Feature/ctx aware and access controller2 (#1456)
* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Verify modification is permitted before performing automatic assignment Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Start with controlling distribution set type access. Perform some refactoring. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce Software Module, Module Type and Artifact control management. Fix tests. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce access controlling test base. Add first test verifying the read operations for target types. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Finalize target type access controlling test. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce ContextRunnerTest and TargetAccessControllingTest. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce DistributionSetAccessControllingTest and fix missing access control specifications. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Extend test cases. Include only updatable targets into rollout. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Fix action visibility. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Modifiable->Updatable & UPDATE check where needed Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * ContextRunner superseded by ContextAware + ContextRunner remaned to ContextAware (move as a cenral entry/concept). It now extends (and replace) TenantAware + SecurityContextTenantAware becomes ContextAware + Pluggable serialization mechanism (default Java serialization of contexts) for SecurityContextTenantAware (using SecurityContextSerializer) + AccessControl methods are added to ensure no entities fill be retrieved just to call access control - so, if all permitted - no additional db queries will be made + <repo type>AccessControl classes removed and replaced with AccessControl <repo type> generics + AccessControlService removed - every AccessControl is registered and overiden independently + access_control_context in DB increased to 4k (in order to support java security context serialization) + needed adaptaion of implemtation and tests done Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Refactor SoftModules & DistSets Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Refactoring of the Repositories Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Repostiotory level permissions Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Improvements Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Simplification of AccessControl interface * Simplifications & management package Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Implementation improvements + Artifact management & repo reviewed and tuned + Action(Status) management & repo reviewed and tuned + SoftwareModule(Type/Meta) management & repo reviewed and tuned + DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned + Target(Tag/Type/Meta) management & repo reviewed and tuned + TargetQueryFilter management & repo reviewed and tuned * Apply suggestions from code review Suggestions accepted. Thanks @herdt-michael Co-authored-by: Michael Herdt <michael.herdt@bosch.com> * Apply suggestions from code review 2 Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> --------- Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
This commit is contained in:
@@ -40,6 +40,8 @@ import org.eclipse.hawkbit.exception.SpServerError;
|
||||
import org.eclipse.hawkbit.mgmt.json.model.distributionset.MgmtActionType;
|
||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
|
||||
import org.eclipse.hawkbit.repository.exception.AssignmentQuotaExceededException;
|
||||
import org.eclipse.hawkbit.repository.jpa.repository.ActionRepository;
|
||||
import org.eclipse.hawkbit.repository.jpa.specifications.ActionSpecifications;
|
||||
import org.eclipse.hawkbit.repository.model.Action;
|
||||
import org.eclipse.hawkbit.repository.model.Action.Status;
|
||||
import org.eclipse.hawkbit.repository.model.DistributionSet;
|
||||
@@ -64,6 +66,7 @@ import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.params.ParameterizedTest;
|
||||
import org.junit.jupiter.params.provider.Arguments;
|
||||
import org.junit.jupiter.params.provider.MethodSource;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.data.domain.PageRequest;
|
||||
import org.springframework.hateoas.MediaTypes;
|
||||
import org.springframework.http.MediaType;
|
||||
@@ -1411,6 +1414,8 @@ public class MgmtDistributionSetResourceTest extends AbstractManagementApiIntegr
|
||||
.as("Five targets in repository have DS assigned").hasSize(5);
|
||||
}
|
||||
|
||||
@Autowired
|
||||
ActionRepository actionRepository;
|
||||
@ParameterizedTest
|
||||
@MethodSource("confirmationOptions")
|
||||
@Description("Ensures that confirmation option is considered in assignment request.")
|
||||
@@ -1431,7 +1436,10 @@ public class MgmtDistributionSetResourceTest extends AbstractManagementApiIntegr
|
||||
.andExpect(jsonPath("$.assigned", equalTo(1))).andExpect(jsonPath("$.alreadyAssigned", equalTo(0)))
|
||||
.andExpect(jsonPath("$.total", equalTo(1)));
|
||||
|
||||
assertThat(deploymentManagement.findActionsByDistributionSet(PAGE, createdDs.getId()).getContent()).hasSize(1)
|
||||
assertThat(
|
||||
actionRepository
|
||||
.findAll(ActionSpecifications.byDistributionSetId(createdDs.getId()), PAGE)
|
||||
.map(Action.class::cast).getContent()).hasSize(1)
|
||||
.allMatch(action -> {
|
||||
if (!confirmationFlowActive) {
|
||||
return !action.isWaitingConfirmation();
|
||||
|
||||
@@ -57,6 +57,8 @@ import org.eclipse.hawkbit.repository.Identifiable;
|
||||
import org.eclipse.hawkbit.repository.builder.ActionStatusCreate;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityAlreadyExistsException;
|
||||
import org.eclipse.hawkbit.repository.jpa.model.JpaTarget;
|
||||
import org.eclipse.hawkbit.repository.jpa.repository.ActionRepository;
|
||||
import org.eclipse.hawkbit.repository.jpa.specifications.ActionSpecifications;
|
||||
import org.eclipse.hawkbit.repository.model.Action;
|
||||
import org.eclipse.hawkbit.repository.model.Action.ActionType;
|
||||
import org.eclipse.hawkbit.repository.model.Action.Status;
|
||||
@@ -1417,6 +1419,8 @@ class MgmtTargetResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
assertThat(targetManagement.getByControllerID(target.getControllerId()).get()).isEqualTo(target);
|
||||
}
|
||||
|
||||
@Autowired
|
||||
ActionRepository actionRepository;
|
||||
@ParameterizedTest
|
||||
@MethodSource("confirmationOptions")
|
||||
@Description("Ensures that confirmation option is considered in assignment request.")
|
||||
@@ -1444,7 +1448,10 @@ class MgmtTargetResourceTest extends AbstractManagementApiIntegrationTest {
|
||||
|
||||
assertThat(deploymentManagement.getAssignedDistributionSet(target.getControllerId()).get()).isEqualTo(set);
|
||||
|
||||
assertThat(deploymentManagement.findActionsByDistributionSet(PAGE, set.getId()).getContent()).hasSize(1)
|
||||
assertThat(
|
||||
actionRepository
|
||||
.findAll(ActionSpecifications.byDistributionSetId(set.getId()), PAGE)
|
||||
.map(Action.class::cast).getContent()).hasSize(1)
|
||||
.allMatch(action -> {
|
||||
if (!confirmationFlowActive) {
|
||||
return !action.isWaitingConfirmation();
|
||||
|
||||
Reference in New Issue
Block a user