IBM provider impl

3e52923f · Bhushan Rade · Anuj Gupta · 8a957fbd · 3e52923f · 3e52923f
Commit 3e52923f authored Jun 22, 2021 by Bhushan Rade Committed by Anuj Gupta Jun 22, 2021
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,8 @@
 **/dependency-reduced-pom.xml
 **/*.pyc
 /dist/
+.project
+.settings/
+.metadata
+.classpath
+.factorypath
\ No newline at end of file
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,6 +9,9 @@ variables:
  AWS_SERVICE: entitlements-v2
  AWS_ENVIRONMENT: dev

+  IBM_BUILD_SUBDIR: provider/entitlements-v2-ibm
+  IBM_INT_TEST_SUBDIR: testing/entitlements-v2-test-ibm
+
  OSDU_GCP_HELM_PACKAGE_CHARTS: "devops/gcp/deploy devops/gcp/configmap"


@@ -33,3 +36,7 @@ include:

  - project: "osdu/platform/ci-cd-pipelines"
    file: "publishing/pages.yml"
+    
+  - project: "osdu/platform/ci-cd-pipelines"
+    ref: "entitlements-v2-ibm-cicd"
+    file: "cloud-providers/ibm.yml"
--- a/pom.xml
+++ b/pom.xml
@@ -22,6 +22,7 @@
        <module>provider/entitlements-v2-azure</module>
        <module>provider/entitlements-v2-gcp</module>
        <module>provider/entitlements-v2-aws</module>
+		<module>provider/entitlements-v2-ibm</module>
    </modules>

    <licenses>

--- a/provider/entitlements-v2-ibm/pom.xml
+++ b/provider/entitlements-v2-ibm/pom.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <properties>
+        <java.version>8</java.version>
+        <os-core-lib-ibm.version>0.10.0-SNAPSHOT</os-core-lib-ibm.version>
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <maven.compiler.source>1.8</maven.compiler.source>
+    </properties>
+
+    <parent>
+        <groupId>org.opengroup.osdu.entitlements.v2</groupId>
+        <artifactId>entitlements-v2-service</artifactId>
+        <version>0.10.0-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>entitlements-v2-ibm</artifactId>
+    <name>entitlements-v2-ibm</name>
+
+    <dependencies>
+
+	<dependency>
+		<groupId>org.opengroup.osdu</groupId>
+		<artifactId>os-core-lib-ibm</artifactId>
+		<version>${os-core-lib-ibm.version}</version>
+	</dependency>
+	<dependency>
+		<groupId>org.opengroup.osdu.entitlements.v2</groupId>
+		<artifactId>entitlements-v2-core</artifactId>
+		<version>${project.version}</version>
+	</dependency>
+	<dependency>
+		<groupId>org.projectlombok</groupId>
+		<artifactId>lombok</artifactId>
+		<scope>provided</scope>
+	</dependency>
+	<dependency>
+		<groupId>io.lettuce</groupId>
+		<artifactId>lettuce-core</artifactId>
+		<!-- <version>5.3.0.RELEASE</version> -->
+	</dependency>
+
+	<dependency>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter</artifactId>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-security</artifactId>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework.security</groupId>
+		<artifactId>spring-security-oauth2-client</artifactId>
+	</dependency>
+	<dependency>
+		<groupId>org.springframework.security</groupId>
+		<artifactId>spring-security-oauth2-jose</artifactId>
+	</dependency>
+
+	<dependency>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-web</artifactId>
+	</dependency>
+	<dependency>
+		<groupId>io.projectreactor.netty</groupId>
+		<artifactId>reactor-netty</artifactId>
+	</dependency>
+	<dependency>
+		<groupId>io.projectreactor</groupId>
+		<artifactId>reactor-core</artifactId>
+	</dependency>
+	<dependency>
+		<groupId>org.apache.commons</groupId>
+		<artifactId>commons-pool2</artifactId>
+		<!-- <version>2.8.0</version> -->
+	</dependency>
+	<dependency>
+		<groupId>io.github.resilience4j</groupId>
+		<artifactId>resilience4j-retry</artifactId>
+		<version>1.4.0</version>
+	</dependency>
+      
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        
+    </dependencies>
+     <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                        <configuration>
+                            <classifier>spring-boot</classifier>
+                            <mainClass>org.opengroup.osdu.entitlements.v2.ibm.EntitlementsV2Application</mainClass>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.jacoco</groupId>
+                <artifactId>jacoco-maven-plugin</artifactId>
+                <version>0.8.6</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>prepare-agent</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>report</id>
+                        <phase>test</phase>
+                        <goals>
+                            <goal>report</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+   
+</project>
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/EntitlementsV2Application.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/EntitlementsV2Application.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm;
+
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.scheduling.annotation.EnableAsync;
+
+@ComponentScan({
+        "org.opengroup.osdu.core",
+        "org.opengroup.osdu.ibm",
+        "org.opengroup.osdu.entitlements.v2"
+})
+@SpringBootApplication
+@EnableAsync
+public class EntitlementsV2Application {
+    public static void main(String[] args) {
+        Class<?>[] sources = new Class<?>[]{
+                EntitlementsV2Application.class
+
+        };
+        SpringApplication.run(sources, args);
+    }
+}
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/IBMAppProperties.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/IBMAppProperties.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm;
+
+import lombok.Getter;
+import org.opengroup.osdu.entitlements.v2.AppProperties;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@Component
+@Getter
+public class IBMAppProperties extends AppProperties {
+
+    public static final String DEFAULT_APPID_KEY = "NA";
+
+    @Value("${redishost}")
+    private String redishost;
+    @Value("${redisport}")
+    private String redisport;
+    @Value("${rediskey:}")
+    private String rediskey;
+    @Value("${redis.partition.association}")
+    private int redispartitionAssociation;
+    @Value("${partition.entitynode}")
+    private int partitionEntityNode;
+    @Value("${partition.parent.ref}")
+    private int partitionParentRef;
+    @Value("${partition.children.ref}")
+    private int partitionChildrenRef;
+    @Value("${partition.appid}")
+    private int partitionAppId;
+
+    public String getRedisHost() {
+        return redishost;
+    }
+
+    public int getRedisPort() {
+        return Integer.parseInt(redisport);
+    }
+    
+    public String getRedisKey() {
+        return rediskey;
+    }
+    
+
+    public int getRedisPartitionAssociation() {
+        return redispartitionAssociation;
+    }
+
+
+    public int getPartitionEntityNode() {
+        return partitionEntityNode;
+    }
+
+    public int getPartitionParentRef() {
+        return partitionParentRef;
+    }
+
+    public int getPartitionChildrenRef() {
+        return partitionChildrenRef;
+    }
+
+    public int getPartitionAppId() {
+        return partitionAppId;
+    }
+
+    @Override
+    public List<String> getInitialGroups() {
+        List<String> initialGroups = new ArrayList<>();
+        initialGroups.add("/provisioning/groups/datalake_user_groups.json");
+        initialGroups.add("/provisioning/groups/datalake_service_groups.json");
+        initialGroups.add("/provisioning/groups/data_groups.json");
+        return initialGroups;
+    }
+
+    @Override
+    public String getGroupsOfServicePrincipal() {
+        return "/provisioning/accounts/groups_of_service_principal.json";
+    }
+
+    @Override
+    public List<String> getProtectedMembers() {
+        List<String> filePaths = new ArrayList<>();
+        filePaths.add("/provisioning/groups/data_groups.json");
+        filePaths.add("/provisioning/groups/datalake_service_groups.json");
+        return filePaths;
+    }
+
+    @Override
+    public List<String> getGroupsOfInitialUsers() {
+        List<String> groupsOfInitialUsers = new ArrayList<>();
+        groupsOfInitialUsers.add(getGroupsOfServicePrincipal());
+        return groupsOfInitialUsers;
+    }
+}
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/interceptor/InterceptorConfig.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/interceptor/InterceptorConfig.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm.interceptor;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class InterceptorConfig implements WebMvcConfigurer {
+    @Autowired
+    private RequestHeaderInterceptor requestHeaderInterceptor;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(requestHeaderInterceptor).addPathPatterns("/**").excludePathPatterns("/_ah/**");
+    }
+}
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/interceptor/RequestHeaderInterceptor.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/interceptor/RequestHeaderInterceptor.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm.interceptor;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
+import org.opengroup.osdu.core.common.model.http.DpsHeaders;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+
+@Component
+public class RequestHeaderInterceptor implements HandlerInterceptor {
+
+    @Autowired
+    DpsHeaders dpsheaders;
+
+    @Autowired
+    private JaxRsDpsLog log;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {
+        log.debug("Intercepted the request in Handler for extracting user/service principal.");
+        Map<String,String> headers = dpsheaders.getHeaders();
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        Jwt princ = (Jwt) authentication.getPrincipal();
+        String memberEmail = princ.getClaimAsString("email");
+        if(memberEmail!=null) {
+            headers.put("x-user-id", memberEmail);
+            return true;
+        }
+        else {
+        	response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            return false;
+        }
+    }
+
+
+    	
+
+}
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/security/SecurityConfig.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/security/SecurityConfig.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm.security;
+
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.httpBasic().disable()
+                .csrf().disable().authorizeRequests().anyRequest()
+                .authenticated().and().oauth2ResourceServer().jwt();  //disable default authN. AuthN handled by endpoints proxy
+    }
+}
+
+
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/service/GroupCacheServiceIBM.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/service/GroupCacheServiceIBM.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm.service;
+
+import java.util.Set;
+
+import org.opengroup.osdu.entitlements.v2.model.EntityNode;
+import org.opengroup.osdu.entitlements.v2.model.ParentReference;
+import org.opengroup.osdu.entitlements.v2.service.GroupCacheService;
+import org.opengroup.osdu.entitlements.v2.spi.retrievegroup.RetrieveGroupRepo;
+import org.springframework.stereotype.Service;
+
+import lombok.RequiredArgsConstructor;
+	
+@Service	
+@RequiredArgsConstructor
+public class GroupCacheServiceIBM implements GroupCacheService {
+
+    private final RetrieveGroupRepo retrieveGroupRepo;
+    private final IBMGroupCache ibmGroupCache;
+
+    @Override
+    public Set<ParentReference> getFromPartitionCache(String requesterId, String partitionId) {
+        String key = String.format("%s-%s", requesterId, partitionId);
+        Set<ParentReference> result = ibmGroupCache.getGroupCache(key);
+        if (result == null) {
+            EntityNode entityNode = EntityNode.createMemberNodeForNewUser(requesterId, partitionId);
+            result = retrieveGroupRepo.loadAllParents(entityNode).getParentReferences();
+            ibmGroupCache.addGroupCache(key, result);
+        }
+        return result;
+    }
+
+	@Override
+	public void flushListGroupCacheForUser(String arg0, String arg1) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public void refreshListGroupCache(Set<String> arg0, String arg1) {
+		// TODO Auto-generated method stub
+		
+	}
+}
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/service/HealthServiceIBM.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/service/HealthServiceIBM.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm.service;
+
+import org.opengroup.osdu.entitlements.v2.service.HealthService;
+import org.springframework.stereotype.Service;
+
+@Service
+public class HealthServiceIBM implements HealthService {
+
+
+    @Override
+    public void performHealthCheck() {
+       
+    }
+}
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/service/IBMGroupCache.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/service/IBMGroupCache.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm.service;
+
+import org.opengroup.osdu.entitlements.v2.model.ParentReference;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.annotation.RequestScope;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+@RequestScope
+@Component
+public class IBMGroupCache {
+    private Map<String, Set<ParentReference>> groupMap = new ConcurrentHashMap<>();
+
+    public Set<ParentReference> getGroupCache(String requesterId) {
+        return this.groupMap.get(requesterId);
+    }
+
+    public void addGroupCache(String requesterId, Set<ParentReference> parents) {
+        this.groupMap.put(requesterId, parents);
+    }
+}
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/spi/BaseRepo.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/spi/BaseRepo.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+
+package org.opengroup.osdu.entitlements.v2.ibm.spi;
+
+import org.opengroup.osdu.core.common.model.http.AppException;
+import org.opengroup.osdu.entitlements.v2.spi.Operation;
+import org.springframework.http.HttpStatus;
+
+import java.util.Deque;
+import java.util.LinkedList;
+
+public abstract class BaseRepo {
+
+    protected Deque<Operation> executedCommands = new LinkedList<>();
+
+    /**
+     * If the transaction threw 409 or 404 exception, we should not roll back
+     */
+    protected void rollback(Exception ex) {
+        if (ex instanceof AppException) {
+            int errorCode = ((AppException) ex).getError().getCode();
+            if ((HttpStatus.CONFLICT.value() == errorCode) || (HttpStatus.NOT_FOUND.value() == errorCode)) {
+                return;
+            }
+        }
+        while (!executedCommands.isEmpty()) {
+            Operation executedCommand = executedCommands.pop();
+            executedCommand.undo();
+        }
+    }
+}
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/spi/RedisConfiguration.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/spi/RedisConfiguration.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm.spi;
+
+import io.lettuce.core.api.StatefulRedisConnection;
+import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ComponentScan
+public class RedisConfiguration {
+
+    @Bean
+    public GenericObjectPoolConfig<StatefulRedisConnection<String, String>> redisPoolConfig() {
+        final GenericObjectPoolConfig<StatefulRedisConnection<String, String>> poolConfig = new GenericObjectPoolConfig<>();
+        poolConfig.setMinIdle(10);
+        poolConfig.setMaxIdle(10);
+        poolConfig.setMaxTotal(1000);
+        poolConfig.setMaxWaitMillis(15000);
+        return poolConfig;
+    }
+}
--- a/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/spi/addmember/AddMemberRedisRepo.java
+++ b/provider/entitlements-v2-ibm/src/main/java/org/opengroup/osdu/entitlements/v2/ibm/spi/addmember/AddMemberRedisRepo.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.entitlements.v2.ibm.spi.addmember;
+
+import io.github.resilience4j.retry.Retry;
+import lombok.RequiredArgsConstructor;
+import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
+import org.opengroup.osdu.core.common.logging.audit.AuditStatus;
+import org.opengroup.osdu.core.common.model.http.AppException;
+import org.opengroup.osdu.entitlements.v2.di.WhitelistSvcAccBeanConfiguration;
+import org.opengroup.osdu.entitlements.v2.ibm.IBMAppProperties;
+import org.opengroup.osdu.entitlements.v2.ibm.spi.BaseRepo;
+import org.opengroup.osdu.entitlements.v2.ibm.spi.db.RedisConnector;
+import org.opengroup.osdu.entitlements.v2.ibm.spi.operation.AddMemberChildUpdateOperationImpl;
+import org.opengroup.osdu.entitlements.v2.ibm.spi.operation.AddMemberParentUpdateOperationImpl;
+import org.opengroup.osdu.entitlements.v2.ibm.spi.operation.AddUserPartitionAssociationOperationImpl;
+