Commit e21767a6 authored by David Diederich's avatar David Diederich
Browse files

Merge remote-tracking branch 'origin/master' into release/0.4

parents 15265858 eb380640
Pipeline #20777 passed with stages
in 14 minutes and 4 seconds
......@@ -13,6 +13,7 @@ The following software have components provided under the terms of this license:
- AWS Java SDK for AWS KMS (from https://aws.amazon.com/sdkforjava)
- AWS Java SDK for AWS Lambda (from https://aws.amazon.com/sdkforjava)
- AWS Java SDK for AWS STS (from https://aws.amazon.com/sdkforjava)
- AWS Java SDK for AWS Secrets Manager (from https://aws.amazon.com/sdkforjava)
- AWS Java SDK for Amazon CloudWatch Logs (from https://aws.amazon.com/sdkforjava)
- AWS Java SDK for Amazon Cognito Identity Provider Service (from https://aws.amazon.com/sdkforjava)
- AWS Java SDK for Amazon DynamoDB (from https://aws.amazon.com/sdkforjava)
......@@ -80,8 +81,8 @@ The following software have components provided under the terms of this license:
- Lucene Spatial 3D (from )
- Lucene Spatial Extras (from )
- Lucene Suggest (from )
- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Mockito (from http://www.mockito.org)
- Netty/Buffer (from http://netty.io/)
- Netty/Codec (from )
- Netty/Common (from )
......@@ -176,7 +177,7 @@ The following software have components provided under the terms of this license:
- jakarta.xml.bind-api (from )
========================================================================
CC-BY-3.0
CC-BY-2.5
========================================================================
The following software have components provided under the terms of this license:
......@@ -190,11 +191,17 @@ The following software have components provided under the terms of this license:
- tomcat-embed-core (from http://tomcat.apache.org/)
========================================================================
EPL-1.0
CPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- JUnit (from http://junit.org)
========================================================================
EPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- Logback Classic Module (from )
- Logback Core Module (from )
......@@ -287,8 +294,8 @@ The following software have components provided under the terms of this license:
- Java JWT (from http://www.jwt.io)
- Lucene Core (from )
- Lucene Sandbox (from )
- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Mockito (from http://www.mockito.org)
- Netty/Common (from )
- Project Lombok (from https://projectlombok.org)
- SLF4J API Module (from http://www.slf4j.org)
......@@ -355,6 +362,7 @@ unknown
The following software have components provided under the terms of this license:
- Byte Buddy (without dependencies) (from )
- JUnit (from http://junit.org)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- JavaBeans Activation Framework API jar (from )
- jakarta.xml.bind-api (from )
......
......@@ -61,7 +61,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
<version>0.3.11</version>
<version>0.3.14</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
......
......@@ -83,7 +83,7 @@ public class EntitlementsAwsService {
String error_msg="";
String memberEmail=null;
enum ROLES {OWNER, MEMBER,EDITOR, CREATOR};
enum ROLES {OWNER, MEMBER};
/*
Method to get groups
......
......@@ -13,12 +13,19 @@
// limitations under the License.
package org.opengroup.osdu.aws.entitlements.utils;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClientBuilder;
import com.amazonaws.services.simplesystemsmanagement.model.GetParameterRequest;
import com.amazonaws.services.simplesystemsmanagement.model.GetParameterResult;
import org.opengroup.osdu.core.aws.dynamodb.DynamoDBQueryHelper;
import org.opengroup.osdu.core.aws.dynamodb.QueryPageResult;
import org.opengroup.osdu.core.aws.entitlements.*;
import org.opengroup.osdu.core.aws.iam.IAMConfig;
import org.opengroup.osdu.core.aws.lambda.HttpStatusCodes;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.io.IOException;
......@@ -33,6 +40,16 @@ public class EntitlementsHelper {
@Autowired
private GroupsUtil2 groupUtil2;
@Value("${aws.region}")
private String awsRegion;
@Value("${aws.environment}")
private String awsEnvironment;
private AWSSimpleSystemsManagement ssmManager;
private AWSCredentialsProvider amazonAWSCredentials = IAMConfig.amazonAWSCredentials();
String error_msg="";
private static final String ERROR_REASON_UNAUTHORIZED = "The user is not authorized to perform this function";
private static final String ERROR_REASON_SERVER_ERROR = "Internal Server Error";
......@@ -123,9 +140,11 @@ public class EntitlementsHelper {
public String validateJwt(Map<String, String> headers)
{
int httpStatusCode = HttpStatusCodes.UNASSIGNED;
String oauth_custom_scope = "/osdu/" + awsEnvironment + "/oauth-custom-scope";
String oauthCustomScope = getSsmParameter(oauth_custom_scope);
Authorizer authorizer = new Authorizer();
int httpStatusCode = HttpStatusCodes.UNASSIGNED;
Authorizer authorizer = new Authorizer(awsRegion, awsEnvironment);
String memberEmail=null;
// check for valid JWT
// authorization header is lowercase in osdu services but standard is uppercase first letter
......@@ -138,14 +157,10 @@ public class EntitlementsHelper {
{
throw AppException.createForbidden("No JWT token. Access is Forbidden");
}
try {
memberEmail = authorizer.validateJWT(authorizationContents);
}catch(IOException e)
{
httpStatusCode = HttpStatusCodes.INTERNAL_SERVER_ERROR;
error_msg="IOException : Unable to validate JWT. ";
throw new AppException(httpStatusCode, error_msg, ERROR_REASON_SERVER_ERROR);
}
memberEmail = authorizer.validateJWT(authorizationContents,oauthCustomScope);
if(memberEmail == null)
{
......@@ -158,4 +173,18 @@ public class EntitlementsHelper {
}
}
private AWSSimpleSystemsManagement getSsmManager () {
if (this.ssmManager == null) {
this.ssmManager = (AWSSimpleSystemsManagement)((AWSSimpleSystemsManagementClientBuilder)((AWSSimpleSystemsManagementClientBuilder)AWSSimpleSystemsManagementClientBuilder.standard().withCredentials(this.amazonAWSCredentials)).withRegion(awsRegion)).build();
}
return this.ssmManager;
}
private String getSsmParameter(String parameterKey) {
GetParameterRequest paramRequest = (new GetParameterRequest()).withName(parameterKey).withWithDecryption(true);
GetParameterResult paramResult = getSsmManager().getParameter(paramRequest);
return paramResult.getParameter().getValue();
}
}
......@@ -31,3 +31,5 @@ aws.entitlements.admin.email = ${ENTITLEMENTS_ADMIN_EMAIL:service.entitlements.a
aws.entitlements.default.role = ${DEFAULT_ROLE:OWNER}
aws.entitlements.default.limitAmount = ${DEFAULT_LIMIT_AMOUNT:1000000}
aws.environment=${ENVIRONMENT}
\ No newline at end of file
......@@ -43,7 +43,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
<version>0.3.11</version>
<version>0.3.12</version>
</dependency>
......
......@@ -23,6 +23,11 @@ import org.opengroup.osdu.core.common.model.entitlements.GroupInfo;
import org.opengroup.osdu.core.common.model.entitlements.Groups;
import org.opengroup.osdu.entitlements.utils.*;
import org.opengroup.osdu.core.aws.entitlements.MemberInfo;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.sql.Timestamp;
import java.util.*;
......@@ -79,6 +84,41 @@ public class EntitlementsApiTests {
}
@Test
public void should_beAbleToRunApiInParallel_getGroups() throws Exception {
String path = "groups";
ExecutorService executor = Executors.newFixedThreadPool(10);
List<Callable<ClientResponse>> tasks = new ArrayList<>();
for (int i = 0; i < 10; i++) {
Callable<ClientResponse> task = () -> {
try {
return HTTPUtil.send(path, "GET",HTTPUtil.getHeaders(), "", "");
} catch (Exception ex) {
return null;
}
};
tasks.add(task);
}
List<Future<ClientResponse>> responses = executor.invokeAll(tasks);
executor.shutdown();
executor.awaitTermination(120, TimeUnit.SECONDS);
int sucessResponseCount = 0;
int errorResponseCount = 0;
for (Future<ClientResponse> future : responses) {
if (future.get().getStatus() == 200)
sucessResponseCount++;
else
errorResponseCount++;
}
assertEquals(error("Expected all successful responses. Actual " + sucessResponseCount), 10, sucessResponseCount);
assertEquals(error("Unexpected error response returned"), 0, errorResponseCount);
}
@Test
public void getGroupsTest_noToken_thenForbidden() throws Exception {
String path = "groups";
......@@ -148,6 +188,50 @@ public class EntitlementsApiTests {
}
@Test
public void should_onlyCreateMax1Resource_and_return409ForTheRest_when_creatingTheSameResourceInParallel_createGroup() throws Exception {
String path = "groups";
String token = client.getToken(AwsConfig.getAWSCognitoTestUsername(),AwsConfig.getAWSCognitoTestUserPassword(),"bearer");
Timestamp timestamp = new Timestamp(System.currentTimeMillis());
String ts= Long.toString(timestamp.getTime());
String groupName= "int-test-group-test-parallel"+ts;
String groupDescription = "int-test-group-test-parallel";
Map<String, String> group = new HashMap();
group.put("name",groupName);
group.put("description", groupDescription);
String newGroupRequestBody = new Gson().toJson(group);
ExecutorService executor = Executors.newFixedThreadPool(8);
List<Callable<ClientResponse>> tasks = new ArrayList<>();
for (int i = 0; i < 8; i++) {
Callable<ClientResponse> task = () -> {
try {
return HTTPUtil.send(path, "POST",HTTPUtil.getHeaders(AwsConfig.getTenant(), token), newGroupRequestBody, "");
} catch (Exception ex) {
return null;
}
};
tasks.add(task);
}
List<Future<ClientResponse>> responses = executor.invokeAll(tasks);
executor.shutdown();
executor.awaitTermination(20, TimeUnit.SECONDS);
int sucessResponseCount = 0;
int non409ErrorResponseCount = 0;
for (Future<ClientResponse> future : responses) {
if (future.get().getStatus() == HttpStatus.SC_OK)
sucessResponseCount++;
else if (future.get().getStatus() != 409)
non409ErrorResponseCount++;
}
assertTrue(error("Expected 1 successful response. Actual " + sucessResponseCount), sucessResponseCount <= 1);
assertEquals(error("Unexpected error response returned"), 0, non409ErrorResponseCount);
}
@Test
public void createGroup_noToken_Forbiddden() throws Exception {
......@@ -349,7 +433,9 @@ public class EntitlementsApiTests {
}
protected String error(String body) {
return String.format("%s", body);
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment