Remove System Management REST (#2761)
* the only non repository module using @PreAuthorize * the only service for "sys admins" - it's a little bit out of scopes * caches management is not supposed to be via REST * delete tenant shall not be provided when we don't have create * metrics shall be reported via metrics colectins services, or db Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -1,40 +0,0 @@
|
|||||||
/**
|
|
||||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
|
||||||
*
|
|
||||||
* This program and the accompanying materials are made
|
|
||||||
* available under the terms of the Eclipse Public License 2.0
|
|
||||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: EPL-2.0
|
|
||||||
*/
|
|
||||||
package org.eclipse.hawkbit.mgmt.json.model.systemmanagement;
|
|
||||||
|
|
||||||
import java.util.Collection;
|
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
|
|
||||||
import com.fasterxml.jackson.annotation.JsonInclude;
|
|
||||||
import com.fasterxml.jackson.annotation.JsonInclude.Include;
|
|
||||||
import lombok.Data;
|
|
||||||
import lombok.ToString;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Model representation of an Cache entry as json.
|
|
||||||
*/
|
|
||||||
@Data
|
|
||||||
@ToString
|
|
||||||
@JsonInclude(Include.NON_NULL)
|
|
||||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
|
||||||
public class MgmtSystemCache {
|
|
||||||
|
|
||||||
private final String name;
|
|
||||||
private final Collection<String> keys;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param name the name of the cache
|
|
||||||
* @param cacheKeys the keys which contains in the cache
|
|
||||||
*/
|
|
||||||
public MgmtSystemCache(final String name, final Collection<String> cacheKeys) {
|
|
||||||
this.name = name;
|
|
||||||
this.keys = cacheKeys;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,40 +0,0 @@
|
|||||||
/**
|
|
||||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
|
||||||
*
|
|
||||||
* This program and the accompanying materials are made
|
|
||||||
* available under the terms of the Eclipse Public License 2.0
|
|
||||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: EPL-2.0
|
|
||||||
*/
|
|
||||||
package org.eclipse.hawkbit.mgmt.json.model.systemmanagement;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
|
|
||||||
import com.fasterxml.jackson.annotation.JsonInclude;
|
|
||||||
import com.fasterxml.jackson.annotation.JsonInclude.Include;
|
|
||||||
import lombok.Data;
|
|
||||||
import lombok.experimental.Accessors;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Body for system statistics.
|
|
||||||
*/
|
|
||||||
@Data
|
|
||||||
@Accessors(chain = true)
|
|
||||||
@JsonInclude(Include.NON_NULL)
|
|
||||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
|
||||||
public class MgmtSystemStatisticsRest {
|
|
||||||
|
|
||||||
private long overallTargets;
|
|
||||||
|
|
||||||
private long overallArtifacts;
|
|
||||||
|
|
||||||
private long overallArtifactVolumeInBytes;
|
|
||||||
|
|
||||||
private long overallActions;
|
|
||||||
|
|
||||||
private long overallTenants;
|
|
||||||
|
|
||||||
private List<MgmtSystemTenantServiceUsage> tenantStats;
|
|
||||||
}
|
|
||||||
@@ -1,42 +0,0 @@
|
|||||||
/**
|
|
||||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
|
||||||
*
|
|
||||||
* This program and the accompanying materials are made
|
|
||||||
* available under the terms of the Eclipse Public License 2.0
|
|
||||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: EPL-2.0
|
|
||||||
*/
|
|
||||||
package org.eclipse.hawkbit.mgmt.json.model.systemmanagement;
|
|
||||||
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
|
|
||||||
import com.fasterxml.jackson.annotation.JsonInclude;
|
|
||||||
import com.fasterxml.jackson.annotation.JsonInclude.Include;
|
|
||||||
import lombok.Data;
|
|
||||||
import lombok.ToString;
|
|
||||||
import lombok.experimental.Accessors;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Response body for system usage report.
|
|
||||||
*/
|
|
||||||
@Data
|
|
||||||
@Accessors(chain = true)
|
|
||||||
@ToString
|
|
||||||
@JsonInclude(Include.NON_NULL)
|
|
||||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
|
||||||
public class MgmtSystemTenantServiceUsage {
|
|
||||||
|
|
||||||
private String tenantName;
|
|
||||||
|
|
||||||
private long targets;
|
|
||||||
|
|
||||||
private long artifacts;
|
|
||||||
|
|
||||||
private long actions;
|
|
||||||
|
|
||||||
private long overallArtifactVolumeInBytes;
|
|
||||||
|
|
||||||
private Map<String, String> usageData;
|
|
||||||
}
|
|
||||||
@@ -1,64 +0,0 @@
|
|||||||
/**
|
|
||||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
|
||||||
*
|
|
||||||
* This program and the accompanying materials are made
|
|
||||||
* available under the terms of the Eclipse Public License 2.0
|
|
||||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: EPL-2.0
|
|
||||||
*/
|
|
||||||
package org.eclipse.hawkbit.mgmt.rest.api;
|
|
||||||
|
|
||||||
import java.util.Collection;
|
|
||||||
|
|
||||||
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemCache;
|
|
||||||
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemStatisticsRest;
|
|
||||||
import org.springframework.hateoas.MediaTypes;
|
|
||||||
import org.springframework.http.MediaType;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
|
||||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
|
||||||
import org.springframework.web.bind.annotation.PathVariable;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* System management capabilities by REST.
|
|
||||||
*/
|
|
||||||
// no request mapping specified here to avoid CVE-2021-22044 in Feign client
|
|
||||||
public interface MgmtSystemManagementRestApi {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Deletes the tenant data of a given tenant. USE WITH CARE!
|
|
||||||
*
|
|
||||||
* @param tenant to delete
|
|
||||||
* @return HttpStatus.OK
|
|
||||||
*/
|
|
||||||
@DeleteMapping(value = MgmtRestConstants.SYSTEM_ADMIN_MAPPING + "/tenants/{tenant}")
|
|
||||||
ResponseEntity<Void> deleteTenant(@PathVariable("tenant") String tenant);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Collects and returns system usage statistics. It provides a system wide
|
|
||||||
* overview and tenant based stats.
|
|
||||||
*
|
|
||||||
* @return system usage statistics
|
|
||||||
*/
|
|
||||||
@GetMapping(value = MgmtRestConstants.SYSTEM_ADMIN_MAPPING + "/usage",
|
|
||||||
produces = { MediaTypes.HAL_JSON_VALUE, MediaType.APPLICATION_JSON_VALUE })
|
|
||||||
ResponseEntity<MgmtSystemStatisticsRest> getSystemUsageStats();
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns a list of all caches.
|
|
||||||
*
|
|
||||||
* @return a list of caches for all tenants
|
|
||||||
*/
|
|
||||||
@GetMapping(value = MgmtRestConstants.SYSTEM_ADMIN_MAPPING + "/caches",
|
|
||||||
produces = { MediaTypes.HAL_JSON_VALUE, MediaType.APPLICATION_JSON_VALUE })
|
|
||||||
ResponseEntity<Collection<MgmtSystemCache>> getCaches();
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Invalidates all caches for all tenants.
|
|
||||||
*
|
|
||||||
* @return a list of cache names which has been invalidated
|
|
||||||
*/
|
|
||||||
@DeleteMapping(value = MgmtRestConstants.SYSTEM_ADMIN_MAPPING + "/caches")
|
|
||||||
ResponseEntity<Collection<String>> invalidateCaches();
|
|
||||||
}
|
|
||||||
@@ -1,119 +0,0 @@
|
|||||||
/**
|
|
||||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
|
||||||
*
|
|
||||||
* This program and the accompanying materials are made
|
|
||||||
* available under the terms of the Eclipse Public License 2.0
|
|
||||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: EPL-2.0
|
|
||||||
*/
|
|
||||||
package org.eclipse.hawkbit.mgmt.rest.resource;
|
|
||||||
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.Objects;
|
|
||||||
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
|
||||||
import org.eclipse.hawkbit.im.authentication.SpringEvalExpressions;
|
|
||||||
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemCache;
|
|
||||||
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemStatisticsRest;
|
|
||||||
import org.eclipse.hawkbit.mgmt.json.model.systemmanagement.MgmtSystemTenantServiceUsage;
|
|
||||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtSystemManagementRestApi;
|
|
||||||
import org.eclipse.hawkbit.repository.SystemManagement;
|
|
||||||
import org.eclipse.hawkbit.repository.model.report.SystemUsageReportWithTenants;
|
|
||||||
import org.eclipse.hawkbit.repository.model.report.TenantUsage;
|
|
||||||
import org.springframework.cache.CacheManager;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@link SystemManagement} capabilities by REST.
|
|
||||||
*/
|
|
||||||
@Slf4j
|
|
||||||
@RestController
|
|
||||||
public class MgmtSystemManagementResource implements MgmtSystemManagementRestApi {
|
|
||||||
|
|
||||||
private final SystemManagement systemManagement;
|
|
||||||
private final CacheManager cacheManager;
|
|
||||||
|
|
||||||
MgmtSystemManagementResource(final SystemManagement systemManagement, final CacheManager cacheManager) {
|
|
||||||
this.systemManagement = systemManagement;
|
|
||||||
this.cacheManager = cacheManager;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Deletes the tenant data of a given tenant. USE WITH CARE!
|
|
||||||
*
|
|
||||||
* @param tenant to delete
|
|
||||||
* @return HttpStatus.OK
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public ResponseEntity<Void> deleteTenant(final String tenant) {
|
|
||||||
systemManagement.deleteTenant(tenant);
|
|
||||||
return ResponseEntity.ok().build();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Collects and returns system usage statistics. It provides a system wide
|
|
||||||
* overview and tenant based stats.
|
|
||||||
*
|
|
||||||
* @return system usage statistics
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public ResponseEntity<MgmtSystemStatisticsRest> getSystemUsageStats() {
|
|
||||||
final SystemUsageReportWithTenants report = systemManagement.getSystemUsageStatisticsWithTenants();
|
|
||||||
|
|
||||||
final MgmtSystemStatisticsRest result = new MgmtSystemStatisticsRest()
|
|
||||||
.setOverallActions(report.getOverallActions()).setOverallArtifacts(report.getOverallArtifacts())
|
|
||||||
.setOverallArtifactVolumeInBytes(report.getOverallArtifactVolumeInBytes())
|
|
||||||
.setOverallTargets(report.getOverallTargets()).setOverallTenants(report.getTenants().size());
|
|
||||||
|
|
||||||
result.setTenantStats(report.getTenants().stream().map(MgmtSystemManagementResource::convertTenant).toList());
|
|
||||||
|
|
||||||
return ResponseEntity.ok(result);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns a list of all caches.
|
|
||||||
*
|
|
||||||
* @return a list of caches for all tenants
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_SYSTEM_ADMIN)
|
|
||||||
public ResponseEntity<Collection<MgmtSystemCache>> getCaches() {
|
|
||||||
final Collection<String> cacheNames = cacheManager.getCacheNames();
|
|
||||||
return ResponseEntity
|
|
||||||
.ok(cacheNames.stream().map(cacheManager::getCache)
|
|
||||||
.filter(Objects::nonNull)
|
|
||||||
.map(cache -> new MgmtSystemCache(cache.getName(), Collections.emptyList()))
|
|
||||||
.toList());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Invalidates all caches for all tenants.
|
|
||||||
*
|
|
||||||
* @return a list of cache names which has been invalidated
|
|
||||||
*/
|
|
||||||
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_SYSTEM_ADMIN)
|
|
||||||
@Override
|
|
||||||
public ResponseEntity<Collection<String>> invalidateCaches() {
|
|
||||||
final Collection<String> cacheNames = cacheManager.getCacheNames();
|
|
||||||
log.info("Invalidating caches {}", cacheNames);
|
|
||||||
cacheNames.forEach(cacheName -> cacheManager.getCache(cacheName).clear());
|
|
||||||
return ResponseEntity.ok(cacheNames);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static MgmtSystemTenantServiceUsage convertTenant(final TenantUsage tenant) {
|
|
||||||
final MgmtSystemTenantServiceUsage result = new MgmtSystemTenantServiceUsage();
|
|
||||||
result.setTenantName(tenant.getTenantName());
|
|
||||||
result.setActions(tenant.getActions());
|
|
||||||
result.setArtifacts(tenant.getArtifacts());
|
|
||||||
result.setOverallArtifactVolumeInBytes(tenant.getOverallArtifactVolumeInBytes());
|
|
||||||
result.setTargets(tenant.getTargets());
|
|
||||||
if (!tenant.getUsageData().isEmpty()) {
|
|
||||||
result.setUsageData(tenant.getUsageData());
|
|
||||||
}
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -10,10 +10,8 @@
|
|||||||
package org.eclipse.hawkbit.repository;
|
package org.eclipse.hawkbit.repository;
|
||||||
|
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
import java.util.function.Supplier;
|
|
||||||
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.aopalliance.intercept.MethodInvocation;
|
|
||||||
import org.eclipse.hawkbit.im.authentication.Hierarchy;
|
import org.eclipse.hawkbit.im.authentication.Hierarchy;
|
||||||
import org.eclipse.hawkbit.tenancy.configuration.ControllerPollProperties;
|
import org.eclipse.hawkbit.tenancy.configuration.ControllerPollProperties;
|
||||||
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties;
|
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties;
|
||||||
@@ -23,9 +21,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties
|
|||||||
import org.springframework.context.ApplicationContext;
|
import org.springframework.context.ApplicationContext;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.context.annotation.Primary;
|
|
||||||
import org.springframework.context.annotation.PropertySource;
|
import org.springframework.context.annotation.PropertySource;
|
||||||
import org.springframework.expression.EvaluationContext;
|
|
||||||
import org.springframework.security.access.PermissionEvaluator;
|
import org.springframework.security.access.PermissionEvaluator;
|
||||||
import org.springframework.security.access.expression.DenyAllPermissionEvaluator;
|
import org.springframework.security.access.expression.DenyAllPermissionEvaluator;
|
||||||
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
|
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
|
||||||
@@ -37,7 +33,6 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
|
|||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.util.ObjectUtils;
|
import org.springframework.util.ObjectUtils;
|
||||||
import org.springframework.util.function.SingletonSupplier;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default configuration that is common to all repository implementations.
|
* Default configuration that is common to all repository implementations.
|
||||||
|
|||||||
Reference in New Issue
Block a user