* involve targets into dynamic rollouts eagerly - doesn't wait for dynamic group to become running in order to involve devices
* adds trottling for involving targes into dynamic groups
* small style refactoring
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com
* feat: allow a target to set offline assigned distribution set
Signed-off-by: Florian Bezannier <florian.bezannier@hotmail.fr>
* refacto: apply @avgustinmm recommendation
* docs: Mark update offline API as experimental
---------
Signed-off-by: Florian Bezannier <florian.bezannier@hotmail.fr>
* Remove target tag to target reference
it is not used and could lead to extensive memory usage if JPA provider load targets while loading tags
Also, remove search field controller id as not meaningful
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Fix review findings
---------
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
it is not used and could lead to extensive memory usage if JPA provider load targets while loading types
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Improve building of SQL from an RSQL query
* ignore case behavior could be disabled
* like is used only when needed
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Inlining of some methods and unified IN build + fix case
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Implement more flexible ignore case configuration
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
1. Add support in REST and Mgmt API for dynamic group template
2. If present - groups follows the pattern of this template, otherwise - the last static group
3. This allows to create pure dynamic rollout with 0 static groups - auto assignment equivalent with groups
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* adds PUT method for updating name and description of a rollout
* restrict RolloutUpdate to changing only name and description
* small refactoring
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
These fields also could lead to big memory usage if the JPA provider doesn't get LAZY hint
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
tags the implicit lock is skipped on are configured via
RepositoryProperties.skipImplicitLockForTags list.
By default skip tags are the ones with names:
"skip-implicit-lock", "skip_implicit_lock", "SKIP_IMPLICIT_LOCK", "SKIP-IMPLICIT-LOCK"
+ this commit centralize the implicit lock enable/disable logic
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Additionally,
* removed DistributionSet.getAutoAssignFilters and
* removed SoftwareModule.getAssignedTo both are not used and exposed via Mgmt API.
Maybe, if needed, they could be returned back along with exposing them via Mgmt API.
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
In hawkBit up to 0.4.1 it was true - getTenantMetadate created implicitly a tenant metadata. It was disable in latest commits - but now it is made optional - disabled by default
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Extension of DMF API with possibility of setting target
type name when creating target. If a target type with the
provided name is found (was created beforehand) then it
is associated with the new target.
Signed-off-by: Ondrej Charvat <ondrej.charvat@proton.me>
* [#1383] Spring Boot 3 migration Step 2
Some of the steps:
1. Change spring version parent and versions in root pom.xml
2. update eclipselink versions
3. javax.annotation -> jakarta.annotation (*.java)
4. javax.persistence -> jakarta.persistence (*.java)
5. javax.servlet -> jakarta.servlet (*.java, pom.xml)
6. javax.validation:validation-api -> jakarta.validation:jakarta.validation-api (pom.xml)
7. javax.validation -> jakarta.validation (*.java)
8. javax.transaction -> jakarta.transaction (*.java)
9. replace spring-cloud-stream-binder-test (hawkbit-repository-test) with
```
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream-test-binder</artifactId>
</dependency>
```
, TestSupportBinderAutoConfiguration.class }) -> })
@Import(TestChannelBinderConfiguration.class)
10. Set to Simple UI standard parent
11. requestMatchers to securityMatcher
12. @SpringBootApplication(scanBasePackages = "org.eclipse.hawkbit") (otherwise for instance flyway doesn't work - suffix is default ".sql", not H2.sql and don't differentiate dbs? strange is there a change?)
13. @NonEmpty for Long leads to validation exception - replaced with @NotNull
14. RSQLUtilityTest.correctRsqlBuildsPredicate - fixed - mock query builder add method
15. https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#spring-mvc-and-webflux-url-matching-changes - aliases as targers/ return 404 - remove trailing slash
16. firewall tests (allowedHostNameWithNotAllowedHost) doesn't throw 'rejected exception' but return 400 instead (as probably is expected anyway)
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com
* Fix tenant listing to do not mix with multitenancy
Tenant metadata is not multitenancy aware while depend on distribution set type
which is. Thus querying all tenant metadata (in non tenant context) sometimes leads to
resolution of distribution set type which is tenant scoped and leads to problems.
So, now listing tenant lists just their ids - not fill entities.
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* [#1548] Add support for dynamic rollouts
-- Current status --
Initial draft only !!!, to be improved
TODO:
* evaluate the target count - if update group/rollout total count fails dynamic updates could (?), actually, contain more targets
* is it needed to break handler on group creating?
* if dynamic group schedulers occur to be heavy - maybe a handler per tenant will ensure that one tenant won't break all
*Concept for dynamic groups*:
Rollouts are static and dynamic.
Static rollouts consist of static groups only while dynamic rollouts have a number of static groups (first groups) and then an unlimited number of dynamic groups.
Group targets assignments:
* static groups include ALL matching targets created at the time the rollout was created, nevertheless they have active actions with bigger weight or not. Actions for the rollout and included targeets however are created at the start time.
* dynamic groups however are filled in when started and consider the action weight. The targets included in a dynamic group are:
* matching (filter and distribution set compatible)
* not included in this or following rollout static groups (if already included in any of the following rollouts - it's intended to be overridden)
* not in active actions of any rollouts with equal or bigger weight
In general, when you create a rollout it contains all matching targets available at create time overriding any previous rollouts, actions, and so on. If the rollout is dynamic when its dynamic group becomes running it gets only matching targets that doesn't belong to static groups or have actions with great or equal weight
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* [#1548] Add 1000 weight for actions, rollouts and auto assignments without weight
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Unifies Target type with the other types
* _TargetType_ made to inhert type, thus
* _TargetType_ now has immutable _key_
* add _AbstractJpaTypeEntity_ abstraction that implement the common 'type' JPA functionallity
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Fix ACM related executions.
* Introduce access controller for actions. Resolve some todos and fix distribution set invalidation strategy.
* Do only check for access if returned values are access controlled.
* Fix review findings.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.com>
---------
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.com>
* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Verify modification is permitted before performing automatic assignment
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Start with controlling distribution set type access. Perform some refactoring.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce Software Module, Module Type and Artifact control management. Fix tests.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce access controlling test base. Add first test verifying the read operations for target types.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Finalize target type access controlling test.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce ContextRunnerTest and TargetAccessControllingTest.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Introduce DistributionSetAccessControllingTest and fix missing access control specifications.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Extend test cases. Include only updatable targets into rollout.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Fix action visibility.
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
* Modifiable->Updatable & UPDATE check where needed
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* ContextRunner superseded by ContextAware
+ ContextRunner remaned to ContextAware (move as a cenral entry/concept).
It now extends (and replace) TenantAware
+ SecurityContextTenantAware becomes ContextAware
+ Pluggable serialization mechanism
(default Java serialization of contexts) for SecurityContextTenantAware
(using SecurityContextSerializer)
+ AccessControl methods are added to ensure no entities fill be retrieved
just to call access control - so, if all permitted - no additional db
queries will be made
+ <repo type>AccessControl classes removed and replaced with
AccessControl <repo type> generics
+ AccessControlService removed - every AccessControl is registered and
overiden independently
+ access_control_context in DB increased to 4k (in order to support java
security context serialization)
+ needed adaptaion of implemtation and tests done
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Refactor SoftModules & DistSets
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Refactoring of the Repositories
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Repostiotory level permissions
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Improvements
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Simplification of AccessControl interface
* Simplifications & management package
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Implementation improvements
+ Artifact management & repo reviewed and tuned
+ Action(Status) management & repo reviewed and tuned
+ SoftwareModule(Type/Meta) management & repo reviewed and tuned
+ DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned
+ Target(Tag/Type/Meta) management & repo reviewed and tuned
+ TargetQueryFilter management & repo reviewed and tuned
* Apply suggestions from code review
Suggestions accepted. Thanks @herdt-michael
Co-authored-by: Michael Herdt <michael.herdt@bosch.com>
* Apply suggestions from code review 2
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io>
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
Fix access control: HAS_AUTH_READ_TARGET -> IS_CONTROLLER or HAS_AUTH_READ_TARGET
(shall be accessibly by targets when confirmation base is requested)
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Do some refactoring to fix dependencies between rollout management, executor and evaluator beans.
* Move rollout retrieving in same transaction as execution.
* Do some refactoring. Extend logging and exception handling.
* Remove unnecessary transactional and validation annotations.
* remove catching never thrown bean
* Fix new rollout handling API
