Ibm implementation

e142b4a7 · Walter D · Anuj Gupta · 7737952c · e142b4a7 · e142b4a7
Commit e142b4a7 authored 4 years ago by Walter D Committed by Anuj Gupta 4 years ago
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,10 @@ variables:
  AWS_SERVICE: crs-conversion
  AWS_ENVIRONMENT: dev
  AWS_INT_TEST_TYPE: python
+
+  IBM_BUILD_SUBDIR: provider/crs-converter-ibm/crs-converter-ocp
+  IBM_INT_TEST_PY_SUBDIR: testing/crs_converter_test_ibm
+  IBM_INT_TEST_PY_FILE: run_test.py
  
 include:
  - project: "osdu/platform/ci-cd-pipelines"
@@ -22,4 +26,7 @@ include:
  
  - project: "osdu/platform/ci-cd-pipelines"
    file: "cloud-providers/aws.yml"
+    
+  - project: "osdu/platform/ci-cd-pipelines"
+    file: "cloud-providers/ibm.yml"
 
\ No newline at end of file
--- a/pom.xml
+++ b/pom.xml
@@ -45,6 +45,7 @@
        <module>provider/crs-converter-gcp/crs-converter-gae</module>
        <module>provider/crs-converter-gcp/crs-converter-gke</module>
        <module>provider/crs-converter-aws</module>
+        <module>provider/crs-converter-ibm/crs-converter-ocp</module>
    </modules>

    <repositories>

--- a/provider/crs-converter-ibm/crs-converter-ocp/pom.xml
+++ b/provider/crs-converter-ibm/crs-converter-ocp/pom.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <packaging>jar</packaging>
+
+    <parent>
+        <groupId>org.opengroup.osdu.crs-converter-service</groupId>
+        <artifactId>crs-converter-service</artifactId>
+        <version>1.0.0</version>
+        <relativePath>../../../pom.xml</relativePath>
+    </parent>
+
+    <properties>
+        <app.version>1</app.version>
+        <app.id>crs-converter-ocp</app.id>
+        <!--azure.version>2.3.2</azure.version-->
+        <os-core-lib-ibm.version>0.3.6-SNAPSHOT</os-core-lib-ibm.version>
+    </properties>
+
+    <prerequisites>
+        <maven>3.1.0</maven>
+    </prerequisites>
+
+    <artifactId>crs-converter-ocp</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+    <name>crs-converter-ocp</name>
+    <description>CRS converter service Openshift Container Platform deployment</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.opengroup.osdu.crs-converter-service</groupId>
+            <artifactId>crs-converter-core</artifactId>
+            <version>1.0.0</version>
+        </dependency>
+        
+        <!--dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>azure-active-directory-spring-boot-starter</artifactId>
+            <version>${azure.version}</version>
+        </dependency-->
+        
+        <!-- dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency-->
+        
+        <dependency>
+			<groupId>org.opengroup.osdu</groupId>
+			<artifactId>os-core-lib-ibm</artifactId>
+			<version>${os-core-lib-ibm.version}</version>
+		</dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+				  <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                        <configuration>
+                            <classifier>spring-boot</classifier>
+                            <mainClass>
+                               org.opengroup.osdu.crs.CrsOcpApplication
+                            </mainClass>
+                        </configuration>
+                    </execution>
+                </executions>
+			</plugin>
+
+        </plugins>
+    </build>
+
+</project>
--- a/provider/crs-converter-ibm/crs-converter-ocp/src/main/java/org/opengroup/osdu/crs/CrsOcpApplication.java
+++ b/provider/crs-converter-ibm/crs-converter-ocp/src/main/java/org/opengroup/osdu/crs/CrsOcpApplication.java
+package org.opengroup.osdu.crs;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class CrsOcpApplication extends CRSApplicationBase {
+
+	public static void main(String[] args) {
+		SpringApplication.run(CrsOcpApplication.class, args);
+	}
+
+}
--- a/provider/crs-converter-ibm/crs-converter-ocp/src/main/java/org/opengroup/osdu/crs/security/SecurityConfig.java
+++ b/provider/crs-converter-ibm/crs-converter-ocp/src/main/java/org/opengroup/osdu/crs/security/SecurityConfig.java
+package org.opengroup.osdu.crs.security;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opengroup.osdu.crs.middleware.AuthenticationRequestFilter;
+import org.opengroup.osdu.crs.util.AppError;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.web.servlet.HandlerExceptionResolver;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityConfig extends WebSecurityConfigurerAdapter implements AccessDeniedHandler, AuthenticationEntryPoint  {
+
+	private AuthenticationRequestFilter authFilter;
+	
+    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
+
+    private static final String[] AUTH_WHITELIST = {
+            "/",
+            "/index.html",
+            "/_ah/*",
+            "/v2/api-docs",
+            "/configuration/ui",
+            "/swagger-resources/**",
+            "/configuration/security",
+            "/swagger",
+            "/swagger-ui.html",
+            "/webjars/**",
+            "/csrf"
+    };
+   
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+       
+ http.csrf().disable()
+        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
+        .and()
+        .authorizeRequests()
+        .antMatchers(AUTH_WHITELIST).permitAll()
+        .anyRequest().authenticated()
+        .and()
+        .addFilterBefore(authFilter, UsernamePasswordAuthenticationFilter.class);
+        //.oauth2ResourceServer().jwt();      
+
+	 
+    }
+    
+    public SecurityConfig(@Value("${ENTITLEMENT_URL}") String entitlementsUrl, HandlerExceptionResolver handlerExceptionResolver) {
+        authFilter = new AuthenticationRequestFilter(entitlementsUrl, handlerExceptionResolver);
+    }
+    @Override
+    public void configure(WebSecurity web) {
+        web.ignoring().antMatchers(AUTH_WHITELIST);
+    }
+
+    @Override
+    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+        writeUnauthorizedError(httpServletResponse);
+    }
+
+    @Override
+    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
+        writeUnauthorizedError(httpServletResponse);
+    }
+
+    private static void writeUnauthorizedError(HttpServletResponse response) throws IOException {
+        AppError appError = AppError.builder()
+                .code(HttpStatus.UNAUTHORIZED.value())
+                .message("The user is not authorized to perform this action")
+                .reason("Unauthorized")
+                .build();
+        String body = OBJECT_MAPPER.writeValueAsString(appError);
+
+        PrintWriter out = response.getWriter();
+        response.setStatus(HttpStatus.UNAUTHORIZED.value());
+        response.setContentType("application/json");
+        response.setCharacterEncoding("UTF-8");
+        out.print(body);
+        out.flush();
+    }
+
+    
+}
\ No newline at end of file
--- a/provider/crs-converter-ibm/crs-converter-ocp/src/main/resources/application.yaml
+++ b/provider/crs-converter-ibm/crs-converter-ocp/src/main/resources/application.yaml
+server:
+  port: 8080
+
+  servlet:
+    application-display-name: CRS Converter Service
+    contextPath: /api/crs/converter/
+
+  error.whitelabel.enabled: false
+
+spring.mvc.throw-exception-if-no-handler-found: true
+
+logging:
+  level:
+    org:
+      springframework:
+        web: INFO
+LOG_PREFIX: converter
+
+spring:
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: "{{ spring.security.oauth2.resourceserver.jwt.jwk-set-uri }}"
\ No newline at end of file
--- a/testing/crs_converter_test_core/constants.py
+++ b/testing/crs_converter_test_core/constants.py
-import os
-
-BASE_URL = os.getenv("BASE_URL", '/api/crs/converter/v2')
-ROOT_URL = os.getenv("VIRTUAL_SERVICE_HOST_NAME")
-DATA_DIR = os.getenv("DATA_DIR")
-DATA_PATTERN = os.getenv("DATA_PATTERN")
-REPORT_PATH = os.getenv("REPORT_PATH")
-MY_TENANT = os.getenv("MY_TENANT")
+import os
+
+VENDOR = os.getenv("VENDOR")
+BASE_URL = os.getenv("BASE_URL", '/api/crs/converter/v2')
+if VENDOR == 'ibm':
+    ROOT_URL = os.getenv("IBM_VIRTUAL_HOST_CRS_CONVERSION")
+else:
+    ROOT_URL = os.getenv("VIRTUAL_SERVICE_HOST_NAME")
+DATA_DIR = os.getenv("DATA_DIR")
+DATA_PATTERN = os.getenv("DATA_PATTERN")
+REPORT_PATH = os.getenv("REPORT_PATH")
+MY_TENANT = os.getenv("MY_TENANT")
--- a/testing/crs_converter_test_core/test_crs_converter.py
+++ b/testing/crs_converter_test_core/test_crs_converter.py
@@ -519,7 +519,7 @@ class TestUnAuthorizedCrsConverterIntegration(unittest.TestCase):
        except ApiException as e:
            reason = json.loads(e.body)['reason']
            self.assertTrue(403==e.status or 401==e.status)
-            self.assertTrue("Forbidden"==e.reason or "Unauthorized"==e.reason)
+            self.assertTrue("Forbidden"==reason or "Unauthorized"==reason)


 if __name__ == '__main__':

--- a/testing/crs_converter_test_ibm/jwt_client.py
+++ b/testing/crs_converter_test_ibm/jwt_client.py
+
+import os
+from keycloak import KeycloakOpenID
+
+def get_id_token():
+
+    keycloak_host = os.getenv('KEYCLOAK_URL')
+    keycloak_realm = os.getenv('KEYCLOAK_REALM', "OSDU")
+    client_id = os.getenv('KEYCLOAK_CLIENT_ID')
+    client_secret = os.getenv('KEYCLOAK_CLIENT_SECRET')
+
+    user = os.getenv('AUTH_USER_ACCESS')
+    password = os.getenv('AUTH_USER_ACCESS_PASSWORD')
+
+    try:
+        # Configure client
+        keycloak_openid = KeycloakOpenID(server_url="https://"+keycloak_host+"/auth/",
+                            client_id=client_id,
+                            realm_name=keycloak_realm,
+                            client_secret_key=client_secret)
+
+        token = keycloak_openid.token(user, password)
+        return token['access_token']
+    except Exception as e:
+        print(e)
+
+
+def get_invalid_token():
+
+    '''
+    This is dummy jwt
+    {
+         "sub": "dummy@dummy.com",
+         "iss": "dummy@dummy.com",
+         "aud": "dummy.dummy.com",
+         "iat": 1556137273,
+         "exp": 1556223673,
+         "provider": "dummy.com",
+         "client": "dummy.com",
+         "userid": "dummytester.com",
+         "email": "dummytester.com",
+         "authz": "",
+         "lastname": "dummy",
+         "firstname": "dummy",
+         "country": "",
+         "company": "",
+         "jobtitle": "",
+         "subid": "dummyid",
+         "idp": "dummy",
+         "hd": "dummy.com",
+         "desid": "dummyid",
+         "contact_email": "dummy@dummy.com"
+    }
+    '''
+
+    return "fake.token"
\ No newline at end of file
--- a/testing/crs_converter_test_ibm/requirements.txt
+++ b/testing/crs_converter_test_ibm/requirements.txt
+certifi==2019.11.28
+cffi==1.14.0
+chardet==3.0.4
+cryptography==2.8
+idna==2.9
+pycparser==2.20
+PyJWT==1.7.1
+python-dateutil==2.8.1
+requests==2.23.0
+six==1.14.0
+urllib3==1.25.8
+python-keycloak==0.21.0
+python-dotenv==0.14.0
--- a/testing/crs_converter_test_ibm/run_test.py
+++ b/testing/crs_converter_test_ibm/run_test.py
+import sys
+sys.path.append("..")
+
+from crs_converter_test_core.test_crs_converter import *
+
+if __name__ == '__main__':
+    unittest.main()