From 719062215f083af87692b485e845601e1bfc6945 Mon Sep 17 00:00:00 2001 From: Avgustin Marinov Date: Thu, 27 Jun 2024 15:31:45 +0300 Subject: [PATCH] More consistent auditor (#1756) * action initiated by is set as current auditor - not user * auto assigned by is set as current auditor - not user PS: some unused method removed from DeplopymenHelper Signed-off-by: Marinov Avgustin --- .../RepositoryApplicationConfiguration.java | 8 ++-- .../management/JpaDeploymentManagement.java | 11 ++++-- .../JpaTargetFilterQueryManagement.java | 8 +++- .../jpa/utils/DeploymentHelper.java | 39 +------------------ 4 files changed, 18 insertions(+), 48 deletions(-) diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/RepositoryApplicationConfiguration.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/RepositoryApplicationConfiguration.java index 784cfe3cf..2d2689668 100644 --- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/RepositoryApplicationConfiguration.java +++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/RepositoryApplicationConfiguration.java @@ -653,10 +653,10 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration { final DistributionSetManagement distributionSetManagement, final QuotaManagement quotaManagement, final JpaProperties properties, final TenantConfigurationManagement tenantConfigurationManagement, final RepositoryProperties repositoryProperties, - final SystemSecurityContext systemSecurityContext, final ContextAware contextAware) { + final SystemSecurityContext systemSecurityContext, final ContextAware contextAware, final AuditorAware auditorAware) { return new JpaTargetFilterQueryManagement(targetFilterQueryRepository, targetManagement, virtualPropertyReplacer, distributionSetManagement, quotaManagement, properties.getDatabase(), - tenantConfigurationManagement, repositoryProperties, systemSecurityContext, contextAware); + tenantConfigurationManagement, repositoryProperties, systemSecurityContext, contextAware, auditorAware); } @@ -813,11 +813,11 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration { final EventPublisherHolder eventPublisherHolder, final AfterTransactionCommitExecutor afterCommit, final VirtualPropertyReplacer virtualPropertyReplacer, final PlatformTransactionManager txManager, final TenantConfigurationManagement tenantConfigurationManagement, final QuotaManagement quotaManagement, - final SystemSecurityContext systemSecurityContext, final TenantAware tenantAware, + final SystemSecurityContext systemSecurityContext, final TenantAware tenantAware, final AuditorAware auditorAware, final JpaProperties properties, final RepositoryProperties repositoryProperties) { return new JpaDeploymentManagement(entityManager, actionRepository, distributionSetManagement, targetRepository, actionStatusRepository, auditorProvider, eventPublisherHolder, afterCommit, virtualPropertyReplacer, txManager, tenantConfigurationManagement, - quotaManagement, systemSecurityContext, tenantAware, properties.getDatabase(), repositoryProperties); + quotaManagement, systemSecurityContext, tenantAware, auditorAware, properties.getDatabase(), repositoryProperties); } @Bean diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaDeploymentManagement.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaDeploymentManagement.java index 8dabfdb20..a26d28288 100644 --- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaDeploymentManagement.java +++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaDeploymentManagement.java @@ -149,6 +149,7 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl private final TenantConfigurationManagement tenantConfigurationManagement; private final SystemSecurityContext systemSecurityContext; private final TenantAware tenantAware; + private final AuditorAware auditorAware; private final Database database; private final RetryTemplate retryTemplate; @@ -158,8 +159,8 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl final EventPublisherHolder eventPublisherHolder, final AfterTransactionCommitExecutor afterCommit, final VirtualPropertyReplacer virtualPropertyReplacer, final PlatformTransactionManager txManager, final TenantConfigurationManagement tenantConfigurationManagement, final QuotaManagement quotaManagement, - final SystemSecurityContext systemSecurityContext, final TenantAware tenantAware, final Database database, - final RepositoryProperties repositoryProperties) { + final SystemSecurityContext systemSecurityContext, final TenantAware tenantAware, final AuditorAware auditorAware, + final Database database, final RepositoryProperties repositoryProperties) { super(actionRepository, actionStatusRepository, quotaManagement, repositoryProperties); this.entityManager = entityManager; this.distributionSetManagement = distributionSetManagement; @@ -176,6 +177,7 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl this.tenantConfigurationManagement = tenantConfigurationManagement; this.systemSecurityContext = systemSecurityContext; this.tenantAware = tenantAware; + this.auditorAware = auditorAware; this.database = database; this.retryTemplate = createRetryTemplate(); } @@ -191,8 +193,9 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl .map(entry -> DeploymentManagement.deploymentRequest(entry.getKey(), entry.getValue()).build()) .toList(); - return assignDistributionSets(tenantAware.getCurrentUsername(), deploymentRequests, null, - offlineDsAssignmentStrategy); + return assignDistributionSets( + auditorAware.getCurrentAuditor().orElse(tenantAware.getCurrentUsername()), + deploymentRequests, null, offlineDsAssignmentStrategy); } @Override diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaTargetFilterQueryManagement.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaTargetFilterQueryManagement.java index c8599e53a..164eb11a1 100644 --- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaTargetFilterQueryManagement.java +++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaTargetFilterQueryManagement.java @@ -52,6 +52,7 @@ import org.eclipse.hawkbit.repository.rsql.VirtualPropertyReplacer; import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.utils.TenantConfigHelper; import org.springframework.dao.ConcurrencyFailureException; +import org.springframework.data.domain.AuditorAware; import org.springframework.data.domain.Page; import org.springframework.data.domain.Pageable; import org.springframework.data.domain.Slice; @@ -82,6 +83,7 @@ public class JpaTargetFilterQueryManagement implements TargetFilterQueryManageme private final RepositoryProperties repositoryProperties; private final SystemSecurityContext systemSecurityContext; private final ContextAware contextAware; + private final AuditorAware auditorAware; private final Database database; public JpaTargetFilterQueryManagement(final TargetFilterQueryRepository targetFilterQueryRepository, @@ -89,7 +91,7 @@ public class JpaTargetFilterQueryManagement implements TargetFilterQueryManageme final DistributionSetManagement distributionSetManagement, final QuotaManagement quotaManagement, final Database database, final TenantConfigurationManagement tenantConfigurationManagement, final RepositoryProperties repositoryProperties, - final SystemSecurityContext systemSecurityContext, final ContextAware contextAware) { + final SystemSecurityContext systemSecurityContext, final ContextAware contextAware, final AuditorAware auditorAware) { this.targetFilterQueryRepository = targetFilterQueryRepository; this.targetManagement = targetManagement; this.virtualPropertyReplacer = virtualPropertyReplacer; @@ -100,6 +102,7 @@ public class JpaTargetFilterQueryManagement implements TargetFilterQueryManageme this.repositoryProperties = repositoryProperties; this.systemSecurityContext = systemSecurityContext; this.contextAware = contextAware; + this.auditorAware = auditorAware; } @Override @@ -282,7 +285,8 @@ public class JpaTargetFilterQueryManagement implements TargetFilterQueryManageme targetFilterQuery.setAutoAssignDistributionSet(distributionSet); contextAware.getCurrentContext().ifPresent(targetFilterQuery::setAccessControlContext); - targetFilterQuery.setAutoAssignInitiatedBy(contextAware.getCurrentUsername()); + targetFilterQuery.setAutoAssignInitiatedBy( + auditorAware.getCurrentAuditor().orElse(targetFilterQuery.getCreatedBy())); targetFilterQuery.setAutoAssignActionType(sanitizeAutoAssignActionType(update.getActionType())); targetFilterQuery.setAutoAssignWeight( update.getWeight() == null ? repositoryProperties.getActionWeightIfAbsent() : update.getWeight()); diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/utils/DeploymentHelper.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/utils/DeploymentHelper.java index a90e1befb..4ed6b3aaa 100644 --- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/utils/DeploymentHelper.java +++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/utils/DeploymentHelper.java @@ -10,7 +10,6 @@ package org.eclipse.hawkbit.repository.jpa.utils; import java.util.List; -import java.util.function.Supplier; import jakarta.validation.constraints.NotNull; @@ -26,8 +25,6 @@ import org.eclipse.hawkbit.repository.jpa.specifications.ActionSpecifications; import org.eclipse.hawkbit.repository.model.Action; import org.eclipse.hawkbit.repository.model.Action.Status; import org.eclipse.hawkbit.repository.model.TargetUpdateStatus; -import org.eclipse.hawkbit.security.SecurityContextTenantAware; -import org.eclipse.hawkbit.tenancy.TenantAware; import org.springframework.data.domain.Sort; import org.springframework.transaction.PlatformTransactionManager; import org.springframework.transaction.TransactionDefinition; @@ -35,7 +32,6 @@ import org.springframework.transaction.annotation.Isolation; import org.springframework.transaction.support.DefaultTransactionDefinition; import org.springframework.transaction.support.TransactionCallback; import org.springframework.transaction.support.TransactionTemplate; -import org.springframework.util.StringUtils; /** * Utility class for deployment related topics. @@ -121,37 +117,4 @@ public final class DeploymentHelper { def.setIsolationLevel(isolationLevel); return new TransactionTemplate(txManager, def).execute(action); } - - /** - * Runs the given handler in a non-system user context. Switches to the user - * which is provided by the given callback. - * - * @param handler - * The handler to be invoked in the right user context. - * @param username - * Callback to obtain the real user the user context should be - * established for. - * @param tenantAware - * The {@link TenantAware} bean to determine the current tenant - * context. - */ - public static void runInNonSystemContext(@NotNull final Runnable handler, @NotNull final Supplier username, - @NotNull final TenantAware tenantAware) { - final String currentUser = tenantAware.getCurrentUsername(); - if (isNonSystemUser(currentUser)) { - handler.run(); - return; - } - final String user = username.get(); - log.debug("Switching user context from '{}' to '{}'", currentUser, user); - tenantAware.runAsTenantAsUser(tenantAware.getCurrentTenant(), user, () -> { - handler.run(); - return null; - }); - } - - private static boolean isNonSystemUser(final String user) { - return (!(StringUtils.isEmpty(user) || SecurityContextTenantAware.SYSTEM_USER.equals(user))); - } - -} +} \ No newline at end of file