Feature/ctx aware and access controller2 (#1456)

* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Verify modification is permitted before performing automatic assignment Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Start with controlling distribution set type access. Perform some refactoring. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce Software Module, Module Type and Artifact control management. Fix tests. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce access controlling test base. Add first test verifying the read operations for target types. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Finalize target type access controlling test. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce ContextRunnerTest and TargetAccessControllingTest. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce DistributionSetAccessControllingTest and fix missing access control specifications. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Extend test cases. Include only updatable targets into rollout. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Fix action visibility. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Modifiable->Updatable & UPDATE check where needed Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * ContextRunner superseded by ContextAware + ContextRunner remaned to ContextAware (move as a cenral entry/concept). It now extends (and replace) TenantAware + SecurityContextTenantAware becomes ContextAware + Pluggable serialization mechanism (default Java serialization of contexts) for SecurityContextTenantAware (using SecurityContextSerializer) + AccessControl methods are added to ensure no entities fill be retrieved just to call access control - so, if all permitted - no additional db queries will be made + <repo type>AccessControl classes removed and replaced with AccessControl <repo type> generics + AccessControlService removed - every AccessControl is registered and overiden independently + access_control_context in DB increased to 4k (in order to support java security context serialization) + needed adaptaion of implemtation and tests done Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Refactor SoftModules & DistSets Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Refactoring of the Repositories Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Repostiotory level permissions Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Improvements Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Simplification of AccessControl interface * Simplifications & management package Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Implementation improvements + Artifact management & repo reviewed and tuned + Action(Status) management & repo reviewed and tuned + SoftwareModule(Type/Meta) management & repo reviewed and tuned + DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned + Target(Tag/Type/Meta) management & repo reviewed and tuned + TargetQueryFilter management & repo reviewed and tuned * Apply suggestions from code review Suggestions accepted. Thanks @herdt-michael Co-authored-by: Michael Herdt <michael.herdt@bosch.com> * Apply suggestions from code review 2 Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> --------- Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
2023-11-16 11:07:06 +02:00
parent 8d487fde33
commit b982039a74
170 changed files with 5371 additions and 3227 deletions
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/ContextAware.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/ContextAware.java
@@ -0,0 +1,62 @@
+/**
+ * Copyright (c) 2023 Bosch.IO GmbH and others
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+package org.eclipse.hawkbit;
+
+import org.eclipse.hawkbit.tenancy.TenantAware;
+
+import java.util.Objects;
+import java.util.Optional;
+import java.util.function.Function;
+
+/**
+ * {@link ContextAware} provides means for getting the current context (via {@link #getCurrentContext()}) and then
+ * to execute a {@link Runnable} or a {@link Function} in the same context using {@link #runInContext(String, Runnable)}
+ * or {@link #runInContext(String, Function, Object)}.
+ * <p/>
+ * This is useful for scheduled background operations like rollouts and auto assignments where they shall
+ * be processed in the scope of the creator.
+ */
+public interface ContextAware extends TenantAware {
+
+    /**
+     * Return the current context encoded as a {@link String}. Depending on the implementation it could,
+     * for instance, be a serialized context or a reference to such.
+     * 
+     * @return could be empty if there is nothing to serialize or context aware is not supported.
+     */
+    Optional<String> getCurrentContext();
+
+    /**
+     * Wrap a specific execution in a known and pre-serialized context.
+     *
+     * @param <T> the type of the input to the function
+     * @param <R> the type of the result of the function
+     *
+     * @param serializedContext created by {@link #getCurrentContext()}. Must be non-<code>null</code>.
+     * @param function function to call in the reconstructed context. Must be non-<code>null</code>.
+     * @param t the argument that will be passed to the function
+     * @return the function result
+     */
+    <T, R> R runInContext(String serializedContext, Function<T, R> function, T t);
+
+    /**
+     * Wrap a specific execution in a known and pre-serialized context.
+     *
+     * @param serializedContext created by {@link #getCurrentContext()}. Must be non-<code>null</code>.
+     * @param runnable runnable to call in the reconstructed context. Must be non-<code>null</code>.
+     */
+    default void runInContext(String serializedContext, Runnable runnable) {
+        Objects.requireNonNull(runnable);
+        runInContext(serializedContext, v -> {
+            runnable.run();
+            return null;
+        }, null);
+    }
+}
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/TenantAware.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/TenantAware.java
@@ -40,8 +40,6 @@ public interface TenantAware {
     *            the runner which is implemented to run this specific code
     *            under the given tenant
     * @return the return type of the {@link TenantRunner}
-     * @throws any
-     *             kind of {@link RuntimeException}
     */
    <T> T runAsTenant(String tenant, TenantRunner<T> tenantRunner);

@@ -60,8 +58,6 @@ public interface TenantAware {
     *            the runner which is implemented to run this specific code
     *            under the given tenant
     * @return the return type of the {@link TenantRunner}
-     * @throws any
-     *             kind of {@link RuntimeException}
     */
    <T> T runAsTenantAsUser(String tenant, String username, TenantRunner<T> tenantRunner);