Merge remote-tracking branch 'origin/master' into dev

6b1de2df · Matt Wise · cf0bea89 · 6e317159 · 6b1de2df · 6b1de2df
Commit 6b1de2df authored May 13, 2021 by Matt Wise
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,7 +6,7 @@ variables:

  AWS_BUILD_SUBDIR: provider/entitlements-v2-aws/build-aws
  AWS_TEST_SUBDIR: testing/entitlements-v2-test-aws
-  AWS_SERVICE: entitlementsV2
+  AWS_SERVICE: entitlements-v2
  AWS_ENVIRONMENT: dev


@@ -28,7 +28,7 @@ include:
    file: "cloud-providers/azure.yml"

  - project: "osdu/platform/ci-cd-pipelines"
-      file: "cloud-providers/aws.yml"
+    file: "cloud-providers/aws.yml"

  - project: "osdu/platform/ci-cd-pipelines"
-    file: "publishing/pages.yml"
+    file: "publishing/pages.yml"
\ No newline at end of file
--- a/NOTICE
+++ b/NOTICE
--- a/entitlements-v2-core/pom.xml
+++ b/entitlements-v2-core/pom.xml
@@ -8,8 +8,6 @@
        <maven.compiler.source>${java.version}</maven.compiler.source>
        <redisson.version>3.13.2</redisson.version>
        <protobuf-java.version>3.12.4</protobuf-java.version>
-        <org.springframework.boot.version>2.4.4</org.springframework.boot.version>
-        <commons-codec.version>1.15</commons-codec.version>
        <!-- When upgrading springfox version make sure to verify how the updated UI is displayed.
         Latest versions of springfox library have issues with displaying content
        -->
@@ -36,17 +34,14 @@
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
-            <version>${org.springframework.boot.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
-            <version>${org.springframework.boot.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
-            <version>${org.springframework.boot.version}</version>
        </dependency>
        <dependency>
            <groupId>com.dslplatform</groupId>
@@ -58,6 +53,15 @@
            <groupId>io.springfox</groupId>
            <artifactId>springfox-swagger2</artifactId>
            <version>${springfox-version}</version>
+            <exclusions>
+                <exclusion>
+                    <!--
+                    Excluding com.google.guava:guava:jar:18.0, because it has security vulnerability
+                    -->
+                    <groupId>com.google.guava</groupId>
+                    <artifactId>guava</artifactId>
+                </exclusion>
+            </exclusions>
        </dependency>
        <dependency>
            <groupId>io.springfox</groupId>
@@ -75,7 +79,6 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
-            <version>${org.springframework.boot.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>

--- a/pom.xml
+++ b/pom.xml
@@ -3,12 +3,11 @@
    <modelVersion>4.0.0</modelVersion>

    <properties>
-        <os-core-common.version>0.9.0-rc3</os-core-common.version>
+        <os-core-common.version>0.9.0-rc7</os-core-common.version>
        <java.version>1.8</java.version>
        <maven.compiler.target>1.8</maven.compiler.target>
        <maven.compiler.source>1.8</maven.compiler.source>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <spring-boot-dependencies.version>2.4.4</spring-boot-dependencies.version>
    </properties>

    <groupId>org.opengroup.osdu.entitlements.v2</groupId>
@@ -36,9 +35,9 @@
    <dependencyManagement>
        <dependencies>
            <dependency>
-                <groupId>org.springframework.boot</groupId>
-                <artifactId>spring-boot-dependencies</artifactId>
-                <version>${spring-boot-dependencies.version}</version>
+                <groupId>org.opengroup.osdu</groupId>
+                <artifactId>os-core-common</artifactId>
+                <version>${os-core-common.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
@@ -46,6 +45,20 @@
                <groupId>org.opengroup.osdu</groupId>
                <artifactId>os-core-common</artifactId>
                <version>${os-core-common.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.elasticsearch.client</groupId>
+                        <artifactId>elasticsearch-rest-client</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.elasticsearch</groupId>
+                        <artifactId>elasticsearch</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.elasticsearch.client</groupId>
+                        <artifactId>elasticsearch-rest-high-level-client</artifactId>
+                    </exclusion>
+                </exclusions>
            </dependency>
        </dependencies>
    </dependencyManagement>

--- a/provider/entitlements-v2-aws/pom.xml
+++ b/provider/entitlements-v2-aws/pom.xml
@@ -18,7 +18,6 @@
        <reactor.core.version>3.3.0.RELEASE</reactor.core.version>
        <springfox-version>2.7.0</springfox-version>
        <tomcat-embed-core.version>9.0.37</tomcat-embed-core.version>
-        <org.springframework.boot.version>2.4.4</org.springframework.boot.version>
    </properties>

    <dependencies>
@@ -79,8 +78,6 @@
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
-            <!--<version>2.4.0</version>-->
-            <version>${spring-boot-dependencies.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework.boot</groupId>
@@ -119,9 +116,6 @@
            <artifactId>spring-security-oauth2-jose</artifactId>
        </dependency>

-
-
-
        <dependency>
            <groupId>io.projectreactor.netty</groupId>
            <artifactId>reactor-netty</artifactId>
@@ -149,7 +143,6 @@
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
-            <version>${spring-boot-dependencies.version}</version>
            <scope>test</scope>
            <exclusions>
                <exclusion>

--- a/provider/entitlements-v2-azure/pom.xml
+++ b/provider/entitlements-v2-azure/pom.xml
@@ -13,15 +13,14 @@
    <artifactId>entitlements-v2-azure</artifactId>

    <properties>
-        <core-lib-azure.version>0.6.2</core-lib-azure.version>
-        <reactor.netty.version>0.9.5.RELEASE</reactor.netty.version>
-        <reactor.core.version>3.3.0.RELEASE</reactor.core.version>
+        <core-lib-azure.version>0.9.0-rc2</core-lib-azure.version>
        <gremlin.version>3.4.10</gremlin.version>
        <redisson.version>3.15.3</redisson.version>
        <resilience4j.version>1.7.0</resilience4j.version>
        <embedded-resdis.version>0.7.1</embedded-resdis.version>
        <awaitility.version>3.0.0</awaitility.version>
        <awaitility.proxy.version>3.0.0</awaitility.proxy.version>
+        <json-smart.version>2.4.6</json-smart.version>
    </properties>

    <dependencies>
@@ -31,28 +30,11 @@
            <version>${project.version}</version>
        </dependency>

-        <!--
-        Old versions of 'com.nimbusds:oauth2-oidc-sdk' and 'com.microsoft.azure:msal4j' are excluded
-        because they cannot work with Spring Boot version 2.4.x
-
-        New version of 'com.microsoft.azure:msal4j' is added to work with Spring Boot version 2.4.x
-
-        Stay tuned for a new version of 'com.azure:azure-identity', they started releasing updates, but it's still in beta.
-        More details here: https://github.com/Azure/azure-sdk-for-java
-        -->
        <dependency>
            <groupId>org.opengroup.osdu</groupId>
            <artifactId>core-lib-azure</artifactId>
            <version>${core-lib-azure.version}</version>
            <exclusions>
-                <exclusion>
-                    <groupId>com.nimbusds</groupId>
-                    <artifactId>oauth2-oidc-sdk</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>com.microsoft.azure</groupId>
-                    <artifactId>msal4j</artifactId>
-                </exclusion>
                <!--
                Excluding simple-xml because:
                There’s a library called xpp3 (the Xml Pull Parser) originally developed by Indiana University’s Extreme! Computing group.
@@ -71,10 +53,14 @@
                </exclusion>
            </exclusions>
        </dependency>
+        <!--
+        Many dependencies contain library with vulnerabilities: net.minidev:json-smart:jar:2.3
+        because of that we need to enforce the higher version
+        -->
        <dependency>
-            <groupId>com.microsoft.azure</groupId>
-            <artifactId>msal4j</artifactId>
-            <version>1.9.1</version>
+            <groupId>net.minidev</groupId>
+            <artifactId>json-smart</artifactId>
+            <version>${json-smart.version}</version>
        </dependency>

        <dependency>
@@ -90,7 +76,6 @@
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
-            <version>${spring-boot-dependencies.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework.boot</groupId>
@@ -131,22 +116,15 @@
            <groupId>org.apache.tinkerpop</groupId>
            <artifactId>gremlin-groovy</artifactId>
            <version>${gremlin.version}</version>
-        </dependency>
-
-        <!--
-		 Override the spring-boot version of these dependencies to the ones
-		 required by the azure-core library. This needs to be done for each
-		 app that depends on this library
- 		-->
-        <dependency>
-            <groupId>io.projectreactor.netty</groupId>
-            <artifactId>reactor-netty</artifactId>
-            <version>${reactor.netty.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>io.projectreactor</groupId>
-            <artifactId>reactor-core</artifactId>
-            <version>${reactor.core.version}</version>
+            <exclusions>
+                <!--
+                Excluding org.apache.ivy:ivy:jar:2.3.0 because it has security bugs
+                -->
+                <exclusion>
+                    <groupId>org.apache.ivy</groupId>
+                    <artifactId>ivy</artifactId>
+                </exclusion>
+            </exclusions>
        </dependency>

        <dependency>
@@ -165,7 +143,6 @@
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
-            <version>${spring-boot-dependencies.version}</version>
            <scope>test</scope>
            <exclusions>
                <exclusion>

--- a/provider/entitlements-v2-azure/src/main/resources/provisioning/accounts/groups_of_service_principal.json
+++ b/provider/entitlements-v2-azure/src/main/resources/provisioning/accounts/groups_of_service_principal.json
@@ -83,6 +83,12 @@
    },
    {
      "groupName": "service.workflow.admin"
+    },
+    {
+      "groupName": "service.policy.user"
+    },
+    {
+      "groupName": "service.policy.admin"
    }
  ]
 }
--- a/provider/entitlements-v2-azure/src/main/resources/provisioning/groups/datalake_service_groups.json
+++ b/provider/entitlements-v2-azure/src/main/resources/provisioning/groups/datalake_service_groups.json
@@ -299,6 +299,36 @@
          "name": "users.datalake.admins"
        }
      ]
+    },
+    {
+      "name": "service.policy.user",
+      "description": "User group for policy service",
+      "members": [
+        {
+          "name": "users.datalake.ops"
+        },
+        {
+          "name": "users.datalake.editors"
+        },
+        {
+          "name": "users.datalake.admins"
+        },
+        {
+          "name": "users.datalake.viewers"
+        }
+      ]
+    },
+    {
+      "name": "service.policy.admin",
+      "description": "Admin group for policy service",
+      "members": [
+        {
+          "name": "users.datalake.ops"
+        },
+        {
+          "name": "users.datalake.admins"
+        }
+      ]
    }
  ]
 }
--- a/provider/entitlements-v2-azure/src/test/java/org/opengroup/osdu/entitlements/v2/azure/spi/gremlin/listmember/ListMemberRepoGremlinTest.java
+++ b/provider/entitlements-v2-azure/src/test/java/org/opengroup/osdu/entitlements/v2/azure/spi/gremlin/listmember/ListMemberRepoGremlinTest.java
 package org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.listmember;

 import org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource;
-import org.apache.tinkerpop.gremlin.structure.Vertex;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.opengroup.osdu.entitlements.v2.azure.config.CacheConfig;
 import org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.addmember.AddMemberRepoGremlin;
 import org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.connection.GremlinConnector;
-import org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.constant.EdgePropertyNames;
 import org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.constant.VertexPropertyNames;
 import org.opengroup.osdu.entitlements.v2.logging.AuditLogger;
 import org.opengroup.osdu.entitlements.v2.model.ChildrenReference;
@@ -44,6 +43,13 @@ public class ListMemberRepoGremlinTest {
    @MockBean
    private CacheConfig cacheConfig;

+    @After
+    public void cleanup() {
+        GraphTraversalSource graphTraversalSource = gremlinConnector.getGraphTraversalSource();
+        graphTraversalSource.V().drop().iterate();
+        graphTraversalSource.E().drop().iterate();
+    }
+
    @Test
    public void shouldLoadDirectChildrenSuccessfully() {
        GraphTraversalSource graphTraversalSource = gremlinConnector.getGraphTraversalSource();

--- a/provider/entitlements-v2-azure/src/test/java/org/opengroup/osdu/entitlements/v2/azure/workflow/CreateMembershipsWorkflowSinglePartitionTest.java
+++ b/provider/entitlements-v2-azure/src/test/java/org/opengroup/osdu/entitlements/v2/azure/workflow/CreateMembershipsWorkflowSinglePartitionTest.java
@@ -870,13 +870,14 @@ public class CreateMembershipsWorkflowSinglePartitionTest {
                "users.datalake.editors@common.contoso.com", "service.storage.viewer@common.contoso.com",
                "service.workflow.creator@common.contoso.com", "service.search.user@common.contoso.com",
                "service.legal.user@common.contoso.com", "service.file.viewers@common.contoso.com",
-                "service.schema-service.admin@common.contoso.com", "service.plugin.user@common.contoso.com",
-                "service.messaging.user@common.contoso.com", "service.schema-service.editors@common.contoso.com",
-                "service.legal.admin@common.contoso.com", "service.schema-service.viewers@common.contoso.com",
-                "users.data.root@common.contoso.com", "service.workflow.viewer@common.contoso.com",
-                "users.datalake.ops@common.contoso.com", "users.datalake.admins@common.contoso.com",
-                "service.legal.editor@common.contoso.com", "service.entitlements.admin@common.contoso.com",
-                "data.default.owners@common.contoso.com", "service.file.editors@common.contoso.com",
+                "service.schema-service.admin@common.contoso.com", "service.policy.user@common.contoso.com",
+                "service.plugin.user@common.contoso.com", "service.messaging.user@common.contoso.com",
+                "service.schema-service.editors@common.contoso.com", "service.legal.admin@common.contoso.com",
+                "service.schema-service.viewers@common.contoso.com", "users.data.root@common.contoso.com",
+                "service.workflow.viewer@common.contoso.com", "users.datalake.ops@common.contoso.com",
+                "users.datalake.admins@common.contoso.com", "service.legal.editor@common.contoso.com",
+                "service.entitlements.admin@common.contoso.com", "data.default.owners@common.contoso.com",
+                "service.policy.admin@common.contoso.com", "service.file.editors@common.contoso.com",
                "service.entitlements.user@common.contoso.com", "service.search.admin@common.contoso.com",
                "service.storage.admin@common.contoso.com", "users.datalake.viewers@common.contoso.com",
                "service.storage.creator@common.contoso.com", "service.workflow.admin@common.contoso.com",

--- a/provider/entitlements-v2-gcp/pom.xml
+++ b/provider/entitlements-v2-gcp/pom.xml
@@ -8,7 +8,6 @@
        <maven.compiler.source>${java.version}</maven.compiler.source>
        <redisson.version>3.13.2</redisson.version>
        <protobuf-java.version>3.12.4</protobuf-java.version>
-        <org.springframework.boot.version>2.4.4</org.springframework.boot.version>
        <io.undertow.version>2.2.0.Final</io.undertow.version>
        <commons-codec.version>1.15</commons-codec.version>
    </properties>
@@ -109,7 +108,6 @@
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
-            <version>${org.springframework.boot.version}</version>
            <exclusions>
                <exclusion>
                    <artifactId>tomcat-embed-el</artifactId>
@@ -128,7 +126,6 @@
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-undertow</artifactId>
-            <version>${org.springframework.boot.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>io.undertow</groupId>
@@ -162,12 +159,10 @@
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
-            <version>${org.springframework.boot.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
-            <version>${org.springframework.boot.version}</version>
        </dependency>
        <dependency>
            <groupId>com.dslplatform</groupId>
@@ -215,7 +210,6 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
-            <version>${org.springframework.boot.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>

--- a/testing/entitlements-v2-test-aws/src/test/java/org/opengroup/osdu/entitlements/v2/util/AwsConfigurationService.java
+++ b/testing/entitlements-v2-test-aws/src/test/java/org/opengroup/osdu/entitlements/v2/util/AwsConfigurationService.java
@@ -41,7 +41,7 @@ public class AwsConfigurationService implements ConfigurationService {

    @Override
    public String getDomain() {
-        String domain = System.getProperty("DOMAIN", System.getenv("DOMAIN"));
+        String domain = System.getProperty("ENTITLEMENTS_V2_DOMAIN", System.getenv("ENTITLEMENTS_V2_DOMAIN"));
        if (Strings.isNullOrEmpty(domain)) {
            domain = "example.com";
        }