Add Azure implementation for security (files, resources and dependencies)

indexer-service-azure/pom.xml

@@ -18,27 +18,37 @@
 
     <properties>
         <azure.version>2.1.7</azure.version>
+        <azure.appservice.resourcegroup></azure.appservice.resourcegroup>
+        <azure.appservice.plan></azure.appservice.plan>
+        <azure.appservice.appname></azure.appservice.appname>
+        <azure.appservice.subscription></azure.appservice.subscription>
     </properties>
 
     <dependencies>
-        <dependency>
-            <groupId>org.opendes.indexer</groupId>
-            <artifactId>indexer-service-root</artifactId>
-            <version>1.0-SNAPSHOT</version>
-        </dependency>
-
         <dependency>
             <groupId>com.microsoft.azure</groupId>
             <artifactId>azure-active-directory-spring-boot-starter</artifactId>
             <version>${azure.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-jose</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.microsoft.azure</groupId>
             <artifactId>azure-cosmosdb-spring-boot-starter</artifactId>
             <version>${azure.version}</version>
         </dependency>
         <dependency>
-            <groupId>com.microsoft.azure</groupId >
+            <groupId>com.microsoft.azure</groupId>
             <artifactId>azure-storage-spring-boot-starter</artifactId>
             <version>${azure.version}</version>
         </dependency>
@@ -47,7 +57,46 @@
             <artifactId>azure-servicebus-spring-boot-starter</artifactId>
             <version>${azure.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>applicationinsights-logging-logback</artifactId>
+            <version>[2.0,)</version>
+        </dependency>
 
+        <dependency>
+            <groupId>org.opendes.indexer</groupId>
+            <artifactId>indexer-service-root</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>azure-active-directory-spring-boot-starter</artifactId>
+            <version>${azure.version}</version>
+        </dependency>
+
+        <!-- Key vault dependency-->
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>azure-keyvault-secrets-spring-boot-starter</artifactId>
+            <version>${azure.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>azure-keyvault</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.microsoft.azure</groupId>
+                    <artifactId>azure-client-runtime</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>azure-client-authentication</artifactId>
+        </dependency>
+     <!-- end KeyVault dependencies-->
     </dependencies>
 
     <build>

indexer-service-azure/src/main/java/org/opendes/indexer/azure/persistence/ElasticRepositoryCosmosDB.java

 package org.opendes.indexer.azure.persistence;
 
 import org.opendes.client.multitenancy.TenantInfo;
+import org.opendes.core.kms.IKmsClient;
 import org.opendes.core.model.ClusterSettings;
 import org.opendes.core.persistence.ElasticRepository;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 @Component
 public class ElasticRepositoryCosmosDB implements ElasticRepository {
+    static final String HOST = "host";
+    static final String PORT = "port";
+    static final String XPACK_RESTCLIENT_CONFIGURATION = "configuration";
+
+    @Autowired
+    private IKmsClient kmsClient;
+
     @Override
     public ClusterSettings getElasticClusterSettings(TenantInfo tenantInfo) {
         return null;

indexer-service-azure/src/main/java/org/opendes/indexer/azure/publish/PublisherImpl.java

@@ -33,12 +33,14 @@ import org.opendes.indexer.publish.IPublisher;
 import org.opendes.indexer.util.JobStatus;
 import org.reactivestreams.Publisher;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
 
 import java.lang.reflect.Type;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+@Component
 public class PublisherImpl implements IPublisher {
 
     private static final Map<String, Publisher> PUBSUB_CLIENTS = new HashMap<>();
@@ -50,14 +52,10 @@ public class PublisherImpl implements IPublisher {
             "                \"SharedAccessKey=km8Nscc0gf299Ck6npmM3D14VU5Tx1lJYRdlHcExIvY=";
 
 
-    @Autowired
-    private ITenantFactory tenantStorageFactory;
 
     @Override
     public void publishStatusChangedTagsToTopic(DpsHeaders headers, JobStatus indexerBatchStatus) throws Exception {
 
-        if (Config.getDeploymentEnvironment() == DeploymentEnvironment.LOCAL) ;
-
         String tenant = headers.getPartitionId();
         if (Strings.isNullOrEmpty(tenant))
             tenant = headers.getAccountId();

indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/AADSecurityConfig.java

+// Copyright © Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.opendes.indexer.azure.security;
+
+import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true)
+public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Autowired
+    private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+            .csrf().disable()
+            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
+            .and()
+            .authorizeRequests()
+                .antMatchers("/", "/index.html",
+                        "/v2/api-docs",
+                        "/configuration/ui",
+                        "/swagger-resources/**",
+                        "/configuration/security",
+                        "/swagger",
+                        "/swagger-ui.html",
+                        "/webjars/**").permitAll()
+                .anyRequest().authenticated()
+            .and()
+            .addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);
+    }
+}

indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/WhoamiController.java

+// Copyright © Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.opendes.indexer.azure.security;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+public class WhoamiController {
+    @RequestMapping(value = "/whoami")
+    @ResponseBody
+    public String whoami() {
+        final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+        String userName = auth.getName();
+        String roles = String.valueOf(auth.getAuthorities());
+        String details = String.valueOf(auth.getPrincipal());
+
+        return "user: " + userName + "<BR>" +
+                "roles: " + roles + "<BR>" +
+                "details: " + details + "<BR>";
+    }
+}

indexer-service-gcp/pom.xml

@@ -72,40 +72,12 @@
             <artifactId>appengine-gcs-client</artifactId>
             <version>0.8</version>
         </dependency>
-<!--        <dependency>-->
-<!--            <groupId>org.mockito</groupId>-->
-<!--            <artifactId>mockito-core</artifactId>-->
-<!--            <scope>test</scope>-->
-<!--        </dependency>-->
-<!--        <dependency>-->
-<!--            <groupId>junit</groupId>-->
-<!--            <artifactId>junit</artifactId>-->
-<!--            <scope>test</scope>-->
-<!--        </dependency>-->
-<!--        <dependency>-->
-<!--            <groupId>org.powermock</groupId>-->
-<!--            <artifactId>powermock-core</artifactId>-->
-<!--            <version>2.0.2</version>-->
-<!--            <scope>test</scope>-->
-<!--        </dependency>-->
-<!--        <dependency>-->
-<!--            <groupId>org.powermock</groupId>-->
-<!--            <artifactId>powermock-api-mockito2</artifactId>-->
-<!--            <version>2.0.2</version>-->
-<!--            <scope>test</scope>-->
-<!--        </dependency>-->
-<!--        <dependency>-->
-<!--            <groupId>org.springframework</groupId>-->
-<!--            <artifactId>spring-test</artifactId>-->
-<!--            <version>5.1.9.RELEASE</version>-->
-<!--            <scope>test</scope>-->
-<!--        </dependency>-->
-<!--        <dependency>-->
-<!--            <groupId>org.springframework</groupId>-->
-<!--            <artifactId>spring-test</artifactId>-->
-<!--            <version>5.1.9.RELEASE</version>-->
-<!--            <scope>test</scope>-->
-<!--        </dependency>-->
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>azure-spring-boot</artifactId>
+            <version>2.1.7</version>
+            <scope>compile</scope>
+        </dependency>
     </dependencies>
 
     <build>