From e2a69ff92f4d6e67ef78e87f72e7458fa0db9c32 Mon Sep 17 00:00:00 2001
From: helayoty <hebaelayoty@gmail.com>
Date: Tue, 24 Sep 2019 22:06:20 -0700
Subject: [PATCH] Add Azure implementation for security (files, resources and
dependencies)
---
indexer-service-azure/pom.xml | 63 ++++++++++++++++---
.../ElasticRepositoryCosmosDB.java | 9 +++
.../indexer/azure/publish/PublisherImpl.java | 6 +-
.../azure/security/AADSecurityConfig.java | 51 +++++++++++++++
.../azure/security/WhoamiController.java | 38 +++++++++++
indexer-service-gcp/pom.xml | 40 ++----------
6 files changed, 162 insertions(+), 45 deletions(-)
create mode 100644 indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/AADSecurityConfig.java
create mode 100644 indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/WhoamiController.java
diff --git a/indexer-service-azure/pom.xml b/indexer-service-azure/pom.xml
index 438bda1b1..3772d0ac5 100644
--- a/indexer-service-azure/pom.xml
+++ b/indexer-service-azure/pom.xml
@@ -18,27 +18,37 @@
<properties>
<azure.version>2.1.7</azure.version>
+ <azure.appservice.resourcegroup></azure.appservice.resourcegroup>
+ <azure.appservice.plan></azure.appservice.plan>
+ <azure.appservice.appname></azure.appservice.appname>
+ <azure.appservice.subscription></azure.appservice.subscription>
</properties>
<dependencies>
- <dependency>
- <groupId>org.opendes.indexer</groupId>
- <artifactId>indexer-service-root</artifactId>
- <version>1.0-SNAPSHOT</version>
- </dependency>
-
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-active-directory-spring-boot-starter</artifactId>
<version>${azure.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-client</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-jose</artifactId>
+ </dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-cosmosdb-spring-boot-starter</artifactId>
<version>${azure.version}</version>
</dependency>
<dependency>
- <groupId>com.microsoft.azure</groupId >
+ <groupId>com.microsoft.azure</groupId>
<artifactId>azure-storage-spring-boot-starter</artifactId>
<version>${azure.version}</version>
</dependency>
@@ -47,7 +57,46 @@
<artifactId>azure-servicebus-spring-boot-starter</artifactId>
<version>${azure.version}</version>
</dependency>
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>applicationinsights-logging-logback</artifactId>
+ <version>[2.0,)</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendes.indexer</groupId>
+ <artifactId>indexer-service-root</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+
+
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>azure-active-directory-spring-boot-starter</artifactId>
+ <version>${azure.version}</version>
+ </dependency>
+
+ <!-- Key vault dependency-->
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>azure-keyvault-secrets-spring-boot-starter</artifactId>
+ <version>${azure.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>azure-keyvault</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>azure-client-runtime</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>azure-client-authentication</artifactId>
+ </dependency>
+ <!-- end KeyVault dependencies-->
</dependencies>
<build>
diff --git a/indexer-service-azure/src/main/java/org/opendes/indexer/azure/persistence/ElasticRepositoryCosmosDB.java b/indexer-service-azure/src/main/java/org/opendes/indexer/azure/persistence/ElasticRepositoryCosmosDB.java
index e52e5b536..c515e6fdb 100644
--- a/indexer-service-azure/src/main/java/org/opendes/indexer/azure/persistence/ElasticRepositoryCosmosDB.java
+++ b/indexer-service-azure/src/main/java/org/opendes/indexer/azure/persistence/ElasticRepositoryCosmosDB.java
@@ -1,12 +1,21 @@
package org.opendes.indexer.azure.persistence;
import org.opendes.client.multitenancy.TenantInfo;
+import org.opendes.core.kms.IKmsClient;
import org.opendes.core.model.ClusterSettings;
import org.opendes.core.persistence.ElasticRepository;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
public class ElasticRepositoryCosmosDB implements ElasticRepository {
+ static final String HOST = "host";
+ static final String PORT = "port";
+ static final String XPACK_RESTCLIENT_CONFIGURATION = "configuration";
+
+ @Autowired
+ private IKmsClient kmsClient;
+
@Override
public ClusterSettings getElasticClusterSettings(TenantInfo tenantInfo) {
return null;
diff --git a/indexer-service-azure/src/main/java/org/opendes/indexer/azure/publish/PublisherImpl.java b/indexer-service-azure/src/main/java/org/opendes/indexer/azure/publish/PublisherImpl.java
index d02b69859..14d01d343 100644
--- a/indexer-service-azure/src/main/java/org/opendes/indexer/azure/publish/PublisherImpl.java
+++ b/indexer-service-azure/src/main/java/org/opendes/indexer/azure/publish/PublisherImpl.java
@@ -33,12 +33,14 @@ import org.opendes.indexer.publish.IPublisher;
import org.opendes.indexer.util.JobStatus;
import org.reactivestreams.Publisher;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
import java.lang.reflect.Type;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+@Component
public class PublisherImpl implements IPublisher {
private static final Map<String, Publisher> PUBSUB_CLIENTS = new HashMap<>();
@@ -50,14 +52,10 @@ public class PublisherImpl implements IPublisher {
" \"SharedAccessKey=km8Nscc0gf299Ck6npmM3D14VU5Tx1lJYRdlHcExIvY=";
- @Autowired
- private ITenantFactory tenantStorageFactory;
@Override
public void publishStatusChangedTagsToTopic(DpsHeaders headers, JobStatus indexerBatchStatus) throws Exception {
- if (Config.getDeploymentEnvironment() == DeploymentEnvironment.LOCAL) ;
-
String tenant = headers.getPartitionId();
if (Strings.isNullOrEmpty(tenant))
tenant = headers.getAccountId();
diff --git a/indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/AADSecurityConfig.java b/indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/AADSecurityConfig.java
new file mode 100644
index 000000000..409f2372d
--- /dev/null
+++ b/indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/AADSecurityConfig.java
@@ -0,0 +1,51 @@
+// Copyright © Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.opendes.indexer.azure.security;
+
+import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true)
+public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
+ @Autowired
+ private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http
+ .csrf().disable()
+ .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
+ .and()
+ .authorizeRequests()
+ .antMatchers("/", "/index.html",
+ "/v2/api-docs",
+ "/configuration/ui",
+ "/swagger-resources/**",
+ "/configuration/security",
+ "/swagger",
+ "/swagger-ui.html",
+ "/webjars/**").permitAll()
+ .anyRequest().authenticated()
+ .and()
+ .addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);
+ }
+}
diff --git a/indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/WhoamiController.java b/indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/WhoamiController.java
new file mode 100644
index 000000000..8a9ca2a44
--- /dev/null
+++ b/indexer-service-azure/src/main/java/org/opendes/indexer/azure/security/WhoamiController.java
@@ -0,0 +1,38 @@
+// Copyright © Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.opendes.indexer.azure.security;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+public class WhoamiController {
+ @RequestMapping(value = "/whoami")
+ @ResponseBody
+ public String whoami() {
+ final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+ String userName = auth.getName();
+ String roles = String.valueOf(auth.getAuthorities());
+ String details = String.valueOf(auth.getPrincipal());
+
+ return "user: " + userName + "<BR>" +
+ "roles: " + roles + "<BR>" +
+ "details: " + details + "<BR>";
+ }
+}
diff --git a/indexer-service-gcp/pom.xml b/indexer-service-gcp/pom.xml
index 6ae5356c0..646be6765 100644
--- a/indexer-service-gcp/pom.xml
+++ b/indexer-service-gcp/pom.xml
@@ -72,40 +72,12 @@
<artifactId>appengine-gcs-client</artifactId>
<version>0.8</version>
</dependency>
-<!-- <dependency>-->
-<!-- <groupId>org.mockito</groupId>-->
-<!-- <artifactId>mockito-core</artifactId>-->
-<!-- <scope>test</scope>-->
-<!-- </dependency>-->
-<!-- <dependency>-->
-<!-- <groupId>junit</groupId>-->
-<!-- <artifactId>junit</artifactId>-->
-<!-- <scope>test</scope>-->
-<!-- </dependency>-->
-<!-- <dependency>-->
-<!-- <groupId>org.powermock</groupId>-->
-<!-- <artifactId>powermock-core</artifactId>-->
-<!-- <version>2.0.2</version>-->
-<!-- <scope>test</scope>-->
-<!-- </dependency>-->
-<!-- <dependency>-->
-<!-- <groupId>org.powermock</groupId>-->
-<!-- <artifactId>powermock-api-mockito2</artifactId>-->
-<!-- <version>2.0.2</version>-->
-<!-- <scope>test</scope>-->
-<!-- </dependency>-->
-<!-- <dependency>-->
-<!-- <groupId>org.springframework</groupId>-->
-<!-- <artifactId>spring-test</artifactId>-->
-<!-- <version>5.1.9.RELEASE</version>-->
-<!-- <scope>test</scope>-->
-<!-- </dependency>-->
-<!-- <dependency>-->
-<!-- <groupId>org.springframework</groupId>-->
-<!-- <artifactId>spring-test</artifactId>-->
-<!-- <version>5.1.9.RELEASE</version>-->
-<!-- <scope>test</scope>-->
-<!-- </dependency>-->
+ <dependency>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>azure-spring-boot</artifactId>
+ <version>2.1.7</version>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
<build>
--
GitLab