Skip to content

Added indexer service account flow

Rustam Lotsmanenko (EPAM) requested to merge gc-indexer-acc-feature into master

Description:

Added flow to resolve osdu/platform/system/storage#153 (closed)

How to test:

Indexer service account, if provided in partition info:

curl --location --request PATCH 'http://127.0.0.1:8080/api/partition/v1/partitions/osdu' \
--header 'Content-Type: application/json' \
--data-raw '{
    "properties": {
        "indexer.service.account": {
            "sensitive": false,
            "value": "workload-indexer-gcp@nice-etching-277309.iam.gserviceaccount.com"
        }
    }
}'

Will be able to get ALL Data groups in a particular tenant.

Create DATA group.

curl --location 'https://community.gcp.gnrg-osdu.projects.epam.com/api/entitlements/v2/groups' \
--header 'data-partition-id: osdu' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ' \
--data '{
    "name": "data.test-indexer.acl",
    "description": "Test policy indexer"
}'

Create Storage record, with group in ACL

curl --location --request PUT 'https://community.gcp.gnrg-osdu.projects.epam.com/api/storage/v2/records' \
--header 'Authorization: Bearer ' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Data-Partition-Id: osdu' \
--data-raw '[
    {
        "kind": "osdu:wks:work-product-component--TESTINDEXER:1.0.0",
        "acl": {
            "owners": [
                "data.test-indexer.acl@osdu.osdu-gcp.go3-nrg.projects.epam.com"
            ],
            "viewers": [
                "data.test-indexer.acl@osdu.osdu-gcp.go3-nrg.projects.epam.com"
            ]
        },
        "legal": {
            "legaltags": [
                "osdu-demo-legaltag"
            ],
            "otherRelevantDataCountries": [
                "US"
            ],
            "status": "compliant"
        },
        "data": {
            "property": "value"
        }
    }
]'

Record indexed and searchable.

curl --location 'https://community.gcp.gnrg-osdu.projects.epam.com/api/search/v2/query' \
--header 'data-partition-id: osdu' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ' \
--data '{
    "kind": "*:*:*:*.*.*",
    "query": "id:\"osdu:work-product-component--TESTINDEXER:8b708f98f3934ae0aa923de373a8d314\""
}'

Changes include:

  • Refactor (a non-breaking change that improves code maintainability).
  • Bugfix (a non-breaking change that solves an issue).
  • New feature (a non-breaking change that adds functionality).
  • Breaking change (a change that is not backward-compatible and/or changes current functionality).

Changes in:

  • GCP
  • Azure
  • AWS
  • IBM
Edited by Rustam Lotsmanenko (EPAM)

Merge request reports