Skip to content

GitLab

There is a security vulnerability in SSH key-generation using GitKraken < v8.0.1. If you used this tool to create SSH keys, please update GitKraken and regenerate. If you need help with this, contact forum-support@opengroup.org

Closed
Created by Rucha Deshpande@deshruchMaintainer4 of 5 tasks completed4/5 tasks

[Schema Service] Consistent Entitlement group names using SchemaRole

Status

  • Proposed
  • Trialing
  • Under review
  • Approved
  • Retired

Context & Scope

The schema service currently uses roles defined in a constant file (SchemaConstants.java) in schema-core which uses plural service role names. In the code following is observed:

package org.opengroup.osdu.schema.constants;

public class SchemaConstants {
....
public static final String ENTITLEMENT_SERVICE_GROUP_VIEWERS = "service.schema-service.viewers";
public static final String ENTITLEMENT_SERVICE_GROUP_EDITORS = "service.schema-service.editors";
...

package org.opengroup.osdu.schema.api;
....

@RestController
@RequestMapping("schema")
public class SchemaController {

    @Autowired
    ISchemaService schemaService;

    @PostMapping()
    @PreAuthorize("@authorizationFilter.hasRole('" + SchemaConstants.ENTITLEMENT_SERVICE_GROUP_EDITORS + "')")
   

    @GetMapping("/{id}")
    @PreAuthorize("@authorizationFilter.hasRole('" + SchemaConstants.ENTITLEMENT_SERVICE_GROUP_VIEWERS + "')")

Note that SchemaConstants is used for auth.

Decision

A new Role model should be created called SchemaRole in core-common with group names consistent with other services and used to assign privileges.

Sample Code

public final class SchemaRole {
	public static final String VIEWER = "service.schema-service.viewer";
	public static final String EDITOR= "service.schema-service.editor";	
}

Rationale

Each individual core service should have consistency in the group naming convention and where they are defined for maintainability.

Consequences

Need to change Core Common and schema-core

Edited by ethiraj krishnamanaidu