diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java
index 85b5b80c6..53b462033 100644
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java
@@ -14,17 +14,20 @@ import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
+import org.eclipse.hawkbit.ContextAware;
import org.eclipse.hawkbit.autoconfigure.security.MultiUserProperties.User;
import org.eclipse.hawkbit.im.authentication.PermissionService;
import org.eclipse.hawkbit.security.DdiSecurityProperties;
import org.eclipse.hawkbit.security.InMemoryUserAuthoritiesResolver;
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
+import org.eclipse.hawkbit.security.SecurityContextSerializer;
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
import org.eclipse.hawkbit.security.SecurityTokenGenerator;
import org.eclipse.hawkbit.security.SpringSecurityAuditorAware;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
@@ -49,20 +52,22 @@ import org.springframework.util.CollectionUtils;
public class SecurityAutoConfiguration {
/**
- * Creates a {@link TenantAware} bean based on the given
- * {@link UserAuthoritiesResolver}.
- *
+ * Creates a {@link ContextAware} (hence {@link TenantAware}) bean based on the given
+ * {@link UserAuthoritiesResolver} and {@link SecurityContextSerializer}.
+ *
* @param authoritiesResolver
* The user authorities/roles resolver
- *
- * @return the {@link TenantAware} singleton bean which holds the current
- * {@link TenantAware} service and make it accessible in beans which
- * cannot access the service directly, e.g. JPA entities.
+ * @param securityContextSerializer
+ * The security context serializer.
+ *
+ * @return the {@link ContextAware} singleton bean.
*/
@Bean
@ConditionalOnMissingBean
- public TenantAware tenantAware(final UserAuthoritiesResolver authoritiesResolver) {
- return new SecurityContextTenantAware(authoritiesResolver);
+ public ContextAware contextAware(
+ final UserAuthoritiesResolver authoritiesResolver,
+ @Autowired(required = false) final SecurityContextSerializer securityContextSerializer) {
+ return new SecurityContextTenantAware(authoritiesResolver, securityContextSerializer);
}
/**
diff --git a/hawkbit-core/src/main/java/org/eclipse/hawkbit/ContextAware.java b/hawkbit-core/src/main/java/org/eclipse/hawkbit/ContextAware.java
new file mode 100644
index 000000000..9fb9d3303
--- /dev/null
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/ContextAware.java
@@ -0,0 +1,62 @@
+/**
+ * Copyright (c) 2023 Bosch.IO GmbH and others
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.hawkbit;
+
+import org.eclipse.hawkbit.tenancy.TenantAware;
+
+import java.util.Objects;
+import java.util.Optional;
+import java.util.function.Function;
+
+/**
+ * {@link ContextAware} provides means for getting the current context (via {@link #getCurrentContext()}) and then
+ * to execute a {@link Runnable} or a {@link Function} in the same context using {@link #runInContext(String, Runnable)}
+ * or {@link #runInContext(String, Function, Object)}.
+ *
+ * This is useful for scheduled background operations like rollouts and auto assignments where they shall
+ * be processed in the scope of the creator.
+ */
+public interface ContextAware extends TenantAware {
+
+ /**
+ * Return the current context encoded as a {@link String}. Depending on the implementation it could,
+ * for instance, be a serialized context or a reference to such.
+ *
+ * @return could be empty if there is nothing to serialize or context aware is not supported.
+ */
+ Optional getCurrentContext();
+
+ /**
+ * Wrap a specific execution in a known and pre-serialized context.
+ *
+ * @param the type of the input to the function
+ * @param the type of the result of the function
+ *
+ * @param serializedContext created by {@link #getCurrentContext()}. Must be non-null.
+ * @param function function to call in the reconstructed context. Must be non-null.
+ * @param t the argument that will be passed to the function
+ * @return the function result
+ */
+ R runInContext(String serializedContext, Function function, T t);
+
+ /**
+ * Wrap a specific execution in a known and pre-serialized context.
+ *
+ * @param serializedContext created by {@link #getCurrentContext()}. Must be non-null.
+ * @param runnable runnable to call in the reconstructed context. Must be non-null.
+ */
+ default void runInContext(String serializedContext, Runnable runnable) {
+ Objects.requireNonNull(runnable);
+ runInContext(serializedContext, v -> {
+ runnable.run();
+ return null;
+ }, null);
+ }
+}
\ No newline at end of file
diff --git a/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/TenantAware.java b/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/TenantAware.java
index e12cd96e5..ca4246266 100644
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/TenantAware.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/TenantAware.java
@@ -40,8 +40,6 @@ public interface TenantAware {
* the runner which is implemented to run this specific code
* under the given tenant
* @return the return type of the {@link TenantRunner}
- * @throws any
- * kind of {@link RuntimeException}
*/
T runAsTenant(String tenant, TenantRunner tenantRunner);
@@ -60,8 +58,6 @@ public interface TenantAware {
* the runner which is implemented to run this specific code
* under the given tenant
* @return the return type of the {@link TenantRunner}
- * @throws any
- * kind of {@link RuntimeException}
*/
T runAsTenantAsUser(String tenant, String username, TenantRunner tenantRunner);
diff --git a/hawkbit-dmf/hawkbit-dmf-amqp/src/main/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherService.java b/hawkbit-dmf/hawkbit-dmf-amqp/src/main/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherService.java
index a459141d6..55a6180c7 100644
--- a/hawkbit-dmf/hawkbit-dmf-amqp/src/main/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherService.java
+++ b/hawkbit-dmf/hawkbit-dmf-amqp/src/main/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherService.java
@@ -190,7 +190,7 @@ public class AmqpMessageDispatcherService extends BaseAmqpService {
private List getTargetsWithoutPendingCancellations(final Set controllerIds) {
return partitionedParallelExecution(controllerIds, partition -> {
return targetManagement.getByControllerID(partition).stream().filter(target -> {
- if (hasPendingCancellations(target.getControllerId())) {
+ if (hasPendingCancellations(target.getId())) {
LOG.debug("Target {} has pending cancellations. Will not send update message to it.",
target.getControllerId());
return false;
@@ -469,8 +469,8 @@ public class AmqpMessageDispatcherService extends BaseAmqpService {
return serviceMatcher == null || serviceMatcher.isFromSelf(event);
}
- private boolean hasPendingCancellations(final String controllerId) {
- return deploymentManagement.hasPendingCancellations(controllerId);
+ private boolean hasPendingCancellations(final Long targetId) {
+ return deploymentManagement.hasPendingCancellations(targetId);
}
protected void sendCancelMessageToTarget(final String tenant, final String controllerId, final Long actionId,
diff --git a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpControllerAuthenticationTest.java b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpControllerAuthenticationTest.java
index 358cc24a4..da31d2215 100644
--- a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpControllerAuthenticationTest.java
+++ b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpControllerAuthenticationTest.java
@@ -44,6 +44,7 @@ import org.eclipse.hawkbit.security.DdiSecurityProperties.Authentication.Anonymo
import org.eclipse.hawkbit.security.DdiSecurityProperties.Rp;
import org.eclipse.hawkbit.security.DmfTenantSecurityToken;
import org.eclipse.hawkbit.security.DmfTenantSecurityToken.FileResource;
+import org.eclipse.hawkbit.security.SecurityContextSerializer;
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver;
@@ -113,6 +114,9 @@ public class AmqpControllerAuthenticationTest {
@Mock
private UserAuthoritiesResolver authoritiesResolver;
+ @Mock
+ private SecurityContextSerializer securityContextSerializer;
+
@Mock
private RabbitTemplate rabbitTemplate;
@@ -147,7 +151,7 @@ public class AmqpControllerAuthenticationTest {
when(tenantConfigurationManagementMock.getConfigurationValue(any(), eq(Boolean.class)))
.thenReturn(CONFIG_VALUE_FALSE);
- final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver);
+ final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver, securityContextSerializer);
final SystemSecurityContext systemSecurityContext = new SystemSecurityContext(tenantAware);
authenticationManager = new AmqpControllerAuthentication(systemManagement, controllerManagement,
diff --git a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherServiceTest.java b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherServiceTest.java
index fbbe9e974..e59888d4a 100644
--- a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherServiceTest.java
+++ b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherServiceTest.java
@@ -149,9 +149,10 @@ class AmqpMessageDispatcherServiceTest extends AbstractIntegrationTest {
assertThat(softwareModule.getArtifacts().isEmpty()).as("Artifact list for softwaremodule should be empty")
.isTrue();
- assertThat(softwareModule.getMetadata()).containsExactly(
- new DmfMetadata(TestdataFactory.VISIBLE_SM_MD_KEY, TestdataFactory.VISIBLE_SM_MD_VALUE));
-
+ assertThat(softwareModule.getMetadata()).allSatisfy(metadata -> {
+ assertThat(metadata.getKey()).isEqualTo(TestdataFactory.VISIBLE_SM_MD_KEY);
+ assertThat(metadata.getValue()).isEqualTo(TestdataFactory.VISIBLE_SM_MD_VALUE);
+ });
for (final SoftwareModule softwareModule2 : action.getDistributionSet().getModules()) {
if (!softwareModule.getModuleId().equals(softwareModule2.getId())) {
continue;
diff --git a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageHandlerServiceTest.java b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageHandlerServiceTest.java
index 64e789533..ae86ace38 100644
--- a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageHandlerServiceTest.java
+++ b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageHandlerServiceTest.java
@@ -63,6 +63,7 @@ import org.eclipse.hawkbit.repository.model.Target;
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
import org.eclipse.hawkbit.security.DmfTenantSecurityToken;
import org.eclipse.hawkbit.security.DmfTenantSecurityToken.FileResource;
+import org.eclipse.hawkbit.security.SecurityContextSerializer;
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
import org.eclipse.hawkbit.security.SecurityTokenGenerator;
import org.eclipse.hawkbit.security.SystemSecurityContext;
@@ -148,6 +149,9 @@ public class AmqpMessageHandlerServiceTest {
@Mock
private UserAuthoritiesResolver authoritiesResolver;
+ @Mock
+ private SecurityContextSerializer securityContextSerializer;
+
@Captor
private ArgumentCaptor> attributesCaptor;
@@ -179,7 +183,7 @@ public class AmqpMessageHandlerServiceTest {
lenient().when(tenantConfigurationManagement.getConfigurationValue(MULTI_ASSIGNMENTS_ENABLED, Boolean.class))
.thenReturn(multiAssignmentConfig);
- final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver);
+ final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver, securityContextSerializer);
final SystemSecurityContext systemSecurityContext = new SystemSecurityContext(tenantAware);
amqpMessageHandlerService = new AmqpMessageHandlerService(rabbitTemplate, amqpMessageDispatcherServiceMock,
diff --git a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/integration/AmqpMessageHandlerServiceIntegrationTest.java b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/integration/AmqpMessageHandlerServiceIntegrationTest.java
index d6e481caa..9e2f006f0 100644
--- a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/integration/AmqpMessageHandlerServiceIntegrationTest.java
+++ b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/integration/AmqpMessageHandlerServiceIntegrationTest.java
@@ -489,7 +489,7 @@ class AmqpMessageHandlerServiceIntegrationTest extends AbstractAmqpServiceIntegr
@Expect(type = SoftwareModuleUpdatedEvent.class, count = 6),
@Expect(type = DistributionSetCreatedEvent.class, count = 1),
@Expect(type = TargetUpdatedEvent.class, count = 1), @Expect(type = TargetPollEvent.class, count = 2) })
- void receiveDownLoadAndInstallMessageAfterAssignment() {
+ void receiveDownloadAndInstallMessageAfterAssignment() {
final String controllerId = TARGET_PREFIX + "receiveDownLoadAndInstallMessageAfterAssignment";
// setup
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ArtifactManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ArtifactManagement.java
index 9c29495a4..31278c864 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ArtifactManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ArtifactManagement.java
@@ -68,22 +68,6 @@ public interface ArtifactManagement {
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_CREATE_REPOSITORY)
Artifact create(@NotNull @Valid ArtifactUpload artifactUpload);
- /**
- * Garbage collects artifact binaries if only referenced by given
- * {@link SoftwareModule#getId()} or {@link SoftwareModule}'s that are
- * marked as deleted.
- *
- *
- * @param artifactSha1Hash
- * no longer needed
- * @param moduleId
- * the garbage collection call is made for
- *
- * @return true if an binary was actually garbage collected
- */
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_DELETE_REPOSITORY)
- boolean clearArtifactBinary(@NotEmpty String artifactSha1Hash, long moduleId);
-
/**
* Deletes {@link Artifact} based on given id.
*
@@ -151,7 +135,7 @@ public interface ArtifactManagement {
*
* @param pageReq
* Pageable parameter
- * @param swId
+ * @param softwareModuleId
* software module id
* @return Page
*
@@ -159,12 +143,12 @@ public interface ArtifactManagement {
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Page findBySoftwareModule(@NotNull Pageable pageReq, long swId);
+ Page findBySoftwareModule(@NotNull Pageable pageReq, long softwareModuleId);
/**
* Count local artifacts for a base software module.
*
- * @param swId
+ * @param softwareModuleId
* software module id
* @return count by software module
*
@@ -172,7 +156,7 @@ public interface ArtifactManagement {
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- long countBySoftwareModule(long swId);
+ long countBySoftwareModule(long softwareModuleId);
/**
* Loads {@link DbArtifact} from store for given {@link Artifact}.
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ControllerManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ControllerManagement.java
index 764555598..e9447f3ef 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ControllerManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/ControllerManagement.java
@@ -472,17 +472,6 @@ public interface ControllerManagement {
@PreAuthorize(SpringEvalExpressions.IS_CONTROLLER)
void updateActionExternalRef(long actionId, @NotEmpty String externalRef);
- /**
- * Retrieves list of {@link Action}s which matches the provided
- * externalRefs.
- *
- * @param externalRefs
- * for which the actions need to be fetched.
- * @return list of {@link Action}s matching the externalRefs.
- */
- @PreAuthorize(SpringEvalExpressions.IS_CONTROLLER)
- List getActiveActionsByExternalRef(@NotNull List externalRefs);
-
/**
* Retrieves an {@link Action} using {@link Action#getExternalRef()}
*
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DeploymentManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DeploymentManagement.java
index 9709efcdb..c0d4ff6ba 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DeploymentManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DeploymentManagement.java
@@ -207,12 +207,10 @@ public interface DeploymentManagement {
long countActionsByTarget(@NotNull String rsqlParam, @NotEmpty String controllerId);
/**
- * @return the total amount of stored action status
- */
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- long countActionStatusAll();
-
- /**
+ * Returns total count of all actions
+ *
+ * No access control applied.
+ *
* @return the total amount of stored actions
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
@@ -220,6 +218,8 @@ public interface DeploymentManagement {
/**
* Counts the actions which match the given query.
+ *
+ * No access control applied.
*
* @param rsqlParam
* RSQL query.
@@ -241,29 +241,6 @@ public interface DeploymentManagement {
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countActionsByTarget(@NotEmpty String controllerId);
- /**
- * Counts all active {@link Action}s referring to the given DistributionSet.
- *
- * @param distributionSet
- * DistributionSet to count the {@link Action}s from
- * @return the count of actions referring to the given distributionSet
- */
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- long countActionsByDistributionSetIdAndActiveIsTrue(Long distributionSet);
-
- /**
- * Counts all active {@link Action}s referring to the given DistributionSet
- * that are not in a given state.
- *
- * @param distributionSet
- * DistributionSet to count the {@link Action}s from
- * @param status
- * the state the actions should not have
- * @return the count of actions referring to the given distributionSet
- */
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- long countActionsByDistributionSetIdAndActiveIsTrueAndStatusIsNot(Long distributionSet, Status status);
-
/**
* Get the {@link Action} entity for given actionId.
*
@@ -277,9 +254,10 @@ public interface DeploymentManagement {
/**
* Retrieves all {@link Action}s from repository.
+ *
+ * No access control applied.
*
- * @param pageable
- * pagination parameter
+ * @param pageable pagination parameter
* @return a paged list of {@link Action}s
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
@@ -287,35 +265,17 @@ public interface DeploymentManagement {
/**
* Retrieves all {@link Action} entities which match the given RSQL query.
+ *
+ * No access control applied.
*
- * @param rsqlParam
- * RSQL query string
- * @param pageable
- * the page request parameter for paging and sorting the result
+ * @param rsqlParam RSQL query string
+ * @param pageable the page request parameter for paging and sorting the result
*
* @return a paged list of {@link Action}s.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
Slice findActions(@NotNull String rsqlParam, @NotNull Pageable pageable);
- /**
- * Retrieves all {@link Action} which assigned to a specific
- * {@link DistributionSet}.
- *
- * @param pageable
- * the page request parameter for paging and sorting the result
- * @param distributionSetId
- * the distribution set which should be assigned to the actions
- * in the result
- * @return a list of {@link Action} which are assigned to a specific
- * {@link DistributionSet}
- *
- * @throws EntityNotFoundException
- * if distribution set with given ID does not exist
- */
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- Slice findActionsByDistributionSet(@NotNull Pageable pageable, long distributionSetId);
-
/**
* Retrieves all {@link Action}s assigned to a specific {@link Target} and a
* given specification.
@@ -384,7 +344,8 @@ public interface DeploymentManagement {
/**
* Retrieves all messages for an {@link ActionStatus}.
- *
+ *
+ * No entity based access control applied.
*
* @param pageable
* the page request parameter for paging and sorting the result
@@ -397,14 +358,15 @@ public interface DeploymentManagement {
/**
* Counts all messages for an {@link ActionStatus}.
+ *
+ * No access control applied.
*
- *
- * @param pageable
- * the page request parameter for paging and sorting the result
+ * @deprecated Used by UI only. With future removal of UI it could be removed.
* @param actionStatusId
* the id of {@link ActionStatus} to count the messages from
* @return count of messages by a specific {@link ActionStatus} id
*/
+ @Deprecated(forRemoval = true)
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long countMessagesByActionStatusId(long actionStatusId);
@@ -520,6 +482,8 @@ public interface DeploymentManagement {
/**
* Starts all scheduled actions of an RolloutGroup parent.
+ *
+ * No entity based access control applied.
*
* @param rolloutId
* the rollout the actions belong to
@@ -533,16 +497,6 @@ public interface DeploymentManagement {
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
long startScheduledActionsByRolloutGroupParent(long rolloutId, long distributionSetId, Long rolloutGroupParentId);
- /**
- * All {@link ActionStatus} entries in the repository.
- *
- * @param pageable
- * the pagination parameter
- * @return {@link Page} of {@link ActionStatus} entries
- */
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- Page findActionStatusAll(@NotNull Pageable pageable);
-
/**
* Returns {@link DistributionSet} that is assigned to given {@link Target}.
*
@@ -570,7 +524,9 @@ public interface DeploymentManagement {
/**
* Deletes actions which match one of the given action status and which have
- * not been modified since the given (absolute) time-stamp.
+ * not been modified since the given (absolute) time-stamp. Used for obsolete actions cleanup.
+ *
+ * No entity based access control applied.
*
* @param status
* Set of action status.
@@ -586,12 +542,11 @@ public interface DeploymentManagement {
* Checks if there is an action for the device with the given controller ID
* that is in the {@link Action.Status#CANCELING} state.
*
- * @param controllerId
- * of target
+ * @param targetId of target
* @return if actions in CANCELING state are present
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- boolean hasPendingCancellations(@NotEmpty String controllerId);
+ boolean hasPendingCancellations(@NotNull Long targetId);
/**
* Cancels all actions that refer to a given distribution set. This method
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetManagement.java
index c193ef0e0..fd8272e5e 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetManagement.java
@@ -53,7 +53,7 @@ public interface DistributionSetManagement
/**
* Assigns {@link SoftwareModule} to existing {@link DistributionSet}.
*
- * @param setId
+ * @param id
* to assign and update
* @param moduleIds
* to get assigned
@@ -76,13 +76,13 @@ public interface DistributionSetManagement
* for the addressed {@link DistributionSet}.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- DistributionSet assignSoftwareModules(long setId, @NotEmpty Collection moduleIds);
+ DistributionSet assignSoftwareModules(long id, @NotEmpty Collection moduleIds);
/**
* Assign a {@link DistributionSetTag} assignment to given
* {@link DistributionSet}s.
*
- * @param setIds
+ * @param ids
* to assign for
* @param tagId
* to assign
@@ -94,12 +94,12 @@ public interface DistributionSetManagement
* distribution sets.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- List assignTag(@NotEmpty Collection setIds, long tagId);
+ List assignTag(@NotEmpty Collection ids, long tagId);
/**
* Creates a list of distribution set meta data entries.
*
- * @param setId
+ * @param id
* if the {@link DistributionSet} the metadata has to be created
* for
* @param metadata
@@ -118,12 +118,12 @@ public interface DistributionSetManagement
* for the addressed {@link DistributionSet}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- List createMetaData(long setId, @NotEmpty Collection metadata);
+ List createMetaData(long id, @NotEmpty Collection metadata);
/**
* Deletes a distribution set meta data entry.
*
- * @param setId
+ * @param id
* where meta data has to be deleted
* @param key
* of the meta data element
@@ -132,7 +132,7 @@ public interface DistributionSetManagement
* if given set does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- void deleteMetaData(long setId, @NotEmpty String key);
+ void deleteMetaData(long id, @NotEmpty String key);
/**
* Retrieves the distribution set for a given action.
@@ -154,13 +154,13 @@ public interface DistributionSetManagement
* Note: for performance reasons it is recommended to use {@link #get(Long)}
* if details are not necessary.
*
- * @param setId
+ * @param id
* to look for.
*
* @return {@link DistributionSet}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Optional getWithDetails(long setId);
+ Optional getWithDetails(long id);
/**
* Find distribution set by name and version.
@@ -234,7 +234,7 @@ public interface DistributionSetManagement
*
* @param pageable
* the page request to page the result
- * @param setId
+ * @param id
* the distribution set id to retrieve the meta data from
*
* @return a paged result of all meta data entries for a given distribution
@@ -244,14 +244,12 @@ public interface DistributionSetManagement
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Page findMetaDataByDistributionSetId(@NotNull Pageable pageable, long setId);
+ Page findMetaDataByDistributionSetId(@NotNull Pageable pageable, long id);
/**
* Counts all meta data by the given distribution set id.
*
- * @param pageable
- * the page request to page the result
- * @param setId
+ * @param id
* the distribution set id to retrieve the meta data count from
*
* @return count of ds metadata
@@ -260,14 +258,14 @@ public interface DistributionSetManagement
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- long countMetaDataByDistributionSetId(long setId);
+ long countMetaDataByDistributionSetId(long id);
/**
* Finds all meta data by the given distribution set id.
*
* @param pageable
* the page request to page the result
- * @param setId
+ * @param id
* the distribution set id to retrieve the meta data from
* @param rsqlParam
* rsql query string
@@ -286,8 +284,8 @@ public interface DistributionSetManagement
* of distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Page findMetaDataByDistributionSetIdAndRsql(@NotNull Pageable pageable, long setId,
- @NotNull String rsqlParam);
+ Page findMetaDataByDistributionSetIdAndRsql(@NotNull Pageable pageable,
+ long id, @NotNull String rsqlParam);
/**
* Finds all {@link DistributionSet}s based on completeness.
@@ -409,7 +407,7 @@ public interface DistributionSetManagement
/**
* Finds a single distribution set meta data by its id.
*
- * @param setId
+ * @param id
* of the {@link DistributionSet}
* @param key
* of the meta data element
@@ -419,19 +417,19 @@ public interface DistributionSetManagement
* is set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Optional getMetaDataByDistributionSetId(long setId, @NotEmpty String key);
+ Optional getMetaDataByDistributionSetId(long id, @NotEmpty String key);
/**
* Checks if a {@link DistributionSet} is currently in use by a target in
* the repository.
*
- * @param setId
+ * @param id
* to check
*
* @return true if in use
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- boolean isInUse(long setId);
+ boolean isInUse(long id);
/**
* Toggles {@link DistributionSetTag} assignment to given
@@ -439,7 +437,7 @@ public interface DistributionSetManagement
* the list have the {@link Tag} not yet assigned, they will be. Only if all
* of theme have the tag already assigned they will be removed instead.
*
- * @param setIds
+ * @param ids
* to toggle for
* @param tagName
* to toggle
@@ -450,13 +448,13 @@ public interface DistributionSetManagement
* if given tag does not exist or (at least one) module
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- DistributionSetTagAssignmentResult toggleTagAssignment(@NotEmpty Collection setIds, @NotNull String tagName);
+ DistributionSetTagAssignmentResult toggleTagAssignment(@NotEmpty Collection ids, @NotNull String tagName);
/**
* Unassigns a {@link SoftwareModule} form an existing
* {@link DistributionSet}.
*
- * @param setId
+ * @param id
* to get unassigned form
* @param moduleId
* to be unassigned
@@ -470,13 +468,13 @@ public interface DistributionSetManagement
* the DS is already in use.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- DistributionSet unassignSoftwareModule(long setId, long moduleId);
+ DistributionSet unassignSoftwareModule(long id, long moduleId);
/**
* Unassign a {@link DistributionSetTag} assignment to given
* {@link DistributionSet}.
*
- * @param setId
+ * @param id
* to unassign for
* @param tagId
* to unassign
@@ -486,12 +484,12 @@ public interface DistributionSetManagement
* if set or tag with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- DistributionSet unAssignTag(long setId, long tagId);
+ DistributionSet unAssignTag(long id, long tagId);
/**
* Updates a distribution set meta data value if corresponding entry exists.
*
- * @param setId
+ * @param id
* {@link DistributionSet} of the meta data entry to be updated
* @param metadata
* meta data entry to be updated
@@ -502,7 +500,7 @@ public interface DistributionSetManagement
* updated
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- DistributionSetMetadata updateMetaData(long setId, @NotNull MetaData metadata);
+ DistributionSetMetadata updateMetaData(long id, @NotNull MetaData metadata);
/**
* Count all {@link DistributionSet}s in the repository that are not marked
@@ -523,48 +521,47 @@ public interface DistributionSetManagement
* Count all {@link org.eclipse.hawkbit.repository.model.Rollout}s by status for
* Distribution Set.
*
- * @param dsId
+ * @param id
* to look for
*
* @return List of Statistics for {@link org.eclipse.hawkbit.repository.model.Rollout}s status counts
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- List countRolloutsByStatusForDistributionSet(@NotNull Long dsId);
+ List countRolloutsByStatusForDistributionSet(@NotNull Long id);
/**
* Count all {@link org.eclipse.hawkbit.repository.model.Action}s by status for
* Distribution Set.
*
- * @param dsId
+ * @param id
* to look for
*
* @return List of Statistics for {@link org.eclipse.hawkbit.repository.model.Action}s status counts
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- List countActionsByStatusForDistributionSet(@NotNull Long dsId);
+ List countActionsByStatusForDistributionSet(@NotNull Long id);
/**
* Count all {@link org.eclipse.hawkbit.repository.builder.AutoAssignDistributionSetUpdate}s
* for Distribution Set.
*
- * @param dsId
+ * @param id
* to look for
*
* @return number of {@link org.eclipse.hawkbit.repository.builder.AutoAssignDistributionSetUpdate}s
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Long countAutoAssignmentsForDistributionSet(@NotNull Long dsId);
+ Long countAutoAssignmentsForDistributionSet(@NotNull Long id);
/**
* Sets the specified {@link DistributionSet} as invalidated.
*
- * @param set
+ * @param distributionSet
* the ID of the {@link DistributionSet} to be set to invalid
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- void invalidate(DistributionSet set);
-
+ void invalidate(DistributionSet distributionSet);
}
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetTagManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetTagManagement.java
index fc130cb10..9404fe03b 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetTagManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetTagManagement.java
@@ -61,7 +61,7 @@ public interface DistributionSetTagManagement extends RepositoryManagement findByDistributionSet(@NotNull Pageable pageable, long setId);
-
+ Page findByDistributionSet(@NotNull Pageable pageable, long distributionSetId);
}
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetTypeManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetTypeManagement.java
index 8747e3e2b..e3a45666a 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetTypeManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/DistributionSetTypeManagement.java
@@ -52,7 +52,7 @@ public interface DistributionSetTypeManagement
/**
* Assigns {@link DistributionSetType#getMandatoryModuleTypes()}.
*
- * @param dsTypeId
+ * @param id
* to update
* @param softwareModuleTypeIds
* to assign
@@ -71,15 +71,14 @@ public interface DistributionSetTypeManagement
* exceeded for the addressed {@link DistributionSetType}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- DistributionSetType assignOptionalSoftwareModuleTypes(long dsTypeId,
- @NotEmpty Collection softwareModuleTypeIds);
+ DistributionSetType assignOptionalSoftwareModuleTypes(long id, @NotEmpty Collection softwareModuleTypeIds);
/**
* Assigns {@link DistributionSetType#getOptionalModuleTypes()}.
*
- * @param dsTypeId
+ * @param id
* to update
- * @param softwareModuleTypes
+ * @param softwareModuleTypeIds
* to assign
* @return updated {@link DistributionSetType}
*
@@ -96,17 +95,16 @@ public interface DistributionSetTypeManagement
* exceeded for the addressed {@link DistributionSetType}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- DistributionSetType assignMandatorySoftwareModuleTypes(long dsTypeId,
- @NotEmpty Collection softwareModuleTypes);
+ DistributionSetType assignMandatorySoftwareModuleTypes(long id, @NotEmpty Collection softwareModuleTypeIds);
/**
* Unassigns a {@link SoftwareModuleType} from the
* {@link DistributionSetType}. Does nothing if {@link SoftwareModuleType}
* has not been assigned in the first place.
*
- * @param dsTypeId
+ * @param id
* to update
- * @param softwareModuleId
+ * @param softwareModuleTypeId
* to unassign
* @return updated {@link DistributionSetType}
*
@@ -118,6 +116,5 @@ public interface DistributionSetTypeManagement
* by a {@link DistributionSet}
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- DistributionSetType unassignSoftwareModuleType(long dsTypeId, long softwareModuleId);
-
+ DistributionSetType unassignSoftwareModuleType(long id, long softwareModuleTypeId);
}
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/RolloutManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/RolloutManagement.java
index 1b8e499e8..374c63947 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/RolloutManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/RolloutManagement.java
@@ -68,6 +68,8 @@ public interface RolloutManagement {
/**
* Counts all {@link Rollout}s for a specific {@link DistributionSet} that
* are stoppable
+ *
+ * No access control applied
*
* @param setId
* the distribution set
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SoftwareModuleManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SoftwareModuleManagement.java
index 8f64b7808..3a7052db5 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SoftwareModuleManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/SoftwareModuleManagement.java
@@ -108,7 +108,7 @@ public interface SoftwareModuleManagement
/**
* Deletes a software module meta data entry.
*
- * @param moduleId
+ * @param id
* where meta data has to be deleted
* @param key
* of the metda data element
@@ -117,14 +117,14 @@ public interface SoftwareModuleManagement
* of module or metadata entry does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
- void deleteMetaData(long moduleId, @NotEmpty String key);
+ void deleteMetaData(long id, @NotEmpty String key);
/**
* Returns all modules assigned to given {@link DistributionSet}.
*
* @param pageable
* the page request to page the result set
- * @param setId
+ * @param distributionSetId
* to search for
*
* @return all {@link SoftwareModule}s that are assigned to given
@@ -134,12 +134,12 @@ public interface SoftwareModuleManagement
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Page findByAssignedTo(@NotNull Pageable pageable, long setId);
+ Page findByAssignedTo(@NotNull Pageable pageable, long distributionSetId);
/**
* Returns count of all modules assigned to given {@link DistributionSet}.
*
- * @param setId
+ * @param distributionSetId
* to search for
*
* @return count of {@link SoftwareModule}s that are assigned to given
@@ -149,7 +149,7 @@ public interface SoftwareModuleManagement
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- long countByAssignedTo(long setId);
+ long countByAssignedTo(long distributionSetId);
/**
* Filter {@link SoftwareModule}s with given
@@ -192,7 +192,7 @@ public interface SoftwareModuleManagement
/**
* Finds a single software module meta data by its id.
*
- * @param moduleId
+ * @param id
* where meta data has to be found
* @param key
* of the meta data element
@@ -202,14 +202,14 @@ public interface SoftwareModuleManagement
* is module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Optional getMetaDataBySoftwareModuleId(long moduleId, @NotEmpty String key);
+ Optional getMetaDataBySoftwareModuleId(long id, @NotEmpty String key);
/**
* Finds all meta data by the given software module id.
*
* @param pageable
* the page request to page the result
- * @param moduleId
+ * @param id
* the software module id to retrieve the meta data from
*
* @return a paged result of all meta data entries for a given software
@@ -219,12 +219,12 @@ public interface SoftwareModuleManagement
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Page findMetaDataBySoftwareModuleId(@NotNull Pageable pageable, long moduleId);
+ Page findMetaDataBySoftwareModuleId(@NotNull Pageable pageable, long id);
/**
* Counts all meta data by the given software module id.
*
- * @param moduleId
+ * @param id
* the software module id to retrieve the meta data count from
*
* @return count of all meta data entries for a given software module id
@@ -233,7 +233,7 @@ public interface SoftwareModuleManagement
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- long countMetaDataBySoftwareModuleId(long moduleId);
+ long countMetaDataBySoftwareModuleId(long id);
/**
* Finds all meta data by the given software module id where
@@ -241,7 +241,7 @@ public interface SoftwareModuleManagement
*
* @param pageable
* the page request to page the result
- * @param moduleId
+ * @param id
* the software module id to retrieve the meta data from
*
* @return a paged result of all meta data entries for a given software
@@ -252,14 +252,14 @@ public interface SoftwareModuleManagement
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Page findMetaDataBySoftwareModuleIdAndTargetVisible(@NotNull Pageable pageable,
- long moduleId);
+ long id);
/**
* Finds all meta data by the given software module id.
*
* @param pageable
* the page request to page the result
- * @param moduleId
+ * @param id
* the software module id to retrieve the meta data from
* @param rsqlParam
* filter definition in RSQL syntax
@@ -278,7 +278,7 @@ public interface SoftwareModuleManagement
* if software module with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- Page findMetaDataByRsql(@NotNull Pageable pageable, long moduleId,
+ Page findMetaDataByRsql(@NotNull Pageable pageable, long id,
@NotNull String rsqlParam);
/**
@@ -296,7 +296,7 @@ public interface SoftwareModuleManagement
*
* @param pageable
* page parameter
- * @param orderByDistributionId
+ * @param orderByDistributionSetId
* the ID of distribution set to be ordered on top
* @param searchText
* filtered as "like" on {@link SoftwareModule#getName()}
@@ -310,7 +310,7 @@ public interface SoftwareModuleManagement
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
Slice findAllOrderBySetAssignmentAndModuleNameAscModuleVersionAsc(
- @NotNull Pageable pageable, long orderByDistributionId, String searchText, Long typeId);
+ @NotNull Pageable pageable, long orderByDistributionSetId, String searchText, Long typeId);
/**
* Retrieves the {@link SoftwareModule}s by their {@link SoftwareModuleType}
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetFilterQueryManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetFilterQueryManagement.java
index e3f11b880..b13d76782 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetFilterQueryManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetFilterQueryManagement.java
@@ -111,6 +111,8 @@ public interface TargetFilterQueryManagement {
/**
* Counts all target filters that have a given auto assign distribution set
* assigned.
+ *
+ * No access control applied
*
* @param autoAssignDistributionSetId
* the id of the distribution set
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetManagement.java
index 2abab0717..7b1de49f3 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetManagement.java
@@ -69,13 +69,13 @@ public interface TargetManagement {
/**
* Counts number of targets with the given distribution set assigned.
*
- * @param distId to search for
+ * @param distributionSetId to search for
* @return number of found {@link Target}s.
* @throws EntityNotFoundException if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
+ SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- long countByAssignedDistributionSet(long distId);
+ long countByAssignedDistributionSet(long distributionSetId);
/**
* Count {@link Target}s for all the given filter parameters.
@@ -95,25 +95,25 @@ public interface TargetManagement {
/**
* Get the count of targets with the given distribution set id.
*
- * @param distId to search for
+ * @param distributionSetId to search for
* @return number of found {@link Target}s.
* @throws EntityNotFoundException if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
+ SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- long countByInstalledDistributionSet(long distId);
+ long countByInstalledDistributionSet(long distributionSetId);
/**
* Checks if there is already a {@link Target} that has the given
* distribution set Id assigned or installed.
*
- * @param distId to search for
+ * @param distributionSetId to search for
* @return true if a {@link Target} exists.
* @throws EntityNotFoundException if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET + SpringEvalExpressions.HAS_AUTH_OR
+ SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY)
- boolean existsByInstalledOrAssignedDistributionSet(long distId);
+ boolean existsByInstalledOrAssignedDistributionSet(long distributionSetId);
/**
* Count {@link TargetFilterQuery}s for given target filter query.
@@ -131,13 +131,13 @@ public interface TargetManagement {
*
* @param rsqlParam
* filter definition in RSQL syntax
- * @param dsTypeId
+ * @param distributionSetId
* ID of the {@link DistributionSetType} the targets need to be
* compatible with
* @return the found number of{@link Target}s
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- long countByRsqlAndCompatible(@NotEmpty String rsqlParam, @NotNull Long dsTypeId);
+ long countByRsqlAndCompatible(@NotEmpty String rsqlParam, @NotNull Long distributionSetId);
/**
* Count all targets with failed actions for specific Rollout
@@ -214,31 +214,31 @@ public interface TargetManagement {
/**
* Deletes all targets with the given IDs.
*
- * @param targetIDs
+ * @param ids
* the IDs of the targets to be deleted
*
* @throws EntityNotFoundException
* if (at least one) of the given target IDs does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_DELETE_TARGET)
- void delete(@NotEmpty Collection targetIDs);
+ void delete(@NotEmpty Collection ids);
/**
* Deletes target with the given controller ID.
*
- * @param controllerID
+ * @param controllerId
* the controller ID of the target to be deleted
*
* @throws EntityNotFoundException
* if target with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_DELETE_TARGET)
- void deleteByControllerID(@NotEmpty String controllerID);
+ void deleteByControllerID(@NotEmpty String controllerId);
/**
- * Finds all targets for all the given parameter {@link TargetFilterQuery}
- * and that don't have the specified distribution set in their action
- * history and are compatible with the passed {@link DistributionSetType}.
+ * Finds all targets for all the given parameter {@link TargetFilterQuery} and
+ * that don't have the specified distribution set in their action history and
+ * are compatible with the passed {@link DistributionSetType}.
*
* @param pageRequest
* the pageRequest to enhance the query for paging and sorting
@@ -251,9 +251,9 @@ public interface TargetManagement {
* @throws EntityNotFoundException
* if distribution set with given ID does not exist
*/
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- Slice findByTargetFilterQueryAndNonDSAndCompatible(@NotNull Pageable pageRequest, long distributionSetId,
- @NotNull String rsqlParam);
+ @PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
+ Slice findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatable(@NotNull Pageable pageRequest,
+ long distributionSetId, @NotNull String rsqlParam);
/**
* Counts all targets for all the given parameter {@link TargetFilterQuery}
@@ -269,8 +269,8 @@ public interface TargetManagement {
* @throws EntityNotFoundException
* if distribution set with given ID does not exist
*/
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- long countByRsqlAndNonDSAndCompatible(long distributionSetId, @NotNull String rsqlParam);
+ @PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
+ long countByRsqlAndNonDSAndCompatibleAndUpdatable(long distributionSetId, @NotNull String rsqlParam);
/**
* Finds all targets for all the given parameter {@link TargetFilterQuery}
@@ -285,11 +285,11 @@ public interface TargetManagement {
* filter definition in RSQL syntax
* @param distributionSetType
* type of the {@link DistributionSet} the targets must be
- * compatible with
+ * compatible withs
* @return a page of the found {@link Target}s
*/
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- Slice findByTargetFilterQueryAndNotInRolloutGroupsAndCompatible(@NotNull Pageable pageRequest,
+ @PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
+ Slice findByTargetFilterQueryAndNotInRolloutGroupsAndCompatibleAndUpdatable(@NotNull Pageable pageRequest,
@NotEmpty Collection groups, @NotNull String rsqlParam,
@NotNull DistributionSetType distributionSetType);
@@ -320,13 +320,13 @@ public interface TargetManagement {
* @param rsqlParam
* filter definition in RSQL syntax
* @param distributionSetType
- * type of the {@link DistributionSet} the targets must be
- * compatible with
+ * type of the {@link DistributionSet} the targets must be compatible
+ * with
* @return count of the found {@link Target}s
*/
- @PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- long countByRsqlAndNotInRolloutGroupsAndCompatible(@NotEmpty Collection groups, @NotNull String rsqlParam,
- @NotNull DistributionSetType distributionSetType);
+ @PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
+ long countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatable(@NotEmpty Collection groups,
+ @NotNull String rsqlParam, @NotNull DistributionSetType distributionSetType);
/**
* Counts all targets with failed actions for specific Rollout
@@ -363,7 +363,7 @@ public interface TargetManagement {
*
* @param pageReq
* page parameter
- * @param distributionSetID
+ * @param distributionSetId
* the ID of the {@link DistributionSet}
*
*
@@ -373,7 +373,7 @@ public interface TargetManagement {
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_READ_TARGET)
- Page findByAssignedDistributionSet(@NotNull Pageable pageReq, long distributionSetID);
+ Page findByAssignedDistributionSet(@NotNull Pageable pageReq, long distributionSetId);
/**
* Retrieves {@link Target}s by the assigned {@link DistributionSet}
@@ -381,7 +381,7 @@ public interface TargetManagement {
*
* @param pageReq
* page parameter
- * @param distributionSetID
+ * @param distributionSetId
* the ID of the {@link DistributionSet}
* @param rsqlParam
* the specification to filter the result set
@@ -396,7 +396,7 @@ public interface TargetManagement {
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_READ_TARGET)
- Page findByAssignedDistributionSetAndRsql(@NotNull Pageable pageReq, long distributionSetID,
+ Page findByAssignedDistributionSetAndRsql(@NotNull Pageable pageReq, long distributionSetId,
@NotNull String rsqlParam);
/**
@@ -442,7 +442,7 @@ public interface TargetManagement {
*
* @param pageReq
* page parameter
- * @param distributionSetID
+ * @param distributionSetId
* the ID of the {@link DistributionSet}
*
* @return the found {@link Target}s
@@ -451,7 +451,7 @@ public interface TargetManagement {
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_READ_TARGET)
- Page findByInstalledDistributionSet(@NotNull Pageable pageReq, long distributionSetID);
+ Page findByInstalledDistributionSet(@NotNull Pageable pageReq, long distributionSetId);
/**
* retrieves {@link Target}s by the installed {@link DistributionSet}
@@ -557,7 +557,7 @@ public interface TargetManagement {
*
* @param pageable
* the page request to page the result set
- * @param orderByDistributionId
+ * @param orderByDistributionSetId
* {@link DistributionSet#getId()} to be ordered by
* @param filterParams
* the filters to apply; only filters are enabled that have non-null
@@ -569,7 +569,7 @@ public interface TargetManagement {
* if distribution set with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_READ_TARGET)
- Slice findByFilterOrderByLinkedDistributionSet(@NotNull Pageable pageable, long orderByDistributionId,
+ Slice findByFilterOrderByLinkedDistributionSet(@NotNull Pageable pageable, long orderByDistributionSetId,
@NotNull FilterParams filterParams);
/**
@@ -656,12 +656,12 @@ public interface TargetManagement {
* assignment outcome.
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
- TargetTypeAssignmentResult unAssignType(@NotEmpty Collection controllerIds);
+ TargetTypeAssignmentResult unassignType(@NotEmpty Collection controllerIds);
/**
* Un-assign a {@link TargetTag} assignment to given {@link Target}.
*
- * @param controllerID
+ * @param controllerId
* to un-assign for
* @param targetTagId
* to un-assign
@@ -671,23 +671,23 @@ public interface TargetManagement {
* if TAG with given ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
- Target unAssignTag(@NotEmpty String controllerID, long targetTagId);
+ Target unassignTag(@NotEmpty String controllerId, long targetTagId);
/**
* Un-assign a {@link TargetType} assignment to given {@link Target}.
*
- * @param controllerID
+ * @param controllerId
* to un-assign for
* @return the unassigned target
*
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
- Target unAssignType(@NotEmpty String controllerID);
+ Target unassignType(@NotEmpty String controllerId);
/**
* Assign a {@link TargetType} assignment to given {@link Target}.
*
- * @param controllerID
+ * @param controllerId
* to un-assign for
* @param targetTypeId
* Target type id
@@ -697,7 +697,7 @@ public interface TargetManagement {
* if TargetType with given target ID does not exist
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_TARGET)
- Target assignType(@NotEmpty String controllerID, @NotNull Long targetTypeId);
+ Target assignType(@NotEmpty String controllerId, @NotNull Long targetTypeId);
/**
* updates the {@link Target}.
@@ -940,5 +940,4 @@ public interface TargetManagement {
*/
@PreAuthorize(SpringEvalExpressions.HAS_AUTH_UPDATE_REPOSITORY)
TargetMetadata updateMetadata(@NotEmpty String controllerId, @NotNull MetaData metadata);
-
}
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetTypeManagement.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetTypeManagement.java
index 52b241036..f530ea2a8 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetTypeManagement.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/TargetTypeManagement.java
@@ -164,24 +164,23 @@ public interface TargetTypeManagement {
TargetType update(@NotNull @Valid TargetTypeUpdate update);
/**
- * @param targetTypeId
+ * @param id
* Target type ID
* @param distributionSetTypeIds
* Distribution set ID
* @return Target type
*/
@PreAuthorize(SpPermission.SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
- TargetType assignCompatibleDistributionSetTypes(long targetTypeId,
+ TargetType assignCompatibleDistributionSetTypes(long id,
@NotEmpty Collection distributionSetTypeIds);
/**
- * @param targetTypeId
+ * @param id
* Target type ID
* @param distributionSetTypeIds
* Distribution set ID
* @return Target type
*/
@PreAuthorize(SpPermission.SpringEvalExpressions.HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET)
- TargetType unassignDistributionSetType(long targetTypeId, long distributionSetTypeIds);
-
+ TargetType unassignDistributionSetType(long id, long distributionSetTypeIds);
}
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/exception/InsufficientPermissionException.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/exception/InsufficientPermissionException.java
index 1b2c7722a..1c32e2c9d 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/exception/InsufficientPermissionException.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/exception/InsufficientPermissionException.java
@@ -36,7 +36,11 @@ public class InsufficientPermissionException extends AbstractServerRtException {
/**
* creates new InsufficientPermissionException.
*/
+ public InsufficientPermissionException(final String message) {
+ super(message, SpServerError.SP_INSUFFICIENT_PERMISSION);
+ }
+
public InsufficientPermissionException() {
- this(null);
+ super(SpServerError.SP_INSUFFICIENT_PERMISSION, null);
}
}
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/Rollout.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/Rollout.java
index 6156ea1a8..5ec1ca168 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/Rollout.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/Rollout.java
@@ -108,6 +108,11 @@ public interface Rollout extends NamedEntity {
*/
Optional getWeight();
+ /**
+ * @return the stored access control context (if present)
+ */
+ Optional getAccessControlContext();
+
/**
*
* State machine for rollout.
diff --git a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/TargetFilterQuery.java b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/TargetFilterQuery.java
index c9fd1aa52..e59111924 100644
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/TargetFilterQuery.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/repository/model/TargetFilterQuery.java
@@ -73,8 +73,7 @@ public interface TargetFilterQuery extends TenantAwareBaseEntity {
ActionType getAutoAssignActionType();
/**
- * @return the weight of the {@link Action}s created during an auto
- * assignment.
+ * @return the weight of the {@link Action}s created during an auto assignment.
*/
Optional getAutoAssignWeight();
@@ -88,4 +87,10 @@ public interface TargetFilterQuery extends TenantAwareBaseEntity {
* (considered with confirmation flow active)
*/
boolean isConfirmationRequired();
+
+ /**
+ * Defining a serialized access control context which needs to be set when
+ * performing the auto-assignment by the scheduler
+ */
+ Optional getAccessControlContext();
}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/BaseEntityRepository.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/BaseEntityRepository.java
deleted file mode 100644
index 262e438be..000000000
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/BaseEntityRepository.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Copyright (c) 2015 Bosch Software Innovations GmbH and others
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- */
-package org.eclipse.hawkbit.repository.jpa;
-
-import java.io.Serializable;
-import java.util.List;
-import java.util.Optional;
-
-import org.eclipse.hawkbit.repository.jpa.model.AbstractJpaTenantAwareBaseEntity;
-import org.eclipse.hawkbit.repository.model.BaseEntity;
-import org.eclipse.hawkbit.repository.model.TenantAwareBaseEntity;
-import org.springframework.data.repository.CrudRepository;
-import org.springframework.data.repository.NoRepositoryBean;
-import org.springframework.data.repository.PagingAndSortingRepository;
-import org.springframework.transaction.annotation.Transactional;
-
-/**
- * Command repository operations for all {@link TenantAwareBaseEntity}s.
- *
- * @param
- * type if the entity type
- * @param
- * of the entity type
- */
-@NoRepositoryBean
-@Transactional(readOnly = true)
-public interface BaseEntityRepository
- extends PagingAndSortingRepository, CrudRepository, NoCountSliceRepository {
-
- /**
- * Retrieves an {@link BaseEntity} by its id.
- *
- * @param id
- * to search for
- * @return {@link BaseEntity}
- */
- Optional findById(I id);
-
- /**
- * Overrides
- * {@link org.springframework.data.repository.CrudRepository#saveAll(Iterable)}
- * to return a list of created entities instead of an instance of
- * {@link Iterable} to be able to work with it directly in further code
- * processing instead of converting the {@link Iterable}.
- *
- * @param entities
- * to persist in the database
- * @return the created entities
- */
- @Override
- @Transactional
- List saveAll(Iterable entities);
-}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/CurrentTenantCacheKeyGenerator.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/CurrentTenantCacheKeyGenerator.java
index f2f29cbf5..0e889cddc 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/CurrentTenantCacheKeyGenerator.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/CurrentTenantCacheKeyGenerator.java
@@ -9,6 +9,7 @@
*/
package org.eclipse.hawkbit.repository.jpa;
+import org.eclipse.hawkbit.repository.jpa.management.JpaSystemManagement;
import org.springframework.cache.interceptor.KeyGenerator;
import org.springframework.context.annotation.Bean;
import org.springframework.stereotype.Service;
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaManagementHelper.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaManagementHelper.java
index fc05fce66..63fffd5f6 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaManagementHelper.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaManagementHelper.java
@@ -11,10 +11,12 @@ package org.eclipse.hawkbit.repository.jpa;
import java.util.Collections;
import java.util.List;
+import java.util.Optional;
import javax.persistence.EntityManager;
import org.eclipse.hawkbit.repository.jpa.model.AbstractJpaBaseEntity;
+import org.eclipse.hawkbit.repository.jpa.repository.NoCountSliceRepository;
import org.eclipse.hawkbit.repository.jpa.specifications.SpecificationsBuilder;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageImpl;
@@ -33,6 +35,11 @@ public final class JpaManagementHelper {
private JpaManagementHelper() {
}
+ public static Optional findOneBySpec(final JpaSpecificationExecutor repository,
+ final List> specList) {
+ return repository.findOne(combineWithAnd(specList));
+ }
+
public static Page findAllWithCountBySpec(final JpaSpecificationExecutor repository,
final Pageable pageable, final List> specList) {
if (CollectionUtils.isEmpty(specList)) {
@@ -46,7 +53,7 @@ public final class JpaManagementHelper {
return new PageImpl<>(Collections.unmodifiableList(jpaAll.getContent()), pageable, jpaAll.getTotalElements());
}
- private static Specification combineWithAnd(final List> specList) {
+ public static Specification combineWithAnd(final List> specList) {
return specList.size() == 1 ? specList.get(0) : SpecificationsBuilder.combineWithAnd(specList);
}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaRolloutExecutor.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaRolloutExecutor.java
index f235b729a..5f6ab6bb3 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaRolloutExecutor.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaRolloutExecutor.java
@@ -35,6 +35,10 @@ import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
import org.eclipse.hawkbit.repository.jpa.model.JpaRollout;
import org.eclipse.hawkbit.repository.jpa.model.JpaRolloutGroup;
import org.eclipse.hawkbit.repository.jpa.model.RolloutTargetGroup;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.RolloutGroupRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.RolloutRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.RolloutTargetGroupRepository;
import org.eclipse.hawkbit.repository.jpa.rollout.condition.EvaluatorNotConfiguredException;
import org.eclipse.hawkbit.repository.jpa.rollout.condition.RolloutGroupEvaluationManager;
import org.eclipse.hawkbit.repository.jpa.utils.DeploymentHelper;
@@ -529,8 +533,8 @@ public class JpaRolloutExecutor implements RolloutExecutor {
if (!RolloutHelper.isRolloutRetried(rollout.getTargetFilterQuery())) {
targetsInGroupFilter = DeploymentHelper.runInNewTransaction(txManager,
"countAllTargetsByTargetFilterQueryAndNotInRolloutGroups",
- count -> targetManagement.countByRsqlAndNotInRolloutGroupsAndCompatible(readyGroups, groupTargetFilter,
- rollout.getDistributionSet().getType()));
+ count -> targetManagement.countByRsqlAndNotInRolloutGroupsAndCompatibleAndUpdatable(readyGroups,
+ groupTargetFilter, rollout.getDistributionSet().getType()));
} else {
targetsInGroupFilter = DeploymentHelper.runInNewTransaction(txManager,
"countByFailedRolloutAndNotInRolloutGroupsAndCompatible",
@@ -582,7 +586,7 @@ public class JpaRolloutExecutor implements RolloutExecutor {
RolloutGroupStatus.READY, group);
Slice targets;
if (!RolloutHelper.isRolloutRetried(rollout.getTargetFilterQuery())) {
- targets = targetManagement.findByTargetFilterQueryAndNotInRolloutGroupsAndCompatible(
+ targets = targetManagement.findByTargetFilterQueryAndNotInRolloutGroupsAndCompatibleAndUpdatable(
pageRequest, readyGroups, targetFilter, rollout.getDistributionSet().getType());
} else {
targets = targetManagement.findByFailedRolloutAndNotInRolloutGroups(
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaRolloutHandler.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaRolloutHandler.java
index f1857100d..b409fa900 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaRolloutHandler.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaRolloutHandler.java
@@ -10,14 +10,13 @@
package org.eclipse.hawkbit.repository.jpa;
import java.util.List;
-import java.util.Objects;
import java.util.concurrent.locks.Lock;
+import org.eclipse.hawkbit.ContextAware;
import org.eclipse.hawkbit.repository.RolloutExecutor;
import org.eclipse.hawkbit.repository.RolloutHandler;
import org.eclipse.hawkbit.repository.RolloutManagement;
import org.eclipse.hawkbit.repository.jpa.utils.DeploymentHelper;
-import org.eclipse.hawkbit.repository.model.BaseEntity;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -35,6 +34,7 @@ public class JpaRolloutHandler implements RolloutHandler {
private final RolloutExecutor rolloutExecutor;
private final LockRegistry lockRegistry;
private final PlatformTransactionManager txManager;
+ private final ContextAware contextAware;
/**
* Constructor
@@ -52,12 +52,14 @@ public class JpaRolloutHandler implements RolloutHandler {
*/
public JpaRolloutHandler(final TenantAware tenantAware, final RolloutManagement rolloutManagement,
final RolloutExecutor rolloutExecutor, final LockRegistry lockRegistry,
- final PlatformTransactionManager txManager) {
+ final PlatformTransactionManager txManager,
+ final ContextAware contextAware) {
this.tenantAware = tenantAware;
this.rolloutManagement = rolloutManagement;
this.rolloutExecutor = rolloutExecutor;
this.lockRegistry = lockRegistry;
this.txManager = txManager;
+ this.contextAware = contextAware;
}
@Override
@@ -92,19 +94,29 @@ public class JpaRolloutHandler implements RolloutHandler {
return tenant + "-rollout";
}
+ // run in a tenant context, i.e. contextAware.getCurrentTenant() returns the tenant
+ // the rollout is made for
private void handleRolloutInNewTransaction(final long rolloutId, final String handlerId) {
DeploymentHelper.runInNewTransaction(txManager, handlerId + "-" + rolloutId, status -> {
rolloutManagement.get(rolloutId).ifPresentOrElse(
- rollout -> runInUserContext(rollout, () -> rolloutExecutor.execute(rollout)),
+ rollout -> {
+ rollout.getAccessControlContext().ifPresentOrElse(
+ context -> // has stored context - executes it with it
+ contextAware.runInContext(
+ context,
+ () -> rolloutExecutor.execute(rollout)),
+ () -> // has no stored context - executes it in the tenant & user scope
+ contextAware.runAsTenantAsUser(
+ contextAware.getCurrentTenant(),
+ rollout.getCreatedBy(), () -> {
+ rolloutExecutor.execute(rollout);
+ return null;
+ })
+ );
+ },
() -> LOGGER.error("Could not retrieve rollout with id {}. Will not continue with execution.",
rolloutId));
return 0L;
});
}
-
- private void runInUserContext(final BaseEntity rollout, final Runnable handler) {
- DeploymentHelper.runInNonSystemContext(handler, () -> Objects.requireNonNull(rollout.getCreatedBy()),
- tenantAware);
- }
-
}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/NoCountBaseRepositoryTypeProvider.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/NoCountBaseRepositoryTypeProvider.java
deleted file mode 100644
index 1b208d882..000000000
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/NoCountBaseRepositoryTypeProvider.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Copyright (c) 2021 Bosch.IO GmbH and others
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- */
-package org.eclipse.hawkbit.repository.jpa;
-
-import org.eclipse.hawkbit.repository.BaseRepositoryTypeProvider;
-
-/**
- * Simple implementation of {@link BaseRepositoryTypeProvider} leveraging our
- * {@link SimpleJpaWithNoCountRepository} for all current use cases
- */
-public class NoCountBaseRepositoryTypeProvider implements BaseRepositoryTypeProvider {
-
- @Override
- public Class getBaseRepositoryType(final Class repositoryType) {
- return SimpleJpaWithNoCountRepository.class;
- }
-
-}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/RepositoryApplicationConfiguration.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/RepositoryApplicationConfiguration.java
index b801beff8..06a9e01ba 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/RepositoryApplicationConfiguration.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/RepositoryApplicationConfiguration.java
@@ -17,6 +17,7 @@ import javax.persistence.EntityManager;
import javax.sql.DataSource;
import javax.validation.Validation;
+import org.eclipse.hawkbit.ContextAware;
import org.eclipse.hawkbit.artifact.repository.ArtifactRepository;
import org.eclipse.hawkbit.repository.ArtifactEncryption;
import org.eclipse.hawkbit.repository.ArtifactEncryptionSecretsStore;
@@ -62,6 +63,7 @@ import org.eclipse.hawkbit.repository.event.ApplicationEventFilter;
import org.eclipse.hawkbit.repository.event.remote.EventEntityManager;
import org.eclipse.hawkbit.repository.event.remote.EventEntityManagerHolder;
import org.eclipse.hawkbit.repository.event.remote.TargetPollEvent;
+import org.eclipse.hawkbit.repository.jpa.acm.AccessController;
import org.eclipse.hawkbit.repository.jpa.aspects.ExceptionMappingAspectHandler;
import org.eclipse.hawkbit.repository.jpa.autoassign.AutoAssignChecker;
import org.eclipse.hawkbit.repository.jpa.autoassign.AutoAssignScheduler;
@@ -80,10 +82,55 @@ import org.eclipse.hawkbit.repository.jpa.configuration.MultiTenantJpaTransactio
import org.eclipse.hawkbit.repository.jpa.event.JpaEventEntityManager;
import org.eclipse.hawkbit.repository.jpa.executor.AfterTransactionCommitDefaultServiceExecutor;
import org.eclipse.hawkbit.repository.jpa.executor.AfterTransactionCommitExecutor;
+import org.eclipse.hawkbit.repository.jpa.management.JpaArtifactManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaConfirmationManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaControllerManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaDeploymentManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaDistributionSetInvalidationManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaDistributionSetManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaDistributionSetTagManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaDistributionSetTypeManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaRolloutGroupManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaRolloutManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaSoftwareModuleManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaSoftwareModuleTypeManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaSystemManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaTargetFilterQueryManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaTargetManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaTargetTagManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaTargetTypeManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaTenantConfigurationManagement;
+import org.eclipse.hawkbit.repository.jpa.management.JpaTenantStatsManagement;
+import org.eclipse.hawkbit.repository.jpa.model.JpaArtifact;
+import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
+import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSetType;
+import org.eclipse.hawkbit.repository.jpa.model.JpaSoftwareModule;
+import org.eclipse.hawkbit.repository.jpa.model.JpaSoftwareModuleType;
+import org.eclipse.hawkbit.repository.jpa.model.JpaTarget;
+import org.eclipse.hawkbit.repository.jpa.model.JpaTargetType;
import org.eclipse.hawkbit.repository.jpa.model.helper.AfterTransactionCommitExecutorHolder;
import org.eclipse.hawkbit.repository.jpa.model.helper.EntityInterceptorHolder;
import org.eclipse.hawkbit.repository.jpa.model.helper.SecurityTokenGeneratorHolder;
import org.eclipse.hawkbit.repository.jpa.model.helper.TenantAwareHolder;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionStatusRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.DistributionSetMetadataRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.DistributionSetRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.DistributionSetTagRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.DistributionSetTypeRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.LocalArtifactRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.RolloutGroupRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.RolloutRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.RolloutTargetGroupRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.HawkBitBaseRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.SoftwareModuleMetadataRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.SoftwareModuleRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.SoftwareModuleTypeRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.TargetFilterQueryRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.TargetMetadataRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.TargetRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.TargetTagRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.TargetTypeRepository;
import org.eclipse.hawkbit.repository.jpa.rollout.RolloutScheduler;
import org.eclipse.hawkbit.repository.jpa.rollout.condition.PauseRolloutGroupAction;
import org.eclipse.hawkbit.repository.jpa.rollout.condition.RolloutGroupActionEvaluator;
@@ -116,7 +163,10 @@ import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.persistence.config.PersistenceUnitProperties;
import org.hibernate.validator.BaseHibernateValidatorConfiguration;
+import org.springframework.beans.BeansException;
import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -135,6 +185,7 @@ import org.springframework.data.domain.AuditorAware;
import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.integration.support.locks.LockRegistry;
+import org.springframework.lang.NonNull;
import org.springframework.orm.jpa.vendor.AbstractJpaVendorAdapter;
import org.springframework.orm.jpa.vendor.EclipseLinkJpaDialect;
import org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter;
@@ -152,7 +203,7 @@ import com.google.common.collect.Maps;
* General configuration for hawkBit's Repository.
*
*/
-@EnableJpaRepositories(value = "org.eclipse.hawkbit.repository.jpa", repositoryFactoryBeanClass = CustomBaseRepositoryFactoryBean.class)
+@EnableJpaRepositories(value = "org.eclipse.hawkbit.repository.jpa.repository", repositoryFactoryBeanClass = CustomBaseRepositoryFactoryBean.class)
@EnableTransactionManagement
@EnableJpaAuditing
@EnableAspectJAutoProxy
@@ -174,7 +225,7 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@Bean
@ConditionalOnMissingBean
PauseRolloutGroupAction pauseRolloutGroupAction(final RolloutManagement rolloutManagement,
- final RolloutGroupRepository rolloutGroupRepository, final SystemSecurityContext systemSecurityContext) {
+ final RolloutGroupRepository rolloutGroupRepository, final SystemSecurityContext systemSecurityContext) {
return new PauseRolloutGroupAction(rolloutManagement, rolloutGroupRepository, systemSecurityContext);
}
@@ -266,8 +317,7 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
/**
* @param dsTypeManagement
- * for loading
- * {@link TargetType#getCompatibleDistributionSetTypes()}
+ * for loading {@link TargetType#getCompatibleDistributionSetTypes()}
* @return TargetTypeBuilder bean
*/
@Bean
@@ -282,10 +332,9 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
}
/**
- * @param softwareManagement
- * for loading
- * {@link DistributionSetType#getMandatoryModuleTypes()} and
- * {@link DistributionSetType#getOptionalModuleTypes()}
+ * @param softwareModuleTypeManagement
+ * for loading {@link DistributionSetType#getMandatoryModuleTypes()}
+ * and {@link DistributionSetType#getOptionalModuleTypes()}
* @return DistributionSetTypeBuilder bean
*/
@Bean
@@ -327,8 +376,8 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
/**
* @return the {@link SystemSecurityContext} singleton bean which make it
- * accessible in beans which cannot access the service directly,
- * e.g. JPA entities.
+ * accessible in beans which cannot access the service directly, e.g.
+ * JPA entities.
*/
@Bean
SystemSecurityContextHolder systemSecurityContextHolder() {
@@ -336,9 +385,9 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
}
/**
- * @return the {@link TenantConfigurationManagement} singleton bean which
- * make it accessible in beans which cannot access the service
- * directly, e.g. JPA entities.
+ * @return the {@link TenantConfigurationManagement} singleton bean which make
+ * it accessible in beans which cannot access the service directly, e.g.
+ * JPA entities.
*/
@Bean
TenantConfigurationManagementHolder tenantConfigurationManagementHolder() {
@@ -347,9 +396,8 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
/**
* @return the {@link SystemManagementHolder} singleton bean which holds the
- * current {@link SystemManagement} service and make it accessible
- * in beans which cannot access the service directly, e.g. JPA
- * entities.
+ * current {@link SystemManagement} service and make it accessible in
+ * beans which cannot access the service directly, e.g. JPA entities.
*/
@Bean
SystemManagementHolder systemManagementHolder() {
@@ -357,10 +405,9 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
}
/**
- * @return the {@link TenantAwareHolder} singleton bean which holds the
- * current {@link TenantAware} service and make it accessible in
- * beans which cannot access the service directly, e.g. JPA
- * entities.
+ * @return the {@link TenantAwareHolder} singleton bean which holds the current
+ * {@link TenantAware} service and make it accessible in beans which
+ * cannot access the service directly, e.g. JPA entities.
*/
@Bean
TenantAwareHolder tenantAwareHolder() {
@@ -368,10 +415,9 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
}
/**
- * @return the {@link SecurityTokenGeneratorHolder} singleton bean which
- * holds the current {@link SecurityTokenGenerator} service and make
- * it accessible in beans which cannot access the service via
- * injection
+ * @return the {@link SecurityTokenGeneratorHolder} singleton bean which holds
+ * the current {@link SecurityTokenGenerator} service and make it
+ * accessible in beans which cannot access the service via injection
*/
@Bean
SecurityTokenGeneratorHolder securityTokenGeneratorHolder() {
@@ -404,6 +450,8 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@Bean
public MethodValidationPostProcessor methodValidationPostProcessor() {
final MethodValidationPostProcessor processor = new MethodValidationPostProcessor();
+ // ValidatorFactory shall NOT be closed because after closing the generated Validator
+ // methods shall not be called - we need the validator in future
processor.setValidator(Validation.byDefaultProvider().configure()
.addProperty(BaseHibernateValidatorConfiguration.ALLOW_PARALLEL_METHODS_DEFINE_PARAMETER_CONSTRAINTS,
"true")
@@ -485,19 +533,21 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@Bean
@ConditionalOnMissingBean
DistributionSetManagement distributionSetManagement(final EntityManager entityManager,
- final DistributionSetRepository distributionSetRepository,
- final DistributionSetTagManagement distributionSetTagManagement, final SystemManagement systemManagement,
- final DistributionSetTypeManagement distributionSetTypeManagement, final QuotaManagement quotaManagement,
- final DistributionSetMetadataRepository distributionSetMetadataRepository,
- final TargetFilterQueryRepository targetFilterQueryRepository, final ActionRepository actionRepository,
- final EventPublisherHolder eventPublisherHolder, final TenantAware tenantAware,
- final VirtualPropertyReplacer virtualPropertyReplacer,
- final SoftwareModuleRepository softwareModuleRepository,
- final DistributionSetTagRepository distributionSetTagRepository,
- final AfterTransactionCommitExecutor afterCommit, final JpaProperties properties) {
+ final DistributionSetRepository distributionSetRepository,
+ final DistributionSetTagManagement distributionSetTagManagement, final SystemManagement systemManagement,
+ final DistributionSetTypeManagement distributionSetTypeManagement, final QuotaManagement quotaManagement,
+ final DistributionSetMetadataRepository distributionSetMetadataRepository,
+ final TargetRepository targetRepository,
+ final TargetFilterQueryRepository targetFilterQueryRepository, final ActionRepository actionRepository,
+ final EventPublisherHolder eventPublisherHolder, final TenantAware tenantAware,
+ final VirtualPropertyReplacer virtualPropertyReplacer,
+ final SoftwareModuleRepository softwareModuleRepository,
+ final DistributionSetTagRepository distributionSetTagRepository,
+ final AfterTransactionCommitExecutor afterCommit,
+ final JpaProperties properties) {
return new JpaDistributionSetManagement(entityManager, distributionSetRepository, distributionSetTagManagement,
systemManagement, distributionSetTypeManagement, quotaManagement, distributionSetMetadataRepository,
- targetFilterQueryRepository, actionRepository, eventPublisherHolder, tenantAware,
+ targetRepository, targetFilterQueryRepository, actionRepository, eventPublisherHolder, tenantAware,
virtualPropertyReplacer, softwareModuleRepository, distributionSetTagRepository, afterCommit,
properties.getDatabase());
@@ -566,16 +616,16 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@Bean
@ConditionalOnMissingBean
TargetManagement targetManagement(final EntityManager entityManager, final QuotaManagement quotaManagement,
- final TargetRepository targetRepository, final TargetMetadataRepository targetMetadataRepository,
- final RolloutGroupRepository rolloutGroupRepository,
- final TargetFilterQueryRepository targetFilterQueryRepository,
- final TargetTypeRepository targetTypeRepository, final TargetTagRepository targetTagRepository,
- final EventPublisherHolder eventPublisherHolder, final TenantAware tenantAware,
- final AfterTransactionCommitExecutor afterCommit, final VirtualPropertyReplacer virtualPropertyReplacer,
- final JpaProperties properties, final DistributionSetManagement distributionSetManagement) {
+ final TargetRepository targetRepository, final TargetMetadataRepository targetMetadataRepository,
+ final RolloutGroupRepository rolloutGroupRepository,
+ final TargetFilterQueryRepository targetFilterQueryRepository,
+ final TargetTypeRepository targetTypeRepository, final TargetTagRepository targetTagRepository,
+ final EventPublisherHolder eventPublisherHolder, final TenantAware tenantAware,
+ final VirtualPropertyReplacer virtualPropertyReplacer,
+ final JpaProperties properties, final DistributionSetManagement distributionSetManagement) {
return new JpaTargetManagement(entityManager, distributionSetManagement, quotaManagement, targetRepository,
targetTypeRepository, targetMetadataRepository, rolloutGroupRepository, targetFilterQueryRepository,
- targetTagRepository, eventPublisherHolder, tenantAware, afterCommit, virtualPropertyReplacer,
+ targetTagRepository, eventPublisherHolder, tenantAware, virtualPropertyReplacer,
properties.getDatabase());
}
@@ -594,8 +644,6 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
* to access quotas
* @param properties
* JPA properties
- * @param tenantAware
- * the {@link TenantAware} bean holding the tenant information
*
* @return a new {@link TargetFilterQueryManagement}
*/
@@ -606,12 +654,13 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
final VirtualPropertyReplacer virtualPropertyReplacer,
final DistributionSetManagement distributionSetManagement, final QuotaManagement quotaManagement,
final JpaProperties properties, final TenantConfigurationManagement tenantConfigurationManagement,
- final SystemSecurityContext systemSecurityContext, final TenantAware tenantAware) {
+ final SystemSecurityContext systemSecurityContext, final ContextAware contextAware) {
return new JpaTargetFilterQueryManagement(targetFilterQueryRepository, targetManagement,
virtualPropertyReplacer, distributionSetManagement, quotaManagement, properties.getDatabase(),
- tenantConfigurationManagement, systemSecurityContext, tenantAware);
+ tenantConfigurationManagement, systemSecurityContext, contextAware);
}
+
/**
* {@link JpaTargetTagManagement} bean.
*
@@ -654,10 +703,12 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
final SoftwareModuleMetadataRepository softwareModuleMetadataRepository,
final SoftwareModuleTypeRepository softwareModuleTypeRepository, final AuditorAware auditorProvider,
final ArtifactManagement artifactManagement, final QuotaManagement quotaManagement,
- final VirtualPropertyReplacer virtualPropertyReplacer, final JpaProperties properties) {
+ final VirtualPropertyReplacer virtualPropertyReplacer,
+ final JpaProperties properties) {
return new JpaSoftwareModuleManagement(entityManager, distributionSetRepository, softwareModuleRepository,
softwareModuleMetadataRepository, softwareModuleTypeRepository, auditorProvider, artifactManagement,
- quotaManagement, virtualPropertyReplacer, properties.getDatabase());
+ quotaManagement, virtualPropertyReplacer,
+ properties.getDatabase());
}
/**
@@ -671,17 +722,20 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
final DistributionSetTypeRepository distributionSetTypeRepository,
final SoftwareModuleTypeRepository softwareModuleTypeRepository,
final VirtualPropertyReplacer virtualPropertyReplacer,
- final SoftwareModuleRepository softwareModuleRepository, final JpaProperties properties) {
+ final SoftwareModuleRepository softwareModuleRepository,
+ final JpaProperties properties) {
return new JpaSoftwareModuleTypeManagement(distributionSetTypeRepository, softwareModuleTypeRepository,
- virtualPropertyReplacer, softwareModuleRepository, properties.getDatabase());
+ virtualPropertyReplacer, softwareModuleRepository,
+ properties.getDatabase());
}
-
+
@Bean
@ConditionalOnMissingBean
RolloutHandler rolloutHandler(final TenantAware tenantAware, final RolloutManagement rolloutManagement,
final RolloutExecutor rolloutExecutor, final LockRegistry lockRegistry,
- final PlatformTransactionManager txManager) {
- return new JpaRolloutHandler(tenantAware, rolloutManagement, rolloutExecutor, lockRegistry, txManager);
+ final PlatformTransactionManager txManager, final ContextAware contextAware) {
+ return new JpaRolloutHandler(tenantAware, rolloutManagement, rolloutExecutor, lockRegistry, txManager,
+ contextAware);
}
@Bean
@@ -708,10 +762,12 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
final VirtualPropertyReplacer virtualPropertyReplacer, final JpaProperties properties,
final RolloutApprovalStrategy rolloutApprovalStrategy,
final TenantConfigurationManagement tenantConfigurationManagement,
- final SystemSecurityContext systemSecurityContext) {
+ final SystemSecurityContext systemSecurityContext,
+ final ContextAware contextAware) {
return new JpaRolloutManagement(targetManagement, distributionSetManagement, eventPublisherHolder,
virtualPropertyReplacer, properties.getDatabase(), rolloutApprovalStrategy,
- tenantConfigurationManagement, systemSecurityContext);
+ tenantConfigurationManagement, systemSecurityContext,
+ contextAware);
}
/**
@@ -736,10 +792,10 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@Bean
@ConditionalOnMissingBean
RolloutGroupManagement rolloutGroupManagement(final RolloutGroupRepository rolloutGroupRepository,
- final RolloutRepository rolloutRepository, final ActionRepository actionRepository,
- final TargetRepository targetRepository, final EntityManager entityManager,
- final VirtualPropertyReplacer virtualPropertyReplacer, final RolloutStatusCache rolloutStatusCache,
- final JpaProperties properties) {
+ final RolloutRepository rolloutRepository, final ActionRepository actionRepository,
+ final TargetRepository targetRepository, final EntityManager entityManager,
+ final VirtualPropertyReplacer virtualPropertyReplacer, final RolloutStatusCache rolloutStatusCache,
+ final JpaProperties properties) {
return new JpaRolloutGroupManagement(rolloutGroupRepository, rolloutRepository, actionRepository,
targetRepository, entityManager, virtualPropertyReplacer, rolloutStatusCache, properties.getDatabase());
}
@@ -752,14 +808,14 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@Bean
@ConditionalOnMissingBean
DeploymentManagement deploymentManagement(final EntityManager entityManager,
- final ActionRepository actionRepository, final DistributionSetRepository distributionSetRepository,
- final DistributionSetManagement distributionSetManagement, final TargetRepository targetRepository,
- final ActionStatusRepository actionStatusRepository, final AuditorAware auditorProvider,
- final EventPublisherHolder eventPublisherHolder, final AfterTransactionCommitExecutor afterCommit,
- final VirtualPropertyReplacer virtualPropertyReplacer, final PlatformTransactionManager txManager,
- final TenantConfigurationManagement tenantConfigurationManagement, final QuotaManagement quotaManagement,
- final SystemSecurityContext systemSecurityContext, final TenantAware tenantAware,
- final JpaProperties properties, final RepositoryProperties repositoryProperties) {
+ final ActionRepository actionRepository, final DistributionSetRepository distributionSetRepository,
+ final DistributionSetManagement distributionSetManagement, final TargetRepository targetRepository,
+ final ActionStatusRepository actionStatusRepository, final AuditorAware auditorProvider,
+ final EventPublisherHolder eventPublisherHolder, final AfterTransactionCommitExecutor afterCommit,
+ final VirtualPropertyReplacer virtualPropertyReplacer, final PlatformTransactionManager txManager,
+ final TenantConfigurationManagement tenantConfigurationManagement, final QuotaManagement quotaManagement,
+ final SystemSecurityContext systemSecurityContext, final TenantAware tenantAware,
+ final JpaProperties properties, final RepositoryProperties repositoryProperties) {
return new JpaDeploymentManagement(entityManager, actionRepository, distributionSetManagement,
distributionSetRepository, targetRepository, actionStatusRepository, auditorProvider,
eventPublisherHolder, afterCommit, virtualPropertyReplacer, txManager, tenantConfigurationManagement,
@@ -792,10 +848,11 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@Bean
@ConditionalOnMissingBean
- ArtifactManagement artifactManagement(final LocalArtifactRepository localArtifactRepository,
+ ArtifactManagement artifactManagement(
+ final EntityManager entityManager, final LocalArtifactRepository localArtifactRepository,
final SoftwareModuleRepository softwareModuleRepository, final ArtifactRepository artifactRepository,
final QuotaManagement quotaManagement, final TenantAware tenantAware) {
- return new JpaArtifactManagement(localArtifactRepository, softwareModuleRepository, artifactRepository,
+ return new JpaArtifactManagement(entityManager, localArtifactRepository, softwareModuleRepository, artifactRepository,
quotaManagement, tenantAware);
}
@@ -827,7 +884,7 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
* @param aware
* the tenant aware
* @param entityManager
- * the entitymanager
+ * the entity manager
* @return a new {@link EventEntityManager}
*/
@Bean
@@ -853,24 +910,22 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@ConditionalOnMissingBean
AutoAssignExecutor autoAssignExecutor(final TargetFilterQueryManagement targetFilterQueryManagement,
final TargetManagement targetManagement, final DeploymentManagement deploymentManagement,
- final PlatformTransactionManager transactionManager, final TenantAware tenantAware) {
+ final PlatformTransactionManager transactionManager, final ContextAware contextAware) {
return new AutoAssignChecker(targetFilterQueryManagement, targetManagement, deploymentManagement,
- transactionManager, tenantAware);
+ transactionManager, contextAware);
}
/**
* {@link AutoAssignScheduler} bean.
- *
+ *
* Note: does not activate in test profile, otherwise it is hard to test the
* auto assign functionality.
*
- * @param tenantAware
- * to run as specific tenant
* @param systemManagement
* to find all tenants
* @param systemSecurityContext
* to run as system
- * @param autoAssignChecker
+ * @param autoAssignExecutor
* to run a check as tenant
* @param lockRegistry
* to lock the tenant for auto assignment
@@ -930,7 +985,7 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
/**
* {@link RolloutScheduler} bean.
- *
+ *
* Note: does not activate in test profile, otherwise it is hard to test the
* rollout handling functionality.
*
@@ -946,7 +1001,7 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@ConditionalOnMissingBean
@Profile("!test")
@ConditionalOnProperty(prefix = "hawkbit.rollout.scheduler", name = "enabled", matchIfMissing = true)
- RolloutScheduler rolloutScheduler(final TenantAware tenantAware, final SystemManagement systemManagement,
+ RolloutScheduler rolloutScheduler(final SystemManagement systemManagement,
final RolloutHandler rolloutHandler, final SystemSecurityContext systemSecurityContext) {
return new RolloutScheduler(systemManagement, rolloutHandler, systemSecurityContext);
}
@@ -982,16 +1037,18 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
JpaDistributionSetInvalidationManagement distributionSetInvalidationManagement(
final DistributionSetManagement distributionSetManagement, final RolloutManagement rolloutManagement,
final DeploymentManagement deploymentManagement,
- final TargetFilterQueryManagement targetFilterQueryManagement, final PlatformTransactionManager txManager,
+ final TargetFilterQueryManagement targetFilterQueryManagement, final ActionRepository actionRepository,
+ final PlatformTransactionManager txManager,
final RepositoryProperties repositoryProperties, final TenantAware tenantAware,
final LockRegistry lockRegistry) {
return new JpaDistributionSetInvalidationManagement(distributionSetManagement, rolloutManagement,
- deploymentManagement, targetFilterQueryManagement, txManager, repositoryProperties, tenantAware,
+ deploymentManagement, targetFilterQueryManagement, actionRepository,
+ txManager, repositoryProperties, tenantAware,
lockRegistry);
}
/**
- * Our default {@link BaseRepositoryTypeProvider} bean always provides the
+ * Default {@link BaseRepositoryTypeProvider} bean always provides the
* NoCountBaseRepository
*
* @return a {@link BaseRepositoryTypeProvider} bean
@@ -999,14 +1056,13 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
@Bean
@ConditionalOnMissingBean
BaseRepositoryTypeProvider baseRepositoryTypeProvider() {
- return new NoCountBaseRepositoryTypeProvider();
-
+ return new HawkBitBaseRepository.RepositoryTypeProvider();
}
/**
* Default artifact encryption service bean that internally uses
- * {@link ArtifactEncryption} and {@link ArtifactEncryptionSecretsStore}
- * beans for {@link SoftwareModule} artifacts encryption/decryption
+ * {@link ArtifactEncryption} and {@link ArtifactEncryptionSecretsStore} beans
+ * for {@link SoftwareModule} artifacts encryption/decryption
*
* @return a {@link ArtifactEncryptionService} bean
*/
@@ -1015,4 +1071,36 @@ public class RepositoryApplicationConfiguration extends JpaBaseConfiguration {
ArtifactEncryptionService artifactEncryptionService() {
return ArtifactEncryptionService.getInstance();
}
+
+ @Bean
+ public BeanPostProcessor entityManagerBeanPostProcessor(
+ @Autowired(required = false) final AccessController artifactAccessController,
+ @Autowired(required = false) final AccessController softwareModuleTypeAccessController,
+ @Autowired(required = false) final AccessController softwareModuleAccessController,
+ @Autowired(required = false) final AccessController distributionSetTypeAccessController,
+ @Autowired(required = false) final AccessController distributionSetAccessController,
+ @Autowired(required = false) final AccessController targetTypeAccessControlManager,
+ @Autowired(required = false) final AccessController targetAccessControlManager) {
+ return new BeanPostProcessor() {
+ @Override
+ public Object postProcessAfterInitialization(@NonNull final Object bean, @NonNull final String beanName) throws BeansException {
+ if (bean instanceof LocalArtifactRepository repo) {
+ return repo.withACM(artifactAccessController);
+ } else if (bean instanceof SoftwareModuleTypeRepository repo) {
+ return repo.withACM(softwareModuleTypeAccessController);
+ } else if (bean instanceof SoftwareModuleRepository repo) {
+ return repo.withACM(softwareModuleAccessController);
+ } else if (bean instanceof DistributionSetTypeRepository repo) {
+ return repo.withACM(distributionSetTypeAccessController);
+ } else if (bean instanceof DistributionSetRepository repo) {
+ return repo.withACM(distributionSetAccessController);
+ } else if (bean instanceof TargetTypeRepository repo) {
+ return repo.withACM(targetTypeAccessControlManager);
+ } else if (bean instanceof TargetRepository repo) {
+ return repo.withACM(targetAccessControlManager);
+ }
+ return BeanPostProcessor.super.postProcessAfterInitialization(bean, beanName);
+ }
+ };
+ }
}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/SimpleJpaWithNoCountRepository.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/SimpleJpaWithNoCountRepository.java
deleted file mode 100644
index 585dd5834..000000000
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/SimpleJpaWithNoCountRepository.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * Copyright (c) 2021 Bosch.IO GmbH and others
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- */
-package org.eclipse.hawkbit.repository.jpa;
-
-import java.io.Serializable;
-import java.util.List;
-
-import javax.persistence.EntityManager;
-import javax.persistence.TypedQuery;
-
-import org.springframework.data.domain.Page;
-import org.springframework.data.domain.PageImpl;
-import org.springframework.data.domain.Pageable;
-import org.springframework.data.domain.Slice;
-import org.springframework.data.jpa.domain.Specification;
-import org.springframework.data.jpa.repository.support.JpaEntityInformation;
-import org.springframework.data.jpa.repository.support.SimpleJpaRepository;
-import org.springframework.lang.Nullable;
-
-/**
- * Repository implementation that allows findAll with disabled count query.
- *
- * @param
- * entity type
- * @param
- * key or ID type
- */
-public class SimpleJpaWithNoCountRepository extends SimpleJpaRepository
- implements NoCountSliceRepository {
-
- public SimpleJpaWithNoCountRepository(final Class domainClass, final EntityManager em) {
- super(domainClass, em);
- }
-
- public SimpleJpaWithNoCountRepository(JpaEntityInformation entityInformation, EntityManager entityManager) {
- super(entityInformation, entityManager);
- }
-
- @Override
- public Slice findAllWithoutCount(@Nullable Specification spec, Pageable pageable) {
- TypedQuery query = getQuery(spec, pageable);
- return pageable.isUnpaged() ? new PageImpl<>(query.getResultList()) : readPageWithoutCount(query, pageable);
- }
-
- @Override
- public Slice findAllWithoutCount(final Pageable pageable) {
- return findAllWithoutCount(null, pageable);
- }
-
- protected Page readPageWithoutCount(final TypedQuery query, final Pageable pageable) {
- query.setFirstResult((int) pageable.getOffset());
- query.setMaxResults(pageable.getPageSize());
-
- final List content = query.getResultList();
-
- return new PageImpl<>(content, pageable, content.size());
- }
-}
\ No newline at end of file
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/SoftwareModuleRepository.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/SoftwareModuleRepository.java
deleted file mode 100644
index 07a397d78..000000000
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/SoftwareModuleRepository.java
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * Copyright (c) 2015 Bosch Software Innovations GmbH and others
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- */
-package org.eclipse.hawkbit.repository.jpa;
-
-import java.util.List;
-import java.util.Optional;
-
-import javax.persistence.EntityManager;
-
-import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
-import org.eclipse.hawkbit.repository.jpa.model.JpaSoftwareModule;
-import org.eclipse.hawkbit.repository.jpa.model.JpaSoftwareModuleType;
-import org.eclipse.hawkbit.repository.model.DistributionSet;
-import org.eclipse.hawkbit.repository.model.SoftwareModule;
-import org.eclipse.hawkbit.repository.model.SoftwareModuleType;
-import org.eclipse.hawkbit.repository.model.TenantAwareBaseEntity;
-import org.springframework.data.domain.Page;
-import org.springframework.data.domain.Pageable;
-import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
-import org.springframework.data.jpa.repository.Modifying;
-import org.springframework.data.jpa.repository.Query;
-import org.springframework.data.repository.query.Param;
-import org.springframework.transaction.annotation.Transactional;
-
-/**
- * {@link SoftwareModule} repository.
- *
- */
-@Transactional(readOnly = true)
-public interface SoftwareModuleRepository
- extends BaseEntityRepository, JpaSpecificationExecutor {
-
- /**
- * Counts all {@link SoftwareModule}s based on the given {@link Type}.
- *
- * @param type
- * to count for
- * @return number of {@link SoftwareModule}s
- */
- Long countByType(JpaSoftwareModuleType type);
-
- /**
- * Retrieves {@link SoftwareModule} by filtering on name AND version AND
- * type (which is unique per tenant.
- *
- * @param name
- * to be filtered on
- * @param version
- * to be filtered on
- * @param typeId
- * to be filtered on
- * @return the found {@link SoftwareModule} with the given name AND version
- * AND type
- */
- Optional findOneByNameAndVersionAndTypeId(String name, String version, Long typeId);
-
- /**
- * deletes the {@link SoftwareModule}s with the given IDs.
- *
- * @param modifiedAt
- * current timestamp
- * @param modifiedBy
- * user name of current auditor
- * @param ids
- * to be deleted
- *
- */
- @Modifying
- @Transactional
- @Query("UPDATE JpaSoftwareModule b SET b.deleted = 1, b.lastModifiedAt = :lastModifiedAt, b.lastModifiedBy = :lastModifiedBy WHERE b.id IN :ids")
- void deleteSoftwareModule(@Param("lastModifiedAt") Long modifiedAt, @Param("lastModifiedBy") String modifiedBy,
- @Param("ids") Long... ids);
-
- /**
- * @param pageable
- * the page request to page the result set
- * @param setId
- * to search for
- * @return all {@link SoftwareModule}s that are assigned to given
- * {@link DistributionSet}.
- */
- Page findByAssignedToId(Pageable pageable, Long setId);
-
- /**
- * Count the software modules which are assigned to the distribution set
- * with the given ID.
- *
- * @param setId
- * the distribution set ID
- *
- * @return the number of software modules matching the given distribution
- * set ID.
- */
- long countByAssignedToId(Long setId);
-
- /**
- * @param pageable
- * the page request to page the result set
- * @param set
- * to search for
- * @param type
- * to filter
- * @return all {@link SoftwareModule}s that are assigned to given
- * {@link DistributionSet} filtered by {@link SoftwareModuleType}.
- */
- Page findByAssignedToAndType(Pageable pageable, JpaDistributionSet set, SoftwareModuleType type);
-
- /**
- * retrieves all software modules with a given
- * {@link SoftwareModule#getId()}.
- *
- * @param ids
- * to search for
- * @return {@link List} of found {@link SoftwareModule}s
- */
- // Workaround for https://bugs.eclipse.org/bugs/show_bug.cgi?id=349477
- @Query("SELECT sm FROM JpaSoftwareModule sm WHERE sm.id IN ?1")
- List findByIdIn(Iterable ids);
-
- /**
- * Deletes all {@link TenantAwareBaseEntity} of a given tenant. For safety
- * reasons (this is a "delete everything" query after all) we add the tenant
- * manually to query even if this will by done by {@link EntityManager}
- * anyhow. The DB should take care of optimizing this away.
- *
- * @param tenant
- * to delete data from
- */
- @Modifying
- @Transactional
- @Query("DELETE FROM JpaSoftwareModule t WHERE t.tenant = :tenant")
- void deleteByTenant(@Param("tenant") String tenant);
-}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/TargetRepository.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/TargetRepository.java
deleted file mode 100644
index 401bd33c2..000000000
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/TargetRepository.java
+++ /dev/null
@@ -1,226 +0,0 @@
-/**
- * Copyright (c) 2015 Bosch Software Innovations GmbH and others
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- */
-package org.eclipse.hawkbit.repository.jpa;
-
-import java.util.Collection;
-import java.util.List;
-import java.util.Optional;
-import java.util.stream.Collectors;
-import java.util.stream.StreamSupport;
-
-import javax.persistence.EntityManager;
-
-import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
-import org.eclipse.hawkbit.repository.jpa.model.JpaTarget;
-import org.eclipse.hawkbit.repository.jpa.specifications.TargetSpecifications;
-import org.eclipse.hawkbit.repository.model.Target;
-import org.eclipse.hawkbit.repository.model.TargetUpdateStatus;
-import org.eclipse.hawkbit.repository.model.TenantAwareBaseEntity;
-import org.springframework.data.domain.Page;
-import org.springframework.data.domain.Pageable;
-import org.springframework.data.domain.Sort;
-import org.springframework.data.jpa.domain.Specification;
-import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
-import org.springframework.data.jpa.repository.Modifying;
-import org.springframework.data.jpa.repository.Query;
-import org.springframework.data.repository.query.Param;
-import org.springframework.lang.NonNull;
-import org.springframework.transaction.annotation.Transactional;
-
-/**
- * {@link Target} repository.
- *
- */
-@Transactional(readOnly = true)
-public interface TargetRepository extends BaseEntityRepository, JpaSpecificationExecutor {
- /**
- * Sets {@link JpaTarget#getAssignedDistributionSet()}.
- *
- * @param set
- * to use
- * @param status
- * to set
- * @param modifiedAt
- * current time
- * @param modifiedBy
- * current auditor
- * @param targets
- * to update
- */
- @Modifying
- @Transactional
- @Query("UPDATE JpaTarget t SET t.assignedDistributionSet = :set, t.lastModifiedAt = :lastModifiedAt, t.lastModifiedBy = :lastModifiedBy, t.updateStatus = :status WHERE t.id IN :targets")
- void setAssignedDistributionSetAndUpdateStatus(@Param("status") TargetUpdateStatus status,
- @Param("set") JpaDistributionSet set, @Param("lastModifiedAt") Long modifiedAt,
- @Param("lastModifiedBy") String modifiedBy, @Param("targets") Collection targets);
-
- /**
- * Sets {@link JpaTarget#getAssignedDistributionSet()},
- * {@link JpaTarget#getInstalledDistributionSet()} and
- * {@link JpaTarget#getInstallationDate()}
- *
- * @param set
- * to use
- * @param status
- * to set
- * @param modifiedAt
- * current time
- * @param modifiedBy
- * current auditor
- * @param targets
- * to update
- */
- @Modifying
- @Transactional
- @Query("UPDATE JpaTarget t SET t.assignedDistributionSet = :set, t.installedDistributionSet = :set, t.installationDate = :lastModifiedAt, t.lastModifiedAt = :lastModifiedAt, t.lastModifiedBy = :lastModifiedBy, t.updateStatus = :status WHERE t.id IN :targets")
- void setAssignedAndInstalledDistributionSetAndUpdateStatus(@Param("status") TargetUpdateStatus status,
- @Param("set") JpaDistributionSet set, @Param("lastModifiedAt") Long modifiedAt,
- @Param("lastModifiedBy") String modifiedBy, @Param("targets") Collection targets);
-
- /**
- * Deletes the {@link Target}s with the given target IDs.
- *
- * @param targetIDs
- * to be deleted
- */
- @Modifying
- @Transactional
- // Workaround for https://bugs.eclipse.org/bugs/show_bug.cgi?id=349477
- @Query("DELETE FROM JpaTarget t WHERE t.id IN ?1")
- void deleteByIdIn(Collection targetIDs);
-
- /**
- * Finds all {@link Target}s in the repository.
- *
- * Calls version with (empty) spec to allow injecting further specs
- *
- * @return {@link List} of {@link Target}s
- */
- @Override
- @NonNull
- default List findAll() {
- return this.findAll(Specification.where(null));
- }
-
- /**
- * Finds all {@link Target}s in the repository sorted.
- *
- * Calls version with (empty) spec to allow injecting further specs
- *
- * @param sort instructions to sort result by
- * @return {@link List} of {@link Target}s
- */
- @Override
- @NonNull
- default Iterable findAll(@NonNull Sort sort) {
- return this.findAll(Specification.where(null), sort);
- }
-
- /**
- * Finds a page of {@link Target}s in the repository.
- *
- * Calls version with (empty) spec to allow injecting further specs
- *
- * @param pageable paging context
- * @return {@link List} of {@link Target}s
- */
- @Override
- @NonNull
- default Page findAll(@NonNull Pageable pageable) {
- return this.findAll(Specification.where(null), pageable);
- }
-
- /**
- * Finds {@link Target}s in the repository matching a list of ids.
- *
- * Calls version based on spec to allow injecting further specs
- *
- * @param ids ids to filter for
- * @return {@link List} of {@link Target}s
- */
- @Override
- @NonNull
- default List findAllById(Iterable ids) {
- final List collectedIds = StreamSupport.stream(ids.spliterator(), true).collect(Collectors.toList());
- return this.findAll(Specification.where(TargetSpecifications.hasIdIn(collectedIds)));
- }
-
- /**
- * Finds {@link Target} in the repository matching an id.
- *
- * Calls version based on spec to allow injecting further specs
- *
- * @param id id to filter for
- * @return {@link Optional} of {@link Target}
- */
- @Override
- @NonNull
- default Optional findById(@NonNull Long id) {
- return this.findOne(Specification.where(TargetSpecifications.hasId(id)));
- }
-
- /**
- * Checks whether {@link Target} in the repository matching an id exists or not.
- *
- * Calls version based on spec to allow injecting further specs
- *
- * @param id id to check for
- * @return true if target with id exists
- */
- @Override
- default boolean existsById(@NonNull Long id) {
- return this.exists(TargetSpecifications.hasId(id));
- }
-
- /**
- * Checks whether {@link Target} in the repository matching a spec exists or not.
- *
- * @param spec to check for existence
- * @return true if target with id exists
- */
- default boolean exists(@NonNull Specification spec) {
- return this.count(spec) > 0;
- }
-
- /**
- * Count number of {@link Target}s in the repository.
- *
- * Calls version with an empty spec to allow injecting further specs
- *
- * @return number of targets in the repository
- */
- @Override
- default long count() {
- return this.count(Specification.where(null));
- }
-
- /**
- * Counts {@link Target} instances of given type in the repository.
- *
- * @param targetTypeId
- * to search for
- * @return number of found {@link Target}s
- */
- long countByTargetTypeId(Long targetTypeId);
-
- /**
- * Deletes all {@link TenantAwareBaseEntity} of a given tenant. For safety
- * reasons (this is a "delete everything" query after all) we add the tenant
- * manually to query even if this will by done by {@link EntityManager} anyhow.
- * The DB should take care of optimizing this away.
- *
- * @param tenant
- * to delete data from
- */
- @Modifying
- @Transactional
- @Query("DELETE FROM JpaTarget t WHERE t.tenant = :tenant")
- void deleteByTenant(@Param("tenant") String tenant);
-}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/TargetTypeRepository.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/TargetTypeRepository.java
deleted file mode 100644
index 08bc55042..000000000
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/TargetTypeRepository.java
+++ /dev/null
@@ -1,206 +0,0 @@
-/**
- * Copyright (c) 2021 Bosch.IO GmbH and others
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- */
-package org.eclipse.hawkbit.repository.jpa;
-
-import java.util.Collection;
-import java.util.List;
-import java.util.Optional;
-import java.util.stream.Collectors;
-import java.util.stream.StreamSupport;
-
-import org.eclipse.hawkbit.repository.jpa.model.JpaTargetType;
-import org.eclipse.hawkbit.repository.jpa.specifications.TargetTypeSpecification;
-import org.eclipse.hawkbit.repository.model.TargetType;
-import org.springframework.data.domain.Page;
-import org.springframework.data.domain.Pageable;
-import org.springframework.data.domain.Sort;
-import org.springframework.data.jpa.domain.Specification;
-import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
-import org.springframework.data.jpa.repository.Modifying;
-import org.springframework.data.jpa.repository.Query;
-import org.springframework.data.repository.PagingAndSortingRepository;
-import org.springframework.data.repository.query.Param;
-import org.springframework.lang.NonNull;
-import org.springframework.transaction.annotation.Transactional;
-
-/**
- * {@link PagingAndSortingRepository} and {@link org.springframework.data.repository.CrudRepository} for
- * {@link JpaTargetType}.
- *
- */
-@Transactional(readOnly = true)
-public interface TargetTypeRepository
- extends BaseEntityRepository, JpaSpecificationExecutor {
-
- /**
- * Finds {@link TargetType} in the repository matching an id.
- *
- * Calls version based on spec to allow injecting further specs
- *
- * @param id
- * id to filter for
- * @return {@link Optional} of {@link TargetType}
- */
- @Override
- @NonNull
- default Optional findById(@NonNull final Long id) {
- return this.findOne(Specification.where(TargetTypeSpecification.hasId(id)));
- }
-
- /**
- * @param ids
- * List of ID
- * @return Target type list
- */
- @Override
- @NonNull
- default List findAllById(final Iterable ids) {
- final List collectedIds = StreamSupport.stream(ids.spliterator(), true).collect(Collectors.toList());
- return this.findAll(Specification.where(TargetTypeSpecification.hasIdIn(collectedIds)));
- }
-
- /**
- * Deletes the {@link TargetType}s with the given target IDs.
- *
- * @param targetTypeIDs
- * to be deleted
- */
- @Modifying
- @Transactional
- @Query("DELETE FROM JpaTargetType t WHERE t.id IN ?1")
- void deleteByIdIn(Collection targetTypeIDs);
-
- /**
- * Finds all {@link TargetType}s in the repository.
- *
- * Calls version with (empty) spec to allow injecting further specs
- *
- * @return {@link List} of {@link TargetType}s
- */
- @Override
- @NonNull
- default List findAll() {
- return this.findAll(Specification.where(null));
- }
-
- /**
- * Finds all {@link TargetType}s in the repository sorted.
- *
- * Calls version with (empty) spec to allow injecting further specs
- *
- * @param sort
- * instructions to sort result by
- * @return {@link List} of {@link TargetType}s
- */
- @Override
- @NonNull
- default Iterable findAll(@NonNull final Sort sort) {
- return this.findAll(Specification.where(null), sort);
- }
-
- /**
- * Finds a page of {@link TargetType}s in the repository.
- *
- * Calls version with (empty) spec to allow injecting further specs
- *
- * @param pageable
- * paging context
- * @return {@link List} of {@link TargetType}s
- */
- @Override
- @NonNull
- default Page findAll(@NonNull final Pageable pageable) {
- return this.findAll(Specification.where(null), pageable);
- }
-
- /**
- * Checks whether {@link TargetType} in the repository matching an id exists
- * or not.
- *
- * Calls version based on spec to allow injecting further specs
- *
- * @param id
- * id to check for
- * @return true if TargetType with id exists
- */
- @Override
- default boolean existsById(@NonNull final Long id) {
- return this.exists(TargetTypeSpecification.hasId(id));
- }
-
- /**
- * Checks whether {@link TargetType} in the repository matching a spec
- * exists or not.
- *
- * @param spec
- * to check for existence
- * @return true if target with id exists
- */
- default boolean exists(@NonNull final Specification spec) {
- return this.count(spec) > 0;
- }
-
- /**
- * Count number of {@link TargetType}s in the repository.
- *
- * Calls version with an empty spec to allow injecting further specs
- *
- * @return number of targetTypes in the repository
- */
- @Override
- default long count() {
- return this.count(Specification.where(null));
- }
-
- /**
- * @param tenant
- * Tenant
- */
- @Modifying
- @Transactional
- @Query("DELETE FROM JpaTargetType t WHERE t.tenant = :tenant")
- void deleteByTenant(@Param("tenant") String tenant);
-
- @Query(value = "SELECT COUNT (t.id) FROM JpaDistributionSetType t JOIN t.compatibleToTargetTypes tt WHERE tt.id = :id")
- long countDsSetTypesById(@Param("id") Long id);
-
- /**
- *
- * @param dsTypeId
- * to search for
- * @return all {@link TargetType}s in the repository with given
- * {@link TargetType#getName()}
- */
- default List findByDsType(@Param("id") final Long dsTypeId) {
- return this.findAll(Specification.where(TargetTypeSpecification.hasDsSetType(dsTypeId)));
- }
-
- /**
- *
- * @param name
- * to search for
- * @return all {@link TargetType}s in the repository with given
- * {@link TargetType#getName()}
- */
- default Optional findByName(final String name) {
- return this.findOne(Specification.where(TargetTypeSpecification.hasName(name)));
- }
-
- /**
- * Count number of {@link TargetType}s in the repository by name.
- *
- * @param name
- * target type name
- * @return number of targetTypes in the repository by name
- */
- default long countByName(final String name) {
- return this.count(TargetTypeSpecification.hasName(name));
- }
-}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/acm/AccessController.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/acm/AccessController.java
new file mode 100644
index 000000000..4cbdf3a5a
--- /dev/null
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/acm/AccessController.java
@@ -0,0 +1,100 @@
+/**
+ * Copyright (c) 2023 Bosch.IO GmbH and others
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.hawkbit.repository.jpa.acm;
+
+import java.util.Optional;
+
+import org.eclipse.hawkbit.repository.exception.InsufficientPermissionException;
+import org.springframework.data.jpa.domain.Specification;
+import org.springframework.lang.Nullable;
+
+/**
+ * Interface of an extended access control by providing means or fine-grained access control.
+ * Used by repository (and on few places by management) layer to verify the permission for CRUD operations
+ * based on some access criteria.
+ *
+ * First the basic service based access control (hawkBit permissions) on the management layer is applied then
+ * additional restrictions (e.g. entity based) could be applied.
+ *
+ * Note: Experimental, only
+ *
+ * @param the domain type the repository manages
+ */
+public interface AccessController {
+
+ /**
+ * Introduce a new specification to limit the access to a specific entity.
+ *
+ * @return a new specification limiting the access, if empty no access restrictions
+ * are to be applied
+ */
+ Optional> getAccessRules(Operation operation);
+
+ /**
+ * Append the resource limitation on an already existing specification.
+ *
+ * @param specification
+ * is the root specification which needs to be appended by the
+ * resource limitation
+ * @return a new appended specification
+ */
+ @Nullable
+ default Specification appendAccessRules(final Operation operation, @Nullable final Specification specification) {
+ return getAccessRules(operation)
+ .map(accessRules -> specification == null ? accessRules : specification.and(accessRules))
+ .orElse(specification);
+ }
+
+ /**
+ * Verify if the given {@link Operation} is permitted for the provided entity.
+ *
+ * @throws InsufficientPermissionException
+ * if operation is not permitted for given entities
+ */
+ void assertOperationAllowed(final Operation operation, final T entity) throws InsufficientPermissionException;
+
+ /**
+ * Verify if the given {@link Operation} is permitted for the provided entities.
+ *
+ * @throws InsufficientPermissionException
+ * if operation is not permitted for given entities
+ */
+ default void assertOperationAllowed(final Operation operation, final Iterable entities) throws InsufficientPermissionException {
+ for (final T entity : entities) {
+ assertOperationAllowed(operation, entity);
+ }
+ }
+
+ /**
+ * Enum to define the perform operation to verify
+ */
+ enum Operation {
+
+ /**
+ * Entity creation
+ */
+ CREATE,
+
+ /**
+ * Read entities
+ */
+ READ,
+
+ /**
+ * Entity modification (e.g. name/description change, tag/type assignment, etc.)
+ */
+ UPDATE,
+
+ /**
+ * Entity deletion
+ */
+ DELETE
+ }
+}
\ No newline at end of file
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/aspects/ExceptionMappingAspectHandler.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/aspects/ExceptionMappingAspectHandler.java
index 9038062cb..14e887558 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/aspects/ExceptionMappingAspectHandler.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/aspects/ExceptionMappingAspectHandler.java
@@ -75,7 +75,7 @@ public class ExceptionMappingAspectHandler implements Ordered {
* the thrown and catched exception
* @throws Throwable
*/
- @AfterThrowing(pointcut = "execution( * org.eclipse.hawkbit.repository.jpa.*Management.*(..))", throwing = "ex")
+ @AfterThrowing(pointcut = "execution( * org.eclipse.hawkbit.repository.jpa.management.*Management.*(..))", throwing = "ex")
// Exception for squid:S00112, squid:S1162
// It is a AspectJ proxy which deals with exceptions.
@SuppressWarnings({ "squid:S00112", "squid:S1162" })
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AbstractAutoAssignExecutor.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AbstractAutoAssignExecutor.java
index b39659949..5f39b6273 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AbstractAutoAssignExecutor.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AbstractAutoAssignExecutor.java
@@ -10,10 +10,9 @@
package org.eclipse.hawkbit.repository.jpa.autoassign;
import java.util.List;
-import java.util.Objects;
import java.util.function.Consumer;
-import java.util.stream.Collectors;
+import org.eclipse.hawkbit.ContextAware;
import org.eclipse.hawkbit.repository.DeploymentManagement;
import org.eclipse.hawkbit.repository.TargetFilterQueryManagement;
import org.eclipse.hawkbit.repository.autoassign.AutoAssignExecutor;
@@ -39,8 +38,8 @@ public abstract class AbstractAutoAssignExecutor implements AutoAssignExecutor {
private static final Logger LOGGER = LoggerFactory.getLogger(AbstractAutoAssignExecutor.class);
/**
- * The message which is added to the action status when a distribution set
- * is assigned to an target. First %s is the name of the target filter.
+ * The message which is added to the action status when a distribution set is
+ * assigned to an target. First %s is the name of the target filter.
*/
private static final String ACTION_MESSAGE = "Auto assignment by target filter: %s";
@@ -55,7 +54,7 @@ public abstract class AbstractAutoAssignExecutor implements AutoAssignExecutor {
private final PlatformTransactionManager transactionManager;
- private final TenantAware tenantAware;
+ private final ContextAware contextAware;
/**
* Constructor
@@ -66,20 +65,16 @@ public abstract class AbstractAutoAssignExecutor implements AutoAssignExecutor {
* to assign distribution sets to targets
* @param transactionManager
* to run transactions
- * @param tenantAware
- * to handle the tenant context
+ * @param contextAware
+ * to handle the context
*/
protected AbstractAutoAssignExecutor(final TargetFilterQueryManagement targetFilterQueryManagement,
final DeploymentManagement deploymentManagement, final PlatformTransactionManager transactionManager,
- final TenantAware tenantAware) {
+ final ContextAware contextAware) {
this.targetFilterQueryManagement = targetFilterQueryManagement;
this.deploymentManagement = deploymentManagement;
this.transactionManager = transactionManager;
- this.tenantAware = tenantAware;
- }
-
- protected TargetFilterQueryManagement getTargetFilterQueryManagement() {
- return targetFilterQueryManagement;
+ this.contextAware = contextAware;
}
protected DeploymentManagement getDeploymentManagement() {
@@ -90,10 +85,13 @@ public abstract class AbstractAutoAssignExecutor implements AutoAssignExecutor {
return transactionManager;
}
- protected TenantAware getTenantAware() {
- return tenantAware;
+ protected TenantAware getContextAware() {
+ return contextAware;
}
+ // run in the context the auto assignment is made in, i.e. if there is access control context it runs in it
+ // otherwise in the tenant & user context built by createdBy
+ // Note! It must be called in a tenant context, i.e. contextAware.getCurrentTenant() returns the tenant
protected void forEachFilterWithAutoAssignDS(final Consumer consumer) {
Slice filterQueries;
Pageable query = PageRequest.of(0, PAGE_SIZE);
@@ -103,7 +101,19 @@ public abstract class AbstractAutoAssignExecutor implements AutoAssignExecutor {
filterQueries.forEach(filterQuery -> {
try {
- runInUserContext(filterQuery, () -> consumer.accept(filterQuery));
+ filterQuery.getAccessControlContext().ifPresentOrElse(
+ context -> // has stored context - executes it with it
+ contextAware.runInContext(
+ context,
+ () -> consumer.accept(filterQuery)),
+ () -> // has no stored context - executes it in the tenant & user scope
+ contextAware.runAsTenantAsUser(
+ contextAware.getCurrentTenant(),
+ getAutoAssignmentInitiatedBy(filterQuery), () -> {
+ consumer.accept(filterQuery);
+ return null;
+ })
+ );
} catch (final RuntimeException ex) {
LOGGER.debug(
"Exception on forEachFilterWithAutoAssignDS execution for tenant {} with filter id {}. Continue with next filter query.",
@@ -118,8 +128,8 @@ public abstract class AbstractAutoAssignExecutor implements AutoAssignExecutor {
}
/**
- * Runs target assignments within a dedicated transaction for a given list
- * of controllerIDs
+ * Runs target assignments within a dedicated transaction for a given list of
+ * controllerIDs
*
* @param targetFilterQuery
* the target filter query
@@ -147,8 +157,8 @@ public abstract class AbstractAutoAssignExecutor implements AutoAssignExecutor {
}
/**
- * Creates a list of {@link DeploymentRequest} for given list of
- * controllerIds and {@link TargetFilterQuery}
+ * Creates a list of {@link DeploymentRequest} for given list of controllerIds
+ * and {@link TargetFilterQuery}
*
* @param controllerIds
* list of controllerIds
@@ -169,16 +179,12 @@ public abstract class AbstractAutoAssignExecutor implements AutoAssignExecutor {
.deploymentRequest(controllerId, filterQuery.getAutoAssignDistributionSet().getId())
.setActionType(autoAssignActionType).setWeight(filterQuery.getAutoAssignWeight().orElse(null))
.setConfirmationRequired(filterQuery.isConfirmationRequired()).build())
- .collect(Collectors.toList());
- }
-
- protected void runInUserContext(final TargetFilterQuery targetFilterQuery, final Runnable handler) {
- DeploymentHelper.runInNonSystemContext(handler,
- () -> Objects.requireNonNull(getAutoAssignmentInitiatedBy(targetFilterQuery)), tenantAware);
+ .toList();
}
protected static String getAutoAssignmentInitiatedBy(final TargetFilterQuery targetFilterQuery) {
- return StringUtils.isEmpty(targetFilterQuery.getAutoAssignInitiatedBy()) ? targetFilterQuery.getCreatedBy()
- : targetFilterQuery.getAutoAssignInitiatedBy();
+ return StringUtils.hasText(targetFilterQuery.getAutoAssignInitiatedBy())
+ ? targetFilterQuery.getAutoAssignInitiatedBy()
+ : targetFilterQuery.getCreatedBy();
}
}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AutoAssignChecker.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AutoAssignChecker.java
index 06501a592..0293666d6 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AutoAssignChecker.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AutoAssignChecker.java
@@ -11,10 +11,10 @@ package org.eclipse.hawkbit.repository.jpa.autoassign;
import java.util.Collections;
import java.util.List;
-import java.util.stream.Collectors;
import javax.persistence.PersistenceException;
+import org.eclipse.hawkbit.ContextAware;
import org.eclipse.hawkbit.exception.AbstractServerRtException;
import org.eclipse.hawkbit.repository.DeploymentManagement;
import org.eclipse.hawkbit.repository.TargetFilterQueryManagement;
@@ -22,7 +22,6 @@ import org.eclipse.hawkbit.repository.TargetManagement;
import org.eclipse.hawkbit.repository.jpa.configuration.Constants;
import org.eclipse.hawkbit.repository.model.Target;
import org.eclipse.hawkbit.repository.model.TargetFilterQuery;
-import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.domain.PageRequest;
@@ -54,36 +53,36 @@ public class AutoAssignChecker extends AbstractAutoAssignExecutor {
* to assign distribution sets to targets
* @param transactionManager
* to run transactions
- * @param tenantAware
- * to handle the tenant context
+ * @param contextAware
+ * to handle the context
*/
public AutoAssignChecker(final TargetFilterQueryManagement targetFilterQueryManagement,
final TargetManagement targetManagement, final DeploymentManagement deploymentManagement,
- final PlatformTransactionManager transactionManager, final TenantAware tenantAware) {
- super(targetFilterQueryManagement, deploymentManagement, transactionManager, tenantAware);
+ final PlatformTransactionManager transactionManager, final ContextAware contextAware) {
+ super(targetFilterQueryManagement, deploymentManagement, transactionManager, contextAware);
this.targetManagement = targetManagement;
}
@Override
@Transactional(propagation = Propagation.REQUIRES_NEW)
public void checkAllTargets() {
- LOGGER.debug("Auto assign check call for tenant {} started", getTenantAware().getCurrentTenant());
+ LOGGER.debug("Auto assign check call for tenant {} started", getContextAware().getCurrentTenant());
forEachFilterWithAutoAssignDS(this::checkByTargetFilterQueryAndAssignDS);
- LOGGER.debug("Auto assign check call for tenant {} finished", getTenantAware().getCurrentTenant());
+ LOGGER.debug("Auto assign check call for tenant {} finished", getContextAware().getCurrentTenant());
}
@Override
public void checkSingleTarget(String controllerId) {
- LOGGER.debug("Auto assign check call for tenant {} and device {} started", getTenantAware().getCurrentTenant(),
+ LOGGER.debug("Auto assign check call for tenant {} and device {} started", getContextAware().getCurrentTenant(),
controllerId);
forEachFilterWithAutoAssignDS(filter -> checkForDevice(controllerId, filter));
- LOGGER.debug("Auto assign check call for tenant {} and device {} finished", getTenantAware().getCurrentTenant(),
+ LOGGER.debug("Auto assign check call for tenant {} and device {} finished", getContextAware().getCurrentTenant(),
controllerId);
}
/**
- * Fetches the distribution set, gets all controllerIds and assigns the DS
- * to them. Catches PersistenceException and own exceptions derived from
+ * Fetches the distribution set, gets all controllerIds and assigns the DS to
+ * them. Catches PersistenceException and own exceptions derived from
* AbstractServerRtException
*
* @param targetFilterQuery
@@ -91,34 +90,34 @@ public class AutoAssignChecker extends AbstractAutoAssignExecutor {
*/
private void checkByTargetFilterQueryAndAssignDS(final TargetFilterQuery targetFilterQuery) {
LOGGER.debug("Auto assign check call for tenant {} and target filter query id {} started",
- getTenantAware().getCurrentTenant(), targetFilterQuery.getId());
+ getContextAware().getCurrentTenant(), targetFilterQuery.getId());
try {
int count;
do {
final List controllerIds = targetManagement
- .findByTargetFilterQueryAndNonDSAndCompatible(
+ .findByTargetFilterQueryAndNonDSAndCompatibleAndUpdatable(
PageRequest.of(0, Constants.MAX_ENTRIES_IN_STATEMENT),
targetFilterQuery.getAutoAssignDistributionSet().getId(), targetFilterQuery.getQuery())
- .getContent().stream().map(Target::getControllerId).collect(Collectors.toList());
+ .getContent().stream().map(Target::getControllerId).toList();
LOGGER.debug(
"Retrieved {} auto assign targets for tenant {} and target filter query id {}, starting with assignment",
- controllerIds.size(), getTenantAware().getCurrentTenant(), targetFilterQuery.getId());
+ controllerIds.size(), getContextAware().getCurrentTenant(), targetFilterQuery.getId());
count = runTransactionalAssignment(targetFilterQuery, controllerIds);
LOGGER.debug(
"Assignment for {} auto assign targets for tenant {} and target filter query id {} finished",
- controllerIds.size(), getTenantAware().getCurrentTenant(), targetFilterQuery.getId());
+ controllerIds.size(), getContextAware().getCurrentTenant(), targetFilterQuery.getId());
} while (count == Constants.MAX_ENTRIES_IN_STATEMENT);
} catch (final PersistenceException | AbstractServerRtException e) {
LOGGER.error("Error during auto assign check of target filter query id {}", targetFilterQuery.getId(), e);
}
LOGGER.debug("Auto assign check call for tenant {} and target filter query id {} finished",
- getTenantAware().getCurrentTenant(), targetFilterQuery.getId());
+ getContextAware().getCurrentTenant(), targetFilterQuery.getId());
}
private void checkForDevice(final String controllerId, final TargetFilterQuery targetFilterQuery) {
LOGGER.debug("Auto assign check call for tenant {} and target filter query id {} for device {} started",
- getTenantAware().getCurrentTenant(), targetFilterQuery.getId(), controllerId);
+ getContextAware().getCurrentTenant(), targetFilterQuery.getId(), controllerId);
try {
final boolean controllerIdMatches = targetManagement.isTargetMatchingQueryAndDSNotAssignedAndCompatible(
controllerId, targetFilterQuery.getAutoAssignDistributionSet().getId(),
@@ -132,6 +131,6 @@ public class AutoAssignChecker extends AbstractAutoAssignExecutor {
LOGGER.error("Error during auto assign check of target filter query id {}", targetFilterQuery.getId(), e);
}
LOGGER.debug("Auto assign check call for tenant {} and target filter query id {} finished",
- getTenantAware().getCurrentTenant(), targetFilterQuery.getId());
+ getContextAware().getCurrentTenant(), targetFilterQuery.getId());
}
}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AutoAssignScheduler.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AutoAssignScheduler.java
index 9dccd5785..b4c68d937 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AutoAssignScheduler.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/autoassign/AutoAssignScheduler.java
@@ -58,7 +58,7 @@ public class AutoAssignScheduler {
/**
* Scheduler method called by the spring-async mechanism. Retrieves all
- * tenants from the {@link SystemManagement#findTenants()} and runs for each
+ * tenants and runs for each
* tenant the auto assignments defined in the target filter queries
* {@link SystemSecurityContext}.
*/
@@ -83,7 +83,7 @@ public class AutoAssignScheduler {
}
try {
- LOGGER.debug("Auto assign scheduled execution has aquired lock and started for each tenant.");
+ LOGGER.debug("Auto assign scheduled execution has acquired lock and started for each tenant.");
systemManagement.forEachTenant(tenant -> autoAssignExecutor.checkAllTargets());
} finally {
lock.unlock();
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/AbstractDsAssignmentStrategy.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/AbstractDsAssignmentStrategy.java
similarity index 83%
rename from hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/AbstractDsAssignmentStrategy.java
rename to hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/AbstractDsAssignmentStrategy.java
index 46a873d6f..7370810d0 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/AbstractDsAssignmentStrategy.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/AbstractDsAssignmentStrategy.java
@@ -7,7 +7,7 @@
*
* SPDX-License-Identifier: EPL-2.0
*/
-package org.eclipse.hawkbit.repository.jpa;
+package org.eclipse.hawkbit.repository.jpa.management;
import java.util.Collection;
import java.util.Collections;
@@ -25,8 +25,14 @@ import org.eclipse.hawkbit.repository.jpa.configuration.Constants;
import org.eclipse.hawkbit.repository.jpa.executor.AfterTransactionCommitExecutor;
import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
import org.eclipse.hawkbit.repository.jpa.model.JpaActionStatus;
+import org.eclipse.hawkbit.repository.jpa.model.JpaAction_;
import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
+import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet_;
import org.eclipse.hawkbit.repository.jpa.model.JpaTarget;
+import org.eclipse.hawkbit.repository.jpa.model.JpaTarget_;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionStatusRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.TargetRepository;
import org.eclipse.hawkbit.repository.jpa.utils.QuotaHelper;
import org.eclipse.hawkbit.repository.model.Action;
import org.eclipse.hawkbit.repository.model.Action.Status;
@@ -42,6 +48,8 @@ import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
+import javax.persistence.criteria.JoinType;
+
/**
* {@link DistributionSet} to {@link Target} assignment strategy as utility for
* {@link JpaDeploymentManagement}.
@@ -61,10 +69,10 @@ public abstract class AbstractDsAssignmentStrategy {
private final BooleanSupplier confirmationFlowConfig;
AbstractDsAssignmentStrategy(final TargetRepository targetRepository,
- final AfterTransactionCommitExecutor afterCommit, final EventPublisherHolder eventPublisherHolder,
- final ActionRepository actionRepository, final ActionStatusRepository actionStatusRepository,
- final QuotaManagement quotaManagement, final BooleanSupplier multiAssignmentsConfig,
- final BooleanSupplier confirmationFlowConfig) {
+ final AfterTransactionCommitExecutor afterCommit, final EventPublisherHolder eventPublisherHolder,
+ final ActionRepository actionRepository, final ActionStatusRepository actionStatusRepository,
+ final QuotaManagement quotaManagement, final BooleanSupplier multiAssignmentsConfig,
+ final BooleanSupplier confirmationFlowConfig) {
this.targetRepository = targetRepository;
this.afterCommit = afterCommit;
this.eventPublisherHolder = eventPublisherHolder;
@@ -141,17 +149,23 @@ public abstract class AbstractDsAssignmentStrategy {
/**
* Cancels {@link Action}s that are no longer necessary and sends
* cancellations to the controller.
+ *
+ * No access control applied
*
- * @param targetsIds
- * to override {@link Action}s
+ * @param targetsIds to override {@link Action}s
*/
protected List overrideObsoleteUpdateActions(final Collection targetsIds) {
-
// Figure out if there are potential target/action combinations that
// need to be considered for cancellation
- final List activeActions = actionRepository
- .findByActiveAndTargetIdInAndActionStatusNotEqualToAndDistributionSetNotRequiredMigrationStep(
- targetsIds, Action.Status.CANCELING);
+ final List activeActions = actionRepository.findAll((root, query, cb) -> {
+ root.fetch(JpaAction_.target, JoinType.LEFT);
+ return cb.and(
+ cb.equal(root.get(JpaAction_.active), true),
+ cb.equal(root.get(JpaAction_.distributionSet).get(JpaDistributionSet_.requiredMigrationStep), false),
+ cb.notEqual(root.get(JpaAction_.status), Action.Status.CANCELING),
+ root.get(JpaAction_.target).get(JpaTarget_.id).in(targetsIds)
+ );
+ });
final List targetIds = activeActions.stream().map(action -> {
action.setStatus(Status.CANCELING);
@@ -174,16 +188,22 @@ public abstract class AbstractDsAssignmentStrategy {
/**
* Closes {@link Action}s that are no longer necessary without sending a
* hint to the controller.
+ *
+ * No access control applied
*
- * @param targetsIds
- * to override {@link Action}s
+ * @param targetsIds to override {@link Action}s
*/
protected List closeObsoleteUpdateActions(final Collection targetsIds) {
-
// Figure out if there are potential target/action combinations that
// need to be considered for cancellation
- final List activeActions = actionRepository
- .findByActiveAndTargetIdInAndDistributionSetNotRequiredMigrationStep(targetsIds);
+ final List activeActions = actionRepository.findAll((root, query, cb) -> {
+ root.fetch(JpaAction_.target, JoinType.LEFT);
+ return cb.and(
+ cb.equal(root.get(JpaAction_.active), true),
+ cb.equal(root.get(JpaAction_.distributionSet).get(JpaDistributionSet_.requiredMigrationStep), false),
+ root.get(JpaAction_.target).get(JpaTarget_.id).in(targetsIds)
+ );
+ });
return activeActions.stream().map(action -> {
action.setStatus(Status.CANCELED);
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaActionManagement.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaActionManagement.java
similarity index 74%
rename from hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaActionManagement.java
rename to hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaActionManagement.java
index 68dbfad6a..b289c2629 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaActionManagement.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaActionManagement.java
@@ -7,10 +7,9 @@
*
* SPDX-License-Identifier: EPL-2.0
*/
-package org.eclipse.hawkbit.repository.jpa;
+package org.eclipse.hawkbit.repository.jpa.management;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.stream.Collectors;
@@ -21,6 +20,10 @@ import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
import org.eclipse.hawkbit.repository.jpa.builder.JpaActionStatusCreate;
import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
import org.eclipse.hawkbit.repository.jpa.model.JpaActionStatus;
+import org.eclipse.hawkbit.repository.jpa.model.JpaAction_;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionStatusRepository;
+import org.eclipse.hawkbit.repository.jpa.specifications.ActionSpecifications;
import org.eclipse.hawkbit.repository.jpa.utils.QuotaHelper;
import org.eclipse.hawkbit.repository.model.Action;
import org.eclipse.hawkbit.repository.model.ActionStatus;
@@ -28,6 +31,7 @@ import org.eclipse.hawkbit.repository.model.TargetUpdateStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.domain.PageRequest;
+import org.springframework.data.domain.Sort;
import static org.eclipse.hawkbit.repository.model.Action.ActionType.DOWNLOAD_ONLY;
import static org.eclipse.hawkbit.repository.model.Action.Status.FINISHED;
@@ -44,7 +48,7 @@ public class JpaActionManagement {
protected final QuotaManagement quotaManagement;
protected final RepositoryProperties repositoryProperties;
- protected JpaActionManagement(final ActionRepository actionRepository,
+ public JpaActionManagement(final ActionRepository actionRepository,
final ActionStatusRepository actionStatusRepository, final QuotaManagement quotaManagement,
final RepositoryProperties repositoryProperties) {
this.actionRepository = actionRepository;
@@ -53,30 +57,37 @@ public class JpaActionManagement {
this.repositoryProperties = repositoryProperties;
}
- protected List findActiveActionsWithHighestWeightConsideringDefault(final String controllerId,
+ List findActiveActionsWithHighestWeightConsideringDefault(final String controllerId,
final int maxActionCount) {
- if (!actionRepository.activeActionExistsForControllerId(controllerId)) {
- return Collections.emptyList();
- }
final List actions = new ArrayList<>();
- final PageRequest pageable = PageRequest.of(0, maxActionCount);
- actions.addAll(actionRepository
- .findByTargetControllerIdAndActiveIsTrueAndWeightIsNotNullOrderByWeightDescIdAsc(pageable, controllerId)
- .getContent());
- actions.addAll(actionRepository
- .findByTargetControllerIdAndActiveIsTrueAndWeightIsNullOrderByIdAsc(pageable, controllerId)
- .getContent());
+ actions.addAll(
+ actionRepository
+ .findAll(
+ ActionSpecifications.byTargetControllerIdAndActiveAndWeightIsNullFetchDS(controllerId, false),
+ PageRequest.of(
+ 0, maxActionCount,
+ Sort.by(
+ Sort.Order.desc(JpaAction_.WEIGHT),
+ Sort.Order.asc(JpaAction_.ID))))
+ .getContent());
+
+ actions.addAll(
+ actionRepository
+ .findAll(
+ ActionSpecifications.byTargetControllerIdAndActiveAndWeightIsNullFetchDS(controllerId, true),
+ PageRequest.of(
+ 0, maxActionCount,
+ Sort.by(
+ Sort.Order.asc(JpaAction_.ID))))
+ .getContent());
final Comparator actionImportance = Comparator.comparingInt(this::getWeightConsideringDefault)
.reversed().thenComparing(Action::getId);
return actions.stream().sorted(actionImportance).limit(maxActionCount).collect(Collectors.toList());
}
protected List findActiveActionsHavingStatus(final String controllerId, final Action.Status status) {
- if (!actionRepository.activeActionExistsForControllerId(controllerId)) {
- return Collections.emptyList();
- }
- return Collections
- .unmodifiableList(actionRepository.findByTargetIdAndIsActiveAndActionStatus(controllerId, status));
+ return actionRepository.findAll(
+ ActionSpecifications.byTargetControllerIdAndIsActiveAndStatus(controllerId, status));
}
protected Action addActionStatus(final JpaActionStatusCreate statusCreate) {
@@ -100,7 +111,7 @@ public class JpaActionManagement {
* Status.FINISHED are allowed. In the case of a DOWNLOAD_ONLY action, we accept
* status updates only once.
*/
- protected boolean isUpdatingActionStatusAllowed(final JpaAction action, final JpaActionStatus actionStatus) {
+ private boolean isUpdatingActionStatusAllowed(final JpaAction action, final JpaActionStatus actionStatus) {
final boolean isIntermediateFeedback = (FINISHED != actionStatus.getStatus())
&& (Action.Status.ERROR != actionStatus.getStatus());
@@ -113,7 +124,7 @@ public class JpaActionManagement {
return action.isActive() || isAllowedByRepositoryConfiguration || isAllowedForDownloadOnlyActions;
}
- protected int getWeightConsideringDefault(final Action action) {
+ public int getWeightConsideringDefault(final Action action) {
return action.getWeight().orElse(repositoryProperties.getActionWeightIfAbsent());
}
@@ -130,7 +141,7 @@ public class JpaActionManagement {
/**
* Sets {@link TargetUpdateStatus} based on given {@link ActionStatus}.
*/
- protected Action handleAddUpdateActionStatus(final JpaActionStatus actionStatus, final JpaAction action) {
+ private Action handleAddUpdateActionStatus(final JpaActionStatus actionStatus, final JpaAction action) {
// information status entry - check for a potential DOS attack
assertActionStatusQuota(action);
assertActionStatusMessageQuota(actionStatus);
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaArtifactManagement.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaArtifactManagement.java
similarity index 59%
rename from hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaArtifactManagement.java
rename to hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaArtifactManagement.java
index 3bfb1a43f..14ba99db5 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaArtifactManagement.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaArtifactManagement.java
@@ -7,7 +7,7 @@
*
* SPDX-License-Identifier: EPL-2.0
*/
-package org.eclipse.hawkbit.repository.jpa;
+package org.eclipse.hawkbit.repository.jpa.management;
import java.io.IOException;
import java.io.InputStream;
@@ -19,6 +19,7 @@ import org.eclipse.hawkbit.artifact.repository.HashNotMatchException;
import org.eclipse.hawkbit.artifact.repository.model.AbstractDbArtifact;
import org.eclipse.hawkbit.artifact.repository.model.DbArtifact;
import org.eclipse.hawkbit.artifact.repository.model.DbArtifactHash;
+import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.repository.ArtifactEncryptionService;
import org.eclipse.hawkbit.repository.ArtifactManagement;
import org.eclipse.hawkbit.repository.QuotaManagement;
@@ -26,12 +27,19 @@ import org.eclipse.hawkbit.repository.exception.ArtifactDeleteFailedException;
import org.eclipse.hawkbit.repository.exception.ArtifactUploadFailedException;
import org.eclipse.hawkbit.repository.exception.EntityAlreadyExistsException;
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
+import org.eclipse.hawkbit.repository.exception.InsufficientPermissionException;
import org.eclipse.hawkbit.repository.exception.InvalidMD5HashException;
import org.eclipse.hawkbit.repository.exception.InvalidSHA1HashException;
import org.eclipse.hawkbit.repository.exception.InvalidSHA256HashException;
+import org.eclipse.hawkbit.repository.jpa.EncryptionAwareDbArtifact;
+import org.eclipse.hawkbit.repository.jpa.JpaManagementHelper;
+import org.eclipse.hawkbit.repository.jpa.acm.AccessController;
import org.eclipse.hawkbit.repository.jpa.configuration.Constants;
import org.eclipse.hawkbit.repository.jpa.model.JpaArtifact;
import org.eclipse.hawkbit.repository.jpa.model.JpaSoftwareModule;
+import org.eclipse.hawkbit.repository.jpa.repository.LocalArtifactRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.SoftwareModuleRepository;
+import org.eclipse.hawkbit.repository.jpa.specifications.ArtifactSpecifications;
import org.eclipse.hawkbit.repository.jpa.utils.FileSizeAndStorageQuotaCheckingInputStream;
import org.eclipse.hawkbit.repository.jpa.utils.QuotaHelper;
import org.eclipse.hawkbit.repository.model.Artifact;
@@ -45,9 +53,14 @@ import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.retry.annotation.Backoff;
import org.springframework.retry.annotation.Retryable;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
+import org.springframework.transaction.support.TransactionSynchronization;
+import org.springframework.transaction.support.TransactionSynchronizationManager;
import org.springframework.validation.annotation.Validated;
+import javax.persistence.EntityManager;
+
/**
* JPA based {@link ArtifactManagement} implementation.
*
@@ -58,6 +71,8 @@ public class JpaArtifactManagement implements ArtifactManagement {
private static final Logger LOG = LoggerFactory.getLogger(JpaArtifactManagement.class);
+ private final EntityManager entityManager;
+
private final LocalArtifactRepository localArtifactRepository;
private final SoftwareModuleRepository softwareModuleRepository;
@@ -68,9 +83,11 @@ public class JpaArtifactManagement implements ArtifactManagement {
private final QuotaManagement quotaManagement;
- JpaArtifactManagement(final LocalArtifactRepository localArtifactRepository,
+ public JpaArtifactManagement(final EntityManager entityManager,
+ final LocalArtifactRepository localArtifactRepository,
final SoftwareModuleRepository softwareModuleRepository, final ArtifactRepository artifactRepository,
final QuotaManagement quotaManagement, final TenantAware tenantAware) {
+ this.entityManager = entityManager;
this.localArtifactRepository = localArtifactRepository;
this.softwareModuleRepository = softwareModuleRepository;
this.artifactRepository = artifactRepository;
@@ -78,37 +95,39 @@ public class JpaArtifactManagement implements ArtifactManagement {
this.tenantAware = tenantAware;
}
- private static Artifact checkForExistingArtifact(final String filename, final boolean overrideExisting,
- final SoftwareModule softwareModule) {
- final Optional artifact = softwareModule.getArtifactByFilename(filename);
-
- if (artifact.isPresent()) {
- if (overrideExisting) {
- LOG.debug("overriding existing artifact with new filename {}", filename);
- return artifact.get();
- } else {
- throw new EntityAlreadyExistsException("File with that name already exists in the Software Module");
- }
- }
- return null;
- }
-
@Override
@Transactional
@Retryable(include = {
ConcurrencyFailureException.class }, maxAttempts = Constants.TX_RT_MAX, backoff = @Backoff(delay = Constants.TX_RT_DELAY))
public Artifact create(final ArtifactUpload artifactUpload) {
- final String filename = artifactUpload.getFilename();
final long moduleId = artifactUpload.getModuleId();
-
- final SoftwareModule softwareModule = getModuleAndThrowExceptionIfThatFails(moduleId);
-
- final Artifact existing = checkForExistingArtifact(filename, artifactUpload.overrideExisting(), softwareModule);
-
assertArtifactQuota(moduleId, 1);
+ final JpaSoftwareModule softwareModule =
+ softwareModuleRepository
+ .findById(moduleId)
+ .orElseThrow(() -> new EntityNotFoundException(SoftwareModule.class, moduleId));
+
+ final String filename = artifactUpload.getFilename();
+ final Artifact existing = softwareModule.getArtifactByFilename(filename).orElse(null);
+ if (existing != null) {
+ if (artifactUpload.overrideExisting()) {
+ LOG.debug("overriding existing artifact with new filename {}", filename);
+ } else {
+ throw new EntityAlreadyExistsException("File with that name already exists in the Software Module");
+ }
+ }
+
+ // touch it to update the lock revision because we are modifying the
+ // DS indirectly, it will, also check UPDATE access
+ JpaManagementHelper.touch(entityManager, softwareModuleRepository, softwareModule);
final AbstractDbArtifact artifact = storeArtifact(artifactUpload, softwareModule.isEncrypted());
- return storeArtifactMetadata(softwareModule, filename, artifact, existing);
+ try {
+ return storeArtifactMetadata(softwareModule, filename, artifact, existing);
+ } catch (final Exception e) {
+ artifactRepository.deleteBySha1(tenantAware.getCurrentTenant(), artifact.getHashes().getSha1());
+ throw e;
+ }
}
private AbstractDbArtifact storeArtifact(final ArtifactUpload artifactUpload, final boolean isSmEncrypted) {
@@ -142,39 +161,57 @@ public class JpaArtifactManagement implements ArtifactManagement {
return ArtifactEncryptionService.getInstance().encryptSoftwareModuleArtifact(smId, stream);
}
- private void assertArtifactQuota(final long id, final int requested) {
- QuotaHelper.assertAssignmentQuota(id, requested, quotaManagement.getMaxArtifactsPerSoftwareModule(),
- Artifact.class, SoftwareModule.class, localArtifactRepository::countBySoftwareModuleId);
+ private void assertArtifactQuota(final long moduleId, final int requested) {
+ QuotaHelper.assertAssignmentQuota(
+ moduleId, requested, quotaManagement.getMaxArtifactsPerSoftwareModule(),
+ Artifact.class, SoftwareModule.class,
+ // get all artifacts without user context
+ softwareModuleId -> localArtifactRepository
+ .count(null, ArtifactSpecifications.bySoftwareModuleId(softwareModuleId)));
}
private InputStream wrapInQuotaStream(final InputStream in) {
final long maxArtifactSize = quotaManagement.getMaxArtifactSize();
- final long currentlyUsed = localArtifactRepository.getSumOfUndeletedArtifactSize().orElse(0L);
+ final long currentlyUsed = localArtifactRepository.sumOfNonDeletedArtifactSize().orElse(0L);
final long maxArtifactSizeTotal = quotaManagement.getMaxArtifactStorage();
return new FileSizeAndStorageQuotaCheckingInputStream(in, maxArtifactSize,
maxArtifactSizeTotal - currentlyUsed);
}
- @Override
- @Transactional
- @Retryable(include = {
- ConcurrencyFailureException.class }, maxAttempts = Constants.TX_RT_MAX, backoff = @Backoff(delay = Constants.TX_RT_DELAY))
- public boolean clearArtifactBinary(final String sha1Hash, final long moduleId) {
- final long count = localArtifactRepository.countBySha1HashAndTenantAndSoftwareModuleDeletedIsFalse(sha1Hash,
- tenantAware.getCurrentTenant());
- if (count > 1) {
- // there are still other artifacts that need the binary
- return false;
- }
- try {
- LOG.debug("deleting artifact from repository {}", sha1Hash);
- artifactRepository.deleteBySha1(tenantAware.getCurrentTenant(), sha1Hash);
- return true;
- } catch (final ArtifactStoreException e) {
- throw new ArtifactDeleteFailedException(e);
- }
+ /**
+ * Garbage collects artifact binaries if only referenced by given
+ * {@link SoftwareModule#getId()} or {@link SoftwareModule}'s that are
+ * marked as deleted.
+ *
+ * Software module related UPDATE permission shall be checked by the callers!
+ *
+ * @param sha1Hash no longer needed
+ * @param softwareModuleId the garbage collection call is made for
+ */
+ @PreAuthorize(SpPermission.SpringEvalExpressions.HAS_AUTH_DELETE_REPOSITORY)
+ void clearArtifactBinary(final String sha1Hash) {
+ // countBySha1HashAndTenantAndSoftwareModuleDeletedIsFalse will skip ACM checks and
+ // will return total count as it should be
+ final long count = localArtifactRepository.countBySha1HashAndTenantAndSoftwareModuleDeletedIsFalse(
+ sha1Hash,
+ tenantAware.getCurrentTenant());
+ if (count <= 1) { // 1 artifact is the one being deleted!
+ // removes the real artifact ONLY AFTER the delete of artifact or software module
+ // in local history has passed successfully (caller has permission and no errors)
+ TransactionSynchronizationManager.registerSynchronization(new TransactionSynchronization() {
+ @Override
+ public void afterCommit() {
+ try {
+ LOG.debug("deleting artifact from repository {}", sha1Hash);
+ artifactRepository.deleteBySha1(tenantAware.getCurrentTenant(), sha1Hash);
+ } catch (final ArtifactStoreException e) {
+ throw new ArtifactDeleteFailedException(e);
+ }
+ }
+ });
+ } // else there are still other artifacts that need the binary
}
@Override
@@ -182,24 +219,28 @@ public class JpaArtifactManagement implements ArtifactManagement {
@Retryable(include = {
ConcurrencyFailureException.class }, maxAttempts = Constants.TX_RT_MAX, backoff = @Backoff(delay = Constants.TX_RT_DELAY))
public void delete(final long id) {
- final JpaArtifact existing = (JpaArtifact) get(id)
+ final JpaArtifact toDelete = (JpaArtifact) get(id)
.orElseThrow(() -> new EntityNotFoundException(Artifact.class, id));
- clearArtifactBinary(existing.getSha1Hash(), existing.getSoftwareModule().getId());
+ // clearArtifactBinary checks (unconditionally) software module UPDATE access
+ softwareModuleRepository.getAccessController().ifPresent(accessController ->
+ accessController.assertOperationAllowed(AccessController.Operation.UPDATE,
+ (JpaSoftwareModule) toDelete.getSoftwareModule()));
+ ((JpaSoftwareModule) toDelete.getSoftwareModule()).removeArtifact(toDelete);
+ softwareModuleRepository.save((JpaSoftwareModule) toDelete.getSoftwareModule());
- ((JpaSoftwareModule) existing.getSoftwareModule()).removeArtifact(existing);
- softwareModuleRepository.save((JpaSoftwareModule) existing.getSoftwareModule());
localArtifactRepository.deleteById(id);
+ clearArtifactBinary(toDelete.getSha1Hash());
}
@Override
public Optional get(final long id) {
- return Optional.ofNullable(localArtifactRepository.findById(id).orElse(null));
+ return localArtifactRepository.findById(id).map(Artifact.class::cast);
}
@Override
public Optional getByFilenameAndSoftwareModule(final String filename, final long softwareModuleId) {
- throwExceptionIfSoftwareModuleDoesNotExist(softwareModuleId);
+ assertSoftwareModuleExists(softwareModuleId);
return localArtifactRepository.findFirstByFilenameAndSoftwareModuleId(filename, softwareModuleId);
}
@@ -215,30 +256,38 @@ public class JpaArtifactManagement implements ArtifactManagement {
}
@Override
- public Page findBySoftwareModule(final Pageable pageReq, final long swId) {
- throwExceptionIfSoftwareModuleDoesNotExist(swId);
+ public Page findBySoftwareModule(final Pageable pageReq, final long softwareModuleId) {
+ assertSoftwareModuleExists(softwareModuleId);
- return localArtifactRepository.findBySoftwareModuleId(pageReq, swId);
+ return localArtifactRepository
+ .findAll(ArtifactSpecifications.bySoftwareModuleId(softwareModuleId), pageReq)
+ .map(Artifact.class::cast);
}
@Override
- public long countBySoftwareModule(final long swId) {
- throwExceptionIfSoftwareModuleDoesNotExist(swId);
+ public long countBySoftwareModule(final long softwareModuleId) {
+ assertSoftwareModuleExists(softwareModuleId);
- return localArtifactRepository.countBySoftwareModuleId(swId);
+ return localArtifactRepository.count(ArtifactSpecifications.bySoftwareModuleId(softwareModuleId));
}
- private void throwExceptionIfSoftwareModuleDoesNotExist(final Long swId) {
- if (!softwareModuleRepository.existsById(swId)) {
- throw new EntityNotFoundException(SoftwareModule.class, swId);
- }
+ @Override
+ public long count() {
+ return localArtifactRepository.count();
}
@Override
public Optional loadArtifactBinary(final String sha1Hash, final long softwareModuleId,
final boolean isEncrypted) {
+ assertSoftwareModuleExists(softwareModuleId);
+
final String tenant = tenantAware.getCurrentTenant();
if (artifactRepository.existsByTenantAndSha1(tenant, sha1Hash)) {
+ // assert artifact exists and belongs to the software module
+ findFirstBySHA1(sha1Hash)
+ // if not found no assertOperationAllowed shall fail
+ .orElseThrow(InsufficientPermissionException::new);
+
final DbArtifact dbArtifact = artifactRepository.getArtifactBySha1(tenant, sha1Hash);
return Optional.ofNullable(
isEncrypted ? wrapInEncryptionAwareDbArtifact(softwareModuleId, dbArtifact) : dbArtifact);
@@ -247,39 +296,36 @@ public class JpaArtifactManagement implements ArtifactManagement {
return Optional.empty();
}
- private final DbArtifact wrapInEncryptionAwareDbArtifact(final long smId, final DbArtifact dbArtifact) {
+ private DbArtifact wrapInEncryptionAwareDbArtifact(final long softwareModuleId, final DbArtifact dbArtifact) {
if (dbArtifact == null) {
return null;
}
final ArtifactEncryptionService encryptionService = ArtifactEncryptionService.getInstance();
return new EncryptionAwareDbArtifact(dbArtifact,
- stream -> encryptionService.decryptSoftwareModuleArtifact(smId, stream),
+ stream -> encryptionService.decryptSoftwareModuleArtifact(softwareModuleId, stream),
encryptionService.encryptionSizeOverhead());
}
private Artifact storeArtifactMetadata(final SoftwareModule softwareModule, final String providedFilename,
final AbstractDbArtifact result, final Artifact existing) {
- JpaArtifact artifact = (JpaArtifact) existing;
+ final JpaArtifact artifact;
if (existing == null) {
artifact = new JpaArtifact(result.getHashes().getSha1(), providedFilename, softwareModule);
+ } else {
+ artifact = (JpaArtifact) existing;
+ artifact.setSha1Hash(result.getHashes().getSha1());
}
artifact.setMd5Hash(result.getHashes().getMd5());
artifact.setSha256Hash(result.getHashes().getSha256());
- artifact.setSha1Hash(result.getHashes().getSha1());
artifact.setSize(result.getSize());
LOG.debug("storing new artifact into repository {}", artifact);
- return localArtifactRepository.save(artifact);
+ return localArtifactRepository.save(AccessController.Operation.CREATE, artifact);
}
- @Override
- public long count() {
- return localArtifactRepository.count();
+ private void assertSoftwareModuleExists(final long softwareModuleId) {
+ if (!softwareModuleRepository.existsById(softwareModuleId)) {
+ throw new EntityNotFoundException(SoftwareModule.class, softwareModuleId);
+ }
}
-
- private SoftwareModule getModuleAndThrowExceptionIfThatFails(final Long moduleId) {
- return softwareModuleRepository.findById(moduleId)
- .orElseThrow(() -> new EntityNotFoundException(SoftwareModule.class, moduleId));
- }
-
-}
+}
\ No newline at end of file
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaConfirmationManagement.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaConfirmationManagement.java
similarity index 93%
rename from hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaConfirmationManagement.java
rename to hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaConfirmationManagement.java
index c9fe111c8..ccef3a405 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaConfirmationManagement.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaConfirmationManagement.java
@@ -7,7 +7,7 @@
*
* SPDX-License-Identifier: EPL-2.0
*/
-package org.eclipse.hawkbit.repository.jpa;
+package org.eclipse.hawkbit.repository.jpa.management;
import java.util.ArrayList;
import java.util.Collection;
@@ -31,6 +31,9 @@ import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
import org.eclipse.hawkbit.repository.jpa.model.JpaActionStatus;
import org.eclipse.hawkbit.repository.jpa.model.JpaAutoConfirmationStatus;
import org.eclipse.hawkbit.repository.jpa.model.JpaTarget;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionStatusRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.TargetRepository;
import org.eclipse.hawkbit.repository.jpa.specifications.TargetSpecifications;
import org.eclipse.hawkbit.repository.model.Action;
import org.eclipse.hawkbit.repository.model.Action.Status;
@@ -64,10 +67,10 @@ public class JpaConfirmationManagement extends JpaActionManagement implements Co
/**
* Constructor
*/
- protected JpaConfirmationManagement(final TargetRepository targetRepository,
- final ActionRepository actionRepository, final ActionStatusRepository actionStatusRepository,
- final RepositoryProperties repositoryProperties, final QuotaManagement quotaManagement,
- final EntityFactory entityFactory) {
+ public JpaConfirmationManagement(final TargetRepository targetRepository,
+ final ActionRepository actionRepository, final ActionStatusRepository actionStatusRepository,
+ final RepositoryProperties repositoryProperties, final QuotaManagement quotaManagement,
+ final EntityFactory entityFactory) {
super(actionRepository, actionStatusRepository, quotaManagement, repositoryProperties);
this.targetRepository = targetRepository;
this.entityFactory = entityFactory;
@@ -208,7 +211,7 @@ public class JpaConfirmationManagement extends JpaActionManagement implements Co
action.getId(), autoConfirmationStatus.getInitiator(), autoConfirmationStatus.getCreatedBy());
// do not make use of
- // org.eclipse.hawkbit.repository.jpa.JpaActionManagement.handleAddUpdateActionStatus
+ // org.eclipse.hawkbit.repository.jpa.management.JpaActionManagement.handleAddUpdateActionStatus
// to bypass the quota check. Otherwise the action will not be confirmed in case
// of exceeded action status quota.
action.setStatus(Status.RUNNING);
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaControllerManagement.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaControllerManagement.java
similarity index 94%
rename from hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaControllerManagement.java
rename to hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaControllerManagement.java
index 6f98c3168..7aa1c6f47 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaControllerManagement.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaControllerManagement.java
@@ -7,7 +7,7 @@
*
* SPDX-License-Identifier: EPL-2.0
*/
-package org.eclipse.hawkbit.repository.jpa;
+package org.eclipse.hawkbit.repository.jpa.management;
import static org.eclipse.hawkbit.repository.model.Action.Status.DOWNLOADED;
import static org.eclipse.hawkbit.repository.model.Action.Status.FINISHED;
@@ -56,6 +56,7 @@ import org.eclipse.hawkbit.repository.exception.CancelActionNotAllowedException;
import org.eclipse.hawkbit.repository.exception.EntityAlreadyExistsException;
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
import org.eclipse.hawkbit.repository.exception.InvalidTargetAttributeException;
+import org.eclipse.hawkbit.repository.jpa.acm.AccessController;
import org.eclipse.hawkbit.repository.jpa.builder.JpaActionStatusCreate;
import org.eclipse.hawkbit.repository.jpa.configuration.Constants;
import org.eclipse.hawkbit.repository.jpa.executor.AfterTransactionCommitExecutor;
@@ -66,6 +67,11 @@ import org.eclipse.hawkbit.repository.jpa.model.JpaAction_;
import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
import org.eclipse.hawkbit.repository.jpa.model.JpaTarget;
import org.eclipse.hawkbit.repository.jpa.model.JpaTarget_;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionStatusRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.SoftwareModuleMetadataRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.SoftwareModuleRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.TargetRepository;
import org.eclipse.hawkbit.repository.jpa.specifications.ActionSpecifications;
import org.eclipse.hawkbit.repository.jpa.specifications.TargetSpecifications;
import org.eclipse.hawkbit.repository.jpa.utils.DeploymentHelper;
@@ -155,8 +161,8 @@ public class JpaControllerManagement extends JpaActionManagement implements Cont
private ConfirmationManagement confirmationManagement;
public JpaControllerManagement(final ScheduledExecutorService executorService,
- final ActionRepository actionRepository, final ActionStatusRepository actionStatusRepository,
- final QuotaManagement quotaManagement, final RepositoryProperties repositoryProperties) {
+ final ActionRepository actionRepository, final ActionStatusRepository actionStatusRepository,
+ final QuotaManagement quotaManagement, final RepositoryProperties repositoryProperties) {
super(actionRepository, actionStatusRepository, quotaManagement, repositoryProperties);
if (!repositoryProperties.isEagerPollPersistence()) {
@@ -302,13 +308,20 @@ public class JpaControllerManagement extends JpaActionManagement implements Cont
throwExceptionIfTargetDoesNotExist(controllerId);
throwExceptionIfSoftwareModuleDoesNotExist(moduleId);
- final List action = actionRepository.findActionByTargetAndSoftwareModule(controllerId, moduleId);
-
- if (action.isEmpty() || action.get(0).isCancelingOrCanceled()) {
- return Optional.empty();
- }
-
- return Optional.ofNullable(action.get(0));
+ // TODO AC - REVIEW
+ // it used to perform 3-table join query
+ // @Query("Select a from JpaAction a join a.distributionSet ds join ds.modules modul where a.target.controllerId = :target and modul.id = :module order by a.id desc")
+ // final List actions = actionRepository.findActionByTargetAndSoftwareModule(controllerId, moduleId);
+ // TODO AC - we could fetch distribution sets in order to skip calls to serarch for modules
+ return actionRepository
+ .findAll(ActionSpecifications.byTargetControllerIdAndActive(controllerId, true))
+ .stream()
+ .filter(action -> !action.isCancelingOrCanceled())
+ .filter(action -> action.getDistributionSet().getModules()
+ .stream()
+ .anyMatch(module -> module.getId() == moduleId))
+ .map(Action.class::cast)
+ .findFirst();
}
private void throwExceptionIfTargetDoesNotExist(final String controllerId) {
@@ -358,12 +371,7 @@ public class JpaControllerManagement extends JpaActionManagement implements Cont
@Override
public Optional findActionWithDetails(final long actionId) {
- return actionRepository.getActionById(actionId);
- }
-
- @Override
- public List getActiveActionsByExternalRef(@NotNull final List externalRefs) {
- return actionRepository.findByExternalRefInAndActive(externalRefs, true);
+ return actionRepository.findWithDetailsById(actionId);
}
@Override
@@ -1006,6 +1014,15 @@ public class JpaControllerManagement extends JpaActionManagement implements Cont
@Override
public void updateActionExternalRef(final long actionId, @NotEmpty final String externalRef) {
+ // if access control for target repository is present check that caller has
+ // UPDATE access to the target of the action
+ targetRepository.getAccessController().ifPresent(
+ accessController -> accessController.assertOperationAllowed(
+ AccessController.Operation.UPDATE,
+ (JpaTarget) actionRepository
+ .findById(actionId)
+ .orElseThrow(() -> new EntityNotFoundException(Action.class, actionId))
+ .getTarget()));
actionRepository.updateExternalRef(actionId, externalRef);
}
diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaDeploymentManagement.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaDeploymentManagement.java
similarity index 81%
rename from hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaDeploymentManagement.java
rename to hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaDeploymentManagement.java
index f844e873d..5fcc2e5bd 100644
--- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/JpaDeploymentManagement.java
+++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaDeploymentManagement.java
@@ -7,7 +7,7 @@
*
* SPDX-License-Identifier: EPL-2.0
*/
-package org.eclipse.hawkbit.repository.jpa;
+package org.eclipse.hawkbit.repository.jpa.management;
import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey.REPOSITORY_ACTIONS_AUTOCLOSE_ENABLED;
@@ -49,17 +49,23 @@ import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
import org.eclipse.hawkbit.repository.exception.ForceQuitActionNotAllowedException;
import org.eclipse.hawkbit.repository.exception.IncompatibleTargetTypeException;
import org.eclipse.hawkbit.repository.exception.IncompleteDistributionSetException;
+import org.eclipse.hawkbit.repository.exception.InsufficientPermissionException;
import org.eclipse.hawkbit.repository.exception.MultiAssignmentIsNotEnabledException;
+import org.eclipse.hawkbit.repository.jpa.JpaManagementHelper;
+import org.eclipse.hawkbit.repository.jpa.acm.AccessController;
import org.eclipse.hawkbit.repository.jpa.configuration.Constants;
import org.eclipse.hawkbit.repository.jpa.executor.AfterTransactionCommitExecutor;
import org.eclipse.hawkbit.repository.jpa.model.JpaAction;
import org.eclipse.hawkbit.repository.jpa.model.JpaActionStatus;
import org.eclipse.hawkbit.repository.jpa.model.JpaActionStatus_;
-import org.eclipse.hawkbit.repository.jpa.model.JpaAction_;
import org.eclipse.hawkbit.repository.jpa.model.JpaDistributionSet;
import org.eclipse.hawkbit.repository.jpa.model.JpaTarget;
-import org.eclipse.hawkbit.repository.jpa.model.JpaTarget_;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.ActionStatusRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.DistributionSetRepository;
+import org.eclipse.hawkbit.repository.jpa.repository.TargetRepository;
import org.eclipse.hawkbit.repository.jpa.rsql.RSQLUtility;
+import org.eclipse.hawkbit.repository.jpa.specifications.ActionSpecifications;
import org.eclipse.hawkbit.repository.jpa.specifications.TargetSpecifications;
import org.eclipse.hawkbit.repository.jpa.utils.DeploymentHelper;
import org.eclipse.hawkbit.repository.jpa.utils.QuotaHelper;
@@ -151,15 +157,15 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
private final Database database;
private final RetryTemplate retryTemplate;
- protected JpaDeploymentManagement(final EntityManager entityManager, final ActionRepository actionRepository,
- final DistributionSetManagement distributionSetManagement,
- final DistributionSetRepository distributionSetRepository, final TargetRepository targetRepository,
- final ActionStatusRepository actionStatusRepository, final AuditorAware auditorProvider,
- final EventPublisherHolder eventPublisherHolder, final AfterTransactionCommitExecutor afterCommit,
- final VirtualPropertyReplacer virtualPropertyReplacer, final PlatformTransactionManager txManager,
- final TenantConfigurationManagement tenantConfigurationManagement, final QuotaManagement quotaManagement,
- final SystemSecurityContext systemSecurityContext, final TenantAware tenantAware, final Database database,
- final RepositoryProperties repositoryProperties) {
+ public JpaDeploymentManagement(final EntityManager entityManager, final ActionRepository actionRepository,
+ final DistributionSetManagement distributionSetManagement,
+ final DistributionSetRepository distributionSetRepository, final TargetRepository targetRepository,
+ final ActionStatusRepository actionStatusRepository, final AuditorAware auditorProvider,
+ final EventPublisherHolder eventPublisherHolder, final AfterTransactionCommitExecutor afterCommit,
+ final VirtualPropertyReplacer virtualPropertyReplacer, final PlatformTransactionManager txManager,
+ final TenantConfigurationManagement tenantConfigurationManagement, final QuotaManagement quotaManagement,
+ final SystemSecurityContext systemSecurityContext, final TenantAware tenantAware, final Database database,
+ final RepositoryProperties repositoryProperties) {
super(actionRepository, actionStatusRepository, quotaManagement, repositoryProperties);
this.entityManager = entityManager;
this.distributionSetRepository = distributionSetRepository;
@@ -185,13 +191,12 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
@Transactional(isolation = Isolation.READ_COMMITTED)
public List offlineAssignedDistributionSets(
final Collection> assignments) {
- final Collection> distinctAssignments = assignments.stream().distinct()
- .collect(Collectors.toList());
-
+ final Collection> distinctAssignments = assignments.stream().distinct().toList();
enforceMaxAssignmentsPerRequest(distinctAssignments.size());
+
final List deploymentRequests = distinctAssignments.stream()
.map(entry -> DeploymentManagement.deploymentRequest(entry.getKey(), entry.getValue()).build())
- .collect(Collectors.toList());
+ .toList();
return assignDistributionSets(tenantAware.getCurrentUsername(), deploymentRequests, null,
offlineDsAssignmentStrategy);
@@ -216,36 +221,56 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
private List assignDistributionSets(final String initiatedBy,
final List deploymentRequests, final String actionMessage,
final AbstractDsAssignmentStrategy strategy) {
- final List validatedRequests = validateRequestForAssignments(deploymentRequests);
+ final List validatedRequests = validateAndFilterRequestForAssignments(deploymentRequests);
final Map> assignmentsByDsIds = convertRequest(validatedRequests);
final List results = assignmentsByDsIds.entrySet().stream()
.map(entry -> assignDistributionSetToTargetsWithRetry(initiatedBy, entry.getKey(), entry.getValue(),
actionMessage, strategy))
- .collect(Collectors.toList());
+ .toList();
strategy.sendDeploymentEvents(results);
return results;
}
- private List validateRequestForAssignments(List deploymentRequests) {
- if (!isMultiAssignmentsEnabled()) {
- deploymentRequests = deploymentRequests.stream().distinct().collect(Collectors.toList());
- checkIfRequiresMultiAssignment(deploymentRequests);
+ private List validateAndFilterRequestForAssignments(List deploymentRequests) {
+ if (deploymentRequests.isEmpty()) {
+ return deploymentRequests;
}
- checkForTargetTypeCompatibility(deploymentRequests);
+
+ deploymentRequests = deploymentRequests.stream().distinct().toList();
+ checkForMultiAssignment(deploymentRequests);
checkQuotaForAssignment(deploymentRequests);
- return deploymentRequests;
+ // validates READ access to deployment sets, throws exception if deployment set is not accessible
+ checkForTargetTypeCompatibility(deploymentRequests);
+ // filters only targets that are updatable
+ // TODO - should assignments that contain non-existing/allowed devices be allowed anyway?
+ return filterByTargetUpdatable(deploymentRequests);
+ }
+
+ private void checkForMultiAssignment(final Collection deploymentRequests) {
+ if (!isMultiAssignmentsEnabled()) {
+ final long distinctTargetsInRequest = deploymentRequests.stream()
+ .map(request -> request.getTargetWithActionType().getControllerId()).distinct().count();
+ if (distinctTargetsInRequest < deploymentRequests.size()) {
+ throw new MultiAssignmentIsNotEnabledException();
+ }
+ }
+ }
+
+ private void checkQuotaForAssignment(final Collection deploymentRequests) {
+ enforceMaxAssignmentsPerRequest(deploymentRequests.size());
+ enforceMaxActionsPerTarget(deploymentRequests);
}
private void checkForTargetTypeCompatibility(final List deploymentRequests) {
final List controllerIds = deploymentRequests.stream().map(DeploymentRequest::getControllerId)
- .distinct().collect(Collectors.toList());
+ .distinct().toList();
final List distSetIds = deploymentRequests.stream().map(DeploymentRequest::getDistributionSetId)
- .distinct().collect(Collectors.toList());
+ .distinct().toList();
if (controllerIds.size() > 1 && distSetIds.size() > 1) {
throw new IllegalStateException(
- "Assigning multiple Targets to multiple Distribution Sets simultaneously is not allowed!");
+ "Assigning multiple Distribution Sets to multiple Targets simultaneously is not allowed!");
}
if (distSetIds.size() == 1) {
@@ -287,20 +312,30 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
}
}
+ private List filterByTargetUpdatable(final List deploymentRequests) {
+ final List controllerIds =
+ deploymentRequests.stream()
+ .map(DeploymentRequest::getControllerId)
+ .distinct()
+ .toList();
+
+ final List found = targetRepository.findAll(
+ AccessController.Operation.UPDATE,
+ TargetSpecifications.hasControllerIdIn(controllerIds)
+ ).stream().map(JpaTarget::getControllerId).toList();
+ if (found.size() != controllerIds.size()) {
+ return deploymentRequests.stream()
+ .filter(deploymentRequest -> found.contains(deploymentRequest.getControllerId())).toList();
+ }
+ return deploymentRequests;
+ }
+
private static Map> convertRequest(
final Collection deploymentRequests) {
return deploymentRequests.stream().collect(Collectors.groupingBy(DeploymentRequest::getDistributionSetId,
Collectors.mapping(DeploymentRequest::getTargetWithActionType, Collectors.toList())));
}
- private static void checkIfRequiresMultiAssignment(final Collection deploymentRequests) {
- final long distinctTargetsInRequest = deploymentRequests.stream()
- .map(request -> request.getTargetWithActionType().getControllerId()).distinct().count();
- if (distinctTargetsInRequest < deploymentRequests.size()) {
- throw new MultiAssignmentIsNotEnabledException();
- }
- }
-
private DistributionSetAssignmentResult assignDistributionSetToTargetsWithRetry(final String initiatedBy,
final Long dsID, final Collection targetsWithActionType, final String actionMessage,
final AbstractDsAssignmentStrategy assignmentStrategy) {
@@ -310,17 +345,16 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
}
/**
- * method assigns the {@link DistributionSet} to all {@link Target}s by
- * their IDs with a specific {@link ActionType} and {@code forcetime}.
- *
- *
+ * method assigns the {@link DistributionSet} to all {@link Target}s by their
+ * IDs with a specific {@link ActionType} and {@code forcetime}.
+ *
* In case the update was executed offline (i.e. not managed by hawkBit) the
* handling differs my means that:
* A. it ignores targets completely that are in
* {@link TargetUpdateStatus#PENDING}.
* B. it created completed actions.
- * C. sets both installed and assigned DS on the target and switches the
- * status to {@link TargetUpdateStatus#IN_SYNC}
+ * C. sets both installed and assigned DS on the target and switches the status
+ * to {@link TargetUpdateStatus#IN_SYNC}
* D. does not send a {@link TargetAssignDistributionSetEvent}.
*
* @param initiatedBy
@@ -346,11 +380,13 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
final JpaDistributionSet distributionSetEntity = (JpaDistributionSet) distributionSetManagement
.getValidAndComplete(dsID);
final List providedTargetIds = targetsWithActionType.stream().map(TargetWithActionType::getControllerId)
- .distinct().collect(Collectors.toList());
+ .distinct().toList();
final List existingTargetIds = Lists.partition(providedTargetIds, Constants.MAX_ENTRIES_IN_STATEMENT)
- .stream().map(ids -> targetRepository.findAll(TargetSpecifications.hasControllerIdIn(ids)))
- .flatMap(List::stream).map(JpaTarget::getControllerId).collect(Collectors.toList());
+ .stream()
+ .map(ids -> targetRepository.findAll(
+ AccessController.Operation.UPDATE, TargetSpecifications.hasControllerIdIn(ids)))
+ .flatMap(List::stream).map(JpaTarget::getControllerId).toList();
final List targetEntities = assignmentStrategy.findTargetsForAssignment(existingTargetIds,
distributionSetEntity.getId());
@@ -360,7 +396,7 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
}
final List existingTargetsWithActionType = targetsWithActionType.stream()
- .filter(target -> existingTargetIds.contains(target.getControllerId())).collect(Collectors.toList());
+ .filter(target -> existingTargetIds.contains(target.getControllerId())).toList();
final List assignedActions = doAssignDistributionSetToTargets(initiatedBy,
existingTargetsWithActionType, actionMessage, assignmentStrategy, distributionSetEntity,
@@ -405,9 +441,9 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
}
/**
- * split tIDs length into max entries in-statement because many database
- * have constraint of max entries in in-statements e.g. Oracle with maximum
- * 1000 elements, so we need to split the entries here and execute multiple
+ * split tIDs length into max entries in-statement because many database have
+ * constraint of max entries in in-statements e.g. Oracle with maximum 1000
+ * elements, so we need to split the entries here and execute multiple
* statements
*/
private static List> getTargetEntitiesAsChunks(final List targetEntities) {
@@ -422,13 +458,6 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
return new DistributionSetAssignmentResult(distributionSet, alreadyAssignedTargetsCount, assignedActions);
}
- private void checkQuotaForAssignment(final Collection deploymentRequests) {
- if (!deploymentRequests.isEmpty()) {
- enforceMaxAssignmentsPerRequest(deploymentRequests.size());
- enforceMaxActionsPerTarget(deploymentRequests);
- }
- }
-
private void enforceMaxAssignmentsPerRequest(final int requestedActions) {
QuotaHelper.assertAssignmentRequestSizeQuota(requestedActions,
quotaManagement.getMaxTargetDistributionSetAssignmentsPerManualAssignment());
@@ -437,11 +466,11 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
private void enforceMaxActionsPerTarget(final Collection deploymentRequests) {
final int quota = quotaManagement.getMaxActionsPerTarget();
- final Map countOfTargtInRequest = deploymentRequests.stream()
+ final Map countOfTargetInRequest = deploymentRequests.stream()
.map(DeploymentRequest::getControllerId)
.collect(Collectors.groupingBy(Function.identity(), Collectors.counting()));
- countOfTargtInRequest.forEach((controllerId, count) -> QuotaHelper.assertAssignmentQuota(controllerId, count,
+ countOfTargetInRequest.forEach((controllerId, count) -> QuotaHelper.assertAssignmentQuota(controllerId, count,
quota, Action.class, Target.class, actionRepository::countByTargetControllerId));
}
@@ -460,6 +489,11 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
ConcurrencyFailureException.class }, maxAttempts = Constants.TX_RT_MAX, backoff = @Backoff(delay = Constants.TX_RT_DELAY))
public void cancelInactiveScheduledActionsForTargets(final List targetIds) {
if (!isMultiAssignmentsEnabled()) {
+ targetRepository.getAccessController().ifPresent(v -> {
+ if (targetRepository.count(AccessController.Operation.UPDATE, TargetSpecifications.hasIdIn(targetIds)) != targetIds.size()) {
+ throw new EntityNotFoundException(Target.class, targetIds);
+ }
+ });
actionRepository.switchStatus(Status.CANCELED, targetIds, false, Status.SCHEDULED);
} else {
LOG.debug("The Multi Assignments feature is enabled: No need to cancel inactive scheduled actions.");
@@ -494,7 +528,7 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
final JpaActionStatus actionStatus = assignmentStrategy.createActionStatus(action, actionMessage);
verifyAndAddConfirmationStatus(action, actionStatus, entry.getKey().isConfirmationRequired());
return actionStatus;
- }).collect(Collectors.toList()));
+ }).toList());
}
private void setInitialActionStatusOfRolloutGroup(final List actions) {
@@ -554,6 +588,8 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
throw new CancelActionNotAllowedException("Actions in canceling or canceled state cannot be canceled");
}
+ assertTargetUpdateAllowed(action);
+
if (action.isActive()) {
LOG.debug("action ({}) was still active. Change to {}.", action, Status.CANCELING);
action.setStatus(Status.CANCELING);
@@ -588,6 +624,8 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
throw new ForceQuitActionNotAllowedException(action.getId() + " is not active and cannot be force quit");
}
+ assertTargetUpdateAllowed(action);
+
LOG.warn("action ({}) was still active and has been force quite.", action);
// document that the status has been retrieved
@@ -738,93 +776,85 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
@Override
public Optional findAction(final long actionId) {
- return actionRepository.findById(actionId).map(a -> a);
+ return actionRepository
+ .findById(actionId)
+ .filter(action -> targetRepository.exists(TargetSpecifications.hasId(action.getTarget().getId())))
+ .map(JpaAction.class::cast);
}
@Override
public Optional findActionWithDetails(final long actionId) {
- return actionRepository.getActionById(actionId);
+ return actionRepository
+ .findWithDetailsById(actionId)
+ .filter(action -> targetRepository.exists(TargetSpecifications.hasId(action.getTarget().getId())));
}
@Override
public Slice findActionsByTarget(final String controllerId, final Pageable pageable) {
- throwExceptionIfTargetDoesNotExist(controllerId);
- return actionRepository.findByTargetControllerId(pageable, controllerId);
+ assertTargetReadAllowed(controllerId);
+ return actionRepository
+ .findAll(ActionSpecifications.byTargetControllerId(controllerId), pageable)
+ .map(Action.class::cast);
}
@Override
public Page findActionsByTarget(final String rsqlParam, final String controllerId,
final Pageable pageable) {
- throwExceptionIfTargetDoesNotExist(controllerId);
+ assertTargetReadAllowed(controllerId);
final List> specList = Arrays.asList(
RSQLUtility.buildRsqlSpecification(rsqlParam, ActionFields.class, virtualPropertyReplacer, database),
- byControllerIdSpec(controllerId));
+ ActionSpecifications.byTargetControllerId(controllerId));
return JpaManagementHelper.findAllWithCountBySpec(actionRepository, pageable, specList);
}
- private Specification byControllerIdSpec(final String controllerId) {
- return (root, query, cb) -> cb.equal(root.get(JpaAction_.target).get(JpaTarget_.controllerId), controllerId);
- }
-
@Override
public Page findActiveActionsByTarget(final Pageable pageable, final String controllerId) {
- throwExceptionIfTargetDoesNotExist(controllerId);
- return actionRepository.findByActiveAndTarget(pageable, controllerId, true);
+ assertTargetReadAllowed(controllerId);
+ return actionRepository
+ .findAll(ActionSpecifications.byTargetControllerIdAndActive(controllerId, true), pageable)
+ .map(Action.class::cast);
}
@Override
public Page findInActiveActionsByTarget(final Pageable pageable, final String controllerId) {
- throwExceptionIfTargetDoesNotExist(controllerId);
-
- return actionRepository.findByActiveAndTarget(pageable, controllerId, false);
+ assertTargetReadAllowed(controllerId);
+ return actionRepository
+ .findAll(ActionSpecifications.byTargetControllerIdAndActive(controllerId, false), pageable)
+ .map(Action.class::cast);
}
@Override
public List findActiveActionsWithHighestWeight(final String controllerId, final int maxActionCount) {
+ assertTargetReadAllowed(controllerId);
return findActiveActionsWithHighestWeightConsideringDefault(controllerId, maxActionCount);
}
- @Override
- public int getWeightConsideringDefault(final Action action) {
- return super.getWeightConsideringDefault(action);
- }
-
@Override
public long countActionsByTarget(final String controllerId) {
- throwExceptionIfTargetDoesNotExist(controllerId);
+ assertTargetReadAllowed(controllerId);
return actionRepository.countByTargetControllerId(controllerId);
}
@Override
public long countActionsByTarget(final String rsqlParam, final String controllerId) {
- throwExceptionIfTargetDoesNotExist(controllerId);
+ assertTargetReadAllowed(controllerId);
+
final List> specList = Arrays.asList(
RSQLUtility.buildRsqlSpecification(rsqlParam, ActionFields.class, virtualPropertyReplacer, database),
- byControllerIdSpec(controllerId));
+ ActionSpecifications.byTargetControllerId(controllerId));
return JpaManagementHelper.countBySpec(actionRepository, specList);
}
- private void throwExceptionIfTargetDoesNotExist(final String controllerId) {
- if (!targetRepository.exists(TargetSpecifications.hasControllerId(controllerId))) {
- throw new EntityNotFoundException(Target.class, controllerId);
- }
- }
-
- private void throwExceptionIfDistributionSetDoesNotExist(final Long dsId) {
- if (!distributionSetRepository.existsById(dsId)) {
- throw new EntityNotFoundException(DistributionSet.class, dsId);
- }
- }
-
@Override
@Transactional
@Retryable(include = {
ConcurrencyFailureException.class }, maxAttempts = Constants.TX_RT_MAX, backoff = @Backoff(delay = Constants.TX_RT_DELAY))
public Action forceTargetAction(final long actionId) {
final JpaAction action = actionRepository.findById(actionId)
+ .map(this::assertTargetUpdateAllowed)
.orElseThrow(() -> new EntityNotFoundException(Action.class, actionId));
if (!action.isForcedOrTimeForced()) {
@@ -836,24 +866,20 @@ public class JpaDeploymentManagement extends JpaActionManagement implements Depl
@Override
public Page