Commit 70835dc1 authored by Anuj Gupta's avatar Anuj Gupta
Browse files

Merge branch 'impl-and-test-ibm' into 'master'

Merging IBM impl and initial test cases

See merge request !29
parents db016766 f12c9abb
Pipeline #19693 passed with stages
in 19 minutes and 7 seconds
......@@ -8,6 +8,9 @@ variables:
AZURE_BUILD_SUBDIR: provider/partition-azure
AZURE_TEST_SUBDIR: testing/partition-test-azure
IBM_BUILD_SUBDIR: provider/partition-ibm
IBM_INT_TEST_SUBDIR: testing/partition-test-ibm
include:
- project: "osdu/platform/ci-cd-pipelines"
......@@ -27,3 +30,6 @@ include:
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/azure.yml"
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/ibm.yml"
......@@ -317,7 +317,6 @@ The following software have components provided under the terms of this license:
- StAX (from http://stax.codehaus.org/)
- Stax2 API (from http://github.com/FasterXML/stax2-api)
- jaxen (from http://jaxen.codehaus.org/)
- oro (from )
========================================================================
BSD-3-Clause
......@@ -355,7 +354,7 @@ The following software have components provided under the terms of this license:
- jaxen (from http://jaxen.codehaus.org/)
========================================================================
CC-BY-3.0
CC-BY-2.5
========================================================================
The following software have components provided under the terms of this license:
......@@ -383,7 +382,6 @@ CDDL-1.0
========================================================================
The following software have components provided under the terms of this license:
- JavaBeans(TM) Activation Framework (from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp)
- JavaMail API (from )
- Servlet Specification 2.5 API (from )
- javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
......@@ -394,16 +392,23 @@ CDDL-1.1
The following software have components provided under the terms of this license:
- JavaBeans Activation Framework (from )
- JavaBeans(TM) Activation Framework (from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp)
- tomcat-embed-core (from http://tomcat.apache.org/)
========================================================================
EPL-1.0
CPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- JUnit (from http://junit.org)
- JUnit (from http://junit.org)
========================================================================
EPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- Logback Classic Module (from )
- Logback Core Module (from )
......@@ -600,7 +605,6 @@ The following software have components provided under the terms of this license:
- LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
- Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
- xml-apis (from )
========================================================================
SISSL-1.2
......@@ -648,8 +652,10 @@ The following software have components provided under the terms of this license:
- Project Lombok (from https://projectlombok.org)
- Project Lombok (from https://projectlombok.org)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- StAX API (from http://stax.codehaus.org/)
- msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
- reactive-streams (from http://www.reactive-streams.org/)
- xml-apis (from )
========================================================================
unknown
......@@ -657,6 +663,8 @@ unknown
The following software have components provided under the terms of this license:
- Byte Buddy (without dependencies) (from )
- JUnit (from http://junit.org)
- JUnit (from http://junit.org)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- JavaBeans Activation Framework API jar (from )
- JavaMail API (from )
......
......@@ -92,6 +92,7 @@
<module>partition-core</module>
<module>provider/partition-azure</module>
<module>provider/partition-aws</module>
<module>provider/partition-ibm</module>
</modules>
<profiles>
......@@ -133,6 +134,18 @@
<modules>
<module>provider/partition-aws</module>
</modules>
</profile>
<profile>
<id>partition-ibm</id>
<activation>
<property>
<name>env</name>
<value>partition-ibm</value>
</property>
</activation>
<modules>
<module>provider/partition-ibm</module>
</modules>
</profile>
<profile>
<id>Default</id>
......
<?xml version="1.0" encoding="UTF-8"?>
<!--
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>partition</artifactId>
<groupId>org.opengroup.osdu</groupId>
<version>1.0.0</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>partition-ibm</artifactId>
<version>1.0.0</version>
<description>Partition service on IBM</description>
<packaging>jar</packaging>
<properties>
<aws.version>1.11.637</aws.version>
</properties>
<dependencies>
<!-- Internal packages -->
<!-- <dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
</dependency> -->
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-lib-ibm</artifactId>
<version>0.3.8-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>partition-core</artifactId>
<version>1.0.0</version>
</dependency>
<!-- Third party Apache 2.0 license packages -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-commons</artifactId>
<version>2.1.10.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
<version>1</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<!-- Testing packages -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>2.25.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-module-junit4</artifactId>
<version>2.0.2</version>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito2</artifactId>
<version>2.0.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.mockito</groupId>
<artifactId>mockito-all</artifactId>
</exclusion>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
<configuration>
<classifier>spring-boot</classifier>
<mainClass>org.opengroup.osdu.partition.provider.ibm.PartitionApplication</mainClass>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
@ComponentScan({"org.opengroup.osdu"})
@SpringBootApplication
public class PartitionApplication {
public static void main(String[] args) {
SpringApplication.run(PartitionApplication.class, args);
}
}
\ No newline at end of file
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm.cache;
import org.opengroup.osdu.core.common.model.entitlements.Groups;
import org.opengroup.osdu.core.common.cache.VmCache;
import org.springframework.stereotype.Component;
@Component
public class GroupCache extends VmCache<String, Groups> {
public GroupCache() {
super(30, 1000);
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm.cache;
import java.util.List;
import javax.annotation.Resource;
import org.opengroup.osdu.core.common.cache.ICache;
import org.opengroup.osdu.partition.provider.interfaces.IPartitionServiceCache;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
@Service
@Qualifier("partitionListCache")
public class PartitionListCacheImpl implements IPartitionServiceCache<String, List<String>> {
@Autowired
@Qualifier("partitionListCache")
private ICache<String, List<String>> cache;
@Override
public void put(String s, List<String> o) {
this.cache.put(s, o);
}
@Override
public List<String> get(String s) {
return this.cache.get(s);
}
@Override
public void delete(String s) {
this.cache.delete(s);
}
@Override
public void clearAll() {
this.cache.clearAll();
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm.cache;
import org.opengroup.osdu.core.common.cache.ICache;
import org.opengroup.osdu.partition.model.PartitionInfo;
import org.opengroup.osdu.partition.provider.interfaces.IPartitionServiceCache;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
@Service
@Qualifier("partitionServiceCache")
public class PartitionServiceCacheImpl implements IPartitionServiceCache<String, PartitionInfo> {
@Autowired
@Qualifier("partitionServiceCache")
private ICache<String, PartitionInfo> cache;
@Override
public void put(String s, PartitionInfo o) {
this.cache.put(s, o);
}
@Override
public PartitionInfo get(String s) {
return this.cache.get(s);
}
@Override
public void delete(String s) {
this.cache.delete(s);
}
@Override
public void clearAll() {
this.cache.clearAll();
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm.cache;
import java.util.List;
import org.opengroup.osdu.core.common.cache.VmCache;
import org.opengroup.osdu.partition.model.PartitionInfo;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class VmCacheConfiguration {
@Bean(name = "partitionListCache")
public VmCache<String, List<String>> partitionListCache(@Value("${cache.expiration}") final int expiration,
@Value("${cache.maxSize}") final int maxSize) {
return new VmCache<>(expiration * 60, maxSize);
}
@Bean(name ="partitionServiceCache")
public VmCache<String, PartitionInfo> partitionServiceCache(@Value("${cache.expiration}") final int expiration,
@Value("${cache.maxSize}") final int maxSize) {
return new VmCache<>(expiration * 60, maxSize);
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm.model;
import org.opengroup.osdu.partition.model.PartitionInfo;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class PartitionDoc {
private String _id;
private String _rev;
PartitionInfo partitionInfo;
public PartitionDoc(String partitionId, PartitionInfo partitionInfo) {
this._id = partitionId;
this.partitionInfo = partitionInfo;
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm.security;
import org.opengroup.osdu.core.common.entitlements.IEntitlementsAndCacheService;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.RequestScope;
@Component
@RequestScope
public class AuthorizationService implements IAuthorizationService {
public static final String PARTITION_ADMIN_ROLE = "service.partition.admin";
@Autowired
private IEntitlementsAndCacheService entitlementsAndCacheService;
@Autowired
private DpsHeaders headers;
@Override
public boolean isDomainAdminServiceAccount() {
try {
return hasRole(PARTITION_ADMIN_ROLE);
}
catch (AppException e) {
throw e;
}
catch (Exception e) {
throw new AppException(HttpStatus.INTERNAL_SERVER_ERROR.value(), "Authentication Failure", e.getMessage(), e);
}
}
private boolean hasRole(String requiredRole) {
//headers.put(DpsHeaders.DATA_PARTITION_ID, PARTITION_NAME);
String user = entitlementsAndCacheService.authorize(headers, requiredRole);
headers.put(DpsHeaders.USER_EMAIL, user);
return true;
}
}
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm.security;
import org.apache.http.HttpStatus;
import org.opengroup.osdu.core.common.model.entitlements.Acl;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.opengroup.osdu.core.common.cache.ICache;
import org.opengroup.osdu.core.common.model.storage.RecordMetadata;
import org.opengroup.osdu.core.common.util.Crc32c;
import org.opengroup.osdu.core.common.model.entitlements.EntitlementsException;
import org.opengroup.osdu.core.common.model.entitlements.Groups;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.http.HttpResponse;
import org.opengroup.osdu.core.common.entitlements.IEntitlementsFactory;
import org.opengroup.osdu.core.common.entitlements.IEntitlementsService;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.opengroup.osdu.core.common.entitlements.IEntitlementsAndCacheService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@Service
public class EntitlementsAndCacheServiceImpl implements IEntitlementsAndCacheService {
private static final String ERROR_REASON = "Access denied";
private static final String ERROR_MSG = "The user is not authorized to perform this action";
@Autowired
private IEntitlementsFactory factory;
@Autowired
private ICache<String, Groups> cache;
@Autowired
private JaxRsDpsLog logger;
@Override
public String authorize(DpsHeaders headers, String... roles) {
Groups groups = this.getGroups(headers);
if (groups.any(roles)) {
return groups.getDesId();
} else {
throw new AppException(HttpStatus.SC_UNAUTHORIZED, ERROR_REASON, ERROR_MSG);
}
}
@Override
public boolean isValidAcl(DpsHeaders headers, Set<String> acls) {
Groups groups = this.getGroups(headers);
if (groups.getGroups() == null || groups.getGroups().isEmpty()) {
this.logger.error("Error on getting groups for user: " + headers.getUserEmail());
throw new AppException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "Unknown error",
"Unknown error happened when validating ACL");
}
String email = groups.getGroups().get(0).getEmail();
if (!email.matches("^[a-zA-Z0-9_+&*-]+(?:\\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,7}$")) {
this.logger.error("Email address is invalid for this group: " + groups.getGroups().get(0));
throw new AppException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "Unknown error",
"Unknown error happened when validating ACL");
}
String domain = email.split("@")[1];
for (String acl : acls) {
if (!acl.split("@")[1].equalsIgnoreCase(domain)) {
return false;
}
}
return true;
}
@Override
public boolean hasOwnerAccess(DpsHeaders headers, String[] ownerList) {
Groups groups = this.getGroups(headers);
Set<String> aclList = new HashSet<>();
for (String owner : ownerList) {