Partition merge requestshttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests2024-01-16T19:05:24Zhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/476Partition ddp change master2024-01-16T19:05:24ZHimanshu KumrawatPartition ddp change masterADR: [Partition API Access authorization modification (#36) · Issues · Open Subsurface Data Universe Software / Platform / System / Partition · GitLab (opengroup.org)](https://community.opengroup.org/osdu/platform/system/partition/-/issu...ADR: [Partition API Access authorization modification (#36) · Issues · Open Subsurface Data Universe Software / Platform / System / Partition · GitLab (opengroup.org)](https://community.opengroup.org/osdu/platform/system/partition/-/issues/36 "ADR: Partition API Access authorization modification")
service APIs are modified to restrict their access based on their operation.
Common authorization functionality `hasPermissions` is added with extra parameter from `PartitionOperations` containing indication to the API operation for authorization.
The check is made dependent on flag `enable.crud.based.authorization` . It can be set to true and verified in the provided implementation.
If the above flag is enabled by Azure, the Create/Patch/Delete calls will be forbidden on security-token generated using all the non-customer apps. Only the tokens with customer appid's are allowed to perform CRUD operations.
For non-azure CSP same check will work as before with or without the flag is set.
Testing for partition changes
Trusted pipeline run succeeded:
[Pipeline · OSDU Software / OSDU Data Platform / System / Partition · GitLab (opengroup.org)](https://community.opengroup.org/osdu/platform/system/partition/-/pipelines/237014)
**Before Changes:**
Using non MSI token: GET allowed:
![m1.png](/uploads/7d154788b28cd13127703a8c6ad23486/m1.png)LIST allowed:
![m2.png](/uploads/34a5f20220b72623a3bcf08a4152c38f/m2.png)
CREATE allowed:
![m3.png](/uploads/bc31a7dc3b562750d37aafa22f63e517/m3.png)
DELETE allowed:
![m4.png](/uploads/588c1290cebeb90025060e1cb788fc04/m4.png)
PATCH allowed:
![m5.png](/uploads/d98c6a4dd8b567a8797db60023b1502a/m5.png)
**After Changes:**
1. **For Non MSI/Admin Token:**
GET allowed:
![m6.png](/uploads/81dd866e0070bccfeff738fdf488d70e/m6.png)
LIST allowed:
![m7.png](/uploads/20fe4589f6688def0d9e23dd788a73bd/m7.png)
CREATE not allowed:
![m15.png](/uploads/2318b39ee2d8d7231d432c513f0a6de9/m15.png)
PATCH not allowed:
![m8.png](/uploads/ea37ddda810ade4d4b9d8a32e6f1ef4b/m8.png)
DELETE not allowed
![m9.png](/uploads/244975305a96ae4b9ba492a41605edad/m9.png)
2. **With Admin/MSI Token:**
GET allowed.
![m10.png](/uploads/952f88f1d03d04e309dc8ce04ebae82b/m10.png)
CREATE allowed.
![m11.png](/uploads/c2db2228e14b55e03f95907ee82b9be4/m11.png)
LIST allowed.
![m12.png](/uploads/fbbbd4c9ced5296d9cf70fa6c91b9881/m12.png)
DELETE allowed.
![m14.png](/uploads/34455c6989afe0130a7b88ddca67eab6/m14.png)
PATCH allowed.
![m17.png](/uploads/fb00fbfba6d583ea683ae79ccc5b3d12/m17.png)
Integration Tests:![image.png](/uploads/f399395f5f38b793932c0526e3dfb23f/image.png)M23 - Release 0.26Himanshu KumrawatHimanshu Kumrawat