Commit fe18643b authored by Spencer Sutton's avatar Spencer Sutton
Browse files

Merge branch 'master' into dev

parents f59a3d52 ea1666ba
......@@ -28,6 +28,14 @@ analyze:
type: mvn
target: provider/entitlements-v2-aws/pom.xml
path: .
- name: entitlements-v2-ibm
type: mvn
target: provider/entitlements-v2-ibm/pom.xml
path: .
- name: entitlements-v2-jdbc
type: mvn
target: provider/entitlements-v2-jdbc/pom.xml
path: .
- name: aws
type: pip
target: devops/aws
......
**/.idea
**/target
**/build
**/.gradle
**/out
**/*.iml
......
......@@ -13,6 +13,13 @@ variables:
IBM_INT_TEST_SUBDIR: testing/entitlements-v2-test-ibm
OSDU_GCP_HELM_PACKAGE_CHARTS: "devops/gcp/deploy devops/gcp/configmap"
OSDU_GCP_SERVICE: entitlements-v2
OSDU_GCP_VENDOR: jdbc
OSDU_GCP_HELM_NAMESPACE: default
OSDU_GCP_HELM_CONFIG_SERVICE_VARS: "--set data.domain=$DOMAIN --set data.spring_datasource_url=jdbc:postgresql://127.0.0.1:5432/entitlements --set data.spring_datasource_password=$OSDU_GCP_SPRING_DATASOURCE_PASSWORD --set data.spring_datasource_username=postgres --set data.partition_api=$MY_TENANT --set data.google_audiences=$GOOGLE_AUDIENCE --set data.log_level=INFO --set data.partition_api=$OSDU_GCP_PARTITION_API"
OSDU_GCP_HELM_DEPLOYMENT_SERVICE_VARS: "--set data.image=$CI_REGISTRY_IMAGE/osdu-gcp:$CI_COMMIT_SHORT_SHA --set data.serviceAccountName=workload-identity-entitlements --set data.sql_connection_string=nice-etching-277309:us-central1:entitlements-v2"
OSDU_GCP_HELM_CONFIG_SERVICE: entitlements-config
OSDU_GCP_HELM_DEPLOYMENT_SERVICE: entitlements-deploy
include:
......@@ -32,10 +39,24 @@ include:
file: "cloud-providers/azure.yml"
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/aws.yml"
file: "cloud-providers/aws-global.yml"
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/aws-maven.yml"
- project: "osdu/platform/ci-cd-pipelines"
file: "publishing/pages.yml"
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/ibm.yml"
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/osdu-gcp-gke.yml"
#Include osdu-gcp-global.yml at k8s common pipeline
- project: "osdu/platform/ci-cd-pipelines"
file: 'cloud-providers/osdu-gcp-global.yml'
osdu-gcp-deploy-deployment:
variables:
OSDU_GCP_SERVICE: entitlements
This diff is collapsed.
How to run integration tests in local environment for azure implementation,
please refer to: testing/entitlements-v2-test-azure/README.md
### Integration tests
Instructions for running the Azure integration tests in local environment can be found [here][Azure documentation]
Instructions for running the JDBC integration tests can be found [here][JDBC documentation].
[Azure documentation]: testing/entitlements-v2-test-azure/README.md
[JDBC documentation]: provider/entitlements-v2-jdbc/README.md
......@@ -3,6 +3,8 @@ kind: Secret
metadata:
labels:
app: "{{ .Values.conf.app_name }}"
annotations:
rollme: {{ randAlphaNum 5 | quote }}
name: "{{ .Values.conf.secret_name }}"
namespace: "{{ .Release.Namespace }}"
type: Opaque
......
......@@ -3,12 +3,12 @@ kind: ConfigMap
metadata:
labels:
app: "{{ .Values.conf.app_name }}"
annotations:
rollme: {{ randAlphaNum 5 | quote }}
name: "{{ .Values.conf.configmap }}"
namespace: "{{ .Release.Namespace }}"
data:
DOMAIN: "{{ .Values.data.domain }}"
REDIS_GROUP_HOST: "{{ .Values.data.redis_group_host }}"
REDIS_GROUP_PORT: "{{ .Values.data.redis_group_port }}"
SPRING_DATASOURCE_URL: "{{ .Values.data.spring_datasource_url }}"
GOOGLE_AUDIENCES: "{{ .Values.data.google_audiences }}"
SPRING_DATASOURCE_USERNAME: "{{ .Values.data.spring_datasource_username }}"
......
data:
domain: ""
google_audiences: ""
redis_group_host: ""
redis_group_port: 9423
spring_datasource_url: ""
spring_datasource_username: ""
spring_datasource_password: ""
......@@ -13,5 +11,5 @@ data:
conf:
configmap: "entitlements-config"
app_name: "entitlements-sql"
app_name: "entitlements"
secret_name: "entitlements-secret"
......@@ -3,6 +3,8 @@ kind: Deployment
metadata:
name: "{{ .Values.conf.app_name }}"
namespace: "{{ .Release.Namespace }}"
annotations:
rollme: {{ randAlphaNum 5 | quote }}
spec:
replicas: 1
selector:
......
......@@ -6,5 +6,5 @@ data:
conf:
configmap: "entitlements-config"
app_name: "entitlements-sql"
app_name: "entitlements"
secret_name: "entitlements-secret"
# JDBC Entitlements
## Database structure
![Jdbc diagram](jdbc.png)
## Entitlements tables
### Group
Group is a structure that provides specific access to its members.
#### id
This is the unique identifier of a group in the table.
**Value type:** `bigint`
**Properties:** NOT NULL, GENERATED, IDENTITY, **PRIMARY KEY**
#### name
The group name. Usually, it has the following format: `{groupType}.{resourceName}.{permission}`
Where:
* `groupType` - type of the group (data, service, users, etc.);
* `resourceName` - name of a service group belongs to;
* `permission` - type of data access (viewers, owners).
**Value type:** `varchar`
**Properties:** UNIQUE
#### description
The group description in free format.
**Value type:** `text`
#### email
The group email. It is built by this format: `{name}@{data-partition-id}.{domain}.com`
**Value type:** `varchar`
**Properties:** UNIQUE
#### partition_id
The partition id of a group.
**Value type:** `varchar`
___
### Member
#### id
This is the unique identifier of a member in the table.
**Value type:** `bigint`
**Properties:** NOT NULL, GENERATED, IDENTITY, **PRIMARY KEY**
#### email
The member email. It is typically in this format: `member@domain.com`
**Value type:** `varchar`
**Properties:** UNIQUE
#### partition_id
The partition id of a member.
**Value type:** `varchar`
___
### Member to Group
Group and member connected by `Many-to-Many` relationship through this table. The table also
contains the role of the member (`OWNER` or `MEMBER`).
#### group_id
This is the unique identifier of a group (the foreign key of `id` from the `group` table).
**PRIMARY KEY** - (`group_id`, `member_id`)
**Value type:** `bigint`
**Properties:** NOT NULL, the part of **PRIMARY KEY**
#### member_id
This is the unique identifier of a member (the foreign key of `id` from the `member` table).
**Value type:** `bigint`
**Properties:** NOT NULL, the part of **PRIMARY KEY**
#### role
The role of a member (`OWNER` or `MEMBER`).
**Value type:** `varchar`
___
### Embedded group
Embedded group implemented by `Many-to-Many` relationship through this table.
#### parent_id
This is the unique identifier of a parent group (the foreign key of `id` from the `group` table).
**Value type:** `bigint`
**Properties:** NOT NULL, the part of **PRIMARY KEY**
#### child_id
This is the unique identifier of a child group (the foreign key of `id` from the `group` table).
**Value type:** `bigint`
**Properties:** NOT NULL, the part of **PRIMARY KEY**
### App Id
App id is one-to-many table for groups to support V2 functionality.
#### id
This is the unique identifier of app id relation in the table.
#### group_id
This is the unique identifier of a group (the foreign key of `id` from the `group` table).
**Value type:** `bigint`
**Properties:** NOT NULL
#### role
The app id of the particular group.
**Value type:** `varchar`
\ No newline at end of file
......@@ -17,7 +17,7 @@
<parent>
<groupId>org.opengroup.osdu.entitlements.v2</groupId>
<artifactId>entitlements-v2-service</artifactId>
<version>0.10.0-SNAPSHOT</version>
<version>0.11.0-SNAPSHOT</version>
</parent>
<artifactId>entitlements-v2-core</artifactId>
......
......@@ -4,6 +4,7 @@ import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.partition.PartitionException;
import org.opengroup.osdu.entitlements.v2.validation.PartitionHeaderValidationService;
import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -32,6 +33,10 @@ public class SpringExceptionMapper extends ResponseEntityExceptionHandler {
@ExceptionHandler(AppException.class)
protected ResponseEntity<Object> handleAppException(AppException e) {
if (e.getOriginalException() instanceof PartitionException) {
e.getError().setCode(HttpStatus.UNAUTHORIZED.value());
}
return this.getErrorResponse(e);
}
......
......@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<properties>
<os-core-common.version>0.9.0</os-core-common.version>
<os-core-common.version>0.10.0</os-core-common.version>
<java.version>1.8</java.version>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.source>1.8</maven.compiler.source>
......@@ -12,7 +12,7 @@
<groupId>org.opengroup.osdu.entitlements.v2</groupId>
<artifactId>entitlements-v2-service</artifactId>
<version>0.10.0-SNAPSHOT</version>
<version>0.11.0-SNAPSHOT</version>
<packaging>pom</packaging>
<name>entitlements-v2-service</name>
<description>Entitlements V2 service</description>
......@@ -23,6 +23,7 @@
<module>provider/entitlements-v2-gcp</module>
<module>provider/entitlements-v2-aws</module>
<module>provider/entitlements-v2-ibm</module>
<module>provider/entitlements-v2-jdbc</module>
</modules>
<licenses>
......
......@@ -6,14 +6,14 @@
<parent>
<artifactId>entitlements-v2-service</artifactId>
<groupId>org.opengroup.osdu.entitlements.v2</groupId>
<version>0.10.0-SNAPSHOT</version>
<version>0.11.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>entitlements-v2-aws</artifactId>
<properties>
<core-lib-aws.version>0.9.2-SNAPSHOT</core-lib-aws.version>
<core-lib-aws.version>0.10.0</core-lib-aws.version>
<reactor.netty.version>0.9.5.RELEASE</reactor.netty.version>
<reactor.core.version>3.3.0.RELEASE</reactor.core.version>
<springfox-version>2.7.0</springfox-version>
......
......@@ -6,14 +6,14 @@
<parent>
<artifactId>entitlements-v2-service</artifactId>
<groupId>org.opengroup.osdu.entitlements.v2</groupId>
<version>0.10.0-SNAPSHOT</version>
<version>0.11.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>entitlements-v2-azure</artifactId>
<properties>
<core-lib-azure.version>0.9.0</core-lib-azure.version>
<core-lib-azure.version>0.10.0</core-lib-azure.version>
<gremlin.version>3.5.0</gremlin.version>
<redisson.version>3.15.3</redisson.version>
<resilience4j.version>1.7.0</resilience4j.version>
......
......@@ -329,6 +329,39 @@
"name": "users.datalake.admins"
}
]
},
{
"name": "service.dataset.editors",
"description": "Editors group for Dataset service",
"members": [
{
"name": "users.datalake.ops"
},
{
"name": "users.datalake.editors"
},
{
"name": "users.datalake.admins"
}
]
},
{
"name": "service.dataset.viewers",
"description": "Viewers group for Dataset service",
"members": [
{
"name": "users.datalake.ops"
},
{
"name": "users.datalake.editors"
},
{
"name": "users.datalake.admins"
},
{
"name": "users.datalake.viewers"
}
]
}
]
}
......@@ -933,6 +933,7 @@ public class CreateMembershipsWorkflowSinglePartitionTest {
"service.entitlements.user@common.contoso.com", "service.search.admin@common.contoso.com",
"service.storage.admin@common.contoso.com", "users.datalake.viewers@common.contoso.com",
"service.storage.creator@common.contoso.com", "service.workflow.admin@common.contoso.com",
"data.default.viewers@common.contoso.com"}, performListGroupRequest(servicePrincipal));
"data.default.viewers@common.contoso.com", "service.dataset.editors@common.contoso.com",
"service.dataset.viewers@common.contoso.com"}, performListGroupRequest(servicePrincipal));
}
}
......@@ -15,7 +15,7 @@
<parent>
<groupId>org.opengroup.osdu.entitlements.v2</groupId>
<artifactId>entitlements-v2-service</artifactId>
<version>0.10.0-SNAPSHOT</version>
<version>0.11.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment