Merge branch 'gcp-extend-anthn-service-add-nimbus-universal-validator' into 'master'

Gcp extend anthn service add nimbus universal validator (GONRG-4056) See merge request !140

Merge branch 'gcp-extend-anthn-service-add-nimbus-universal-validator' into 'master'
fa30df33 · Riabokon Stanislav(EPAM)[GCP] · 689c044f · 475325dd · fa30df33 · fa30df33
Commit fa30df33 authored 3 years ago by Riabokon Stanislav(EPAM)[GCP]
--- a/provider/partition-gcp/README.md
+++ b/provider/partition-gcp/README.md
@@ -81,6 +81,7 @@ In order to run the service locally or remotely, you will need to have the follo
 | `osm.postgres.url` | ex `jdbc:postgresql://127.0.0.1:5432/postgres` | Postgres server URL | no | - |
 | `osm.postgres.username` | ex `postgres` | Postgres admin username | no | - |
 | `osm.postgres.password` | ex `postgres` | Postgres admin password | yes | - |
+| `ENVIRONMENT` | `gcp` or `anthos` | If `anthos` then authorization is disabled | no | - |

 ## Configuring mappers' Datasources


--- a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AnthosAuthorizationService.java
+++ b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AnthosAuthorizationService.java
+/*
+  Copyright 2002-2022 Google LLC
+  Copyright 2002-2022 EPAM Systems, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+package org.opengroup.osdu.partition.provider.gcp.security;
+
+import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.annotation.RequestScope;
+
+@Component
+@RequestScope
+@ConditionalOnProperty(name = "environment", havingValue = "anthos")
+public class AnthosAuthorizationService implements IAuthorizationService {
+
+  @Override
+  public boolean isDomainAdminServiceAccount() {
+    return true;
+  }
+}
--- a/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AuthorizationService.java
+++ b/provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/AuthorizationService.java
@@ -28,6 +28,7 @@ import org.opengroup.osdu.core.common.model.http.AppException;
 import org.opengroup.osdu.core.common.model.http.DpsHeaders;
 import org.opengroup.osdu.partition.provider.gcp.config.PropertiesConfiguration;
 import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.annotation.RequestScope;

@@ -35,7 +36,8 @@ import org.springframework.web.context.annotation.RequestScope;
 @Component
 @RequestScope
 @RequiredArgsConstructor
-public class AuthorizationService implements IAuthorizationService {
+@ConditionalOnProperty(name = "environment", havingValue = "gcp")
+public class GcpAuthorizationService implements IAuthorizationService {

  private final PropertiesConfiguration configuration;


--- a/provider/partition-gcp/src/main/resources/application-osm-postgres.properties
+++ b/provider/partition-gcp/src/main/resources/application-osm-postgres.properties
@@ -24,6 +24,7 @@ springfox.documentation.swagger.v2.path=/api-docs
 authorize-api=https://os-entitlements-gcp-jvmvia5dea-uc.a.run.app/entitlements/v1
 spring.cloud.gcp.datastore.namespace=${partition-namespace}
 #ACCEPT_HTTP=true
+environment=gcp

 cache-expiration=1
 cache-maxSize=1000

--- a/provider/partition-gcp/src/main/resources/application.properties
+++ b/provider/partition-gcp/src/main/resources/application.properties
@@ -24,6 +24,7 @@ springfox.documentation.swagger.v2.path=/api-docs
 authorize-api=https://os-entitlements-gcp-jvmvia5dea-uc.a.run.app/entitlements/v1
 spring.cloud.gcp.datastore.namespace=${partition-namespace}
 #ACCEPT_HTTP=true
+environment=gcp

 cache-expiration=1
 cache-maxSize=1000

--- a/provider/partition-gcp/src/test/java/org/opengroup/osdu/partition/provider/gcp/security/AuthorizationServiceTest.java
+++ b/provider/partition-gcp/src/test/java/org/opengroup/osdu/partition/provider/gcp/security/AuthorizationServiceTest.java
@@ -44,7 +44,7 @@ import org.opengroup.osdu.core.common.model.http.DpsHeaders;
 import org.opengroup.osdu.partition.provider.gcp.config.PropertiesConfiguration;

 @RunWith(Theories.class)
-public class AuthorizationServiceTest {
+public class GcpAuthorizationServiceTest {

    private final String token = "abc";

@@ -87,7 +87,7 @@ public class AuthorizationServiceTest {
    private Payload payload = new Payload();

    @InjectMocks
-    private AuthorizationService authorizationService;
+    private GcpAuthorizationService gcpAuthorizationService;

    @Before
    public void setUp() throws GeneralSecurityException, IOException {
@@ -103,25 +103,25 @@ public class AuthorizationServiceTest {
    @Test
    public void testProvidedInConfigAdminAccountShouldReturnTrue() {
        payload.setEmail("service.account@project-id.iam.gserviceaccount.com");
-        assertTrue(authorizationService.isDomainAdminServiceAccount());
+        assertTrue(gcpAuthorizationService.isDomainAdminServiceAccount());
    }

    @Test(expected = AppException.class)
    public void testNotProvidedInConfigAdminAccountShouldThrowException() {
        payload.setEmail("user@google.com");
-        authorizationService.isDomainAdminServiceAccount();
+        gcpAuthorizationService.isDomainAdminServiceAccount();
    }

    @Theory
    public void testProvidedInConfigPatternShouldReturnTrue(@FromDataPoints("VALID_ACCOUNTS") String account) {
        payload.setEmail(account);
-        assertTrue(authorizationService.isDomainAdminServiceAccount());
+        assertTrue(gcpAuthorizationService.isDomainAdminServiceAccount());
    }

    @Theory
    public void testNotProvidedInConfigPatternShouldReturnTrue(@FromDataPoints("NOT_VALID_ACCOUNTS") String account) {
        exceptionRule.expect(AppException.class);
        payload.setEmail(account);
-        authorizationService.isDomainAdminServiceAccount();
+        gcpAuthorizationService.isDomainAdminServiceAccount();
    }
 }
\ No newline at end of file