Merge branch 'gcp-remove-logic-of-act-as-for-queue' into 'master'

Remove logic of act as for indexer-queue(GONRG-3013) See merge request !198

Merge branch 'gcp-remove-logic-of-act-as-for-queue' into 'master'
385b069c · Riabokon Stanislav(EPAM)[GCP] · d7c740d1 · f1d51092 · 385b069c · 385b069c
Commit 385b069c authored 3 years ago by Riabokon Stanislav(EPAM)[GCP]
--- a/NOTICE
+++ b/NOTICE
@@ -332,7 +332,6 @@ The following software have components provided under the terms of this license:
 - Commons Digester (from http://commons.apache.org/digester/)
 - Commons Lang (from http://commons.apache.org/lang/)
 - Converter: Jackson (from https://repo1.maven.org/maven2/com/squareup/retrofit2/converter-jackson)
- Core Reactor components (from https://github.com/reactor/reactor)
 - Core functionality for the Reactor Netty library (from https://github.com/reactor/reactor-netty)
 - Data Mapper for Jackson (from http://jackson.codehaus.org)
 - Default Plexus Container (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-container-default)
@@ -521,6 +520,7 @@ The following software have components provided under the terms of this license:
 - Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
 - Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
 - Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
+- Non-Blocking Reactive Foundation for the JVM (from https://github.com/reactor/reactor-core)
 - OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
 - OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
 - OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
@@ -549,7 +549,7 @@ The following software have components provided under the terms of this license:
 - Servlet Specification 2.5 API (from http://jetty.mortbay.org)
 - SnakeYAML (from http://www.snakeyaml.org)
 - Spatial4J (from http://www.locationtech.org/projects/locationtech.spatial4j)
- Spring AMQP Core (from https://github.com/spring-projects/spring-amqp)
+- Spring AMQP Core (from https://projects.spring.io/spring-amqp)
 - Spring AOP (from https://github.com/spring-projects/spring-framework)
 - Spring Beans (from https://github.com/spring-projects/spring-framework)
 - Spring Boot Actuator (from http://projects.spring.io/spring-boot/)
@@ -567,11 +567,11 @@ The following software have components provided under the terms of this license:
 - Spring Data Core (from https://repo1.maven.org/maven2/org/springframework/data/spring-data-commons)
 - Spring Data MongoDB - Core (from https://repo1.maven.org/maven2/org/springframework/data/spring-data-mongodb)
 - Spring Expression Language (SpEL) (from https://github.com/spring-projects/spring-framework)
- Spring JMS (from https://github.com/SpringSource/spring-framework)
+- Spring JMS (from https://github.com/spring-projects/spring-framework)
 - Spring Messaging (from https://github.com/spring-projects/spring-framework)
 - Spring Plugin - Metadata Extension (from https://repo1.maven.org/maven2/org/springframework/plugin/spring-plugin-metadata)
 - Spring Plugin Core (from https://repo1.maven.org/maven2/org/springframework/plugin/spring-plugin-core)
- Spring RabbitMQ Support (from https://github.com/spring-projects/spring-amqp)
+- Spring RabbitMQ Support (from https://projects.spring.io/spring-amqp)
 - Spring Retry (from https://www.springsource.org)
 - Spring Security - Core (from https://repo1.maven.org/maven2/org/springframework/security/spring-security-core)
 - Spring Security JWT Library (from https://github.com/spring-projects/spring-security-oauth)

--- a/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/util/RequestInfoImpl.java
+++ b/provider/indexer-gcp/src/main/java/org/opengroup/osdu/indexer/util/RequestInfoImpl.java
@@ -17,35 +17,29 @@

 package org.opengroup.osdu.indexer.util;

-import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
-import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
-import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import static org.opengroup.osdu.core.common.model.http.DpsHeaders.AUTHORIZATION;
+
 import com.google.common.base.Strings;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.util.Arrays;
+import java.util.Map;
 import java.util.logging.Level;
+import javax.inject.Inject;
 import lombok.extern.java.Log;
 import org.apache.http.HttpStatus;
 import org.opengroup.osdu.core.common.Constants;
-import org.opengroup.osdu.core.common.model.http.DpsHeaders;
-import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
+import org.opengroup.osdu.core.common.model.entitlements.AuthorizationResponse;
 import org.opengroup.osdu.core.common.model.http.AppException;
+import org.opengroup.osdu.core.common.model.http.DpsHeaders;
 import org.opengroup.osdu.core.common.model.search.DeploymentEnvironment;
-import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
+import org.opengroup.osdu.core.common.model.search.SearchServiceRole;
+import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
+import org.opengroup.osdu.core.common.provider.interfaces.IAuthorizationService;
 import org.opengroup.osdu.core.common.provider.interfaces.IRequestInfo;
-import org.opengroup.osdu.indexer.config.IndexerConfigurationProperties;
+import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
 import org.opengroup.osdu.core.gcp.model.CloudTaskHeaders;
-import org.springframework.beans.factory.annotation.Value;
+import org.opengroup.osdu.indexer.config.IndexerConfigurationProperties;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.annotation.RequestScope;

-import javax.inject.Inject;
-import java.util.Map;
-
-import static org.opengroup.osdu.core.common.model.http.DpsHeaders.AUTHORIZATION;
-

 @Log
 @Component
@@ -64,8 +58,8 @@ public class RequestInfoImpl implements IRequestInfo {
    @Inject
    private IndexerConfigurationProperties properties;

-    @Value("${indexer.que.service.mail}")
-    private String indexerQueServiceMail;
+    @Inject
+    private IAuthorizationService authorizationService;

    private static final String EXPECTED_CRON_HEADER_VALUE = "true";

@@ -106,39 +100,20 @@ public class RequestInfoImpl implements IRequestInfo {
    @Override
    public boolean isTaskQueueRequest() {
        if(this.dpsHeaders.getHeaders().containsKey(CloudTaskHeaders.CLOUD_TASK_QUEUE_NAME)){
-            log.log(Level.INFO,"Request acknowledged as Cloud task, proceeding token validation");
+            log.log(Level.INFO,"Request confirmed as cloud task, token validation in progress");
            return isCloudTaskRequest();
        }
        if(this.dpsHeaders.getHeaders().containsKey(CloudTaskHeaders.APPENGINE_TASK_QUEUE_NAME)){
-            log.log(Level.INFO,"Request acknowledged as AppEngine task, proceeding headers validation");
+            log.log(Level.INFO,"Request confirmed as AppEngine, headers validation in progress");
            return isAppEngineTaskRequest();
        }
        return false;
    }

    private boolean isCloudTaskRequest() {
-        log.log(Level.INFO,dpsHeaders.getHeaders().toString());
-        try {
-            GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(
-                GoogleNetHttpTransport.newTrustedTransport(), JacksonFactory.getDefaultInstance())
-                .setIssuers(Arrays.asList(
-                    "accounts.google.com", "https://accounts.google.com",
-                    "googleapis.com", "https://www.googleapis.com/auth/userinfo.profile"
-                    )
-                ).build();
-            String authorization = dpsHeaders.getAuthorization().replace("Bearer ", "");
-
-            GoogleIdToken googleIdToken = verifier.verify(authorization);
-            if(googleIdToken.getPayload().getEmail().equals(indexerQueServiceMail)){
-                return true;
-            }
-            log.log(Level.WARNING,"Token email doesn't match with variable \"indexer.que.service.mail\"");
-            return false;
-
-        } catch (GeneralSecurityException | IOException e) {
-            log.log(Level.WARNING,"Not valid or expired cloud task token provided");
-            return false;
-        }
+        AuthorizationResponse authResponse = authorizationService.authorizeAny(dpsHeaders, SearchServiceRole.ADMIN);
+        dpsHeaders.put(DpsHeaders.USER_EMAIL, authResponse.getUser());
+        return true;
    }

    private boolean isAppEngineTaskRequest(){