Partition merge requestshttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests2023-10-19T15:41:47Zhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/472Draft: Gonrg 7849 system partition for community and pre ship2023-10-19T15:41:47ZDanylo Vanin (EPAM)Draft: Gonrg 7849 system partition for community and pre shipDanylo Vanin (EPAM)Danylo Vanin (EPAM)https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/476Partition ddp change master2024-01-16T19:05:24ZHimanshu KumrawatPartition ddp change masterADR: [Partition API Access authorization modification (#36) · Issues · Open Subsurface Data Universe Software / Platform / System / Partition · GitLab (opengroup.org)](https://community.opengroup.org/osdu/platform/system/partition/-/issu...ADR: [Partition API Access authorization modification (#36) · Issues · Open Subsurface Data Universe Software / Platform / System / Partition · GitLab (opengroup.org)](https://community.opengroup.org/osdu/platform/system/partition/-/issues/36 "ADR: Partition API Access authorization modification")
service APIs are modified to restrict their access based on their operation.
Common authorization functionality `hasPermissions` is added with extra parameter from `PartitionOperations` containing indication to the API operation for authorization.
The check is made dependent on flag `enable.crud.based.authorization` . It can be set to true and verified in the provided implementation.
If the above flag is enabled by Azure, the Create/Patch/Delete calls will be forbidden on security-token generated using all the non-customer apps. Only the tokens with customer appid's are allowed to perform CRUD operations.
For non-azure CSP same check will work as before with or without the flag is set.
Testing for partition changes
Trusted pipeline run succeeded:
[Pipeline · OSDU Software / OSDU Data Platform / System / Partition · GitLab (opengroup.org)](https://community.opengroup.org/osdu/platform/system/partition/-/pipelines/237014)
**Before Changes:**
Using non MSI token: GET allowed:
![m1.png](/uploads/7d154788b28cd13127703a8c6ad23486/m1.png)LIST allowed:
![m2.png](/uploads/34a5f20220b72623a3bcf08a4152c38f/m2.png)
CREATE allowed:
![m3.png](/uploads/bc31a7dc3b562750d37aafa22f63e517/m3.png)
DELETE allowed:
![m4.png](/uploads/588c1290cebeb90025060e1cb788fc04/m4.png)
PATCH allowed:
![m5.png](/uploads/d98c6a4dd8b567a8797db60023b1502a/m5.png)
**After Changes:**
1. **For Non MSI/Admin Token:**
GET allowed:
![m6.png](/uploads/81dd866e0070bccfeff738fdf488d70e/m6.png)
LIST allowed:
![m7.png](/uploads/20fe4589f6688def0d9e23dd788a73bd/m7.png)
CREATE not allowed:
![m15.png](/uploads/2318b39ee2d8d7231d432c513f0a6de9/m15.png)
PATCH not allowed:
![m8.png](/uploads/ea37ddda810ade4d4b9d8a32e6f1ef4b/m8.png)
DELETE not allowed
![m9.png](/uploads/244975305a96ae4b9ba492a41605edad/m9.png)
2. **With Admin/MSI Token:**
GET allowed.
![m10.png](/uploads/952f88f1d03d04e309dc8ce04ebae82b/m10.png)
CREATE allowed.
![m11.png](/uploads/c2db2228e14b55e03f95907ee82b9be4/m11.png)
LIST allowed.
![m12.png](/uploads/fbbbd4c9ced5296d9cf70fa6c91b9881/m12.png)
DELETE allowed.
![m14.png](/uploads/34455c6989afe0130a7b88ddca67eab6/m14.png)
PATCH allowed.
![m17.png](/uploads/fb00fbfba6d583ea683ae79ccc5b3d12/m17.png)
Integration Tests:![image.png](/uploads/f399395f5f38b793932c0526e3dfb23f/image.png)M23 - Release 0.26Himanshu KumrawatHimanshu Kumrawathttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/519Version Bumps2024-02-26T01:39:15ZDaniel SchollVersion BumpsThis MR bumps versions.This MR bumps versions.Daniel SchollDaniel Schollhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/524Aws upgrade aws lib2024-03-11T14:09:44ZDerek HudsonAws upgrade aws libM23 - Release 0.26Derek HudsonDerek Hudsonhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/529System\Shared Tenant Api2024-03-25T13:55:20ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comSystem\Shared Tenant Api# Description:
ADR: https://community.opengroup.org/osdu/platform/system/partition/-/issues/49
- Added new API to formalize system tenant.
- Updated behavior of existing API to forbid system tenant management via regular API.
- Updated...# Description:
ADR: https://community.opengroup.org/osdu/platform/system/partition/-/issues/49
- Added new API to formalize system tenant.
- Updated behavior of existing API to forbid system tenant management via regular API.
- Updated open API docs.
- The new API is implemented in a non-disruptive manner and controlled via the property `SYSTEM_TENANT_API=true`. The open API documentation will show the new API only if it is enabled. The existing API will function as usual when disabled.
- Shared tenant name can be configured.
API controlled via properties:
~~~
SYSTEM_PARTITION_ID: "system"
SYSTEM_TENANT_API: "true"
~~~
# How to test:
via HTTP requests:
~~~
curl --location '127.0.0.1:8080/api/partition/v1/partition/system
~~~
# Changes include:
- [ ] Refactor (a non-breaking change that improves code maintainability).
- [ ] Bugfix (a non-breaking change that solves an issue).
- [x] New feature (a non-breaking change that adds functionality).
- [ ] Breaking change (a change that is not backward-compatible and/or changes current functionality).
# Changes in:
- [x] Common code
# Dev Checklist:
- [x] Added Unit Tests, wherever applicable.
- [x] Updated the Readme, if applicable.
- [x] Existing Tests pass
- [x] Verified functionality locally
- [x] Self Reviewed my code for formatting and complex business logic.M24 - Release 0.27Rustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/532Draft: Gonrg 9406 upd bootstrap2024-03-19T19:55:48ZAliaksandr Ramanovich (EPAM)Draft: Gonrg 9406 upd bootstrapUpdate bootstrap for gc baremetal environmentUpdate bootstrap for gc baremetal environmentM23 - Release 0.26Aliaksandr Ramanovich (EPAM)Aliaksandr Ramanovich (EPAM)https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/533Draft: [GONRG-9484]: Unblock GET request without token in core-plus environment2024-03-27T13:44:22ZMykola Ronik [EPAM / GCP]Draft: [GONRG-9484]: Unblock GET request without token in core-plus environmentMykola Ronik [EPAM / GCP]Mykola Ronik [EPAM / GCP]