('create group');
......
......@@ -250,7 +250,7 @@ export class TestUserSVC {
Tx.testExp(async (done: any, expReq: expRequest, expRes: expResponse) => {
expReq.query.sdpath = 'sd://tnx/spx';
const prefix = SubprojectGroups.groupPrefix('tnx', 'spx');
const prefix = SubprojectGroups.serviceGroupPrefix('tnx', 'spx');
this.spy.stub(TenantDAO, 'get').resolves({} as any);
this.spy.stub(AuthGroups, 'getUserGroups').resolves([{ name: prefix + '.abc' }] as any);
this.spy.stub(SubProjectDAO, 'list').resolves([{ name: 'spx' } as SubProjectModel] as any)
......@@ -260,7 +260,7 @@ export class TestUserSVC {
Tx.testExp(async (done: any, expReq: expRequest, expRes: expResponse) => {
expReq.query.sdpath = 'sd://tnx/spx';
const prefix = SubprojectGroups.groupPrefix('tnx', 'spx');
const prefix = SubprojectGroups.serviceGroupPrefix('tnx', 'spx');
this.spy.stub(TenantDAO, 'get').resolves({} as any);
this.spy.stub(AuthGroups, 'getUserGroups').resolves([{ name: prefix + '.abc.abc' }] as any);
this.spy.stub(SubProjectDAO, 'list').resolves([{ name: 'spx' } as SubProjectModel] as any)
......
......@@ -142,7 +142,7 @@ export class TestUtilitySVC {
Tx.testExp(async (done: any, expReq: expRequest, expRes: expResponse) => {
expReq.query.sdpath = 'sd://tnx';
const prefix = TenantGroups.groupPrefix('tnx');
const prefix = TenantGroups.serviceGroupPrefix('tnx');
this.sandbox.stub(TenantDAO, 'get').resolves({} as any);
this.sandbox.stub(DESUtils, 'getDataPartitionID');
this.sandbox.stub(DESEntitlement, 'getUserGroups').resolves([{ name: prefix + '.spx.admin' }] as never);
......@@ -154,7 +154,7 @@ export class TestUtilitySVC {
Tx.testExp(async (done: any, expReq: expRequest, expRes: expResponse) => {
expReq.query.sdpath = 'sd://tnx';
const prefix = TenantGroups.groupPrefix('tnx');
const prefix = TenantGroups.serviceGroupPrefix('tnx');
this.sandbox.stub(TenantDAO, 'get').resolves({} as any);
this.sandbox.stub(DESUtils, 'getDataPartitionID');
this.sandbox.stub(DESEntitlement, 'getUserGroups').resolves([{ name: prefix + '.spx.editor' }] as never);
......@@ -166,7 +166,7 @@ export class TestUtilitySVC {
Tx.testExp(async (done: any, expReq: expRequest, expRes: expResponse) => {
expReq.query.sdpath = 'sd://tnx';
const prefix = TenantGroups.groupPrefix('tnx');
const prefix = TenantGroups.serviceGroupPrefix('tnx');
this.sandbox.stub(TenantDAO, 'get').resolves({} as any);
this.sandbox.stub(DESUtils, 'getDataPartitionID');
this.sandbox.stub(DESEntitlement, 'getUserGroups').resolves([{ name: prefix + '.spx.viewer' }] as never);
......@@ -178,7 +178,7 @@ export class TestUtilitySVC {
Tx.testExp(async (done: any, expReq: expRequest, expRes: expResponse) => {
expReq.query.sdpath = 'sd://tnx';
const prefix = TenantGroups.groupPrefix('tnx');
const prefix = TenantGroups.serviceGroupPrefix('tnx');
this.sandbox.stub(TenantDAO, 'get').resolves({} as any);
this.sandbox.stub(DESUtils, 'getDataPartitionID');
this.sandbox.stub(DESEntitlement, 'getUserGroups').resolves([{ name: '' }] as never);
......@@ -222,19 +222,19 @@ export class TestUtilitySVC {
const userGroupsStub = this.sandbox.stub(DESEntitlement, 'getUserGroups');
userGroupsStub.onCall(0).resolves([{
'name': `service.seistore.${Config.SERVICE_ENV}.tenant-a.subproj01.admin`,
'email': `service.seistore.${Config.SERVICE_ENV}.tenant-a.subproj01.admin@dp.p4d.domain.com`
'name': `${Config.SERVICEGROUPS_PREFIX}.${Config.SERVICE_ENV}.tenant-a.subproj01.admin`,
'email': `${Config.SERVICEGROUPS_PREFIX}.${Config.SERVICE_ENV}.tenant-a.subproj01.admin@dp.p4d.domain.com`
}, {
'name': `service.seistore.${Config.SERVICE_ENV}.tenant-a.admin`,
'email': `service.seistore.${Config.SERVICE_ENV}.tenant-a.admin@dp.p4d.domain.com`
'name': `${Config.SERVICEGROUPS_PREFIX}.${Config.SERVICE_ENV}.tenant-a.admin`,
'email': `${Config.SERVICEGROUPS_PREFIX}.${Config.SERVICE_ENV}.tenant-a.admin@dp.p4d.domain.com`
}] as IDESEntitlementGroupModel[]);
userGroupsStub.onCall(1).resolves([{
'name': `service.seistore.${Config.SERVICE_ENV}.tenant-c.subproj2.admin`,
'email': `service.seistore.${Config.SERVICE_ENV}.tenant-c.subproj2.admin@dp02.p4d.domain.com`
'name': `${Config.SERVICEGROUPS_PREFIX}.${Config.SERVICE_ENV}.tenant-c.subproj2.admin`,
'email': `${Config.SERVICEGROUPS_PREFIX}.${Config.SERVICE_ENV}.tenant-c.subproj2.admin@dp02.p4d.domain.com`
}, {
'name': `service.seistore.${Config.SERVICE_ENV}.tenant-c.admin`,
'email': `service.seistore.${Config.SERVICE_ENV}.tenant-c.admin@dp02.p4d.domain.com`
'name': `${Config.SERVICEGROUPS_PREFIX}.${Config.SERVICE_ENV}.tenant-c.admin`,
'email': `${Config.SERVICEGROUPS_PREFIX}.${Config.SERVICE_ENV}.tenant-c.admin@dp02.p4d.domain.com`
}] as IDESEntitlementGroupModel[]);
const responseStub = this.sandbox.stub(Response, 'writeOK');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment