entitlements-azure issueshttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/issues2021-07-02T00:16:08Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/issues/7Upgrade Core Common Dependency2021-07-02T00:16:08ZDavid Diederichd.diederich@opengroup.orgUpgrade Core Common Dependencyhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/issues/8Upgrade Core Azure Dependency2021-06-29T22:08:52ZDavid Diederichd.diederich@opengroup.orgUpgrade Core Azure Dependencyhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/issues/2[Bug] Incorrect regular expression for validating email pattern2021-06-16T22:17:24ZAalekh Jain[Bug] Incorrect regular expression for validating email patternThe regular expression for validating email [here](https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/blob/master/src/main/java/org/opengroup/osdu/azure/entitlements/service/EntitlementsAzure.java#...The regular expression for validating email [here](https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/blob/master/src/main/java/org/opengroup/osdu/azure/entitlements/service/EntitlementsAzure.java#L102) results in an incorrect validation.
```java
private static final Pattern emailPattern = Pattern.compile("^(.+)@(.+?)\\.(.+?)$");
```
Refer to the test [here](https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/commit/6ef9ae937a5895db8a99bcaf310b83d56672606f). The test should throw an exception because of [this](https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/blob/master/src/main/java/org/opengroup/osdu/azure/entitlements/service/EntitlementsAzure.java#L508) line. Even when an invalid email id is given in this test, it returns true from [`isValidEmail`
](https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/blob/master/src/main/java/org/opengroup/osdu/azure/entitlements/service/EntitlementsAzure.java#L531) method and does not result in exception, thereby treating the given id as `USER`. (Object type `USER` is returned from the method [`getObjectTypeForInputId`](https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/blob/master/src/main/java/org/opengroup/osdu/azure/entitlements/service/EntitlementsAzure.java#L500)).
cc: @kibattul @polavishnu @kiveeraphttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/issues/6[Bug] Return 404 instead of 200 if remove non-exist member of a group2021-01-20T14:37:24ZMingyang Zhu[Bug] Return 404 instead of 200 if remove non-exist member of a groupThe service currently returns 200 when removing a member from a group and the member does not exist in the group. We should return 409 in such caseThe service currently returns 200 when removing a member from a group and the member does not exist in the group. We should return 409 in such caseMingyang ZhuMingyang Zhuhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/issues/5Upgrade package to resolve High and Critical security vulnerability2021-01-04T19:25:35ZMingyang ZhuUpgrade package to resolve High and Critical security vulnerabilityThe following libraries have been reported containing High or Critical security vulnerabilities from whitesource. We need to upgrade the libraries to resolve the whitesource alert.
simple-xml-2.7.1.jar
Policy Violation
Security Severi...The following libraries have been reported containing High or Critical security vulnerabilities from whitesource. We need to upgrade the libraries to resolve the whitesource alert.
simple-xml-2.7.1.jar
Policy Violation
Security Severity - Critical
Java
19-11-2020
19-11-2020
1 project details
woodstox-core-5.0.3.jar
Policy Violation
Security Severity - Critical
Java
28-10-2020
28-10-2020
1 project details
tomcat-embed-core-9.0.21.jar
Policy Violation
Security Severity - High
Java
13-10-2020
13-10-2020
1 project details
snakeyaml-1.23.jar
Policy Violation
Security Severity - High
Java
13-10-2020
13-10-2020
1 project details
elasticsearch-6.4.3.jar
Policy Violation
Security Severity - High
Java
13-10-2020
13-10-2020
1 project details
spring-web-5.1.10.RELEASE.jar
Policy Violation
Security Severity - Critical
Java
13-10-2020
13-10-2020
1 project detailsMingyang ZhuMingyang Zhuhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/issues/4[Feature] API to list group on behalf of user2020-12-07T15:18:43ZMingyang Zhu[Feature] API to list group on behalf of userMingyang ZhuMingyang Zhuhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/issues/3[Feature] Data Admin service account whitelist2020-12-04T19:17:33ZMingyang Zhu[Feature] Data Admin service account whitelistData Admin is a role that has permission to all the data. Ideally, there is a data admin permission group and will be automatically granted data permission whenever this is new data group created. The logic will be moved to osdu together...Data Admin is a role that has permission to all the data. Ideally, there is a data admin permission group and will be automatically granted data permission whenever this is new data group created. The logic will be moved to osdu together with osdu entitlements v2 service.
The current implementation of the osdu entitlements service does not support group hierarchy yet, so as a stop-gap solution, we implement a static configuration file to whitelist all the data admin service accounts and implement the logic to return all data groups for the whitelisted service accounts.Mingyang ZhuMingyang Zhuhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-azure/-/issues/1Disabling AAD Authentication from R2 Services2020-09-18T10:34:04ZKiran VeerapaneniDisabling AAD Authentication from R2 Services## Context and Scope
With the Introduction of Istio to the Azure Platform, Authentication will be done at Istio Proxy. So AAD authentication will be disabled.
To make it backward compatible, In R2 services AAD authentication will be D...## Context and Scope
With the Introduction of Istio to the Azure Platform, Authentication will be done at Istio Proxy. So AAD authentication will be disabled.
To make it backward compatible, In R2 services AAD authentication will be Disabled Using "azure_istioauth_enabled" env variable.
In Entitlement Service New Authentication Filter will be Introduced to decode payload coming from Istio proxy and set security context which is required for Authorization.2020-09-14