Commit 6dba6055 authored by Anuj Gupta's avatar Anuj Gupta
Browse files

Merge branch 'ibm-impl' into 'master'

IBM provider impl

Closes #64

See merge request !84
parents 8a957fbd 3e52923f
Pipeline #47276 failed with stages
in 18 minutes and 36 seconds
......@@ -7,3 +7,8 @@
**/dependency-reduced-pom.xml
**/*.pyc
/dist/
.project
.settings/
.metadata
.classpath
.factorypath
\ No newline at end of file
......@@ -9,6 +9,9 @@ variables:
AWS_SERVICE: entitlements-v2
AWS_ENVIRONMENT: dev
IBM_BUILD_SUBDIR: provider/entitlements-v2-ibm
IBM_INT_TEST_SUBDIR: testing/entitlements-v2-test-ibm
OSDU_GCP_HELM_PACKAGE_CHARTS: "devops/gcp/deploy devops/gcp/configmap"
......@@ -33,3 +36,7 @@ include:
- project: "osdu/platform/ci-cd-pipelines"
file: "publishing/pages.yml"
- project: "osdu/platform/ci-cd-pipelines"
ref: "entitlements-v2-ibm-cicd"
file: "cloud-providers/ibm.yml"
......@@ -22,6 +22,7 @@
<module>provider/entitlements-v2-azure</module>
<module>provider/entitlements-v2-gcp</module>
<module>provider/entitlements-v2-aws</module>
<module>provider/entitlements-v2-ibm</module>
</modules>
<licenses>
......
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<properties>
<java.version>8</java.version>
<os-core-lib-ibm.version>0.10.0-SNAPSHOT</os-core-lib-ibm.version>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.source>1.8</maven.compiler.source>
</properties>
<parent>
<groupId>org.opengroup.osdu.entitlements.v2</groupId>
<artifactId>entitlements-v2-service</artifactId>
<version>0.10.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>entitlements-v2-ibm</artifactId>
<name>entitlements-v2-ibm</name>
<dependencies>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-lib-ibm</artifactId>
<version>${os-core-lib-ibm.version}</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu.entitlements.v2</groupId>
<artifactId>entitlements-v2-core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>io.lettuce</groupId>
<artifactId>lettuce-core</artifactId>
<!-- <version>5.3.0.RELEASE</version> -->
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty</artifactId>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
<!-- <version>2.8.0</version> -->
</dependency>
<dependency>
<groupId>io.github.resilience4j</groupId>
<artifactId>resilience4j-retry</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
<configuration>
<classifier>spring-boot</classifier>
<mainClass>org.opengroup.osdu.entitlements.v2.ibm.EntitlementsV2Application</mainClass>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.6</version>
<executions>
<execution>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<phase>test</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.scheduling.annotation.EnableAsync;
@ComponentScan({
"org.opengroup.osdu.core",
"org.opengroup.osdu.ibm",
"org.opengroup.osdu.entitlements.v2"
})
@SpringBootApplication
@EnableAsync
public class EntitlementsV2Application {
public static void main(String[] args) {
Class<?>[] sources = new Class<?>[]{
EntitlementsV2Application.class
};
SpringApplication.run(sources, args);
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm;
import lombok.Getter;
import org.opengroup.osdu.entitlements.v2.AppProperties;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
@Getter
public class IBMAppProperties extends AppProperties {
public static final String DEFAULT_APPID_KEY = "NA";
@Value("${redishost}")
private String redishost;
@Value("${redisport}")
private String redisport;
@Value("${rediskey:}")
private String rediskey;
@Value("${redis.partition.association}")
private int redispartitionAssociation;
@Value("${partition.entitynode}")
private int partitionEntityNode;
@Value("${partition.parent.ref}")
private int partitionParentRef;
@Value("${partition.children.ref}")
private int partitionChildrenRef;
@Value("${partition.appid}")
private int partitionAppId;
public String getRedisHost() {
return redishost;
}
public int getRedisPort() {
return Integer.parseInt(redisport);
}
public String getRedisKey() {
return rediskey;
}
public int getRedisPartitionAssociation() {
return redispartitionAssociation;
}
public int getPartitionEntityNode() {
return partitionEntityNode;
}
public int getPartitionParentRef() {
return partitionParentRef;
}
public int getPartitionChildrenRef() {
return partitionChildrenRef;
}
public int getPartitionAppId() {
return partitionAppId;
}
@Override
public List<String> getInitialGroups() {
List<String> initialGroups = new ArrayList<>();
initialGroups.add("/provisioning/groups/datalake_user_groups.json");
initialGroups.add("/provisioning/groups/datalake_service_groups.json");
initialGroups.add("/provisioning/groups/data_groups.json");
return initialGroups;
}
@Override
public String getGroupsOfServicePrincipal() {
return "/provisioning/accounts/groups_of_service_principal.json";
}
@Override
public List<String> getProtectedMembers() {
List<String> filePaths = new ArrayList<>();
filePaths.add("/provisioning/groups/data_groups.json");
filePaths.add("/provisioning/groups/datalake_service_groups.json");
return filePaths;
}
@Override
public List<String> getGroupsOfInitialUsers() {
List<String> groupsOfInitialUsers = new ArrayList<>();
groupsOfInitialUsers.add(getGroupsOfServicePrincipal());
return groupsOfInitialUsers;
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm.interceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Autowired
private RequestHeaderInterceptor requestHeaderInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(requestHeaderInterceptor).addPathPatterns("/**").excludePathPatterns("/_ah/**");
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm.interceptor;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
@Component
public class RequestHeaderInterceptor implements HandlerInterceptor {
@Autowired
DpsHeaders dpsheaders;
@Autowired
private JaxRsDpsLog log;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {
log.debug("Intercepted the request in Handler for extracting user/service principal.");
Map<String,String> headers = dpsheaders.getHeaders();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Jwt princ = (Jwt) authentication.getPrincipal();
String memberEmail = princ.getClaimAsString("email");
if(memberEmail!=null) {
headers.put("x-user-id", memberEmail);
return true;
}
else {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm.security;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable()
.csrf().disable().authorizeRequests().anyRequest()
.authenticated().and().oauth2ResourceServer().jwt(); //disable default authN. AuthN handled by endpoints proxy
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm.service;
import java.util.Set;
import org.opengroup.osdu.entitlements.v2.model.EntityNode;
import org.opengroup.osdu.entitlements.v2.model.ParentReference;
import org.opengroup.osdu.entitlements.v2.service.GroupCacheService;
import org.opengroup.osdu.entitlements.v2.spi.retrievegroup.RetrieveGroupRepo;
import org.springframework.stereotype.Service;
import lombok.RequiredArgsConstructor;
@Service
@RequiredArgsConstructor
public class GroupCacheServiceIBM implements GroupCacheService {
private final RetrieveGroupRepo retrieveGroupRepo;
private final IBMGroupCache ibmGroupCache;
@Override
public Set<ParentReference> getFromPartitionCache(String requesterId, String partitionId) {
String key = String.format("%s-%s", requesterId, partitionId);
Set<ParentReference> result = ibmGroupCache.getGroupCache(key);
if (result == null) {
EntityNode entityNode = EntityNode.createMemberNodeForNewUser(requesterId, partitionId);
result = retrieveGroupRepo.loadAllParents(entityNode).getParentReferences();
ibmGroupCache.addGroupCache(key, result);
}
return result;
}
@Override
public void flushListGroupCacheForUser(String arg0, String arg1) {
// TODO Auto-generated method stub
}
@Override
public void refreshListGroupCache(Set<String> arg0, String arg1) {
// TODO Auto-generated method stub
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm.service;
import org.opengroup.osdu.entitlements.v2.service.HealthService;
import org.springframework.stereotype.Service;
@Service
public class HealthServiceIBM implements HealthService {
@Override
public void performHealthCheck() {
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm.service;
import org.opengroup.osdu.entitlements.v2.model.ParentReference;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.RequestScope;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
@RequestScope
@Component
public class IBMGroupCache {
private Map<String, Set<ParentReference>> groupMap = new ConcurrentHashMap<>();
public Set<ParentReference> getGroupCache(String requesterId) {
return this.groupMap.get(requesterId);
}
public void addGroupCache(String requesterId, Set<ParentReference> parents) {
this.groupMap.put(requesterId, parents);
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm.spi;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.entitlements.v2.spi.Operation;
import org.springframework.http.HttpStatus;
import java.util.Deque;
import java.util.LinkedList;
public abstract class BaseRepo {
protected Deque<Operation> executedCommands = new LinkedList<>();
/**
* If the transaction threw 409 or 404 exception, we should not roll back
*/
protected void rollback(Exception ex) {
if (ex instanceof AppException) {
int errorCode = ((AppException) ex).getError().getCode();
if ((HttpStatus.CONFLICT.value() == errorCode) || (HttpStatus.NOT_FOUND.value() == errorCode)) {
return;
}
}
while (!executedCommands.isEmpty()) {
Operation executedCommand = executedCommands.pop();
executedCommand.undo();
}
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm.spi;
import io.lettuce.core.api.StatefulRedisConnection;
import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
@Configuration
@ComponentScan
public class RedisConfiguration {
@Bean
public GenericObjectPoolConfig<StatefulRedisConnection<String, String>> redisPoolConfig() {
final GenericObjectPoolConfig<StatefulRedisConnection<String, String>> poolConfig = new GenericObjectPoolConfig<>();
poolConfig.setMinIdle(10);
poolConfig.setMaxIdle(10);
poolConfig.setMaxTotal(1000);
poolConfig.setMaxWaitMillis(15000);
return poolConfig;
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.entitlements.v2.ibm.spi.addmember;
import io.github.resilience4j.retry.Retry;
import lombok.RequiredArgsConstructor;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.opengroup.osdu.core.common.logging.audit.AuditStatus;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.entitlements.v2.di.WhitelistSvcAccBeanConfiguration;
import org.opengroup.osdu.entitlements.v2.ibm.IBMAppProperties;