Skip to content

Partition ddp change master

Himanshu Kumrawat requested to merge delete-dp-master into master

ADR: Partition API Access authorization modification (#36) · Issues · Open Subsurface Data Universe Software / Platform / System / Partition · GitLab (opengroup.org)

service APIs are modified to restrict their access based on their operation.

Common authorization functionality hasPermissions is added with extra parameter from PartitionOperations containing indication to the API operation for authorization.

The check is made dependent on flag enable.crud.based.authorization . It can be set to true and verified in the provided implementation.

If the above flag is enabled by Azure, the Create/Patch/Delete calls will be forbidden on security-token generated using all the non-customer apps. Only the tokens with customer appid's are allowed to perform CRUD operations.

For non-azure CSP same check will work as before with or without the flag is set.

Testing for partition changes

Trusted pipeline run succeeded:

Pipeline · OSDU Software / OSDU Data Platform / System / Partition · GitLab (opengroup.org)

Before Changes:

Using non MSI token: GET allowed:

m1.pngLIST allowed:

m2.png

CREATE allowed:

m3.png

DELETE allowed:

m4.png

PATCH allowed:

m5.png

After Changes:

  1. For Non MSI/Admin Token:

GET allowed:

m6.png

LIST allowed:

m7.png

CREATE not allowed:

m15.png

PATCH not allowed:

m8.png

DELETE not allowed

m9.png

  1. With Admin/MSI Token:

GET allowed.

m10.png

CREATE allowed.

m11.png

LIST allowed.

m12.png

DELETE allowed.

m14.png

PATCH allowed.

m17.png

Integration Tests:image.png

Edited by Himanshu Kumrawat

Merge request reports